2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1998-2005 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
15 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
16 * All rights reserved.
18 * Redistribution and use in source and binary forms are permitted
19 * provided that this notice is preserved and that due credit is given
20 * to the University of Michigan at Ann Arbor. The name of the University
21 * may not be used to endorse or promote products derived from this
22 * software without specific prior written permission. This software
23 * is provided ``as is'' without express or implied warranty.
32 #include <ac/socket.h>
33 #include <ac/string.h>
35 #include <ac/unistd.h>
38 #include "ldap_pvt_thread.h"
43 #if defined(HAVE_SYS_EPOLL_H) && defined(HAVE_EPOLL)
44 #include <sys/epoll.h>
49 int allow_severity = LOG_INFO;
50 int deny_severity = LOG_NOTICE;
52 #define SLAP_STRING_UNKNOWN STRING_UNKNOWN
53 #else /* ! TCP Wrappers */
54 #define SLAP_STRING_UNKNOWN "unknown"
55 #endif /* ! TCP Wrappers */
59 /* this should go in <ldap.h> as soon as it is accepted */
60 #define LDAPI_MOD_URLEXT "x-mod"
61 #endif /* LDAP_PF_LOCAL */
64 int slap_inet4or6 = AF_UNSPEC;
66 int slap_inet4or6 = AF_INET;
71 ber_socket_t dtblsize;
72 slap_ssf_t local_ssf = LDAP_PVT_SASL_LOCAL_SSF;
73 struct runqueue_s slapd_rq;
75 Listener **slap_listeners = NULL;
77 #ifndef SLAPD_LISTEN_BACKLOG
78 #define SLAPD_LISTEN_BACKLOG 1024
81 static ber_socket_t wake_sds[2];
85 #define WAKE_LISTENER(w) do { \
86 if ((w) && waking < 5) { \
88 tcp_write( wake_sds[1], "0", 1 ); \
92 volatile sig_atomic_t slapd_shutdown = 0, slapd_gentle_shutdown = 0;
93 volatile sig_atomic_t slapd_abrupt_shutdown = 0;
95 static struct slap_daemon {
96 ldap_pvt_thread_mutex_t sd_mutex;
98 ber_socket_t sd_nactives;
102 struct epoll_event *sd_epolls;
107 # ifdef SLAP_LIGHTWEIGHT_LISTENER
108 int *sd_suspend; /* 0: suspended, 1: not suspended */
113 /* In winsock, accept() returns values higher than dtblsize
114 so don't bother with this optimization */
120 # ifdef SLAP_LIGHTWEIGHT_LISTENER
121 fd_set sd_suspend; /* unset: suspended, set: not suspended */
127 # define SLAP_EVENTS_ARE_INDEXED 0
128 # define SLAP_SOCK_IX(s) (slap_daemon.sd_index[(s)])
129 # define SLAP_SOCK_EP(s) (slap_daemon.sd_epolls[SLAP_SOCK_IX(s)])
130 # define SLAP_SOCK_EV(s) (SLAP_SOCK_EP(s).events)
131 # define SLAP_SOCK_IS_ACTIVE(s) (SLAP_SOCK_IX(s) != -1)
132 # define SLAP_SOCK_NOT_ACTIVE(s) (SLAP_SOCK_IX(s) == -1)
133 # define SLAP_SOCK_IS_SET(s, mode) (SLAP_SOCK_EV(s) & (mode))
135 # define SLAP_SOCK_IS_READ(s) SLAP_SOCK_IS_SET((s), EPOLLIN)
136 # define SLAP_SOCK_IS_WRITE(s) SLAP_SOCK_IS_SET((s), EPOLLOUT)
138 # define SLAP_SET_SOCK(s, mode) do { \
139 if ((SLAP_SOCK_EV(s) & (mode)) != (mode)) { \
140 SLAP_SOCK_EV(s) |= (mode); \
141 epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_MOD, (s), \
146 # define SLAP_CLR_SOCK(s, mode) do { \
147 if ((SLAP_SOCK_EV(s) & (mode))) { \
148 SLAP_SOCK_EV(s) &= ~(mode); \
149 epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_MOD, s, \
154 # define SLAP_SOCK_SET_READ(s) SLAP_SET_SOCK(s, EPOLLIN)
155 # define SLAP_SOCK_SET_WRITE(s) SLAP_SET_SOCK(s, EPOLLOUT)
157 # ifdef SLAP_LIGHTWEIGHT_LISTENER
158 # define SLAP_SOCK_SET_SUSPEND(s) \
159 ( slap_daemon.sd_suspend[SLAP_SOCK_IX(s)] = 1 )
160 # define SLAP_SOCK_CLR_SUSPEND(s) \
161 ( slap_daemon.sd_suspend[SLAP_SOCK_IX(s)] = 0 )
162 # define SLAP_SOCK_IS_SUSPEND(s) \
163 ( slap_daemon.sd_suspend[SLAP_SOCK_IX(s)] == 1 )
166 # define SLAP_SOCK_CLR_READ(s) SLAP_CLR_SOCK((s), EPOLLIN)
167 # define SLAP_SOCK_CLR_WRITE(s) SLAP_CLR_SOCK((s), EPOLLOUT)
169 # define SLAP_CLR_EVENT(i, mode) (revents[(i)].events &= ~(mode))
171 # define SLAP_EVENT_MAX slap_daemon.sd_nfds
173 /* If a Listener address is provided, store that as the epoll data.
174 * Otherwise, store the address of this socket's slot in the
175 * index array. If we can't do this add, the system is out of
176 * resources and we need to shutdown.
178 # define SLAP_ADD_SOCK(s, l) do { \
180 SLAP_SOCK_IX((s)) = slap_daemon.sd_nfds; \
181 SLAP_SOCK_EP((s)).data.ptr = (l) ? (l) : (void *)(&SLAP_SOCK_IX(s)); \
182 SLAP_SOCK_EV((s)) = EPOLLIN; \
183 rc = epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_ADD, \
184 (s), &SLAP_SOCK_EP((s))); \
186 slap_daemon.sd_nfds++; \
188 Debug( LDAP_DEBUG_ANY, \
189 "daemon: epoll_ctl ADD failed, errno %d, shutting down\n", \
191 slapd_shutdown = 2; \
195 # define SLAP_EV_LISTENER(ptr) (((int *)(ptr) >= slap_daemon.sd_index && \
196 (int *)(ptr) <= (slap_daemon.sd_index+dtblsize)) ? 0 : 1 )
198 # define SLAP_EV_PTRFD(ptr) (SLAP_EV_LISTENER(ptr) ? \
199 ((Listener *)ptr)->sl_sd : (int *)(ptr) - slap_daemon.sd_index)
201 # ifdef SLAP_LIGHTWEIGHT_LISTENER
202 # define SLAP_DEL_SOCK(s) do { \
203 int fd, rc, suspend, index = SLAP_SOCK_IX((s)); \
204 rc = epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_DEL, \
205 (s), &SLAP_SOCK_EP((s))); \
206 slap_daemon.sd_epolls[index] = \
207 slap_daemon.sd_epolls[slap_daemon.sd_nfds-1]; \
208 fd = SLAP_EV_PTRFD(slap_daemon.sd_epolls[index].data.ptr); \
209 slap_daemon.sd_suspend[index] = \
210 slap_daemon.sd_suspend[slap_daemon.sd_nfds-1]; \
211 slap_daemon.sd_suspend[slap_daemon.sd_nfds-1] = 0; \
212 slap_daemon.sd_index[fd] = index; \
213 slap_daemon.sd_index[(s)] = -1; \
214 slap_daemon.sd_nfds--; \
217 # define SLAP_DEL_SOCK(s) do { \
218 int fd, rc, index = SLAP_SOCK_IX((s)); \
219 rc = epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_DEL, \
220 (s), &SLAP_SOCK_EP((s))); \
221 slap_daemon.sd_epolls[index] = \
222 slap_daemon.sd_epolls[slap_daemon.sd_nfds-1]; \
223 fd = SLAP_EV_PTRFD(slap_daemon.sd_epolls[index].data.ptr); \
224 slap_daemon.sd_index[fd] = index; \
225 slap_daemon.sd_index[(s)] = -1; \
226 slap_daemon.sd_nfds--; \
230 # define SLAP_EVENT_CLR_READ(i) SLAP_CLR_EVENT((i), EPOLLIN)
231 # define SLAP_EVENT_CLR_WRITE(i) SLAP_CLR_EVENT((i), EPOLLOUT)
233 # define SLAP_CHK_EVENT(i, mode) (revents[(i)].events & mode)
235 # define SLAP_EVENT_IS_READ(i) SLAP_CHK_EVENT((i), EPOLLIN)
236 # define SLAP_EVENT_IS_WRITE(i) SLAP_CHK_EVENT((i), EPOLLOUT)
237 # define SLAP_EVENT_IS_LISTENER(i) SLAP_EV_LISTENER(revents[(i)].data.ptr)
238 # define SLAP_EVENT_LISTENER(i) (revents[(i)].data.ptr)
240 # define SLAP_EVENT_FD(i) SLAP_EV_PTRFD(revents[(i)].data.ptr)
241 # define SLAP_SOCK_SET_MUTE(s) SLAP_SOCK_CLR_READ((s))
242 # define SLAP_SOCK_CLR_MUTE(s) SLAP_SOCK_SET_READ((s))
243 # define SLAP_SOCK_IS_MUTE(s) (!SLAP_SOCK_IS_READ((s)))
245 # ifdef SLAP_LIGHTWEIGHT_LISTENER
246 # define SLAP_SOCK_SET_INIT do { \
247 slap_daemon.sd_epolls = \
248 ch_malloc( sizeof(struct epoll_event) * dtblsize * 2 ); \
249 slap_daemon.sd_index = ch_malloc(sizeof(int) * dtblsize); \
250 slap_daemon.sd_epfd = epoll_create( dtblsize ); \
251 for (i=0; i<dtblsize; i++) slap_daemon.sd_index[i] = -1; \
252 slap_daemon.sd_suspend = ch_malloc(sizeof(int) * dtblsize); \
253 for (i=0; i<dtblsize; i++) slap_daemon.sd_suspend[i] = 0; \
256 # define SLAP_SOCK_SET_INIT do { \
257 slap_daemon.sd_epolls = ch_calloc(1, \
258 sizeof(struct epoll_event) * dtblsize * 2); \
259 slap_daemon.sd_index = ch_malloc(sizeof(int) * dtblsize); \
260 slap_daemon.sd_epfd = epoll_create( dtblsize ); \
261 for (i=0; i<dtblsize; i++) slap_daemon.sd_index[i] = -1 \
265 # define SLAP_EVENT_DECL struct epoll_event *revents
267 # define SLAP_EVENT_INIT do { \
268 revents = slap_daemon.sd_epolls + dtblsize; \
271 # define SLAP_EVENT_WAIT(tvp) \
272 epoll_wait( slap_daemon.sd_epfd, revents, \
273 dtblsize, (tvp) ? (tvp)->tv_sec * 1000 : -1 )
278 # define SLAP_EVENTS_ARE_INDEXED 1
279 # define SLAP_EVENT_DECL \
280 fd_set readfds, writefds
282 # define SLAP_EVENT_INIT do { \
283 AC_MEMCPY( &readfds, &slap_daemon.sd_readers, sizeof(fd_set) ); \
285 AC_MEMCPY( &writefds, &slap_daemon.sd_writers, sizeof(fd_set) ); \
287 FD_ZERO( &writefds ); \
292 # define CHK_SETSIZE do { \
293 if (dtblsize > FD_SETSIZE) dtblsize = FD_SETSIZE; \
296 # define CHK_SETSIZE do { ; } while (0)
299 # ifdef SLAP_LIGHTWEIGHT_LISTENER
300 # define SLAP_SOCK_SET_INIT do { \
302 FD_ZERO(&slap_daemon.sd_readers); \
303 FD_ZERO(&slap_daemon.sd_writers); \
304 FD_ZERO(&slap_daemon.sd_suspend); \
307 # define SLAP_SOCK_SET_INIT do { \
309 FD_ZERO(&slap_daemon.sd_readers); \
310 FD_ZERO(&slap_daemon.sd_writers); \
314 # define SLAP_SOCK_IS_ACTIVE(fd) FD_ISSET((fd), &slap_daemon.sd_actives)
315 # define SLAP_SOCK_IS_READ(fd) FD_ISSET((fd), &slap_daemon.sd_readers)
316 # define SLAP_SOCK_IS_WRITE(fd) FD_ISSET((fd), &slap_daemon.sd_writers)
318 # define SLAP_SOCK_NOT_ACTIVE(fd) (!SLAP_SOCK_IS_ACTIVE(fd) && \
319 !SLAP_SOCK_IS_READ(fd) && !SLAP_SOCK_IS_WRITE(fd))
321 # ifdef SLAP_LIGHTWEIGHT_LISTENER
322 # define SLAP_SOCK_SET_SUSPEND(s) FD_SET((s), &slap_daemon.sd_suspend)
323 # define SLAP_SOCK_CLR_SUSPEND(s) FD_CLR((s), &slap_daemon.sd_suspend)
324 # define SLAP_SOCK_IS_SUSPEND(s) FD_ISSET((s), &slap_daemon.sd_suspend)
328 # define SLAP_SOCK_SET_READ(fd) do { \
329 if (!SLAP_SOCK_IS_READ(fd)) { FD_SET((fd), &slap_daemon.sd_readers); } \
331 # define SLAP_SOCK_SET_WRITE(fd) do { \
332 if (!SLAP_SOCK_IS_WRITE(fd)) { FD_SET((fd), &slap_daemon.sd_writers); } \
335 # define SLAP_ADDTEST(s) do { } while 0
336 # define SLAP_EVENT_MAX dtblsize
338 # define SLAP_SOCK_SET_READ(fd) FD_SET((fd), &slap_daemon.sd_readers)
339 # define SLAP_SOCK_SET_WRITE(fd) FD_SET((fd), &slap_daemon.sd_writers)
341 # define SLAP_EVENT_MAX slap_daemon.sd_nfds
342 # define SLAP_ADDTEST(s) do { \
343 if ((s) >= slap_daemon.sd_nfds) slap_daemon.sd_nfds = (s)+1; \
347 # define SLAP_SOCK_CLR_READ(fd) FD_CLR((fd), &slap_daemon.sd_readers)
348 # define SLAP_SOCK_CLR_WRITE(fd) FD_CLR((fd), &slap_daemon.sd_writers)
350 # define SLAP_ADD_SOCK(s, l) do { \
352 FD_SET((s), &slap_daemon.sd_actives); \
353 FD_SET((s), &slap_daemon.sd_readers); \
356 # define SLAP_DEL_SOCK(s) do { \
357 FD_CLR((s), &slap_daemon.sd_actives); \
358 FD_CLR((s), &slap_daemon.sd_readers); \
359 FD_CLR((s), &slap_daemon.sd_writers); \
362 # define SLAP_EVENT_IS_READ(fd) FD_ISSET((fd), &readfds)
363 # define SLAP_EVENT_IS_WRITE(fd) FD_ISSET((fd), &writefds)
365 # define SLAP_EVENT_CLR_READ(fd) FD_CLR((fd), &readfds)
366 # define SLAP_EVENT_CLR_WRITE(fd) FD_CLR((fd), &writefds)
368 # define SLAP_EVENT_WAIT(tvp) \
369 select( SLAP_EVENT_MAX, &readfds, \
370 nwriters > 0 ? &writefds : NULL, NULL, (tvp) )
372 # define SLAP_SOCK_SET_MUTE(s) FD_CLR((s), &readfds)
373 # define SLAP_SOCK_CLR_MUTE(s) FD_SET((s), &readfds)
374 # define SLAP_SOCK_IS_MUTE(s) (!FD_ISSET((s), &readfds))
379 * SLP related functions
383 #define LDAP_SRVTYPE_PREFIX "service:ldap://"
384 #define LDAPS_SRVTYPE_PREFIX "service:ldaps://"
385 static char** slapd_srvurls = NULL;
386 static SLPHandle slapd_hslp = 0;
387 int slapd_register_slp = 0;
389 void slapd_slp_init( const char* urls ) {
392 slapd_srvurls = ldap_str2charray( urls, " " );
394 if( slapd_srvurls == NULL ) return;
396 /* find and expand INADDR_ANY URLs */
397 for( i=0; slapd_srvurls[i] != NULL; i++ ) {
398 if( strcmp( slapd_srvurls[i], "ldap:///" ) == 0) {
399 char *host = ldap_pvt_get_fqdn( NULL );
400 if ( host != NULL ) {
401 slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
403 sizeof( LDAP_SRVTYPE_PREFIX ) );
404 strcpy( lutil_strcopy(slapd_srvurls[i],
405 LDAP_SRVTYPE_PREFIX ), host );
410 } else if ( strcmp( slapd_srvurls[i], "ldaps:///" ) == 0) {
411 char *host = ldap_pvt_get_fqdn( NULL );
412 if ( host != NULL ) {
413 slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
415 sizeof( LDAPS_SRVTYPE_PREFIX ) );
416 strcpy( lutil_strcopy(slapd_srvurls[i],
417 LDAPS_SRVTYPE_PREFIX ), host );
424 /* open the SLP handle */
425 SLPOpen( "en", 0, &slapd_hslp );
428 void slapd_slp_deinit() {
429 if( slapd_srvurls == NULL ) return;
431 ldap_charray_free( slapd_srvurls );
432 slapd_srvurls = NULL;
434 /* close the SLP handle */
435 SLPClose( slapd_hslp );
438 void slapd_slp_regreport(
446 void slapd_slp_reg() {
449 if( slapd_srvurls == NULL ) return;
451 for( i=0; slapd_srvurls[i] != NULL; i++ ) {
452 if( strncmp( slapd_srvurls[i], LDAP_SRVTYPE_PREFIX,
453 sizeof( LDAP_SRVTYPE_PREFIX ) - 1 ) == 0 ||
454 strncmp( slapd_srvurls[i], LDAPS_SRVTYPE_PREFIX,
455 sizeof( LDAPS_SRVTYPE_PREFIX ) - 1 ) == 0 )
459 SLP_LIFETIME_MAXIMUM,
469 void slapd_slp_dereg() {
472 if( slapd_srvurls == NULL ) return;
474 for( i=0; slapd_srvurls[i] != NULL; i++ ) {
475 SLPDereg( slapd_hslp,
481 #endif /* HAVE_SLP */
484 * Add a descriptor to daemon control
486 * If isactive, the descriptor is a live server session and is subject
487 * to idletimeout control. Otherwise, the descriptor is a passive
488 * listener or an outbound client session, and not subject to
489 * idletimeout. The underlying event handler may record the Listener
490 * argument to differentiate Listener's from real sessions.
492 static void slapd_add(ber_socket_t s, int isactive, Listener *sl) {
493 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
495 assert( SLAP_SOCK_NOT_ACTIVE(s) );
497 if ( isactive ) slap_daemon.sd_nactives++;
499 SLAP_ADD_SOCK(s, sl);
501 Debug( LDAP_DEBUG_CONNS, "daemon: added %ldr\n",
504 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
506 #ifdef SLAP_LIGHTWEIGHT_LISTENER
512 * Remove the descriptor from daemon control
521 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
523 if ( wasactive ) slap_daemon.sd_nactives--;
524 waswriter = SLAP_SOCK_IS_WRITE(s);
526 Debug( LDAP_DEBUG_CONNS, "daemon: removing %ld%s%s\n",
527 (long) s, SLAP_SOCK_IS_READ(s) ? "r" : "",
528 waswriter ? "w" : "" );
529 if ( waswriter ) slap_daemon.sd_nwriters--;
531 #ifdef SLAP_LIGHTWEIGHT_LISTENER
532 SLAP_SOCK_CLR_SUSPEND(s);
536 /* If we ran out of file descriptors, we dropped a listener from
537 * the select() loop. Now that we're removing a session from our
538 * control, we can try to resume a dropped listener to use.
542 for ( i = 0; slap_listeners[i] != NULL; i++ ) {
543 if ( slap_listeners[i]->sl_sd != AC_SOCKET_INVALID ) {
544 if ( slap_listeners[i]->sl_sd == s ) continue;
545 if ( slap_listeners[i]->sl_is_mute ) {
546 slap_listeners[i]->sl_is_mute = 0;
552 /* Walked the entire list without enabling anything; emfile
553 * counter is stale. Reset it.
555 if ( slap_listeners[i] == NULL ) emfile = 0;
557 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
558 WAKE_LISTENER(wake || slapd_gentle_shutdown == 2);
561 #ifdef SLAP_LIGHTWEIGHT_LISTENER
563 * Temporarily suspend submitting events on the descriptor to the pool.
564 * Reading on the descriptor will be resumed by a connection procseeing thread
565 * when data (LDAP requests) on it are read.
566 * slapd_suspend() returns 1 when it is suspended otherwise returns 0
568 int slapd_suspend(ber_socket_t s) {
571 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
573 if ( !SLAP_SOCK_IS_SUSPEND( s ) && SLAP_SOCK_IS_ACTIVE( s ) &&
574 SLAP_SOCK_IS_READ( s ) )
576 SLAP_SOCK_SET_SUSPEND( s );
577 SLAP_SOCK_CLR_READ( s );
581 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
585 void slapd_resume ( ber_socket_t s ) {
586 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
588 SLAP_SOCK_SET_READ( s );
590 assert( SLAP_SOCK_IS_SUSPEND( s ) );
592 SLAP_SOCK_CLR_SUSPEND ( s );
594 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
600 void slapd_clr_write(ber_socket_t s, int wake) {
601 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
603 assert( SLAP_SOCK_IS_ACTIVE( s ));
605 if ( SLAP_SOCK_IS_WRITE( s )) {
606 SLAP_SOCK_CLR_WRITE( s );
607 slap_daemon.sd_nwriters--;
610 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
614 void slapd_set_write(ber_socket_t s, int wake) {
615 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
617 assert( SLAP_SOCK_IS_ACTIVE( s ));
619 if ( !SLAP_SOCK_IS_WRITE( s )) {
620 SLAP_SOCK_SET_WRITE( s );
621 slap_daemon.sd_nwriters++;
624 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
628 void slapd_clr_read(ber_socket_t s, int wake) {
629 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
631 assert( SLAP_SOCK_IS_ACTIVE( s ));
632 SLAP_SOCK_CLR_READ( s );
634 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
638 void slapd_set_read(ber_socket_t s, int wake) {
639 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
641 assert( SLAP_SOCK_IS_ACTIVE( s ));
642 if (!SLAP_SOCK_IS_READ( s ))
643 SLAP_SOCK_SET_READ( s );
645 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
649 static void slapd_close(ber_socket_t s) {
650 Debug( LDAP_DEBUG_CONNS, "daemon: closing %ld\n",
655 static void slap_free_listener_addresses(struct sockaddr **sal)
657 struct sockaddr **sap;
659 if (sal == NULL) return;
661 for (sap = sal; *sap != NULL; sap++) {
668 #if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD)
669 static int get_url_perms(
676 assert( exts != NULL );
677 assert( perms != NULL );
678 assert( crit != NULL );
681 for ( i = 0; exts[ i ]; i++ ) {
682 char *type = exts[ i ];
685 if ( type[ 0 ] == '!' ) {
690 if ( strncasecmp( type, LDAPI_MOD_URLEXT "=",
691 sizeof(LDAPI_MOD_URLEXT "=") - 1 ) == 0 )
693 char *value = type + ( sizeof(LDAPI_MOD_URLEXT "=") - 1 );
697 switch (strlen(value)) {
699 /* skip leading '0' */
700 if ( value[ 0 ] != '0' ) return LDAP_OTHER;
704 for ( j = 0; j < 3; j++) {
707 v = value[ j ] - '0';
709 if ( v < 0 || v > 7 ) return LDAP_OTHER;
716 for ( j = 1; j < 10; j++ ) {
717 static mode_t m[] = { 0,
718 S_IRUSR, S_IWUSR, S_IXUSR,
719 S_IRGRP, S_IWGRP, S_IXGRP,
720 S_IROTH, S_IWOTH, S_IXOTH
722 static char c[] = "-rwxrwxrwx";
724 if ( value[ j ] == c[ j ] ) {
727 } else if ( value[ j ] != '-' ) {
746 #endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */
748 /* port = 0 indicates AF_LOCAL */
749 static int slap_get_listener_addresses(
752 struct sockaddr ***sal)
754 struct sockaddr **sap;
758 *sal = ch_malloc(2 * sizeof(void *));
759 if (*sal == NULL) return -1;
762 *sap = ch_malloc(sizeof(struct sockaddr_un));
763 if (*sap == NULL) goto errexit;
767 (sizeof(((struct sockaddr_un *)*sap)->sun_path) - 1) )
769 Debug( LDAP_DEBUG_ANY,
770 "daemon: domain socket path (%s) too long in URL",
775 (void)memset( (void *)*sap, '\0', sizeof(struct sockaddr_un) );
776 (*sap)->sa_family = AF_LOCAL;
777 strcpy( ((struct sockaddr_un *)*sap)->sun_path, host );
781 #ifdef HAVE_GETADDRINFO
782 struct addrinfo hints, *res, *sai;
786 memset( &hints, '\0', sizeof(hints) );
787 hints.ai_flags = AI_PASSIVE;
788 hints.ai_socktype = SOCK_STREAM;
789 hints.ai_family = slap_inet4or6;
790 snprintf(serv, sizeof serv, "%d", port);
792 if ( (err = getaddrinfo(host, serv, &hints, &res)) ) {
793 Debug( LDAP_DEBUG_ANY, "daemon: getaddrinfo failed: %s\n",
794 AC_GAI_STRERROR(err), 0, 0);
799 for (n=2; (sai = sai->ai_next) != NULL; n++) {
802 *sal = ch_calloc(n, sizeof(void *));
803 if (*sal == NULL) return -1;
808 for ( sai=res; sai; sai=sai->ai_next ) {
809 if( sai->ai_addr == NULL ) {
810 Debug( LDAP_DEBUG_ANY, "slap_get_listener_addresses: "
811 "getaddrinfo ai_addr is NULL?\n", 0, 0, 0 );
816 switch (sai->ai_family) {
817 # ifdef LDAP_PF_INET6
819 *sap = ch_malloc(sizeof(struct sockaddr_in6));
824 *(struct sockaddr_in6 *)*sap =
825 *((struct sockaddr_in6 *)sai->ai_addr);
829 *sap = ch_malloc(sizeof(struct sockaddr_in));
834 *(struct sockaddr_in *)*sap =
835 *((struct sockaddr_in *)sai->ai_addr);
843 (*sap)->sa_family = sai->ai_family;
853 struct hostent *he = NULL;
855 if ( host == NULL ) {
856 in.s_addr = htonl(INADDR_ANY);
858 } else if ( !inet_aton( host, &in ) ) {
859 he = gethostbyname( host );
861 Debug( LDAP_DEBUG_ANY,
862 "daemon: invalid host %s", host, 0, 0);
865 for (n = 0; he->h_addr_list[n]; n++) ;
868 *sal = ch_malloc((n+1) * sizeof(void *));
874 for ( i = 0; i<n; i++ ) {
875 sap[i] = ch_malloc(sizeof(struct sockaddr_in));
876 if (*sap == NULL) goto errexit;
877 (void)memset( (void *)sap[i], '\0', sizeof(struct sockaddr_in) );
878 sap[i]->sa_family = AF_INET;
879 ((struct sockaddr_in *)sap[i])->sin_port = htons(port);
881 AC_MEMCPY( &((struct sockaddr_in *)sap[i])->sin_addr,
882 he->h_addr_list[i], sizeof(struct in_addr) );
884 AC_MEMCPY( &((struct sockaddr_in *)sap[i])->sin_addr,
885 &in, sizeof(struct in_addr) );
895 slap_free_listener_addresses(*sal);
899 static int slap_open_listener(
910 int err, addrlen = 0;
911 struct sockaddr **sal, **psal;
912 int socktype = SOCK_STREAM; /* default to COTS */
914 #if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD)
919 #endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */
921 rc = ldap_url_parse( url, &lud );
923 if( rc != LDAP_URL_SUCCESS ) {
924 Debug( LDAP_DEBUG_ANY,
925 "daemon: listen URL \"%s\" parse error=%d\n",
930 l.sl_url.bv_val = NULL;
934 if( ldap_pvt_url_scheme2tls( lud->lud_scheme ) ) {
935 Debug( LDAP_DEBUG_ANY,
936 "daemon: TLS not supported (%s)\n",
938 ldap_free_urldesc( lud );
942 if(! lud->lud_port ) lud->lud_port = LDAP_PORT;
945 l.sl_is_tls = ldap_pvt_url_scheme2tls( lud->lud_scheme );
947 if(! lud->lud_port ) {
948 lud->lud_port = l.sl_is_tls ? LDAPS_PORT : LDAP_PORT;
952 port = (unsigned short) lud->lud_port;
954 tmp = ldap_pvt_url_scheme2proto(lud->lud_scheme);
955 if ( tmp == LDAP_PROTO_IPC ) {
957 if ( lud->lud_host == NULL || lud->lud_host[0] == '\0' ) {
958 err = slap_get_listener_addresses(LDAPI_SOCK, 0, &sal);
960 err = slap_get_listener_addresses(lud->lud_host, 0, &sal);
964 Debug( LDAP_DEBUG_ANY, "daemon: URL scheme not supported: %s",
966 ldap_free_urldesc( lud );
970 if( lud->lud_host == NULL || lud->lud_host[0] == '\0'
971 || strcmp(lud->lud_host, "*") == 0 )
973 err = slap_get_listener_addresses(NULL, port, &sal);
975 err = slap_get_listener_addresses(lud->lud_host, port, &sal);
979 #ifdef LDAP_CONNECTIONLESS
980 l.sl_is_udp = ( tmp == LDAP_PROTO_UDP );
983 #if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD)
984 if ( lud->lud_exts ) {
985 err = get_url_perms( lud->lud_exts, &l.sl_perms, &crit );
987 l.sl_perms = S_IRWXU | S_IRWXO;
989 #endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */
991 ldap_free_urldesc( lud );
992 if ( err ) return -1;
994 /* If we got more than one address returned, we need to make space
995 * for it in the slap_listeners array.
997 for ( num=0; sal[num]; num++ ) /* empty */;
1000 slap_listeners = ch_realloc( slap_listeners,
1001 (*listeners + 1) * sizeof(Listener *) );
1005 while ( *sal != NULL ) {
1007 switch( (*sal)->sa_family ) {
1011 #ifdef LDAP_PF_INET6
1016 #ifdef LDAP_PF_LOCAL
1026 #ifdef LDAP_CONNECTIONLESS
1027 if( l.sl_is_udp ) socktype = SOCK_DGRAM;
1030 l.sl_sd = socket( (*sal)->sa_family, socktype, 0);
1031 if ( l.sl_sd == AC_SOCKET_INVALID ) {
1032 int err = sock_errno();
1033 Debug( LDAP_DEBUG_ANY,
1034 "daemon: %s socket() failed errno=%d (%s)\n",
1035 af, err, sock_errstr(err) );
1040 #ifndef HAVE_WINSOCK
1041 if ( l.sl_sd >= dtblsize ) {
1042 Debug( LDAP_DEBUG_ANY,
1043 "daemon: listener descriptor %ld is too great %ld\n",
1044 (long) l.sl_sd, (long) dtblsize, 0 );
1045 tcp_close( l.sl_sd );
1051 #ifdef LDAP_PF_LOCAL
1052 if ( (*sal)->sa_family == AF_LOCAL ) {
1053 unlink ( ((struct sockaddr_un *)*sal)->sun_path );
1058 /* enable address reuse */
1060 rc = setsockopt( l.sl_sd, SOL_SOCKET, SO_REUSEADDR,
1061 (char *) &tmp, sizeof(tmp) );
1062 if ( rc == AC_SOCKET_ERROR ) {
1063 int err = sock_errno();
1064 Debug( LDAP_DEBUG_ANY, "slapd(%ld): "
1065 "setsockopt(SO_REUSEADDR) failed errno=%d (%s)\n",
1066 (long) l.sl_sd, err, sock_errstr(err) );
1071 switch( (*sal)->sa_family ) {
1073 addrlen = sizeof(struct sockaddr_in);
1075 #ifdef LDAP_PF_INET6
1078 /* Try to use IPv6 sockets for IPv6 only */
1080 rc = setsockopt( l.sl_sd, IPPROTO_IPV6, IPV6_V6ONLY,
1081 (char *) &tmp, sizeof(tmp) );
1082 if ( rc == AC_SOCKET_ERROR ) {
1083 int err = sock_errno();
1084 Debug( LDAP_DEBUG_ANY, "slapd(%ld): "
1085 "setsockopt(IPV6_V6ONLY) failed errno=%d (%s)\n",
1086 (long) l.sl_sd, err, sock_errstr(err) );
1089 addrlen = sizeof(struct sockaddr_in6);
1093 #ifdef LDAP_PF_LOCAL
1098 setsockopt(l.sl_sd, 0, LOCAL_CREDS, &one, sizeof one);
1101 addrlen = sizeof(struct sockaddr_un);
1106 if (bind(l.sl_sd, *sal, addrlen)) {
1108 Debug( LDAP_DEBUG_ANY,
1109 "daemon: bind(%ld) failed errno=%d (%s)\n",
1110 (long) l.sl_sd, err, sock_errstr(err) );
1111 tcp_close( l.sl_sd );
1116 switch ( (*sal)->sa_family ) {
1117 #ifdef LDAP_PF_LOCAL
1119 char *addr = ((struct sockaddr_un *)*sal)->sun_path;
1120 l.sl_name.bv_len = strlen(addr) + sizeof("PATH=") - 1;
1121 l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len + 1 );
1122 snprintf( l.sl_name.bv_val, l.sl_name.bv_len + 1,
1125 #endif /* LDAP_PF_LOCAL */
1129 #if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
1130 char addr[INET_ADDRSTRLEN];
1131 inet_ntop( AF_INET, &((struct sockaddr_in *)*sal)->sin_addr,
1132 addr, sizeof(addr) );
1135 s = inet_ntoa( ((struct sockaddr_in *) *sal)->sin_addr );
1137 port = ntohs( ((struct sockaddr_in *)*sal) ->sin_port );
1139 ber_memalloc( sizeof("IP=255.255.255.255:65535") );
1140 snprintf( l.sl_name.bv_val, sizeof("IP=255.255.255.255:65535"),
1142 s != NULL ? s : SLAP_STRING_UNKNOWN, port );
1143 l.sl_name.bv_len = strlen( l.sl_name.bv_val );
1146 #ifdef LDAP_PF_INET6
1148 char addr[INET6_ADDRSTRLEN];
1149 inet_ntop( AF_INET6, &((struct sockaddr_in6 *)*sal)->sin6_addr,
1151 port = ntohs( ((struct sockaddr_in6 *)*sal)->sin6_port );
1152 l.sl_name.bv_len = strlen(addr) + sizeof("IP= 65535");
1153 l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len );
1154 snprintf( l.sl_name.bv_val, l.sl_name.bv_len, "IP=%s %d",
1156 l.sl_name.bv_len = strlen( l.sl_name.bv_val );
1158 #endif /* LDAP_PF_INET6 */
1161 Debug( LDAP_DEBUG_ANY, "daemon: unsupported address family (%d)\n",
1162 (int) (*sal)->sa_family, 0, 0 );
1166 AC_MEMCPY(&l.sl_sa, *sal, addrlen);
1167 ber_str2bv( url, 0, 1, &l.sl_url);
1168 li = ch_malloc( sizeof( Listener ) );
1170 slap_listeners[*cur] = li;
1175 slap_free_listener_addresses(psal);
1177 if ( l.sl_url.bv_val == NULL ) {
1178 Debug( LDAP_DEBUG_TRACE,
1179 "slap_open_listener: failed on %s\n", url, 0, 0 );
1183 Debug( LDAP_DEBUG_TRACE, "daemon: initialized %s\n",
1184 l.sl_url.bv_val, 0, 0 );
1188 static int sockinit(void);
1189 static int sockdestroy(void);
1191 int slapd_daemon_init( const char *urls )
1196 Debug( LDAP_DEBUG_ARGS, "daemon_init: %s\n",
1197 urls ? urls : "<null>", 0, 0 );
1198 if( (rc = sockinit()) != 0 ) {
1203 dtblsize = sysconf( _SC_OPEN_MAX );
1204 #elif HAVE_GETDTABLESIZE
1205 dtblsize = getdtablesize();
1207 dtblsize = FD_SETSIZE;
1210 /* open a pipe (or something equivalent connected to itself).
1211 * we write a byte on this fd whenever we catch a signal. The main
1212 * loop will be select'ing on this socket, and will wake up when
1213 * this byte arrives.
1215 if( (rc = lutil_pair( wake_sds )) < 0 ) {
1216 Debug( LDAP_DEBUG_ANY,
1217 "daemon: lutil_pair() failed rc=%d\n", rc, 0, 0 );
1223 if( urls == NULL ) {
1227 u = ldap_str2charray( urls, " " );
1229 if( u == NULL || u[0] == NULL ) {
1230 Debug( LDAP_DEBUG_ANY, "daemon_init: no urls (%s) provided.\n",
1235 for( i=0; u[i] != NULL; i++ ) {
1236 Debug( LDAP_DEBUG_TRACE, "daemon_init: listen on %s\n",
1241 Debug( LDAP_DEBUG_ANY, "daemon_init: no listeners to open (%s)\n",
1243 ldap_charray_free( u );
1247 Debug( LDAP_DEBUG_TRACE, "daemon_init: %d listeners to open...\n",
1249 slap_listeners = ch_malloc( (i+1)*sizeof(Listener *) );
1251 for(n = 0, j = 0; u[n]; n++ ) {
1252 if ( slap_open_listener( u[n], &i, &j ) ) {
1253 ldap_charray_free( u );
1257 slap_listeners[j] = NULL;
1259 Debug( LDAP_DEBUG_TRACE, "daemon_init: %d listeners opened\n",
1263 if( slapd_register_slp ) {
1264 slapd_slp_init( urls );
1269 ldap_charray_free( u );
1270 ldap_pvt_thread_mutex_init( &slap_daemon.sd_mutex );
1277 slapd_daemon_destroy(void)
1279 connections_destroy();
1280 tcp_close( wake_sds[1] );
1281 tcp_close( wake_sds[0] );
1285 if( slapd_register_slp ) {
1301 for ( l = 0; slap_listeners[l] != NULL; l++ ) {
1302 if ( slap_listeners[l]->sl_sd != AC_SOCKET_INVALID ) {
1303 if ( remove ) slapd_remove( slap_listeners[l]->sl_sd, 0, 0 );
1305 #ifdef LDAP_PF_LOCAL
1306 if ( slap_listeners[l]->sl_sa.sa_addr.sa_family == AF_LOCAL ) {
1307 unlink( slap_listeners[l]->sl_sa.sa_un_addr.sun_path );
1309 #endif /* LDAP_PF_LOCAL */
1311 slapd_close( slap_listeners[l]->sl_sd );
1314 if ( slap_listeners[l]->sl_url.bv_val ) {
1315 ber_memfree( slap_listeners[l]->sl_url.bv_val );
1318 if ( slap_listeners[l]->sl_name.bv_val ) {
1319 ber_memfree( slap_listeners[l]->sl_name.bv_val );
1322 free ( slap_listeners[l] );
1323 slap_listeners[l] = NULL;
1328 slapd_handle_listener(
1334 socklen_t len = sizeof(from);
1337 struct berval authid = BER_BVNULL;
1338 #ifdef SLAPD_RLOOKUPS
1339 char hbuf[NI_MAXHOST];
1342 char *dnsname = NULL;
1343 char *peeraddr = NULL;
1344 #ifdef LDAP_PF_LOCAL
1345 char peername[MAXPATHLEN + sizeof("PATH=")];
1346 #elif defined(LDAP_PF_INET6)
1347 char peername[sizeof("IP=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 65535")];
1349 char peername[sizeof("IP=255.255.255.255:65336")];
1350 #endif /* LDAP_PF_LOCAL */
1354 #ifdef LDAP_CONNECTIONLESS
1355 if ( sl->sl_is_udp ) {
1356 /* The first time we receive a query, we set this
1357 * up as a "connection". It remains open for the life
1360 if ( sl->sl_is_udp < 2 ) {
1361 id = connection_init( sl->sl_sd, sl, "", "",
1362 CONN_IS_UDP, ssf, NULL );
1369 # ifdef LDAP_PF_LOCAL
1370 /* FIXME: apparently accept doesn't fill
1371 * the sun_path sun_path member */
1372 from.sa_un_addr.sun_path[0] = '\0';
1373 # endif /* LDAP_PF_LOCAL */
1375 s = accept( sl->sl_sd, (struct sockaddr *) &from, &len );
1376 #ifdef SLAP_LIGHTWEIGHT_LISTENER
1378 * As soon as a TCP connection is accepted, the listener FD is resumed
1379 * for concurrent-processing of incoming TCP connections.
1381 slapd_resume( sl->sl_sd );
1383 if ( s == AC_SOCKET_INVALID ) {
1384 int err = sock_errno();
1395 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
1397 /* Stop listening until an existing session closes */
1399 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
1402 Debug( LDAP_DEBUG_ANY,
1403 "daemon: accept(%ld) failed errno=%d (%s)\n",
1404 (long) sl->sl_sd, err,
1406 ldap_pvt_thread_yield();
1410 #ifndef HAVE_WINSOCK
1411 /* make sure descriptor number isn't too great */
1412 if ( s >= dtblsize ) {
1413 Debug( LDAP_DEBUG_ANY,
1414 "daemon: %ld beyond descriptor table size %ld\n",
1415 (long) s, (long) dtblsize, 0 );
1418 ldap_pvt_thread_yield();
1424 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
1426 /* newly accepted stream should not be in any of the FD SETS */
1427 assert( SLAP_SOCK_NOT_ACTIVE( s ));
1429 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
1432 #if defined( SO_KEEPALIVE ) || defined( TCP_NODELAY )
1433 #ifdef LDAP_PF_LOCAL
1434 /* for IPv4 and IPv6 sockets only */
1435 if ( from.sa_addr.sa_family != AF_LOCAL )
1436 #endif /* LDAP_PF_LOCAL */
1441 /* enable keep alives */
1443 rc = setsockopt( s, SOL_SOCKET, SO_KEEPALIVE,
1444 (char *) &tmp, sizeof(tmp) );
1445 if ( rc == AC_SOCKET_ERROR ) {
1446 int err = sock_errno();
1447 Debug( LDAP_DEBUG_ANY,
1448 "slapd(%ld): setsockopt(SO_KEEPALIVE) failed "
1449 "errno=%d (%s)\n", (long) s, err, sock_errstr(err) );
1453 /* enable no delay */
1455 rc = setsockopt( s, IPPROTO_TCP, TCP_NODELAY,
1456 (char *)&tmp, sizeof(tmp) );
1457 if ( rc == AC_SOCKET_ERROR ) {
1458 int err = sock_errno();
1459 Debug( LDAP_DEBUG_ANY,
1460 "slapd(%ld): setsockopt(TCP_NODELAY) failed "
1461 "errno=%d (%s)\n", (long) s, err, sock_errstr(err) );
1467 Debug( LDAP_DEBUG_CONNS, "daemon: new connection on %ld\n",
1469 switch ( from.sa_addr.sa_family ) {
1470 # ifdef LDAP_PF_LOCAL
1472 /* FIXME: apparently accept doesn't fill
1473 * the sun_path sun_path member */
1474 if ( from.sa_un_addr.sun_path[0] == '\0' ) {
1475 AC_MEMCPY( from.sa_un_addr.sun_path,
1476 sl->sl_sa.sa_un_addr.sun_path,
1477 sizeof( from.sa_un_addr.sun_path ) );
1480 sprintf( peername, "PATH=%s", from.sa_un_addr.sun_path );
1486 if( getpeereid( s, &uid, &gid ) == 0 ) {
1487 authid.bv_val = ch_malloc(
1488 STRLENOF( "gidNumber=4294967295+uidNumber=4294967295,"
1489 "cn=peercred,cn=external,cn=auth" ) + 1 );
1490 authid.bv_len = sprintf( authid.bv_val,
1491 "gidNumber=%d+uidNumber=%d,"
1492 "cn=peercred,cn=external,cn=auth",
1493 (int) gid, (int) uid );
1494 assert( authid.bv_len <=
1495 STRLENOF( "gidNumber=4294967295+uidNumber=4294967295,"
1496 "cn=peercred,cn=external,cn=auth" ) );
1501 #endif /* LDAP_PF_LOCAL */
1503 # ifdef LDAP_PF_INET6
1505 if ( IN6_IS_ADDR_V4MAPPED(&from.sa_in6_addr.sin6_addr) ) {
1506 peeraddr = inet_ntoa( *((struct in_addr *)
1507 &from.sa_in6_addr.sin6_addr.s6_addr[12]) );
1508 sprintf( peername, "IP=%s:%d",
1509 peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
1510 (unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
1512 char addr[INET6_ADDRSTRLEN];
1514 peeraddr = (char *) inet_ntop( AF_INET6,
1515 &from.sa_in6_addr.sin6_addr,
1516 addr, sizeof addr );
1517 sprintf( peername, "IP=%s %d",
1518 peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
1519 (unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
1522 # endif /* LDAP_PF_INET6 */
1525 peeraddr = inet_ntoa( from.sa_in_addr.sin_addr );
1526 sprintf( peername, "IP=%s:%d",
1527 peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
1528 (unsigned) ntohs( from.sa_in_addr.sin_port ) );
1536 if ( ( from.sa_addr.sa_family == AF_INET )
1537 #ifdef LDAP_PF_INET6
1538 || ( from.sa_addr.sa_family == AF_INET6 )
1543 #ifdef SLAPD_RLOOKUPS
1544 if ( use_reverse_lookup ) {
1546 if (ldap_pvt_get_hname( (const struct sockaddr *)&from, len, hbuf,
1547 sizeof(hbuf), &herr ) == 0) {
1548 ldap_pvt_str2lower( hbuf );
1552 #endif /* SLAPD_RLOOKUPS */
1555 if ( !hosts_ctl("slapd",
1556 dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
1557 peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
1558 SLAP_STRING_UNKNOWN ))
1561 Statslog( LDAP_DEBUG_STATS,
1562 "fd=%ld DENIED from %s (%s)\n",
1564 dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
1565 peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
1570 #endif /* HAVE_TCPD */
1573 id = connection_init(s, sl,
1574 dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
1577 sl->sl_is_tls ? CONN_IS_TLS : 0,
1582 authid.bv_val ? &authid : NULL );
1584 if( authid.bv_val ) ch_free(authid.bv_val);
1587 Debug( LDAP_DEBUG_ANY,
1588 "daemon: connection_init(%ld, %s, %s) failed.\n",
1589 (long) s, peername, sl->sl_name.bv_val );
1594 Statslog( LDAP_DEBUG_STATS,
1595 "conn=%ld fd=%ld ACCEPT from %s (%s)\n",
1596 id, (long) s, peername, sl->sl_name.bv_val,
1599 slapd_add( s, 1, NULL );
1603 #ifdef SLAP_LIGHTWEIGHT_LISTENER
1605 slapd_handle_listener_thread(
1611 rc = slapd_handle_listener( (Listener*)ptr );
1613 if( rc != LDAP_SUCCESS ) {
1614 Debug( LDAP_DEBUG_ANY,
1615 "slapd_handle_listener_thread: failed", 0, 0, 0 );
1622 new_connection_activate(
1627 if( !slapd_suspend( sl->sl_sd ) ) return (0);
1629 status = ldap_pvt_thread_pool_submit( &connection_pool,
1630 slapd_handle_listener_thread, (void *) sl );
1633 Debug( LDAP_DEBUG_ANY,
1634 "new_connection_activate: ldap_pvt_thread_pool_submit failed\n",
1648 time_t last_idle_check = 0;
1649 struct timeval idle;
1652 #define SLAPD_IDLE_CHECK_LIMIT 4
1654 if ( global_idletimeout > 0 ) {
1655 last_idle_check = slap_get_time();
1656 /* Set the select timeout.
1657 * Don't just truncate, preserve the fractions of
1658 * seconds to prevent sleeping for zero time.
1660 idle.tv_sec = global_idletimeout / SLAPD_IDLE_CHECK_LIMIT;
1661 idle.tv_usec = global_idletimeout - \
1662 ( idle.tv_sec * SLAPD_IDLE_CHECK_LIMIT );
1663 idle.tv_usec *= 1000000 / SLAPD_IDLE_CHECK_LIMIT;
1669 slapd_add( wake_sds[0], 0, NULL );
1671 for ( l = 0; slap_listeners[l] != NULL; l++ ) {
1672 if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ) continue;
1674 #ifdef LDAP_CONNECTIONLESS
1675 /* Since this is connectionless, the data port is the
1676 * listening port. The listen() and accept() calls
1679 if ( slap_listeners[l]->sl_is_udp ) {
1680 slapd_add( slap_listeners[l]->sl_sd, 1, slap_listeners[l] );
1685 if ( listen( slap_listeners[l]->sl_sd, SLAPD_LISTEN_BACKLOG ) == -1 ) {
1686 int err = sock_errno();
1688 #ifdef LDAP_PF_INET6
1689 /* If error is EADDRINUSE, we are trying to listen to INADDR_ANY and
1690 * we are already listening to in6addr_any, then we want to ignore
1691 * this and continue.
1693 if ( err == EADDRINUSE ) {
1695 struct sockaddr_in sa = slap_listeners[l]->sl_sa.sa_in_addr;
1696 struct sockaddr_in6 sa6;
1698 if ( sa.sin_family == AF_INET &&
1699 sa.sin_addr.s_addr == htonl(INADDR_ANY) ) {
1700 for ( i = 0 ; i < l; i++ ) {
1701 sa6 = slap_listeners[i]->sl_sa.sa_in6_addr;
1702 if ( sa6.sin6_family == AF_INET6 &&
1703 !memcmp( &sa6.sin6_addr, &in6addr_any,
1704 sizeof(struct in6_addr) ) )
1711 /* We are already listening to in6addr_any */
1712 Debug( LDAP_DEBUG_CONNS,
1713 "daemon: Attempt to listen to 0.0.0.0 failed, "
1714 "already listening on ::, assuming IPv4 included\n",
1716 slapd_close( slap_listeners[l]->sl_sd );
1717 slap_listeners[l]->sl_sd = AC_SOCKET_INVALID;
1723 Debug( LDAP_DEBUG_ANY,
1724 "daemon: listen(%s, 5) failed errno=%d (%s)\n",
1725 slap_listeners[l]->sl_url.bv_val, err,
1730 #ifdef SLAP_LIGHTWEIGHT_LISTENER
1731 /* make the listening socket non-blocking */
1732 if ( ber_pvt_socket_set_nonblock( slap_listeners[l]->sl_sd, 1 ) < 0 ) {
1733 Debug( LDAP_DEBUG_ANY, "slapd_daemon_task: "
1734 "set nonblocking on a listening socket failed\n",
1741 slapd_add( slap_listeners[l]->sl_sd, 0, slap_listeners[l] );
1744 #ifdef HAVE_NT_SERVICE_MANAGER
1745 if ( started_event != NULL ) }
1746 ldap_pvt_thread_cond_signal( &started_event );
1750 #ifdef SLAP_SEM_LOAD_CONTROL
1752 * initialize count and lazyness of a semaphore
1754 (void) ldap_lazy_sem_init(
1755 SLAP_MAX_WORKER_THREADS + 4 /* max workers + margin */,
1759 /* initialization complete. Here comes the loop. */
1761 while ( !slapd_shutdown ) {
1766 #if SLAP_EVENTS_ARE_INDEXED
1767 ber_socket_t nrfds, nwfds;
1769 #define SLAPD_EBADF_LIMIT 16
1776 struct timeval *tvp;
1778 struct timeval *cat;
1781 now = slap_get_time();
1783 if( ( global_idletimeout > 0 ) &&
1784 difftime( last_idle_check +
1785 global_idletimeout/SLAPD_IDLE_CHECK_LIMIT, now ) < 0 ) {
1786 connections_timeout_idle( now );
1787 last_idle_check = now;
1792 if( slapd_gentle_shutdown ) {
1793 ber_socket_t active;
1795 if( slapd_gentle_shutdown == 1 ) {
1796 Debug( LDAP_DEBUG_ANY, "slapd gentle shutdown\n", 0, 0, 0 );
1797 close_listeners( 1 );
1798 frontendDB->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
1799 slapd_gentle_shutdown = 2;
1802 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
1803 active = slap_daemon.sd_nactives;
1804 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
1814 ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
1816 nwriters = slap_daemon.sd_nwriters;
1819 for ( l = 0; slap_listeners[l] != NULL; l++ ) {
1820 if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID )
1822 if ( slap_listeners[l]->sl_is_mute )
1823 SLAP_SOCK_SET_MUTE( slap_listeners[l]->sl_sd );
1825 if ( SLAP_SOCK_IS_MUTE( slap_listeners[l]->sl_sd ))
1826 SLAP_SOCK_CLR_MUTE( slap_listeners[l]->sl_sd );
1829 nfds = SLAP_EVENT_MAX;
1831 if ( global_idletimeout && slap_daemon.sd_nactives ) at = 1;
1833 ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
1836 #if defined(HAVE_YIELDING_SELECT) || defined(NO_THREADS)
1837 && ( tv.tv_sec || tv.tv_usec )
1846 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
1847 rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat );
1848 while ( cat && cat->tv_sec && cat->tv_sec <= now ) {
1849 if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) {
1850 ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
1852 ldap_pvt_runqueue_runtask( &slapd_rq, rtask );
1853 ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
1854 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
1855 ldap_pvt_thread_pool_submit( &connection_pool,
1856 rtask->routine, (void *) rtask );
1857 ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
1859 rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat );
1861 ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
1863 if ( cat && cat->tv_sec ) {
1864 time_t diff = difftime( cat->tv_sec, now );
1865 if ( diff == 0 ) diff = tdelta;
1866 if ( tvp == NULL || diff < tv.tv_sec ) {
1873 for ( l = 0; slap_listeners[l] != NULL; l++ ) {
1874 if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ||
1875 slap_listeners[l]->sl_is_mute )
1880 Debug( LDAP_DEBUG_CONNS,
1881 "daemon: select: listen=%d active_threads=%d tvp=%s\n",
1882 slap_listeners[l]->sl_sd, at,
1883 tvp == NULL ? "NULL" : "zero" );
1886 switch(ns = SLAP_EVENT_WAIT(tvp)) {
1887 case -1: { /* failure - try again */
1888 int err = sock_errno();
1892 /* you'd think this would be EBADF */
1893 || err == WSAENOTSOCK
1896 if (++ebadf < SLAPD_EBADF_LIMIT)
1900 if( err != EINTR ) {
1901 Debug( LDAP_DEBUG_CONNS,
1902 "daemon: select failed (%d): %s\n",
1903 err, sock_errstr(err), 0 );
1909 case 0: /* timeout - let threads run */
1911 #ifndef HAVE_YIELDING_SELECT
1912 Debug( LDAP_DEBUG_CONNS, "daemon: select timeout - yielding\n",
1915 ldap_pvt_thread_yield();
1919 default: /* something happened - deal with it */
1920 if( slapd_shutdown ) continue;
1923 Debug( LDAP_DEBUG_CONNS, "daemon: activity on %d descriptors\n",
1928 #if SLAP_EVENTS_ARE_INDEXED
1929 if ( SLAP_EVENT_IS_READ( wake_sds[0] )) {
1931 tcp_read( wake_sds[0], c, sizeof(c) );
1934 SLAP_EVENT_CLR_READ( wake_sds[0] );
1938 /* The event slot equals the descriptor number - this is
1939 * true for Unix select and poll. We treat Windows select
1940 * like this too, even though it's a kludge.
1942 for ( l = 0; slap_listeners[l] != NULL; l++ ) {
1945 if ( ns <= 0 ) break;
1946 if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ) continue;
1947 if ( !SLAP_EVENT_IS_READ( slap_listeners[l]->sl_sd )) continue;
1950 #ifdef SLAP_LIGHTWEIGHT_LISTENER
1951 rc = new_connection_activate(slap_listeners[l]);
1953 rc = slapd_handle_listener(slap_listeners[l]);
1956 #ifdef LDAP_CONNECTIONLESS
1957 /* This is a UDP session, let the data loop process it */
1963 /* Don't need to look at this in the data loops */
1964 SLAP_EVENT_CLR_READ( slap_listeners[l]->sl_sd );
1965 SLAP_EVENT_CLR_WRITE( slap_listeners[l]->sl_sd );
1968 /* bypass the following tests if no descriptors left */
1970 #ifndef HAVE_YIELDING_SELECT
1971 ldap_pvt_thread_yield();
1976 Debug( LDAP_DEBUG_CONNS, "daemon: activity on:", 0, 0, 0 );
1978 nrfds = readfds.fd_count;
1979 nwfds = writefds.fd_count;
1980 for ( i = 0; i < readfds.fd_count; i++ ) {
1981 Debug( LDAP_DEBUG_CONNS, " %d%s",
1982 readfds.fd_array[i], "r", 0 );
1984 for ( i = 0; i < writefds.fd_count; i++ ) {
1985 Debug( LDAP_DEBUG_CONNS, " %d%s",
1986 writefds.fd_array[i], "w", 0 );
1992 for ( i = 0; i < nfds; i++ ) {
1995 r = SLAP_EVENT_IS_READ( i );
1996 /* writefds was not initialized if nwriters was zero */
1997 w = nwriters ? SLAP_EVENT_IS_WRITE( i ) : 0;
1999 Debug( LDAP_DEBUG_CONNS, " %d%s%s", i,
2000 r ? "r" : "", w ? "w" : "" );
2010 if ( ns <= 0 ) break;
2013 Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 );
2016 /* loop through the writers */
2017 for ( i = 0; nwfds > 0; i++ )
2021 wd = writefds.fd_array[i];
2023 if( ! SLAP_EVENT_IS_WRITE( i ) ) {
2030 Debug( LDAP_DEBUG_CONNS,
2031 "daemon: write active on %d\n",
2034 * NOTE: it is possible that the connection was closed
2035 * and that the stream is now inactive.
2036 * connection_write() must valid the stream is still
2040 if ( connection_write( wd ) < 0 ) {
2041 if ( SLAP_EVENT_IS_READ( wd )) {
2042 SLAP_EVENT_CLR_READ( (unsigned) wd );
2047 SLAP_EVENT_CLR_WRITE( wd );
2050 for ( i = 0; nrfds > 0; i++ )
2054 rd = readfds.fd_array[i];
2056 if( ! SLAP_EVENT_IS_READ( i ) ) {
2063 Debug ( LDAP_DEBUG_CONNS,
2064 "daemon: read activity on %d\n", rd, 0, 0 );
2066 * NOTE: it is possible that the connection was closed
2067 * and that the stream is now inactive.
2068 * connection_read() must valid the stream is still
2072 #ifdef SLAP_LIGHTWEIGHT_LISTENER
2073 connection_processing_activate( rd );
2075 if ( connection_read( rd ) < 0 ) {
2080 #else /* !SLAP_EVENTS_ARE_INDEXED */
2082 /* The events are returned in an arbitrary list. This is true
2083 * for /dev/poll, epoll and kqueue. In order to prioritize things
2084 * so that we can handle wake_sds first, listeners second, and then
2085 * all other connections last (as we do for select), we would need
2086 * to use multiple event handles and cascade them.
2088 * That seems like a bit of hassle. So the wake_sds check has been
2089 * skipped. For epoll and kqueue we can associate arbitrary data with
2090 * an event, so we could use pointers to the listener structure
2091 * instead of just the file descriptor. For /dev/poll we have to
2092 * search the listeners array for a matching descriptor.
2094 /* if waking is set and we woke up, we'll read whatever
2099 tcp_read( wake_sds[0], c, sizeof(c) );
2106 Debug( LDAP_DEBUG_CONNS, "daemon: activity on:", 0, 0, 0 );
2108 for (i=0; i<ns; i++) {
2111 if ( SLAP_EVENT_IS_LISTENER(i)
2112 #ifdef LDAP_CONNECTIONLESS
2113 && !((SLAP_EVENT_LISTENER(i))->sl_is_udp)
2120 /* Don't log internal wake events */
2121 if ( SLAP_EVENT_FD( i ) == wake_sds[0] ) continue;
2123 r = SLAP_EVENT_IS_READ( i );
2124 w = SLAP_EVENT_IS_WRITE( i );
2126 Debug( LDAP_DEBUG_CONNS, " %d%s%s", SLAP_EVENT_FD(i),
2127 r ? "r" : "", w ? "w" : "" );
2132 for (i=0; i<ns; i++) {
2135 if ( SLAP_EVENT_IS_LISTENER(i) ) {
2136 #ifdef SLAP_LIGHTWEIGHT_LISTENER
2137 rc = new_connection_activate( SLAP_EVENT_LISTENER( i ));
2139 rc = slapd_handle_listener( SLAP_EVENT_LISTENER( i ));
2142 /* If we found a regular listener, rc is now zero, and we
2143 * can skip the data portion. But if it was a UDP listener
2144 * then rc is still 1, and we want to handle the data.
2147 fd = SLAP_EVENT_FD( i );
2149 /* Ignore wake events, they were handled above */
2150 if ( fd == wake_sds[0] ) continue;
2152 if( SLAP_EVENT_IS_WRITE( i ) ) {
2153 Debug( LDAP_DEBUG_CONNS,
2154 "daemon: write active on %d\n",
2157 * NOTE: it is possible that the connection was closed
2158 * and that the stream is now inactive.
2159 * connection_write() must valid the stream is still
2163 if ( connection_write( fd ) < 0 ) {
2168 if( SLAP_EVENT_IS_READ( i ) ) {
2169 Debug( LDAP_DEBUG_CONNS,
2170 "daemon: read active on %d\n",
2173 * NOTE: it is possible that the connection was closed
2174 * and that the stream is now inactive.
2175 * connection_read() must valid the stream is still
2179 #ifdef SLAP_LIGHTWEIGHT_LISTENER
2180 if ( fd != wake_sds[0] ) {
2181 connection_processing_activate( fd );
2184 if ( connection_read( fd ) < 0 ) slapd_close( fd );
2189 #endif /* SLAP_EVENTS_ARE_INDEXED */
2191 #ifndef HAVE_YIELDING_SELECT
2192 ldap_pvt_thread_yield();
2196 if( slapd_shutdown == 1 ) {
2197 Debug( LDAP_DEBUG_ANY,
2198 "daemon: shutdown requested and initiated.\n",
2201 } else if ( slapd_shutdown == 2 ) {
2202 #ifdef HAVE_NT_SERVICE_MANAGER
2203 Debug( LDAP_DEBUG_ANY,
2204 "daemon: shutdown initiated by Service Manager.\n",
2206 #else /* !HAVE_NT_SERVICE_MANAGER */
2207 Debug( LDAP_DEBUG_ANY,
2208 "daemon: abnormal condition, shutdown initiated.\n",
2210 #endif /* !HAVE_NT_SERVICE_MANAGER */
2212 Debug( LDAP_DEBUG_ANY,
2213 "daemon: no active streams, shutdown initiated.\n",
2217 if( slapd_gentle_shutdown != 2 ) close_listeners ( 0 );
2219 if( !slapd_gentle_shutdown ) {
2220 slapd_abrupt_shutdown = 1;
2221 connections_shutdown();
2224 Debug( LDAP_DEBUG_ANY,
2225 "slapd shutdown: waiting for %d threads to terminate\n",
2226 ldap_pvt_thread_pool_backload(&connection_pool), 0, 0 );
2227 ldap_pvt_thread_pool_destroy(&connection_pool, 1);
2229 free ( slap_listeners );
2230 slap_listeners = NULL;
2236 int slapd_daemon( void )
2242 #define SLAPD_LISTENER_THREAD 1
2243 #if defined( SLAPD_LISTENER_THREAD )
2245 ldap_pvt_thread_t listener_tid;
2247 /* listener as a separate THREAD */
2248 rc = ldap_pvt_thread_create( &listener_tid,
2249 0, slapd_daemon_task, NULL );
2252 Debug( LDAP_DEBUG_ANY,
2253 "listener ldap_pvt_thread_create failed (%d)\n", rc, 0, 0 );
2257 /* wait for the listener thread to complete */
2258 ldap_pvt_thread_join( listener_tid, (void *) NULL );
2261 /* experimental code */
2262 slapd_daemon_task( NULL );
2269 static int sockinit(void)
2271 #if defined( HAVE_WINSOCK2 )
2272 WORD wVersionRequested;
2276 wVersionRequested = MAKEWORD( 2, 0 );
2278 err = WSAStartup( wVersionRequested, &wsaData );
2280 /* Tell the user that we couldn't find a usable */
2285 /* Confirm that the WinSock DLL supports 2.0.*/
2286 /* Note that if the DLL supports versions greater */
2287 /* than 2.0 in addition to 2.0, it will still return */
2288 /* 2.0 in wVersion since that is the version we */
2291 if ( LOBYTE( wsaData.wVersion ) != 2 ||
2292 HIBYTE( wsaData.wVersion ) != 0 )
2294 /* Tell the user that we couldn't find a usable */
2300 /* The WinSock DLL is acceptable. Proceed. */
2301 #elif defined( HAVE_WINSOCK )
2303 if ( WSAStartup( 0x0101, &wsaData ) != 0 ) return -1;
2309 static int sockdestroy(void)
2311 #if defined( HAVE_WINSOCK2 ) || defined( HAVE_WINSOCK )
2318 slap_sig_shutdown( int sig )
2321 Debug(LDAP_DEBUG_TRACE, "slap_sig_shutdown: signal %d\n", sig, 0, 0);
2325 * If the NT Service Manager is controlling the server, we don't
2326 * want SIGBREAK to kill the server. For some strange reason,
2327 * SIGBREAK is generated when a user logs out.
2330 #if HAVE_NT_SERVICE_MANAGER && SIGBREAK
2331 if (is_NT_Service && sig == SIGBREAK) {
2336 if (sig == SIGHUP && global_gentlehup && slapd_gentle_shutdown == 0) {
2337 slapd_gentle_shutdown = 1;
2346 /* reinstall self */
2347 (void) SIGNAL_REINSTALL( sig, slap_sig_shutdown );
2351 slap_sig_wake( int sig )
2355 /* reinstall self */
2356 (void) SIGNAL_REINSTALL( sig, slap_sig_wake );
2360 void slapd_add_internal(ber_socket_t s, int isactive) {
2361 slapd_add(s, isactive, NULL);
2364 Listener ** slapd_get_listeners(void) {
2365 return slap_listeners;
2368 void slap_wake_listener() {