3 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/socket.h>
14 #include <ac/string.h>
16 #include <ac/unistd.h>
26 /* protected by connections_mutex */
27 static ldap_pvt_thread_mutex_t connections_mutex;
28 static Connection *connections = NULL;
29 static unsigned long conn_nextid = 0;
31 /* structure state (protected by connections_mutex) */
32 #define SLAP_C_UNINITIALIZED 0x00 /* MUST BE ZERO (0) */
33 #define SLAP_C_UNUSED 0x01
34 #define SLAP_C_USED 0x02
36 /* connection state (protected by c_mutex ) */
37 #define SLAP_C_INVALID 0x00 /* MUST BE ZERO (0) */
38 #define SLAP_C_INACTIVE 0x01 /* zero threads */
39 #define SLAP_C_ACTIVE 0x02 /* one or more threads */
40 #define SLAP_C_BINDING 0x03 /* binding */
41 #define SLAP_C_CLOSING 0x04 /* closing */
44 connection_state2str( int state )
47 case SLAP_C_INVALID: return "!";
48 case SLAP_C_INACTIVE: return "|";
49 case SLAP_C_ACTIVE: return "";
50 case SLAP_C_BINDING: return "B";
51 case SLAP_C_CLOSING: return "C";
57 static Connection* connection_get( ber_socket_t s );
59 static int connection_input( Connection *c );
60 static void connection_close( Connection *c );
62 static int connection_op_activate( Operation *op );
63 static int connection_resched( Connection *conn );
64 static void connection_abandon( Connection *conn );
65 static void connection_destroy( Connection *c );
67 static ldap_pvt_thread_start_t connection_operation;
70 * Initialize connection management infrastructure.
72 int connections_init(void)
74 assert( connections == NULL );
76 if( connections != NULL) {
78 LDAP_LOG( CONNECTION, INFO,
79 "connections_init: already initialized.\n", 0, 0, 0 );
81 Debug( LDAP_DEBUG_ANY, "connections_init: already initialized.\n",
87 /* should check return of every call */
88 ldap_pvt_thread_mutex_init( &connections_mutex );
90 connections = (Connection *) ch_calloc( dtblsize, sizeof(Connection) );
92 if( connections == NULL ) {
94 LDAP_LOG( CONNECTION, ERR,
95 "connections_init: allocation (%d * %ld) of connection "
96 "array failed\n", dtblsize, (long) sizeof(Connection), 0 );
98 Debug( LDAP_DEBUG_ANY,
99 "connections_init: allocation (%d*%ld) of connection array failed\n",
100 dtblsize, (long) sizeof(Connection), 0 );
105 assert( connections[0].c_struct_state == SLAP_C_UNINITIALIZED );
106 assert( connections[dtblsize-1].c_struct_state == SLAP_C_UNINITIALIZED );
109 * per entry initialization of the Connection array initialization
110 * will be done by connection_init()
117 * Destroy connection management infrastructure.
119 int connections_destroy(void)
123 /* should check return of every call */
125 if( connections == NULL) {
127 LDAP_LOG( CONNECTION, INFO,
128 "connections_destroy: nothing to destroy.\n", 0, 0, 0 );
130 Debug( LDAP_DEBUG_ANY, "connections_destroy: nothing to destroy.\n",
136 for ( i = 0; i < dtblsize; i++ ) {
137 if( connections[i].c_struct_state != SLAP_C_UNINITIALIZED ) {
138 ber_sockbuf_free( connections[i].c_sb );
139 ldap_pvt_thread_mutex_destroy( &connections[i].c_mutex );
140 ldap_pvt_thread_mutex_destroy( &connections[i].c_write_mutex );
141 ldap_pvt_thread_cond_destroy( &connections[i].c_write_cv );
143 slapi_x_free_object_extensions( SLAPI_X_EXT_CONNECTION, &connections[i] );
151 ldap_pvt_thread_mutex_destroy( &connections_mutex );
156 * shutdown all connections
158 int connections_shutdown(void)
162 ldap_pvt_thread_mutex_lock( &connections_mutex );
164 for ( i = 0; i < dtblsize; i++ ) {
165 if( connections[i].c_struct_state != SLAP_C_USED ) {
169 ldap_pvt_thread_mutex_lock( &connections[i].c_mutex );
171 /* connections_mutex and c_mutex are locked */
172 connection_closing( &connections[i] );
173 connection_close( &connections[i] );
175 ldap_pvt_thread_mutex_unlock( &connections[i].c_mutex );
178 ldap_pvt_thread_mutex_unlock( &connections_mutex );
184 * Timeout idle connections.
186 int connections_timeout_idle(time_t now)
192 for( c = connection_first( &connindex );
194 c = connection_next( c, &connindex ) )
196 if( difftime( c->c_activitytime+global_idletimeout, now) < 0 ) {
198 connection_closing( c );
199 connection_close( c );
203 connection_done( c );
208 static Connection* connection_get( ber_socket_t s )
210 /* connections_mutex should be locked by caller */
215 LDAP_LOG( CONNECTION, ENTRY, "connection_get: socket %ld\n", (long)s, 0, 0 );
217 Debug( LDAP_DEBUG_ARGS,
218 "connection_get(%ld)\n",
222 assert( connections != NULL );
224 if(s == AC_SOCKET_INVALID) {
231 assert( c->c_struct_state != SLAP_C_UNINITIALIZED );
238 for(i=0; i<dtblsize; i++) {
239 if( connections[i].c_struct_state == SLAP_C_UNINITIALIZED ) {
240 assert( connections[i].c_conn_state == SLAP_C_INVALID );
241 assert( connections[i].c_sb == 0 );
245 ber_sockbuf_ctrl( connections[i].c_sb,
246 LBER_SB_OPT_GET_FD, &sd );
248 if( connections[i].c_struct_state == SLAP_C_UNUSED ) {
249 assert( connections[i].c_conn_state == SLAP_C_INVALID );
250 assert( sd == AC_SOCKET_INVALID );
254 /* state can actually change from used -> unused by resched,
255 * so don't assert details here.
269 ldap_pvt_thread_mutex_lock( &c->c_mutex );
271 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
272 if( c->c_struct_state != SLAP_C_USED ) {
273 /* connection must have been closed due to resched */
275 assert( c->c_conn_state == SLAP_C_INVALID );
276 assert( sd == AC_SOCKET_INVALID );
279 LDAP_LOG( CONNECTION, ARGS,
280 "connection_get: connection %d not used\n", s, 0, 0 );
282 Debug( LDAP_DEBUG_TRACE,
283 "connection_get(%d): connection not used\n",
287 ldap_pvt_thread_mutex_unlock( &c->c_mutex );
292 LDAP_LOG( CONNECTION, RESULTS,
293 "connection_get: get for %d got connid %lu\n", s, c->c_connid, 0 );
295 Debug( LDAP_DEBUG_TRACE,
296 "connection_get(%d): got connid=%lu\n",
302 assert( c->c_struct_state == SLAP_C_USED );
303 assert( c->c_conn_state != SLAP_C_INVALID );
304 assert( sd != AC_SOCKET_INVALID );
307 c->c_activitytime = slap_get_time();
309 if( global_idletimeout > 0 ) {
310 c->c_activitytime = slap_get_time();
318 static void connection_return( Connection *c )
320 ldap_pvt_thread_mutex_unlock( &c->c_mutex );
323 long connection_init(
327 const char* peername,
335 assert( connections != NULL );
337 assert( listener != NULL );
338 assert( dnsname != NULL );
339 assert( peername != NULL );
342 assert( tls_udp_option != 1 );
345 if( s == AC_SOCKET_INVALID ) {
347 LDAP_LOG( CONNECTION, INFO,
348 "connection_init: init of socket %ld invalid.\n", (long)s, 0, 0 );
350 Debug( LDAP_DEBUG_ANY,
351 "connection_init(%ld): invalid.\n",
359 assert( s < dtblsize );
362 ldap_pvt_thread_mutex_lock( &connections_mutex );
373 for( i=0; i < dtblsize; i++) {
376 if( connections[i].c_struct_state == SLAP_C_UNINITIALIZED ) {
377 assert( connections[i].c_sb == 0 );
382 sd = AC_SOCKET_INVALID;
383 if (connections[i].c_sb != NULL)
384 ber_sockbuf_ctrl( connections[i].c_sb, LBER_SB_OPT_GET_FD, &sd );
386 if( connections[i].c_struct_state == SLAP_C_UNUSED ) {
387 assert( sd == AC_SOCKET_INVALID );
392 assert( connections[i].c_struct_state == SLAP_C_USED );
393 assert( connections[i].c_conn_state != SLAP_C_INVALID );
394 assert( sd != AC_SOCKET_INVALID );
399 LDAP_LOG( CONNECTION, INFO,
400 "connection_init: skt %d connection table full "
401 "(%d/%d)\n", s, i, dtblsize );
403 Debug( LDAP_DEBUG_ANY,
404 "connection_init(%d): connection table full "
405 "(%d/%d)\n", s, i, dtblsize);
407 ldap_pvt_thread_mutex_unlock( &connections_mutex );
415 if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
416 c->c_send_ldap_result = slap_send_ldap_result;
417 c->c_send_search_entry = slap_send_search_entry;
418 c->c_send_search_reference = slap_send_search_reference;
419 c->c_send_ldap_extended = slap_send_ldap_extended;
420 #ifdef LDAP_RES_INTERMEDIATE
421 c->c_send_ldap_intermediate = slap_send_ldap_intermediate;
424 c->c_authmech.bv_val = NULL;
425 c->c_authmech.bv_len = 0;
426 c->c_dn.bv_val = NULL;
428 c->c_ndn.bv_val = NULL;
432 c->c_listener = NULL;
433 c->c_peer_domain.bv_val = NULL;
434 c->c_peer_domain.bv_len = 0;
435 c->c_peer_name.bv_val = NULL;
436 c->c_peer_name.bv_len = 0;
438 LDAP_STAILQ_INIT(&c->c_ops);
439 LDAP_STAILQ_INIT(&c->c_pending_ops);
441 c->c_sasl_bind_mech.bv_val = NULL;
442 c->c_sasl_bind_mech.bv_len = 0;
444 c->c_sasl_authctx = NULL;
445 c->c_sasl_sockctx = NULL;
446 c->c_sasl_extra = NULL;
447 c->c_sasl_bindop = NULL;
449 c->c_sb = ber_sockbuf_alloc( );
452 ber_len_t max = sockbuf_max_incoming;
453 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
456 c->c_currentber = NULL;
458 /* should check status of thread calls */
459 ldap_pvt_thread_mutex_init( &c->c_mutex );
460 ldap_pvt_thread_mutex_init( &c->c_write_mutex );
461 ldap_pvt_thread_cond_init( &c->c_write_cv );
464 slapi_x_create_object_extensions( SLAPI_X_EXT_CONNECTION, c );
467 c->c_struct_state = SLAP_C_UNUSED;
470 ldap_pvt_thread_mutex_lock( &c->c_mutex );
472 assert( c->c_struct_state == SLAP_C_UNUSED );
473 assert( c->c_authmech.bv_val == NULL );
474 assert( c->c_dn.bv_val == NULL );
475 assert( c->c_ndn.bv_val == NULL );
476 assert( c->c_groups == NULL );
477 assert( c->c_listener == NULL );
478 assert( c->c_peer_domain.bv_val == NULL );
479 assert( c->c_peer_name.bv_val == NULL );
480 assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
481 assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) );
482 assert( c->c_sasl_bind_mech.bv_val == NULL );
483 assert( c->c_sasl_done == 0 );
484 assert( c->c_sasl_authctx == NULL );
485 assert( c->c_sasl_sockctx == NULL );
486 assert( c->c_sasl_extra == NULL );
487 assert( c->c_sasl_bindop == NULL );
488 assert( c->c_currentber == NULL );
490 c->c_listener = listener;
491 ber_str2bv( dnsname, 0, 1, &c->c_peer_domain );
492 ber_str2bv( peername, 0, 1, &c->c_peer_name );
494 c->c_n_ops_received = 0;
495 c->c_n_ops_executing = 0;
496 c->c_n_ops_pending = 0;
497 c->c_n_ops_completed = 0;
503 /* set to zero until bind, implies LDAP_VERSION3 */
507 c->c_activitytime = c->c_starttime = slap_get_time();
509 if( global_idletimeout > 0 ) {
510 c->c_activitytime = c->c_starttime = slap_get_time();
514 #ifdef LDAP_CONNECTIONLESS
516 if( tls_udp_option == 2 ) {
519 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
520 LBER_SBIOD_LEVEL_PROVIDER, (void*)"udp_" );
522 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_udp,
523 LBER_SBIOD_LEVEL_PROVIDER, (void *)&s );
524 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_readahead,
525 LBER_SBIOD_LEVEL_PROVIDER, NULL );
530 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
531 LBER_SBIOD_LEVEL_PROVIDER, (void*)"tcp_" );
533 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_tcp,
534 LBER_SBIOD_LEVEL_PROVIDER, (void *)&s );
538 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
539 INT_MAX, (void*)"ldap_" );
542 if( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_NONBLOCK,
543 c /* non-NULL */ ) < 0 )
546 LDAP_LOG( CONNECTION, INFO,
547 "connection_init: conn %lu set nonblocking failed\n",
550 Debug( LDAP_DEBUG_ANY,
551 "connection_init(%d, %s): set nonblocking failed\n",
552 s, c->c_peer_name.bv_val, 0 );
556 id = c->c_connid = conn_nextid++;
558 c->c_conn_state = SLAP_C_INACTIVE;
559 c->c_struct_state = SLAP_C_USED;
561 c->c_ssf = c->c_transport_ssf = ssf;
565 if ( tls_udp_option == 1 ) {
567 c->c_needs_tls_accept = 1;
570 c->c_needs_tls_accept = 0;
574 slap_sasl_open( c, 0 );
575 slap_sasl_external( c, ssf, authid );
577 ldap_pvt_thread_mutex_unlock( &c->c_mutex );
578 ldap_pvt_thread_mutex_unlock( &connections_mutex );
580 backend_connection_init(c);
585 void connection2anonymous( Connection *c )
587 assert( connections != NULL );
591 ber_len_t max = sockbuf_max_incoming;
592 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
595 if(c->c_authmech.bv_val != NULL ) {
596 free(c->c_authmech.bv_val);
597 c->c_authmech.bv_val = NULL;
599 c->c_authmech.bv_len = 0;
601 if(c->c_dn.bv_val != NULL) {
602 free(c->c_dn.bv_val);
603 c->c_dn.bv_val = NULL;
606 if(c->c_ndn.bv_val != NULL) {
607 free(c->c_ndn.bv_val);
608 c->c_ndn.bv_val = NULL;
612 c->c_authz_backend = NULL;
615 GroupAssertion *g, *n;
616 for (g = c->c_groups; g; g=n) {
625 connection_destroy( Connection *c )
627 /* note: connections_mutex should be locked by caller */
629 unsigned long connid;
631 assert( connections != NULL );
633 assert( c->c_struct_state != SLAP_C_UNUSED );
634 assert( c->c_conn_state != SLAP_C_INVALID );
635 assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
637 /* only for stats (print -1 as "%lu" may give unexpected results ;) */
638 connid = c->c_connid;
640 backend_connection_destroy(c);
645 c->c_activitytime = c->c_starttime = 0;
647 connection2anonymous( c );
648 c->c_listener = NULL;
650 if(c->c_peer_domain.bv_val != NULL) {
651 free(c->c_peer_domain.bv_val);
652 c->c_peer_domain.bv_val = NULL;
654 c->c_peer_domain.bv_len = 0;
655 if(c->c_peer_name.bv_val != NULL) {
656 free(c->c_peer_name.bv_val);
657 c->c_peer_name.bv_val = NULL;
659 c->c_peer_name.bv_len = 0;
661 c->c_sasl_bind_in_progress = 0;
662 if(c->c_sasl_bind_mech.bv_val != NULL) {
663 free(c->c_sasl_bind_mech.bv_val);
664 c->c_sasl_bind_mech.bv_val = NULL;
666 c->c_sasl_bind_mech.bv_len = 0;
668 slap_sasl_close( c );
670 if ( c->c_currentber != NULL ) {
671 ber_free( c->c_currentber, 1 );
672 c->c_currentber = NULL;
675 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
676 if ( sd != AC_SOCKET_INVALID ) {
677 slapd_remove( sd, 0 );
679 Statslog( LDAP_DEBUG_STATS,
680 "conn=%lu fd=%ld closed\n",
681 connid, (long) sd, 0, 0, 0 );
684 ber_sockbuf_free( c->c_sb );
686 c->c_sb = ber_sockbuf_alloc( );
689 ber_len_t max = sockbuf_max_incoming;
690 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
693 c->c_conn_state = SLAP_C_INVALID;
694 c->c_struct_state = SLAP_C_UNUSED;
697 /* call destructors, then constructors; avoids unnecessary allocation */
698 slapi_x_clear_object_extensions( SLAPI_X_EXT_CONNECTION, c );
702 int connection_state_closing( Connection *c )
704 /* c_mutex must be locked by caller */
708 assert( c->c_struct_state == SLAP_C_USED );
710 state = c->c_conn_state;
712 assert( state != SLAP_C_INVALID );
714 return state == SLAP_C_CLOSING;
717 static void connection_abandon( Connection *c )
719 /* c_mutex must be locked by caller */
723 LDAP_STAILQ_FOREACH(o, &c->c_ops, o_next) {
727 /* remove pending operations */
728 while ( (o = LDAP_STAILQ_FIRST( &c->c_pending_ops )) != NULL) {
729 LDAP_STAILQ_REMOVE_HEAD( &c->c_pending_ops, o_next );
730 LDAP_STAILQ_NEXT(o, o_next) = NULL;
735 void connection_closing( Connection *c )
737 assert( connections != NULL );
739 assert( c->c_struct_state == SLAP_C_USED );
740 assert( c->c_conn_state != SLAP_C_INVALID );
742 /* c_mutex must be locked by caller */
744 if( c->c_conn_state != SLAP_C_CLOSING ) {
747 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
749 LDAP_LOG( CONNECTION, DETAIL1,
750 "connection_closing: conn %lu readying socket %d for close.\n",
751 c->c_connid, sd, 0 );
753 Debug( LDAP_DEBUG_TRACE,
754 "connection_closing: readying conn=%lu sd=%d for close\n",
755 c->c_connid, sd, 0 );
757 /* update state to closing */
758 c->c_conn_state = SLAP_C_CLOSING;
760 /* don't listen on this port anymore */
761 slapd_clr_read( sd, 1 );
763 /* abandon active operations */
764 connection_abandon( c );
766 /* wake write blocked operations */
767 slapd_clr_write( sd, 1 );
768 ldap_pvt_thread_cond_signal( &c->c_write_cv );
772 static void connection_close( Connection *c )
776 assert( connections != NULL );
778 assert( c->c_struct_state == SLAP_C_USED );
779 assert( c->c_conn_state == SLAP_C_CLOSING );
781 /* note: connections_mutex and c_mutex should be locked by caller */
783 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
784 if( !LDAP_STAILQ_EMPTY(&c->c_ops) ) {
786 LDAP_LOG( CONNECTION, DETAIL1,
787 "connection_close: conn %lu deferring sd %d\n",
788 c->c_connid, sd, 0 );
790 Debug( LDAP_DEBUG_TRACE,
791 "connection_close: deferring conn=%lu sd=%d\n",
792 c->c_connid, sd, 0 );
798 LDAP_LOG( CONNECTION, RESULTS,
799 "connection_close: conn %lu sd %d\n", c->c_connid, sd, 0 );
801 Debug( LDAP_DEBUG_TRACE, "connection_close: conn=%lu sd=%d\n",
802 c->c_connid, sd, 0 );
804 connection_destroy( c );
807 unsigned long connections_nextid(void)
810 assert( connections != NULL );
812 ldap_pvt_thread_mutex_lock( &connections_mutex );
816 ldap_pvt_thread_mutex_unlock( &connections_mutex );
821 Connection* connection_first( ber_socket_t *index )
823 assert( connections != NULL );
824 assert( index != NULL );
826 ldap_pvt_thread_mutex_lock( &connections_mutex );
830 return connection_next(NULL, index);
833 Connection* connection_next( Connection *c, ber_socket_t *index )
835 assert( connections != NULL );
836 assert( index != NULL );
837 assert( *index <= dtblsize );
840 ldap_pvt_thread_mutex_unlock( &c->c_mutex );
845 for(; *index < dtblsize; (*index)++) {
846 if( connections[*index].c_struct_state == SLAP_C_UNINITIALIZED ) {
847 assert( connections[*index].c_conn_state == SLAP_C_INVALID );
855 if( connections[*index].c_struct_state == SLAP_C_USED ) {
856 assert( connections[*index].c_conn_state != SLAP_C_INVALID );
857 c = &connections[(*index)++];
861 assert( connections[*index].c_struct_state == SLAP_C_UNUSED );
862 assert( connections[*index].c_conn_state == SLAP_C_INVALID );
866 ldap_pvt_thread_mutex_lock( &c->c_mutex );
872 void connection_done( Connection *c )
874 assert( connections != NULL );
877 ldap_pvt_thread_mutex_unlock( &c->c_mutex );
880 ldap_pvt_thread_mutex_unlock( &connections_mutex );
884 * connection_activity - handle the request operation op on connection
885 * conn. This routine figures out what kind of operation it is and
886 * calls the appropriate stub to handle it.
890 #define INCR_OP(var,index) \
892 ldap_pvt_thread_mutex_lock( &num_ops_mutex ); \
894 ldap_pvt_thread_mutex_unlock( &num_ops_mutex ); \
896 #else /* !SLAPD_MONITOR */
897 #define INCR_OP(var,index)
898 #endif /* !SLAPD_MONITOR */
901 connection_operation( void *ctx, void *arg_v )
903 int rc = SLAPD_DISCONNECT;
904 Operation *op = arg_v;
905 SlapReply rs = {REP_RESULT};
906 ber_tag_t tag = op->o_tag;
908 ber_tag_t oldtag = tag;
909 #endif /* SLAPD_MONITOR */
910 Connection *conn = op->o_conn;
914 ldap_pvt_thread_mutex_lock( &num_ops_mutex );
916 ldap_pvt_thread_mutex_unlock( &num_ops_mutex );
918 op->o_threadctx = ctx;
920 if( conn->c_sasl_bind_in_progress && tag != LDAP_REQ_BIND ) {
922 LDAP_LOG( CONNECTION, ERR,
923 "connection_operation: conn %lu SASL bind in progress (tag=%ld).\n",
924 conn->c_connid, (long)tag, 0 );
926 Debug( LDAP_DEBUG_ANY, "connection_operation: "
927 "error: SASL bind in progress (tag=%ld).\n",
930 send_ldap_error( op, &rs, LDAP_OPERATIONS_ERROR,
931 "SASL bind in progress" );
932 goto operations_error;
935 /* We can use Thread-Local storage for most mallocs. We can
936 * also use TL for ber parsing, but not on Add or Modify.
938 #define SLAB_SIZE 1048576
940 memsiz = ber_len( op->o_ber ) * 64;
941 if ( SLAB_SIZE > memsiz ) memsiz = SLAB_SIZE;
945 memctx = sl_mem_create( memsiz, ctx );
946 op->o_tmpmemctx = memctx;
947 op->o_tmpmfuncs = &sl_mfuncs;
948 if ( tag != LDAP_REQ_ADD && tag != LDAP_REQ_MODIFY ) {
949 /* Note - the ber and its buffer are already allocated from
950 * regular memory; this only affects subsequent mallocs that
951 * ber_scanf may invoke.
953 ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx );
958 INCR_OP(num_ops_initiated_, SLAP_OP_BIND);
959 rc = do_bind( op, &rs );
962 case LDAP_REQ_UNBIND:
963 INCR_OP(num_ops_initiated_, SLAP_OP_UNBIND);
964 rc = do_unbind( op, &rs );
968 INCR_OP(num_ops_initiated_, SLAP_OP_ADD);
969 rc = do_add( op, &rs );
972 case LDAP_REQ_DELETE:
973 INCR_OP(num_ops_initiated_, SLAP_OP_DELETE);
974 rc = do_delete( op, &rs );
977 case LDAP_REQ_MODRDN:
978 INCR_OP(num_ops_initiated_, SLAP_OP_MODRDN);
979 rc = do_modrdn( op, &rs );
982 case LDAP_REQ_MODIFY:
983 INCR_OP(num_ops_initiated_, SLAP_OP_MODIFY);
984 rc = do_modify( op, &rs );
987 case LDAP_REQ_COMPARE:
988 INCR_OP(num_ops_initiated_, SLAP_OP_COMPARE);
989 rc = do_compare( op, &rs );
992 case LDAP_REQ_SEARCH:
993 INCR_OP(num_ops_initiated_, SLAP_OP_SEARCH);
994 rc = do_search( op, &rs );
997 case LDAP_REQ_ABANDON:
998 INCR_OP(num_ops_initiated_, SLAP_OP_ABANDON);
999 rc = do_abandon( op, &rs );
1002 case LDAP_REQ_EXTENDED:
1003 INCR_OP(num_ops_initiated_, SLAP_OP_EXTENDED);
1004 rc = do_extended( op, &rs );
1009 LDAP_LOG( CONNECTION, INFO,
1010 "connection_operation: conn %lu unknown LDAP request 0x%lx\n",
1011 conn->c_connid, tag, 0 );
1013 Debug( LDAP_DEBUG_ANY, "unknown LDAP request 0x%lx\n",
1016 op->o_tag = LBER_ERROR;
1017 rs.sr_err = LDAP_PROTOCOL_ERROR;
1018 rs.sr_text = "unknown LDAP request";
1019 send_ldap_disconnect( op, &rs );
1024 #ifdef SLAPD_MONITOR
1026 #endif /* SLAPD_MONITOR */
1027 if( rc == SLAPD_DISCONNECT ) tag = LBER_ERROR;
1030 ldap_pvt_thread_mutex_lock( &num_ops_mutex );
1031 num_ops_completed++;
1032 #ifdef SLAPD_MONITOR
1035 num_ops_completed_[SLAP_OP_BIND]++;
1037 case LDAP_REQ_UNBIND:
1038 num_ops_completed_[SLAP_OP_UNBIND]++;
1041 num_ops_completed_[SLAP_OP_ADD]++;
1043 case LDAP_REQ_DELETE:
1044 num_ops_completed_[SLAP_OP_DELETE]++;
1046 case LDAP_REQ_MODRDN:
1047 num_ops_completed_[SLAP_OP_MODRDN]++;
1049 case LDAP_REQ_MODIFY:
1050 num_ops_completed_[SLAP_OP_MODIFY]++;
1052 case LDAP_REQ_COMPARE:
1053 num_ops_completed_[SLAP_OP_COMPARE]++;
1055 case LDAP_REQ_SEARCH:
1056 num_ops_completed_[SLAP_OP_SEARCH]++;
1058 case LDAP_REQ_ABANDON:
1059 num_ops_completed_[SLAP_OP_ABANDON]++;
1061 case LDAP_REQ_EXTENDED:
1062 num_ops_completed_[SLAP_OP_EXTENDED]++;
1065 #endif /* SLAPD_MONITOR */
1066 ldap_pvt_thread_mutex_unlock( &num_ops_mutex );
1068 #ifdef LDAP_EXOP_X_CANCEL
1069 if ( op->o_cancel == SLAP_CANCEL_REQ ) {
1070 op->o_cancel = LDAP_TOO_LATE;
1073 while ( op->o_cancel != SLAP_CANCEL_NONE &&
1074 op->o_cancel != SLAP_CANCEL_DONE )
1076 ldap_pvt_thread_yield();
1080 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
1082 conn->c_n_ops_executing--;
1083 conn->c_n_ops_completed++;
1085 LDAP_STAILQ_REMOVE( &conn->c_ops, op, slap_op, o_next);
1086 LDAP_STAILQ_NEXT(op, o_next) = NULL;
1088 if ( op->o_cancel == SLAP_CANCEL_ACK )
1090 if ( ( op->o_sync_mode & SLAP_SYNC_PERSIST ) ) {
1091 sl_mem_detach( ctx, memctx );
1098 ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx );
1105 case LDAP_REQ_UNBIND:
1106 /* c_mutex is locked */
1107 connection_closing( conn );
1111 conn->c_sasl_bind_in_progress =
1112 rc == LDAP_SASL_BIND_IN_PROGRESS ? 1 : 0;
1114 if( conn->c_conn_state == SLAP_C_BINDING) {
1115 conn->c_conn_state = SLAP_C_ACTIVE;
1119 connection_resched( conn );
1121 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
1126 int connection_read(ber_socket_t s)
1131 assert( connections != NULL );
1133 ldap_pvt_thread_mutex_lock( &connections_mutex );
1135 /* get (locked) connection */
1136 c = connection_get( s );
1140 LDAP_LOG( CONNECTION, INFO,
1141 "connection_read: sock %ld no connection\n", (long)s, 0, 0 );
1143 Debug( LDAP_DEBUG_ANY,
1144 "connection_read(%ld): no connection!\n",
1149 ldap_pvt_thread_mutex_unlock( &connections_mutex );
1155 if( c->c_conn_state == SLAP_C_CLOSING ) {
1157 LDAP_LOG( CONNECTION, INFO,
1158 "connection_read: conn %lu connection closing, ignoring input\n",
1159 c->c_connid, 0, 0 );
1161 Debug( LDAP_DEBUG_TRACE,
1162 "connection_read(%d): closing, ignoring input for id=%lu\n",
1163 s, c->c_connid, 0 );
1165 connection_return( c );
1166 ldap_pvt_thread_mutex_unlock( &connections_mutex );
1171 LDAP_LOG( CONNECTION, DETAIL1,
1172 "connection_read: conn %lu checking for input.\n",
1173 c->c_connid, 0, 0 );
1175 Debug( LDAP_DEBUG_TRACE,
1176 "connection_read(%d): checking for input on id=%lu\n",
1177 s, c->c_connid, 0 );
1181 if ( c->c_is_tls && c->c_needs_tls_accept ) {
1182 rc = ldap_pvt_tls_accept( c->c_sb, NULL );
1184 #if 0 /* required by next #if 0 */
1190 LDAP_LOG( CONNECTION, ERR,
1191 "connection_read: conn %lu TLS accept error, error %d\n",
1192 c->c_connid, rc, 0 );
1194 Debug( LDAP_DEBUG_TRACE,
1195 "connection_read(%d): TLS accept error "
1196 "error=%d id=%lu, closing\n",
1197 s, rc, c->c_connid );
1199 c->c_needs_tls_accept = 0;
1200 /* connections_mutex and c_mutex are locked */
1201 connection_closing( c );
1204 /* Drain input before close, to allow SSL error codes
1205 * to propagate to client. */
1211 rc = select(s+1, &rfd, NULL, NULL, &tv);
1213 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DRAIN, NULL);
1217 connection_close( c );
1219 } else if ( rc == 0 ) {
1221 struct berval authid = { 0, NULL };
1223 c->c_needs_tls_accept = 0;
1225 /* we need to let SASL know */
1226 ssl = ldap_pvt_tls_sb_ctx( c->c_sb );
1228 c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
1229 if( c->c_tls_ssf > c->c_ssf ) {
1230 c->c_ssf = c->c_tls_ssf;
1233 rc = dnX509peerNormalize( ssl, &authid );
1234 if ( rc != LDAP_SUCCESS ) {
1236 LDAP_LOG( CONNECTION, INFO,
1237 "connection_read: conn %lu unable to get TLS client DN, "
1238 "error %d\n", c->c_connid, rc, 0 );
1240 Debug( LDAP_DEBUG_TRACE,
1241 "connection_read(%d): unable to get TLS client DN "
1242 "error=%d id=%lu\n",
1243 s, rc, c->c_connid );
1246 slap_sasl_external( c, c->c_tls_ssf, authid.bv_val );
1247 if ( authid.bv_val ) free( authid.bv_val );
1250 /* if success and data is ready, fall thru to data input loop */
1252 !ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DATA_READY, NULL ) )
1254 connection_return( c );
1255 ldap_pvt_thread_mutex_unlock( &connections_mutex );
1261 #ifdef HAVE_CYRUS_SASL
1262 if ( c->c_sasl_layers ) {
1263 /* If previous layer is not removed yet, give up for now */
1264 if ( !c->c_sasl_sockctx ) {
1265 connection_return( c );
1266 ldap_pvt_thread_mutex_unlock( &connections_mutex );
1270 c->c_sasl_layers = 0;
1272 rc = ldap_pvt_sasl_install( c->c_sb, c->c_sasl_sockctx );
1274 if( rc != LDAP_SUCCESS ) {
1276 LDAP_LOG( CONNECTION, ERR,
1277 "connection_read: conn %lu SASL install error %d, closing\n",
1278 c->c_connid, rc, 0 );
1280 Debug( LDAP_DEBUG_TRACE,
1281 "connection_read(%d): SASL install error "
1282 "error=%d id=%lu, closing\n",
1283 s, rc, c->c_connid );
1285 /* connections_mutex and c_mutex are locked */
1286 connection_closing( c );
1287 connection_close( c );
1288 connection_return( c );
1289 ldap_pvt_thread_mutex_unlock( &connections_mutex );
1295 #define CONNECTION_INPUT_LOOP 1
1296 /* #define DATA_READY_LOOP 1 */
1300 /* How do we do this without getting into a busy loop ? */
1301 rc = connection_input( c );
1303 #ifdef DATA_READY_LOOP
1304 while( !rc && ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DATA_READY, NULL ) );
1305 #elif CONNECTION_INPUT_LOOP
1313 LDAP_LOG( CONNECTION, ERR,
1314 "connection_read: conn %lu input error %d, closing.\n",
1315 c->c_connid, rc, 0 );
1317 Debug( LDAP_DEBUG_TRACE,
1318 "connection_read(%d): input error=%d id=%lu, closing.\n",
1319 s, rc, c->c_connid );
1321 /* connections_mutex and c_mutex are locked */
1322 connection_closing( c );
1323 connection_close( c );
1324 connection_return( c );
1325 ldap_pvt_thread_mutex_unlock( &connections_mutex );
1329 if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) ) {
1330 slapd_set_read( s, 1 );
1333 if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) {
1334 slapd_set_write( s, 1 );
1337 connection_return( c );
1338 ldap_pvt_thread_mutex_unlock( &connections_mutex );
1353 #ifdef LDAP_CONNECTIONLESS
1358 if ( conn->c_currentber == NULL &&
1359 ( conn->c_currentber = ber_alloc()) == NULL )
1362 LDAP_LOG( CONNECTION, ERR,
1363 "connection_input: conn %lu ber_alloc failed.\n",
1364 conn->c_connid, 0, 0 );
1366 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
1373 #ifdef LDAP_CONNECTIONLESS
1374 if ( conn->c_is_udp ) {
1375 char peername[sizeof("IP=255.255.255.255:65336")];
1376 len = ber_int_sb_read(conn->c_sb, &peeraddr,
1377 sizeof(struct sockaddr));
1378 if (len != sizeof(struct sockaddr))
1380 sprintf( peername, "IP=%s:%d",
1381 inet_ntoa( peeraddr.sa_in_addr.sin_addr ),
1382 (unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
1383 Statslog( LDAP_DEBUG_STATS,
1384 "conn=%lu UDP request from %s (%s) accepted.\n",
1385 conn->c_connid, peername, conn->c_sock_name.bv_val, 0, 0 );
1388 tag = ber_get_next( conn->c_sb, &len, conn->c_currentber );
1389 if ( tag != LDAP_TAG_MESSAGE ) {
1393 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
1396 LDAP_LOG( CONNECTION, ERR,
1397 "connection_input: conn %lu ber_get_next failed, errno %d (%s).\n",
1398 conn->c_connid, err, sock_errstr(err) );
1400 Debug( LDAP_DEBUG_TRACE,
1401 "ber_get_next on fd %d failed errno=%d (%s)\n",
1402 sd, err, sock_errstr(err) );
1404 if ( err != EWOULDBLOCK && err != EAGAIN ) {
1405 /* log, close and send error */
1406 ber_free( conn->c_currentber, 1 );
1407 conn->c_currentber = NULL;
1414 ber = conn->c_currentber;
1415 conn->c_currentber = NULL;
1417 if ( (tag = ber_get_int( ber, &msgid )) != LDAP_TAG_MSGID ) {
1418 /* log, close and send error */
1420 LDAP_LOG( CONNECTION, ERR,
1421 "connection_input: conn %lu ber_get_int returns 0x%lx.\n",
1422 conn->c_connid, tag, 0 );
1424 Debug( LDAP_DEBUG_ANY, "ber_get_int returns 0x%lx\n", tag, 0,
1431 if ( (tag = ber_peek_tag( ber, &len )) == LBER_ERROR ) {
1432 /* log, close and send error */
1434 LDAP_LOG( CONNECTION, ERR,
1435 "connection_input: conn %lu ber_peek_tag returns 0x%lx.\n",
1436 conn->c_connid, tag, 0 );
1438 Debug( LDAP_DEBUG_ANY, "ber_peek_tag returns 0x%lx\n", tag, 0,
1446 #ifdef LDAP_CONNECTIONLESS
1447 if( conn->c_is_udp ) {
1448 if( tag == LBER_OCTETSTRING ) {
1449 ber_get_stringa( ber, &cdn );
1450 tag = ber_peek_tag(ber, &len);
1452 if( tag != LDAP_REQ_ABANDON && tag != LDAP_REQ_SEARCH ) {
1454 LDAP_LOG( CONNECTION, ERR,
1455 "connection_input: conn %lu invalid req for UDP 0x%lx.\n",
1456 conn->c_connid, tag, 0 );
1458 Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0,
1466 if(tag == LDAP_REQ_BIND) {
1467 /* immediately abandon all exiting operations upon BIND */
1468 connection_abandon( conn );
1471 op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++ );
1474 op->o_assertion = NULL;
1475 op->o_vrFilter = NULL;
1476 #ifdef LDAP_CONTROL_PAGEDRESULTS
1477 op->o_pagedresults_state = conn->c_pagedresults_state;
1479 #ifdef LDAP_CONNECTIONLESS
1480 if (conn->c_is_udp) {
1483 ber_str2bv( cdn, 0, 1, &op->o_dn );
1484 op->o_protocol = LDAP_VERSION2;
1486 op->o_res_ber = ber_alloc_t( LBER_USE_DER );
1487 if (op->o_res_ber == NULL)
1490 rc = ber_write(op->o_res_ber, (char *)&peeraddr, sizeof(struct sockaddr), 0);
1491 if (rc != sizeof(struct sockaddr)) {
1493 LDAP_LOG( CONNECTION, INFO,
1494 "connection_input: conn %lu ber_write failed\n",
1495 conn->c_connid, 0, 0 );
1497 Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
1502 if (op->o_protocol == LDAP_VERSION2) {
1503 rc = ber_printf(op->o_res_ber, "{is{" /*}}*/, op->o_msgid, "");
1506 LDAP_LOG( CONNECTION, INFO,
1507 "connection_input: conn %lu put outer sequence failed\n",
1508 conn->c_connid, 0, 0 );
1510 Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 );
1516 #endif /* LDAP_CONNECTIONLESS */
1520 /* Don't process requests when the conn is in the middle of a
1521 * Bind, or if it's closing. Also, don't let any single conn
1522 * use up all the available threads, and don't execute if we're
1523 * currently blocked on output. And don't execute if there are
1524 * already pending ops, let them go first.
1526 * But always allow Abandon through; it won't cost much.
1528 if ( tag != LDAP_REQ_ABANDON && (conn->c_conn_state == SLAP_C_BINDING
1529 || conn->c_conn_state == SLAP_C_CLOSING
1530 || conn->c_n_ops_executing >= connection_pool_max/2
1531 || conn->c_n_ops_pending
1532 || conn->c_writewaiter))
1534 int max = conn->c_dn.bv_len ? slap_conn_max_pending_auth
1535 : slap_conn_max_pending;
1537 LDAP_LOG( CONNECTION, INFO,
1538 "connection_input: conn %lu deferring operation\n",
1539 conn->c_connid, 0, 0 );
1541 Debug( LDAP_DEBUG_ANY, "deferring operation\n", 0, 0, 0 );
1543 conn->c_n_ops_pending++;
1544 LDAP_STAILQ_INSERT_TAIL( &conn->c_pending_ops, op, o_next );
1545 if ( conn->c_n_ops_pending > max ) {
1551 conn->c_n_ops_executing++;
1552 connection_op_activate( op );
1556 if ( conn->c_struct_state != SLAP_C_USED ) {
1557 /* connection must have got closed underneath us */
1561 assert( conn->c_struct_state == SLAP_C_USED );
1567 connection_resched( Connection *conn )
1571 if( conn->c_conn_state == SLAP_C_CLOSING ) {
1574 ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd );
1576 /* us trylock to avoid possible deadlock */
1577 rc = ldap_pvt_thread_mutex_trylock( &connections_mutex );
1581 LDAP_LOG( CONNECTION, DETAIL1,
1582 "connection_resched: conn %lu reaquiring locks.\n",
1583 conn->c_connid, 0, 0 );
1585 Debug( LDAP_DEBUG_TRACE,
1586 "connection_resched: reaquiring locks conn=%lu sd=%d\n",
1587 conn->c_connid, sd, 0 );
1590 * reaquire locks in the right order...
1591 * this may allow another thread to close this connection,
1592 * so recheck state below.
1594 ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
1595 ldap_pvt_thread_mutex_lock( &connections_mutex );
1596 ldap_pvt_thread_mutex_lock( &conn->c_mutex );
1599 if( conn->c_conn_state != SLAP_C_CLOSING ) {
1601 LDAP_LOG( CONNECTION, INFO,
1602 "connection_resched: conn %lu closed by other thread.\n",
1603 conn->c_connid, 0, 0 );
1605 Debug( LDAP_DEBUG_TRACE, "connection_resched: "
1606 "closed by other thread conn=%lu sd=%d\n",
1607 conn->c_connid, sd, 0 );
1611 LDAP_LOG( CONNECTION, DETAIL1,
1612 "connection_resched: conn %lu attempting closing.\n",
1613 conn->c_connid, 0, 0 );
1615 Debug( LDAP_DEBUG_TRACE, "connection_resched: "
1616 "attempting closing conn=%lu sd=%d\n",
1617 conn->c_connid, sd, 0 );
1619 connection_close( conn );
1622 ldap_pvt_thread_mutex_unlock( &connections_mutex );
1626 if( conn->c_conn_state != SLAP_C_ACTIVE || conn->c_writewaiter ) {
1627 /* other states need different handling */
1631 while ((op = LDAP_STAILQ_FIRST( &conn->c_pending_ops )) != NULL) {
1632 if ( conn->c_n_ops_executing > connection_pool_max/2 ) {
1635 LDAP_STAILQ_REMOVE_HEAD( &conn->c_pending_ops, o_next );
1636 LDAP_STAILQ_NEXT(op, o_next) = NULL;
1637 /* pending operations should not be marked for abandonment */
1638 assert(!op->o_abandon);
1640 conn->c_n_ops_pending--;
1641 conn->c_n_ops_executing++;
1643 connection_op_activate( op );
1645 if ( conn->c_conn_state == SLAP_C_BINDING ) {
1652 static int connection_op_activate( Operation *op )
1655 ber_tag_t tag = op->o_tag;
1657 if(tag == LDAP_REQ_BIND) {
1658 op->o_conn->c_conn_state = SLAP_C_BINDING;
1661 if (!op->o_dn.bv_len) {
1662 op->o_authz = op->o_conn->c_authz;
1663 ber_dupbv( &op->o_dn, &op->o_conn->c_dn );
1664 ber_dupbv( &op->o_ndn, &op->o_conn->c_ndn );
1666 op->o_authtype = op->o_conn->c_authtype;
1667 ber_dupbv( &op->o_authmech, &op->o_conn->c_authmech );
1669 if (!op->o_protocol) {
1670 op->o_protocol = op->o_conn->c_protocol
1671 ? op->o_conn->c_protocol : LDAP_VERSION3;
1673 if (op->o_conn->c_conn_state == SLAP_C_INACTIVE
1674 && op->o_protocol > LDAP_VERSION2) {
1675 op->o_conn->c_conn_state = SLAP_C_ACTIVE;
1678 op->o_connid = op->o_conn->c_connid;
1680 LDAP_STAILQ_INSERT_TAIL( &op->o_conn->c_ops, op, o_next );
1682 status = ldap_pvt_thread_pool_submit( &connection_pool,
1683 connection_operation, (void *) op );
1685 if ( status != 0 ) {
1687 LDAP_LOG( CONNECTION, ERR,
1688 "connection_op_activate: conn %lu thread pool submit failed.\n",
1689 op->o_connid, 0, 0 );
1691 Debug( LDAP_DEBUG_ANY,
1692 "ldap_pvt_thread_pool_submit failed (%d)\n", status, 0, 0 );
1694 /* should move op to pending list */
1700 int connection_write(ber_socket_t s)
1704 assert( connections != NULL );
1706 ldap_pvt_thread_mutex_lock( &connections_mutex );
1708 c = connection_get( s );
1710 slapd_clr_write( s, 0);
1714 LDAP_LOG( CONNECTION, ERR,
1715 "connection_write: sock %ld no connection!\n", (long)s, 0, 0);
1717 Debug( LDAP_DEBUG_ANY,
1718 "connection_write(%ld): no connection!\n",
1722 ldap_pvt_thread_mutex_unlock( &connections_mutex );
1729 LDAP_LOG( CONNECTION, DETAIL1,
1730 "connection_write conn %lu waking output.\n", c->c_connid, 0, 0 );
1732 Debug( LDAP_DEBUG_TRACE,
1733 "connection_write(%d): waking output for id=%lu\n",
1734 s, c->c_connid, 0 );
1736 ldap_pvt_thread_cond_signal( &c->c_write_cv );
1738 if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) )
1739 slapd_set_read( s, 1 );
1740 if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) )
1741 slapd_set_write( s, 1 );
1742 connection_return( c );
1743 ldap_pvt_thread_mutex_unlock( &connections_mutex );
projects / openldap / blob