[openldap] / servers / slapd / daemon.c

/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
 * Copyright 1998-2005 The OpenLDAP Foundation.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
 */
/* Portions Copyright (c) 1995 Regents of the University of Michigan.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that this notice is preserved and that due credit is given
 * to the University of Michigan at Ann Arbor. The name of the University
 * may not be used to endorse or promote products derived from this
 * software without specific prior written permission. This software
 * is provided ``as is'' without express or implied warranty.
 */

#include "portable.h"

#include <stdio.h>

#include <ac/ctype.h>
#include <ac/errno.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/time.h>
#include <ac/unistd.h>

#include "slap.h"
#include "ldap_pvt_thread.h"
#include "lutil.h"

#include "ldap_rq.h"

#if defined(HAVE_SYS_EPOLL_H) && defined(HAVE_EPOLL)
#include <sys/epoll.h>
#endif

#ifdef HAVE_TCPD
#include <tcpd.h>
int allow_severity = LOG_INFO;
int deny_severity = LOG_NOTICE;

#define SLAP_STRING_UNKNOWN     STRING_UNKNOWN
#else /* ! TCP Wrappers */
#define SLAP_STRING_UNKNOWN     "unknown"
#endif /* ! TCP Wrappers */

#ifdef LDAP_PF_LOCAL
#include <sys/stat.h>
/* this should go in <ldap.h> as soon as it is accepted */
#define LDAPI_MOD_URLEXT                "x-mod"
#endif /* LDAP_PF_LOCAL */

#ifdef LDAP_PF_INET6
int slap_inet4or6 = AF_UNSPEC;
#else
int slap_inet4or6 = AF_INET;
#endif

/* globals */
time_t starttime;
ber_socket_t dtblsize;
slap_ssf_t local_ssf = LDAP_PVT_SASL_LOCAL_SSF;
struct runqueue_s slapd_rq;

Listener **slap_listeners = NULL;

#ifndef SLAPD_LISTEN_BACKLOG
#define SLAPD_LISTEN_BACKLOG 1024
#endif

static ber_socket_t wake_sds[2];
static int emfile;

static int waking;
#define WAKE_LISTENER(w)        do { \
        if ((w) && waking < 5) { \
                waking++; \
                tcp_write( wake_sds[1], "0", 1 ); \
        } \
} while(0)

volatile sig_atomic_t slapd_shutdown = 0, slapd_gentle_shutdown = 0;
volatile sig_atomic_t slapd_abrupt_shutdown = 0;

static struct slap_daemon {
        ldap_pvt_thread_mutex_t sd_mutex;

        ber_socket_t sd_nactives;
        int sd_nwriters;

#ifdef HAVE_EPOLL
        struct epoll_event *sd_epolls;
        int     sd_nepolls;
        int     *sd_index;
        int     sd_epfd;
        int     sd_nfds;
# ifdef SLAP_LIGHTWEIGHT_LISTENER
        int *sd_suspend;  /* 0: suspended, 1: not suspended */
# endif

#else
#ifndef HAVE_WINSOCK
        /* In winsock, accept() returns values higher than dtblsize
                so don't bother with this optimization */
        int sd_nfds;
#endif
        fd_set sd_actives;
        fd_set sd_readers;
        fd_set sd_writers;
# ifdef SLAP_LIGHTWEIGHT_LISTENER
        fd_set sd_suspend;  /* unset: suspended, set: not suspended */
# endif
#endif
} slap_daemon;

#ifdef HAVE_EPOLL
# define SLAP_EVENTS_ARE_INDEXED        0
# define SLAP_SOCK_IX(s)        (slap_daemon.sd_index[(s)])
# define SLAP_SOCK_EP(s)        (slap_daemon.sd_epolls[SLAP_SOCK_IX(s)])
# define SLAP_SOCK_EV(s)        (SLAP_SOCK_EP(s).events)
# define SLAP_SOCK_IS_ACTIVE(s) (SLAP_SOCK_IX(s) != -1)
# define SLAP_SOCK_NOT_ACTIVE(s)        (SLAP_SOCK_IX(s) == -1)
# define SLAP_SOCK_IS_SET(s, mode)      (SLAP_SOCK_EV(s) & (mode))

# define SLAP_SOCK_IS_READ(s)   SLAP_SOCK_IS_SET((s), EPOLLIN)
# define SLAP_SOCK_IS_WRITE(s)  SLAP_SOCK_IS_SET((s), EPOLLOUT)

# define SLAP_SET_SOCK(s, mode) do { \
        if ((SLAP_SOCK_EV(s) & (mode)) != (mode)) {     \
                SLAP_SOCK_EV(s) |= (mode); \
                epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_MOD, (s), \
                        &SLAP_SOCK_EP(s)); \
        } \
} while(0)

# define SLAP_CLR_SOCK(s, mode) do { \
        if ((SLAP_SOCK_EV(s) & (mode))) { \
                SLAP_SOCK_EV(s) &= ~(mode);     \
                epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_MOD, s, \
                        &SLAP_SOCK_EP(s)); \
        } \
} while(0)

# define SLAP_SOCK_SET_READ(s)  SLAP_SET_SOCK(s, EPOLLIN)
# define SLAP_SOCK_SET_WRITE(s) SLAP_SET_SOCK(s, EPOLLOUT)

# ifdef SLAP_LIGHTWEIGHT_LISTENER
#  define SLAP_SOCK_SET_SUSPEND(s) \
        ( slap_daemon.sd_suspend[SLAP_SOCK_IX(s)] = 1 )
#  define SLAP_SOCK_CLR_SUSPEND(s) \
        ( slap_daemon.sd_suspend[SLAP_SOCK_IX(s)] = 0 )
#  define SLAP_SOCK_IS_SUSPEND(s) \
        ( slap_daemon.sd_suspend[SLAP_SOCK_IX(s)] == 1 )
# endif

# define SLAP_SOCK_CLR_READ(s)  SLAP_CLR_SOCK((s), EPOLLIN)
# define SLAP_SOCK_CLR_WRITE(s) SLAP_CLR_SOCK((s), EPOLLOUT)

# define SLAP_CLR_EVENT(i, mode)        (revents[(i)].events &= ~(mode))

# define SLAP_EVENT_MAX slap_daemon.sd_nfds

/* If a Listener address is provided, store that as the epoll data.
 * Otherwise, store the address of this socket's slot in the
 * index array. If we can't do this add, the system is out of
 * resources and we need to shutdown.
 */
# define SLAP_ADD_SOCK(s, l) do { \
        int rc; \
        SLAP_SOCK_IX((s)) = slap_daemon.sd_nfds; \
        SLAP_SOCK_EP((s)).data.ptr = (l) ? (l) : (void *)(&SLAP_SOCK_IX(s)); \
        SLAP_SOCK_EV((s)) = EPOLLIN; \
        rc = epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_ADD, \
                (s), &SLAP_SOCK_EP((s))); \
        if ( rc == 0 ) { \
                slap_daemon.sd_nfds++; \
        } else { \
                Debug( LDAP_DEBUG_ANY, \
                        "daemon: epoll_ctl ADD failed, errno %d, shutting down\n", \
                        errno, 0, 0 ); \
                slapd_shutdown = 2; \
        } \
} while (0)

# define SLAP_EV_LISTENER(ptr) (((int *)(ptr) >= slap_daemon.sd_index && \
        (int *)(ptr) <= (slap_daemon.sd_index+dtblsize)) ? 0 : 1 )

# define SLAP_EV_PTRFD(ptr) (SLAP_EV_LISTENER(ptr) ? \
        ((Listener *)ptr)->sl_sd : (int *)(ptr) - slap_daemon.sd_index)

# ifdef SLAP_LIGHTWEIGHT_LISTENER
#  define SLAP_DEL_SOCK(s) do { \
        int fd, rc, suspend, index = SLAP_SOCK_IX((s)); \
        rc = epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_DEL, \
                (s), &SLAP_SOCK_EP((s))); \
        slap_daemon.sd_epolls[index] = \
                slap_daemon.sd_epolls[slap_daemon.sd_nfds-1]; \
        fd = SLAP_EV_PTRFD(slap_daemon.sd_epolls[index].data.ptr); \
        slap_daemon.sd_suspend[index] = \
                slap_daemon.sd_suspend[slap_daemon.sd_nfds-1]; \
        slap_daemon.sd_suspend[slap_daemon.sd_nfds-1] = 0; \
        slap_daemon.sd_index[fd] = index; \
        slap_daemon.sd_index[(s)] = -1; \
        slap_daemon.sd_nfds--; \
} while (0)
# else
#  define SLAP_DEL_SOCK(s) do { \
        int fd, rc, index = SLAP_SOCK_IX((s)); \
        rc = epoll_ctl(slap_daemon.sd_epfd, EPOLL_CTL_DEL, \
                (s), &SLAP_SOCK_EP((s))); \
        slap_daemon.sd_epolls[index] = \
                slap_daemon.sd_epolls[slap_daemon.sd_nfds-1]; \
        fd = SLAP_EV_PTRFD(slap_daemon.sd_epolls[index].data.ptr); \
        slap_daemon.sd_index[fd] = index; \
        slap_daemon.sd_index[(s)] = -1; \
        slap_daemon.sd_nfds--; \
} while (0)
# endif

# define SLAP_EVENT_CLR_READ(i) SLAP_CLR_EVENT((i), EPOLLIN)
# define SLAP_EVENT_CLR_WRITE(i)        SLAP_CLR_EVENT((i), EPOLLOUT)

# define SLAP_CHK_EVENT(i, mode)        (revents[(i)].events & mode)

# define SLAP_EVENT_IS_READ(i)  SLAP_CHK_EVENT((i), EPOLLIN)
# define SLAP_EVENT_IS_WRITE(i) SLAP_CHK_EVENT((i), EPOLLOUT)
# define SLAP_EVENT_IS_LISTENER(i)      SLAP_EV_LISTENER(revents[(i)].data.ptr)
# define SLAP_EVENT_LISTENER(i) (revents[(i)].data.ptr)

# define SLAP_EVENT_FD(i)       SLAP_EV_PTRFD(revents[(i)].data.ptr)
# define SLAP_SOCK_SET_MUTE(s)  SLAP_SOCK_CLR_READ((s))
# define SLAP_SOCK_CLR_MUTE(s)  SLAP_SOCK_SET_READ((s))
# define SLAP_SOCK_IS_MUTE(s)   (!SLAP_SOCK_IS_READ((s)))

# ifdef SLAP_LIGHTWEIGHT_LISTENER
#  define SLAP_SOCK_SET_INIT do { \
        slap_daemon.sd_epolls = \
                ch_malloc( sizeof(struct epoll_event) * dtblsize * 2 ); \
        slap_daemon.sd_index = ch_malloc(sizeof(int) * dtblsize); \
        slap_daemon.sd_epfd = epoll_create( dtblsize ); \
        for (i=0; i<dtblsize; i++) slap_daemon.sd_index[i] = -1; \
        slap_daemon.sd_suspend = ch_malloc(sizeof(int) * dtblsize); \
        for (i=0; i<dtblsize; i++) slap_daemon.sd_suspend[i] = 0; \
} while (0)
# else
#  define SLAP_SOCK_SET_INIT do { \
        slap_daemon.sd_epolls = ch_calloc(1, \
                sizeof(struct epoll_event) * dtblsize * 2); \
        slap_daemon.sd_index = ch_malloc(sizeof(int) * dtblsize); \
        slap_daemon.sd_epfd = epoll_create( dtblsize ); \
        for (i=0; i<dtblsize; i++) slap_daemon.sd_index[i] = -1 \
} while (0)
# endif

# define SLAP_EVENT_DECL struct epoll_event *revents

# define SLAP_EVENT_INIT do { \
        revents = slap_daemon.sd_epolls + dtblsize; \
} while (0)

# define SLAP_EVENT_WAIT(tvp) \
        epoll_wait( slap_daemon.sd_epfd, revents, \
                dtblsize, (tvp) ? (tvp)->tv_sec * 1000 : -1 )

#else
/* select */

# define SLAP_EVENTS_ARE_INDEXED 1
# define SLAP_EVENT_DECL        \
        fd_set readfds, writefds

# define SLAP_EVENT_INIT do { \
        AC_MEMCPY( &readfds, &slap_daemon.sd_readers, sizeof(fd_set) ); \
        if ( nwriters ) { \
                AC_MEMCPY( &writefds, &slap_daemon.sd_writers, sizeof(fd_set) ); \
        } else { \
                FD_ZERO( &writefds ); \
        } \
} while (0)

# ifdef FD_SETSIZE
#  define       CHK_SETSIZE do { \
        if (dtblsize > FD_SETSIZE) dtblsize = FD_SETSIZE; \
} while (0)
# else
#  define        CHK_SETSIZE do { ; } while (0)
# endif

# ifdef SLAP_LIGHTWEIGHT_LISTENER
#  define       SLAP_SOCK_SET_INIT do { \
        CHK_SETSIZE; \
        FD_ZERO(&slap_daemon.sd_readers); \
        FD_ZERO(&slap_daemon.sd_writers); \
        FD_ZERO(&slap_daemon.sd_suspend); \
} while (0)
# else
#  define       SLAP_SOCK_SET_INIT do { \
        CHK_SETSIZE; \
        FD_ZERO(&slap_daemon.sd_readers); \
        FD_ZERO(&slap_daemon.sd_writers); \
} while (0)
# endif

# define SLAP_SOCK_IS_ACTIVE(fd)        FD_ISSET((fd), &slap_daemon.sd_actives)
# define SLAP_SOCK_IS_READ(fd)          FD_ISSET((fd), &slap_daemon.sd_readers)
# define SLAP_SOCK_IS_WRITE(fd)         FD_ISSET((fd), &slap_daemon.sd_writers)

# define SLAP_SOCK_NOT_ACTIVE(fd)       (!SLAP_SOCK_IS_ACTIVE(fd) && \
         !SLAP_SOCK_IS_READ(fd) && !SLAP_SOCK_IS_WRITE(fd))

# ifdef SLAP_LIGHTWEIGHT_LISTENER
#  define SLAP_SOCK_SET_SUSPEND(s)      FD_SET((s), &slap_daemon.sd_suspend)
#  define SLAP_SOCK_CLR_SUSPEND(s)  FD_CLR((s), &slap_daemon.sd_suspend)
#  define SLAP_SOCK_IS_SUSPEND(s)       FD_ISSET((s), &slap_daemon.sd_suspend)
# endif

# ifdef HAVE_WINSOCK
#  define SLAP_SOCK_SET_READ(fd)        do { \
        if (!SLAP_SOCK_IS_READ(fd)) { FD_SET((fd), &slap_daemon.sd_readers); } \
} while(0)
#  define SLAP_SOCK_SET_WRITE(fd)       do { \
        if (!SLAP_SOCK_IS_WRITE(fd)) { FD_SET((fd), &slap_daemon.sd_writers); } \
} while(0)

#  define SLAP_ADDTEST(s)       do { } while 0
#  define SLAP_EVENT_MAX        dtblsize
# else
#  define SLAP_SOCK_SET_READ(fd)        FD_SET((fd), &slap_daemon.sd_readers)
#  define SLAP_SOCK_SET_WRITE(fd)       FD_SET((fd), &slap_daemon.sd_writers)

#  define SLAP_EVENT_MAX        slap_daemon.sd_nfds
#  define SLAP_ADDTEST(s)       do { \
        if ((s) >= slap_daemon.sd_nfds) slap_daemon.sd_nfds = (s)+1; \
} while (0)
# endif

# define SLAP_SOCK_CLR_READ(fd)         FD_CLR((fd), &slap_daemon.sd_readers)
# define SLAP_SOCK_CLR_WRITE(fd)        FD_CLR((fd), &slap_daemon.sd_writers)

# define SLAP_ADD_SOCK(s, l) do { \
        SLAP_ADDTEST((s)); \
        FD_SET((s), &slap_daemon.sd_actives); \
        FD_SET((s), &slap_daemon.sd_readers); \
} while(0)

# define SLAP_DEL_SOCK(s) do { \
        FD_CLR((s), &slap_daemon.sd_actives); \
        FD_CLR((s), &slap_daemon.sd_readers); \
        FD_CLR((s), &slap_daemon.sd_writers); \
} while(0)

# define SLAP_EVENT_IS_READ(fd)         FD_ISSET((fd), &readfds)
# define SLAP_EVENT_IS_WRITE(fd)        FD_ISSET((fd), &writefds)

# define SLAP_EVENT_CLR_READ(fd)        FD_CLR((fd), &readfds)
# define SLAP_EVENT_CLR_WRITE(fd)       FD_CLR((fd), &writefds)

# define SLAP_EVENT_WAIT(tvp) \
        select( SLAP_EVENT_MAX, &readfds, \
                nwriters > 0 ? &writefds : NULL, NULL, (tvp) )

# define        SLAP_SOCK_SET_MUTE(s)   FD_CLR((s), &readfds)
# define        SLAP_SOCK_CLR_MUTE(s)   FD_SET((s), &readfds)
# define        SLAP_SOCK_IS_MUTE(s)    (!FD_ISSET((s), &readfds))
#endif

#ifdef HAVE_SLP
/*
 * SLP related functions
 */
#include <slp.h>

#define LDAP_SRVTYPE_PREFIX "service:ldap://"
#define LDAPS_SRVTYPE_PREFIX "service:ldaps://"
static char** slapd_srvurls = NULL;
static SLPHandle slapd_hslp = 0;
int slapd_register_slp = 0;

void slapd_slp_init( const char* urls ) {
        int i;

        slapd_srvurls = ldap_str2charray( urls, " " );

        if( slapd_srvurls == NULL ) return;

        /* find and expand INADDR_ANY URLs */
        for( i=0; slapd_srvurls[i] != NULL; i++ ) {
                if( strcmp( slapd_srvurls[i], "ldap:///" ) == 0) {
                        char *host = ldap_pvt_get_fqdn( NULL );
                        if ( host != NULL ) {
                                slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
                                        strlen( host ) +
                                        sizeof( LDAP_SRVTYPE_PREFIX ) );
                                strcpy( lutil_strcopy(slapd_srvurls[i],
                                        LDAP_SRVTYPE_PREFIX ), host );

                                ch_free( host );
                        }

                } else if ( strcmp( slapd_srvurls[i], "ldaps:///" ) == 0) {
                        char *host = ldap_pvt_get_fqdn( NULL );
                        if ( host != NULL ) {
                                slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i],
                                        strlen( host ) +
                                        sizeof( LDAPS_SRVTYPE_PREFIX ) );
                                strcpy( lutil_strcopy(slapd_srvurls[i],
                                        LDAPS_SRVTYPE_PREFIX ), host );

                                ch_free( host );
                        }
                }
        }

        /* open the SLP handle */
        SLPOpen( "en", 0, &slapd_hslp );
}

void slapd_slp_deinit() {
        if( slapd_srvurls == NULL ) return;

        ldap_charray_free( slapd_srvurls );
        slapd_srvurls = NULL;

        /* close the SLP handle */
        SLPClose( slapd_hslp );
}

void slapd_slp_regreport(
        SLPHandle hslp,
        SLPError errcode,
        void* cookie )
{
        /* empty report */
}

void slapd_slp_reg() {
        int i;

        if( slapd_srvurls == NULL ) return;

        for( i=0; slapd_srvurls[i] != NULL; i++ ) {
                if( strncmp( slapd_srvurls[i], LDAP_SRVTYPE_PREFIX,
                                sizeof( LDAP_SRVTYPE_PREFIX ) - 1 ) == 0 ||
                    strncmp( slapd_srvurls[i], LDAPS_SRVTYPE_PREFIX,
                                sizeof( LDAPS_SRVTYPE_PREFIX ) - 1 ) == 0 )
                {
                        SLPReg( slapd_hslp,
                                slapd_srvurls[i],
                                SLP_LIFETIME_MAXIMUM,
                                "ldap",
                                "",
                                1,
                                slapd_slp_regreport,
                                NULL );
                }
        }
}

void slapd_slp_dereg() {
        int i;

        if( slapd_srvurls == NULL ) return;

        for( i=0; slapd_srvurls[i] != NULL; i++ ) {
                SLPDereg( slapd_hslp,
                        slapd_srvurls[i],
                        slapd_slp_regreport,
                        NULL );
        }
}
#endif /* HAVE_SLP */

/*
 * Add a descriptor to daemon control
 *
 * If isactive, the descriptor is a live server session and is subject
 * to idletimeout control. Otherwise, the descriptor is a passive
 * listener or an outbound client session, and not subject to
 * idletimeout. The underlying event handler may record the Listener
 * argument to differentiate Listener's from real sessions.
 */
static void slapd_add(ber_socket_t s, int isactive, Listener *sl) {
        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );

        assert( SLAP_SOCK_NOT_ACTIVE(s) );

        if ( isactive ) slap_daemon.sd_nactives++;

        SLAP_ADD_SOCK(s, sl);

        Debug( LDAP_DEBUG_CONNS, "daemon: added %ldr\n",
                (long) s, 0, 0 );

        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );

#ifdef SLAP_LIGHTWEIGHT_LISTENER
        WAKE_LISTENER(1);
#endif
}

/*
 * Remove the descriptor from daemon control
 */
void slapd_remove(
        ber_socket_t s,
        int wasactive,
        int wake )
{
        int waswriter;

        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );

        if ( wasactive ) slap_daemon.sd_nactives--;
        waswriter = SLAP_SOCK_IS_WRITE(s);

        Debug( LDAP_DEBUG_CONNS, "daemon: removing %ld%s%s\n",
                (long) s, SLAP_SOCK_IS_READ(s) ? "r" : "",
                waswriter ? "w" : "" );
        if ( waswriter ) slap_daemon.sd_nwriters--;

#ifdef SLAP_LIGHTWEIGHT_LISTENER
        SLAP_SOCK_CLR_SUSPEND(s);
#endif

        SLAP_DEL_SOCK(s);
        /* If we ran out of file descriptors, we dropped a listener from
         * the select() loop. Now that we're removing a session from our
         * control, we can try to resume a dropped listener to use.
         */
        if ( emfile ) {
                int i;
                for ( i = 0; slap_listeners[i] != NULL; i++ ) {
                        if ( slap_listeners[i]->sl_sd != AC_SOCKET_INVALID ) {
                                if ( slap_listeners[i]->sl_sd == s ) continue;
                                if ( slap_listeners[i]->sl_is_mute ) {
                                        slap_listeners[i]->sl_is_mute = 0;
                                        emfile--;
                                        break;
                                }
                        }
                }
                /* Walked the entire list without enabling anything; emfile
                 * counter is stale. Reset it.
                 */
                if ( slap_listeners[i] == NULL ) emfile = 0;
        }
        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
        WAKE_LISTENER(wake || slapd_gentle_shutdown == 2);
}

#ifdef SLAP_LIGHTWEIGHT_LISTENER
/*
 * Temporarily suspend submitting events on the descriptor to the pool.
 * Reading on the descriptor will be resumed by a connection procseeing thread
 * when data (LDAP requests) on it are read.
 * slapd_suspend() returns 1 when it is suspended otherwise returns 0
 */
int slapd_suspend(ber_socket_t s) {
        int rc = 0;

        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );

        if ( !SLAP_SOCK_IS_SUSPEND( s ) && SLAP_SOCK_IS_ACTIVE( s ) &&
                        SLAP_SOCK_IS_READ( s ) )
        {
                SLAP_SOCK_SET_SUSPEND( s );
                SLAP_SOCK_CLR_READ( s );
                rc = 1;
        }

        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
        return rc;
}

void slapd_resume ( ber_socket_t s ) {
        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );

        SLAP_SOCK_SET_READ( s );

        assert( SLAP_SOCK_IS_SUSPEND( s ) );

        SLAP_SOCK_CLR_SUSPEND ( s );

        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );

        WAKE_LISTENER(1);
}
#endif

void slapd_clr_write(ber_socket_t s, int wake) {
        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );

        assert( SLAP_SOCK_IS_ACTIVE( s ));

        if ( SLAP_SOCK_IS_WRITE( s )) {
                SLAP_SOCK_CLR_WRITE( s );
                slap_daemon.sd_nwriters--;
        }

        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
        WAKE_LISTENER(wake);
}

void slapd_set_write(ber_socket_t s, int wake) {
        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );

        assert( SLAP_SOCK_IS_ACTIVE( s ));

        if ( !SLAP_SOCK_IS_WRITE( s )) {
                SLAP_SOCK_SET_WRITE( s );
                slap_daemon.sd_nwriters++;
        }

        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
        WAKE_LISTENER(wake);
}

void slapd_clr_read(ber_socket_t s, int wake) {
        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );

        assert( SLAP_SOCK_IS_ACTIVE( s ));
        SLAP_SOCK_CLR_READ( s );

        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
        WAKE_LISTENER(wake);
}

void slapd_set_read(ber_socket_t s, int wake) {
        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );

        assert( SLAP_SOCK_IS_ACTIVE( s ));
        if (!SLAP_SOCK_IS_READ( s ))
                SLAP_SOCK_SET_READ( s );

        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
        WAKE_LISTENER(wake);
}

static void slapd_close(ber_socket_t s) {
        Debug( LDAP_DEBUG_CONNS, "daemon: closing %ld\n",
                (long) s, 0, 0 );
        tcp_close(s);
}

static void slap_free_listener_addresses(struct sockaddr **sal)
{
        struct sockaddr **sap;

        if (sal == NULL) return;

        for (sap = sal; *sap != NULL; sap++) {
                ch_free(*sap);
        }

        ch_free(sal);
}

#if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD)
static int get_url_perms(
        char    **exts,
        mode_t  *perms,
        int     *crit )
{
        int     i;

        assert( exts != NULL );
        assert( perms != NULL );
        assert( crit != NULL );

        *crit = 0;
        for ( i = 0; exts[ i ]; i++ ) {
                char    *type = exts[ i ];
                int     c = 0;

                if ( type[ 0 ] == '!' ) {
                        c = 1;
                        type++;
                }

                if ( strncasecmp( type, LDAPI_MOD_URLEXT "=",
                        sizeof(LDAPI_MOD_URLEXT "=") - 1 ) == 0 )
                {
                        char *value = type + ( sizeof(LDAPI_MOD_URLEXT "=") - 1 );
                        mode_t p = 0;
                        int j;

                        switch (strlen(value)) {
                        case 4:
                                /* skip leading '0' */
                                if ( value[ 0 ] != '0' ) return LDAP_OTHER;
                                value++;

                        case 3:
                                for ( j = 0; j < 3; j++) {
                                        int     v;

                                        v = value[ j ] - '0';

                                        if ( v < 0 || v > 7 ) return LDAP_OTHER;

                                        p |= v << 3*(2-j);
                                }
                                break;

                        case 10:
                                for ( j = 1; j < 10; j++ ) {
                                        static mode_t   m[] = { 0, 
                                                S_IRUSR, S_IWUSR, S_IXUSR,
                                                S_IRGRP, S_IWGRP, S_IXGRP,
                                                S_IROTH, S_IWOTH, S_IXOTH
                                        };
                                        static char     c[] = "-rwxrwxrwx"; 

                                        if ( value[ j ] == c[ j ] ) {
                                                p |= m[ j ];
        
                                        } else if ( value[ j ] != '-' ) {
                                                return LDAP_OTHER;
                                        }
                                }
                                break;

                        default:
                                return LDAP_OTHER;
                        } 

                        *crit = c;
                        *perms = p;

                        return LDAP_SUCCESS;
                }
        }

        return LDAP_OTHER;
}
#endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */

/* port = 0 indicates AF_LOCAL */
static int slap_get_listener_addresses(
        const char *host,
        unsigned short port,
        struct sockaddr ***sal)
{
        struct sockaddr **sap;

#ifdef LDAP_PF_LOCAL
        if ( port == 0 ) {
                *sal = ch_malloc(2 * sizeof(void *));
                if (*sal == NULL) return -1;

                sap = *sal;
                *sap = ch_malloc(sizeof(struct sockaddr_un));
                if (*sap == NULL) goto errexit;
                sap[1] = NULL;

                if ( strlen(host) >
                        (sizeof(((struct sockaddr_un *)*sap)->sun_path) - 1) )
                {
                        Debug( LDAP_DEBUG_ANY,
                                "daemon: domain socket path (%s) too long in URL",
                                host, 0, 0);
                        goto errexit;
                }

                (void)memset( (void *)*sap, '\0', sizeof(struct sockaddr_un) );
                (*sap)->sa_family = AF_LOCAL;
                strcpy( ((struct sockaddr_un *)*sap)->sun_path, host );
        } else
#endif
        {
#ifdef HAVE_GETADDRINFO
                struct addrinfo hints, *res, *sai;
                int n, err;
                char serv[7];

                memset( &hints, '\0', sizeof(hints) );
                hints.ai_flags = AI_PASSIVE;
                hints.ai_socktype = SOCK_STREAM;
                hints.ai_family = slap_inet4or6;
                snprintf(serv, sizeof serv, "%d", port);

                if ( (err = getaddrinfo(host, serv, &hints, &res)) ) {
                        Debug( LDAP_DEBUG_ANY, "daemon: getaddrinfo failed: %s\n",
                                AC_GAI_STRERROR(err), 0, 0);
                        return -1;
                }

                sai = res;
                for (n=2; (sai = sai->ai_next) != NULL; n++) {
                        /* EMPTY */ ;
                }
                *sal = ch_calloc(n, sizeof(void *));
                if (*sal == NULL) return -1;

                sap = *sal;
                *sap = NULL;

                for ( sai=res; sai; sai=sai->ai_next ) {
                        if( sai->ai_addr == NULL ) {
                                Debug( LDAP_DEBUG_ANY, "slap_get_listener_addresses: "
                                        "getaddrinfo ai_addr is NULL?\n", 0, 0, 0 );
                                freeaddrinfo(res);
                                goto errexit;
                        }

                        switch (sai->ai_family) {
#  ifdef LDAP_PF_INET6
                        case AF_INET6:
                                *sap = ch_malloc(sizeof(struct sockaddr_in6));
                                if (*sap == NULL) {
                                        freeaddrinfo(res);
                                        goto errexit;
                                }
                                *(struct sockaddr_in6 *)*sap =
                                        *((struct sockaddr_in6 *)sai->ai_addr);
                                break;
#  endif
                        case AF_INET:
                                *sap = ch_malloc(sizeof(struct sockaddr_in));
                                if (*sap == NULL) {
                                        freeaddrinfo(res);
                                        goto errexit;
                                }
                                *(struct sockaddr_in *)*sap =
                                        *((struct sockaddr_in *)sai->ai_addr);
                                break;
                        default:
                                *sap = NULL;
                                break;
                        }

                        if (*sap != NULL) {
                                (*sap)->sa_family = sai->ai_family;
                                sap++;
                                *sap = NULL;
                        }
                }

                freeaddrinfo(res);
#else
                int i, n = 1;
                struct in_addr in;
                struct hostent *he = NULL;

                if ( host == NULL ) {
                        in.s_addr = htonl(INADDR_ANY);

                } else if ( !inet_aton( host, &in ) ) {
                        he = gethostbyname( host );
                        if( he == NULL ) {
                                Debug( LDAP_DEBUG_ANY,
                                        "daemon: invalid host %s", host, 0, 0);
                                return -1;
                        }
                        for (n = 0; he->h_addr_list[n]; n++) ;
                }

                *sal = ch_malloc((n+1) * sizeof(void *));
                if (*sal == NULL) {
                        return -1;
                }

                sap = *sal;
                for ( i = 0; i<n; i++ ) {
                        sap[i] = ch_malloc(sizeof(struct sockaddr_in));
                        if (*sap == NULL) goto errexit;
                        (void)memset( (void *)sap[i], '\0', sizeof(struct sockaddr_in) );
                        sap[i]->sa_family = AF_INET;
                        ((struct sockaddr_in *)sap[i])->sin_port = htons(port);
                        if (he) {
                                AC_MEMCPY( &((struct sockaddr_in *)sap[i])->sin_addr,
                                        he->h_addr_list[i], sizeof(struct in_addr) );
                        } else {
                                AC_MEMCPY( &((struct sockaddr_in *)sap[i])->sin_addr,
                                        &in, sizeof(struct in_addr) );
                        }
                }
                sap[i] = NULL;
#endif
        }

        return 0;

errexit:
        slap_free_listener_addresses(*sal);
        return -1;
}

static int slap_open_listener(
        const char* url,
        int *listeners,
        int *cur
        )
{
        int     num, tmp, rc;
        Listener l;
        Listener *li;
        LDAPURLDesc *lud;
        unsigned short port;
        int err, addrlen = 0;
        struct sockaddr **sal, **psal;
        int socktype = SOCK_STREAM;     /* default to COTS */

#if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD)
        /*
         * use safe defaults
         */
        int     crit = 1;
#endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */

        rc = ldap_url_parse( url, &lud );

        if( rc != LDAP_URL_SUCCESS ) {
                Debug( LDAP_DEBUG_ANY,
                        "daemon: listen URL \"%s\" parse error=%d\n",
                        url, rc, 0 );
                return rc;
        }

        l.sl_url.bv_val = NULL;
        l.sl_is_mute = 0;

#ifndef HAVE_TLS
        if( ldap_pvt_url_scheme2tls( lud->lud_scheme ) ) {
                Debug( LDAP_DEBUG_ANY,
                        "daemon: TLS not supported (%s)\n",
                        url, 0, 0 );
                ldap_free_urldesc( lud );
                return -1;
        }

        if(! lud->lud_port ) lud->lud_port = LDAP_PORT;

#else
        l.sl_is_tls = ldap_pvt_url_scheme2tls( lud->lud_scheme );

        if(! lud->lud_port ) {
                lud->lud_port = l.sl_is_tls ? LDAPS_PORT : LDAP_PORT;
        }
#endif

        port = (unsigned short) lud->lud_port;

        tmp = ldap_pvt_url_scheme2proto(lud->lud_scheme);
        if ( tmp == LDAP_PROTO_IPC ) {
#ifdef LDAP_PF_LOCAL
                if ( lud->lud_host == NULL || lud->lud_host[0] == '\0' ) {
                        err = slap_get_listener_addresses(LDAPI_SOCK, 0, &sal);
                } else {
                        err = slap_get_listener_addresses(lud->lud_host, 0, &sal);
                }
#else

                Debug( LDAP_DEBUG_ANY, "daemon: URL scheme not supported: %s",
                        url, 0, 0);
                ldap_free_urldesc( lud );
                return -1;
#endif
        } else {
                if( lud->lud_host == NULL || lud->lud_host[0] == '\0'
                        || strcmp(lud->lud_host, "*") == 0 )
                {
                        err = slap_get_listener_addresses(NULL, port, &sal);
                } else {
                        err = slap_get_listener_addresses(lud->lud_host, port, &sal);
                }
        }

#ifdef LDAP_CONNECTIONLESS
        l.sl_is_udp = ( tmp == LDAP_PROTO_UDP );
#endif

#if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD)
        if ( lud->lud_exts ) {
                err = get_url_perms( lud->lud_exts, &l.sl_perms, &crit );
        } else {
                l.sl_perms = S_IRWXU | S_IRWXO;
        }
#endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */

        ldap_free_urldesc( lud );
        if ( err ) return -1;

        /* If we got more than one address returned, we need to make space
         * for it in the slap_listeners array.
         */
        for ( num=0; sal[num]; num++ ) /* empty */;
        if ( num > 1 ) {
                *listeners += num-1;
                slap_listeners = ch_realloc( slap_listeners,
                        (*listeners + 1) * sizeof(Listener *) );
        }

        psal = sal;
        while ( *sal != NULL ) {
                char *af;
                switch( (*sal)->sa_family ) {
                case AF_INET:
                        af = "IPv4";
                        break;
#ifdef LDAP_PF_INET6
                case AF_INET6:
                        af = "IPv6";
                        break;
#endif
#ifdef LDAP_PF_LOCAL
                case AF_LOCAL:
                        af = "Local";
                        break;
#endif
                default:
                        sal++;
                        continue;
                }

#ifdef LDAP_CONNECTIONLESS
                if( l.sl_is_udp ) socktype = SOCK_DGRAM;
#endif

                l.sl_sd = socket( (*sal)->sa_family, socktype, 0);
                if ( l.sl_sd == AC_SOCKET_INVALID ) {
                        int err = sock_errno();
                        Debug( LDAP_DEBUG_ANY,
                                "daemon: %s socket() failed errno=%d (%s)\n",
                                af, err, sock_errstr(err) );
                        sal++;
                        continue;
                }

#ifndef HAVE_WINSOCK
                if ( l.sl_sd >= dtblsize ) {
                        Debug( LDAP_DEBUG_ANY,
                                "daemon: listener descriptor %ld is too great %ld\n",
                                (long) l.sl_sd, (long) dtblsize, 0 );
                        tcp_close( l.sl_sd );
                        sal++;
                        continue;
                }
#endif

#ifdef LDAP_PF_LOCAL
                if ( (*sal)->sa_family == AF_LOCAL ) {
                        unlink ( ((struct sockaddr_un *)*sal)->sun_path );
                } else
#endif
                {
#ifdef SO_REUSEADDR
                        /* enable address reuse */
                        tmp = 1;
                        rc = setsockopt( l.sl_sd, SOL_SOCKET, SO_REUSEADDR,
                                (char *) &tmp, sizeof(tmp) );
                        if ( rc == AC_SOCKET_ERROR ) {
                                int err = sock_errno();
                                Debug( LDAP_DEBUG_ANY, "slapd(%ld): "
                                        "setsockopt(SO_REUSEADDR) failed errno=%d (%s)\n",
                                        (long) l.sl_sd, err, sock_errstr(err) );
                        }
#endif
                }

                switch( (*sal)->sa_family ) {
                case AF_INET:
                        addrlen = sizeof(struct sockaddr_in);
                        break;
#ifdef LDAP_PF_INET6
                case AF_INET6:
#ifdef IPV6_V6ONLY
                        /* Try to use IPv6 sockets for IPv6 only */
                        tmp = 1;
                        rc = setsockopt( l.sl_sd, IPPROTO_IPV6, IPV6_V6ONLY,
                                (char *) &tmp, sizeof(tmp) );
                        if ( rc == AC_SOCKET_ERROR ) {
                                int err = sock_errno();
                                Debug( LDAP_DEBUG_ANY, "slapd(%ld): "
                                        "setsockopt(IPV6_V6ONLY) failed errno=%d (%s)\n",
                                        (long) l.sl_sd, err, sock_errstr(err) );
                        }
#endif
                        addrlen = sizeof(struct sockaddr_in6);
                        break;
#endif

#ifdef LDAP_PF_LOCAL
                case AF_LOCAL:
#ifdef LOCAL_CREDS
                {
                        int one = 1;
                        setsockopt(l.sl_sd, 0, LOCAL_CREDS, &one, sizeof one);
                }
#endif
                addrlen = sizeof(struct sockaddr_un);
                break;
#endif
                }

                if (bind(l.sl_sd, *sal, addrlen)) {
                        err = sock_errno();
                        Debug( LDAP_DEBUG_ANY,
                                "daemon: bind(%ld) failed errno=%d (%s)\n",
                                (long) l.sl_sd, err, sock_errstr(err) );
                        tcp_close( l.sl_sd );
                        sal++;
                        continue;
                }

                switch ( (*sal)->sa_family ) {
#ifdef LDAP_PF_LOCAL
                case AF_LOCAL: {
                        char *addr = ((struct sockaddr_un *)*sal)->sun_path;
                        l.sl_name.bv_len = strlen(addr) + sizeof("PATH=") - 1;
                        l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len + 1 );
                        snprintf( l.sl_name.bv_val, l.sl_name.bv_len + 1, 
                                "PATH=%s", addr );
                } break;
#endif /* LDAP_PF_LOCAL */

                case AF_INET: {
                        char *s;
#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
                        char addr[INET_ADDRSTRLEN];
                        inet_ntop( AF_INET, &((struct sockaddr_in *)*sal)->sin_addr,
                                addr, sizeof(addr) );
                        s = addr;
#else
                        s = inet_ntoa( ((struct sockaddr_in *) *sal)->sin_addr );
#endif
                        port = ntohs( ((struct sockaddr_in *)*sal) ->sin_port );
                        l.sl_name.bv_val =
                                ber_memalloc( sizeof("IP=255.255.255.255:65535") );
                        snprintf( l.sl_name.bv_val, sizeof("IP=255.255.255.255:65535"),
                                "IP=%s:%d",
                                 s != NULL ? s : SLAP_STRING_UNKNOWN, port );
                        l.sl_name.bv_len = strlen( l.sl_name.bv_val );
                } break;

#ifdef LDAP_PF_INET6
                case AF_INET6: {
                        char addr[INET6_ADDRSTRLEN];
                        inet_ntop( AF_INET6, &((struct sockaddr_in6 *)*sal)->sin6_addr,
                                addr, sizeof addr);
                        port = ntohs( ((struct sockaddr_in6 *)*sal)->sin6_port );
                        l.sl_name.bv_len = strlen(addr) + sizeof("IP= 65535");
                        l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len );
                        snprintf( l.sl_name.bv_val, l.sl_name.bv_len, "IP=%s %d", 
                                addr, port );
                        l.sl_name.bv_len = strlen( l.sl_name.bv_val );
                } break;
#endif /* LDAP_PF_INET6 */

                default:
                        Debug( LDAP_DEBUG_ANY, "daemon: unsupported address family (%d)\n",
                                (int) (*sal)->sa_family, 0, 0 );
                        break;
                }

                AC_MEMCPY(&l.sl_sa, *sal, addrlen);
                ber_str2bv( url, 0, 1, &l.sl_url);
                li = ch_malloc( sizeof( Listener ) );
                *li = l;
                slap_listeners[*cur] = li;
                (*cur)++;
                sal++;
        }

        slap_free_listener_addresses(psal);

        if ( l.sl_url.bv_val == NULL ) {
                Debug( LDAP_DEBUG_TRACE,
                        "slap_open_listener: failed on %s\n", url, 0, 0 );
                return -1;
        }

        Debug( LDAP_DEBUG_TRACE, "daemon: initialized %s\n",
                l.sl_url.bv_val, 0, 0 );
        return 0;
}

static int sockinit(void);
static int sockdestroy(void);

int slapd_daemon_init( const char *urls )
{
        int i, j, n, rc;
        char **u;

        Debug( LDAP_DEBUG_ARGS, "daemon_init: %s\n",
                urls ? urls : "<null>", 0, 0 );
        if( (rc = sockinit()) != 0 ) {
                return rc;
        }

#ifdef HAVE_SYSCONF
        dtblsize = sysconf( _SC_OPEN_MAX );
#elif HAVE_GETDTABLESIZE
        dtblsize = getdtablesize();
#else
        dtblsize = FD_SETSIZE;
#endif

        /* open a pipe (or something equivalent connected to itself).
         * we write a byte on this fd whenever we catch a signal. The main
         * loop will be select'ing on this socket, and will wake up when
         * this byte arrives.
         */
        if( (rc = lutil_pair( wake_sds )) < 0 ) {
                Debug( LDAP_DEBUG_ANY,
                        "daemon: lutil_pair() failed rc=%d\n", rc, 0, 0 );
                return rc;
        }

        SLAP_SOCK_SET_INIT;

        if( urls == NULL ) {
                urls = "ldap:///";
        }

        u = ldap_str2charray( urls, " " );

        if( u == NULL || u[0] == NULL ) {
                Debug( LDAP_DEBUG_ANY, "daemon_init: no urls (%s) provided.\n",
                        urls, 0, 0 );
                return -1;
        }

        for( i=0; u[i] != NULL; i++ ) {
                Debug( LDAP_DEBUG_TRACE, "daemon_init: listen on %s\n",
                        u[i], 0, 0 );
        }

        if( i == 0 ) {
                Debug( LDAP_DEBUG_ANY, "daemon_init: no listeners to open (%s)\n",
                        urls, 0, 0 );
                ldap_charray_free( u );
                return -1;
        }

        Debug( LDAP_DEBUG_TRACE, "daemon_init: %d listeners to open...\n",
                i, 0, 0 );
        slap_listeners = ch_malloc( (i+1)*sizeof(Listener *) );

        for(n = 0, j = 0; u[n]; n++ ) {
                if ( slap_open_listener( u[n], &i, &j ) ) {
                        ldap_charray_free( u );
                        return -1;
                }
        }
        slap_listeners[j] = NULL;

        Debug( LDAP_DEBUG_TRACE, "daemon_init: %d listeners opened\n",
                i, 0, 0 );

#ifdef HAVE_SLP
        if( slapd_register_slp ) {
                slapd_slp_init( urls );
                slapd_slp_reg();
        }
#endif

        ldap_charray_free( u );
        ldap_pvt_thread_mutex_init( &slap_daemon.sd_mutex );

        return !i;
}


int
slapd_daemon_destroy(void)
{
        connections_destroy();
        tcp_close( wake_sds[1] );
        tcp_close( wake_sds[0] );
        sockdestroy();

#ifdef HAVE_SLP
        if( slapd_register_slp ) {
                slapd_slp_dereg();
                slapd_slp_deinit();
        }
#endif

        return 0;
}


static void
close_listeners(
        int remove )
{
        int l;

        for ( l = 0; slap_listeners[l] != NULL; l++ ) {
                if ( slap_listeners[l]->sl_sd != AC_SOCKET_INVALID ) {
                        if ( remove ) slapd_remove( slap_listeners[l]->sl_sd, 0, 0 );

#ifdef LDAP_PF_LOCAL
                        if ( slap_listeners[l]->sl_sa.sa_addr.sa_family == AF_LOCAL ) {
                                unlink( slap_listeners[l]->sl_sa.sa_un_addr.sun_path );
                        }
#endif /* LDAP_PF_LOCAL */

                        slapd_close( slap_listeners[l]->sl_sd );
                }

                if ( slap_listeners[l]->sl_url.bv_val ) {
                        ber_memfree( slap_listeners[l]->sl_url.bv_val );
                }

                if ( slap_listeners[l]->sl_name.bv_val ) {
                        ber_memfree( slap_listeners[l]->sl_name.bv_val );
                }

                free ( slap_listeners[l] );
                slap_listeners[l] = NULL;
        }
}

static int
slapd_handle_listener(
        Listener *sl )
{
        Sockaddr                from;

        ber_socket_t s;
        socklen_t len = sizeof(from);
        long id;
        slap_ssf_t ssf = 0;
        struct berval authid = BER_BVNULL;
#ifdef SLAPD_RLOOKUPS
        char hbuf[NI_MAXHOST];
#endif

        char    *dnsname = NULL;
        char    *peeraddr = NULL;
#ifdef LDAP_PF_LOCAL
        char peername[MAXPATHLEN + sizeof("PATH=")];
#elif defined(LDAP_PF_INET6)
        char peername[sizeof("IP=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 65535")];
#else
        char peername[sizeof("IP=255.255.255.255:65336")];
#endif /* LDAP_PF_LOCAL */

        peername[0] = '\0';

#ifdef LDAP_CONNECTIONLESS
        if ( sl->sl_is_udp ) {
                /* The first time we receive a query, we set this
                 * up as a "connection". It remains open for the life
                 * of the slapd.
                 */
                if ( sl->sl_is_udp < 2 ) {
                        id = connection_init( sl->sl_sd, sl, "", "",
                                CONN_IS_UDP, ssf, NULL );
                    sl->sl_is_udp++;
                }
                return 1;
        }
#endif

#  ifdef LDAP_PF_LOCAL
        /* FIXME: apparently accept doesn't fill
         * the sun_path sun_path member */
        from.sa_un_addr.sun_path[0] = '\0';
#  endif /* LDAP_PF_LOCAL */

        s = accept( sl->sl_sd, (struct sockaddr *) &from, &len );
#ifdef SLAP_LIGHTWEIGHT_LISTENER
        /*
         * As soon as a TCP connection is accepted, the listener FD is resumed
         * for concurrent-processing of incoming TCP connections.
         */
        slapd_resume( sl->sl_sd );
#endif
        if ( s == AC_SOCKET_INVALID ) {
                int err = sock_errno();

                if(
#ifdef EMFILE
                    err == EMFILE ||
#endif
#ifdef ENFILE
                    err == ENFILE ||
#endif
                    0 )
                {
                        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
                        emfile++;
                        /* Stop listening until an existing session closes */
                        sl->sl_is_mute = 1;
                        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
                }

                Debug( LDAP_DEBUG_ANY,
                        "daemon: accept(%ld) failed errno=%d (%s)\n",
                        (long) sl->sl_sd, err,
                        sock_errstr(err) );
                ldap_pvt_thread_yield();
                return 0;
        }

#ifndef HAVE_WINSOCK
        /* make sure descriptor number isn't too great */
        if ( s >= dtblsize ) {
                Debug( LDAP_DEBUG_ANY,
                        "daemon: %ld beyond descriptor table size %ld\n",
                        (long) s, (long) dtblsize, 0 );

                slapd_close(s);
                ldap_pvt_thread_yield();
                return 0;
        }
#endif

#ifdef LDAP_DEBUG
        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );

        /* newly accepted stream should not be in any of the FD SETS */
        assert( SLAP_SOCK_NOT_ACTIVE( s ));

        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
#endif

#if defined( SO_KEEPALIVE ) || defined( TCP_NODELAY )
#ifdef LDAP_PF_LOCAL
        /* for IPv4 and IPv6 sockets only */
        if ( from.sa_addr.sa_family != AF_LOCAL )
#endif /* LDAP_PF_LOCAL */
        {
                int rc;
                int tmp;
#ifdef SO_KEEPALIVE
                /* enable keep alives */
                tmp = 1;
                rc = setsockopt( s, SOL_SOCKET, SO_KEEPALIVE,
                        (char *) &tmp, sizeof(tmp) );
                if ( rc == AC_SOCKET_ERROR ) {
                        int err = sock_errno();
                        Debug( LDAP_DEBUG_ANY,
                                "slapd(%ld): setsockopt(SO_KEEPALIVE) failed "
                                "errno=%d (%s)\n", (long) s, err, sock_errstr(err) );
                }
#endif
#ifdef TCP_NODELAY
                /* enable no delay */
                tmp = 1;
                rc = setsockopt( s, IPPROTO_TCP, TCP_NODELAY,
                        (char *)&tmp, sizeof(tmp) );
                if ( rc == AC_SOCKET_ERROR ) {
                        int err = sock_errno();
                        Debug( LDAP_DEBUG_ANY,
                                "slapd(%ld): setsockopt(TCP_NODELAY) failed "
                                "errno=%d (%s)\n", (long) s, err, sock_errstr(err) );
                }
#endif
        }
#endif

        Debug( LDAP_DEBUG_CONNS, "daemon: new connection on %ld\n",
                (long) s, 0, 0 );
        switch ( from.sa_addr.sa_family ) {
#  ifdef LDAP_PF_LOCAL
        case AF_LOCAL:
                /* FIXME: apparently accept doesn't fill
                 * the sun_path sun_path member */
                if ( from.sa_un_addr.sun_path[0] == '\0' ) {
                        AC_MEMCPY( from.sa_un_addr.sun_path,
                                        sl->sl_sa.sa_un_addr.sun_path,
                                        sizeof( from.sa_un_addr.sun_path ) );
                }

                sprintf( peername, "PATH=%s", from.sa_un_addr.sun_path );
                ssf = local_ssf;
                {
                        uid_t uid;
                        gid_t gid;

                        if( getpeereid( s, &uid, &gid ) == 0 ) {
                                authid.bv_val = ch_malloc(
                                        STRLENOF( "gidNumber=4294967295+uidNumber=4294967295,"
                                        "cn=peercred,cn=external,cn=auth" ) + 1 );
                                authid.bv_len = sprintf( authid.bv_val,
                                        "gidNumber=%d+uidNumber=%d,"
                                        "cn=peercred,cn=external,cn=auth",
                                        (int) gid, (int) uid );
                                assert( authid.bv_len <=
                                        STRLENOF( "gidNumber=4294967295+uidNumber=4294967295,"
                                        "cn=peercred,cn=external,cn=auth" ) );
                        }
                }
                dnsname = "local";
                break;
#endif /* LDAP_PF_LOCAL */

#  ifdef LDAP_PF_INET6
        case AF_INET6:
        if ( IN6_IS_ADDR_V4MAPPED(&from.sa_in6_addr.sin6_addr) ) {
                peeraddr = inet_ntoa( *((struct in_addr *)
                                        &from.sa_in6_addr.sin6_addr.s6_addr[12]) );
                sprintf( peername, "IP=%s:%d",
                         peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
                         (unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
        } else {
                char addr[INET6_ADDRSTRLEN];

                peeraddr = (char *) inet_ntop( AF_INET6,
                                      &from.sa_in6_addr.sin6_addr,
                                      addr, sizeof addr );
                sprintf( peername, "IP=%s %d",
                         peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
                         (unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
        }
        break;
#  endif /* LDAP_PF_INET6 */

        case AF_INET:
        peeraddr = inet_ntoa( from.sa_in_addr.sin_addr );
        sprintf( peername, "IP=%s:%d",
                peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
                (unsigned) ntohs( from.sa_in_addr.sin_port ) );
                break;

        default:
                slapd_close(s);
                return 0;
        }

        if ( ( from.sa_addr.sa_family == AF_INET )
#ifdef LDAP_PF_INET6
                || ( from.sa_addr.sa_family == AF_INET6 )
#endif
                )
        {
                dnsname = NULL;
#ifdef SLAPD_RLOOKUPS
                if ( use_reverse_lookup ) {
                        char *herr;
                        if (ldap_pvt_get_hname( (const struct sockaddr *)&from, len, hbuf,
                                sizeof(hbuf), &herr ) == 0) {
                                ldap_pvt_str2lower( hbuf );
                                dnsname = hbuf;
                        }
                }
#endif /* SLAPD_RLOOKUPS */

#ifdef HAVE_TCPD
                if ( !hosts_ctl("slapd",
                        dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
                        peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
                        SLAP_STRING_UNKNOWN ))
                {
                        /* DENY ACCESS */
                        Statslog( LDAP_DEBUG_STATS,
                                "fd=%ld DENIED from %s (%s)\n",
                                (long) s,
                                dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
                                peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
                                0, 0 );
                        slapd_close(s);
                        return 0;
                }
#endif /* HAVE_TCPD */
        }

        id = connection_init(s, sl,
                dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
                peername,
#ifdef HAVE_TLS
                sl->sl_is_tls ? CONN_IS_TLS : 0,
#else
                0,
#endif
                ssf,
                authid.bv_val ? &authid : NULL );

        if( authid.bv_val ) ch_free(authid.bv_val);

        if( id < 0 ) {
                Debug( LDAP_DEBUG_ANY,
                        "daemon: connection_init(%ld, %s, %s) failed.\n",
                        (long) s, peername, sl->sl_name.bv_val );
                slapd_close(s);
                return 0;
        }

        Statslog( LDAP_DEBUG_STATS,
                "conn=%ld fd=%ld ACCEPT from %s (%s)\n",
                id, (long) s, peername, sl->sl_name.bv_val,
                0 );

        slapd_add( s, 1, NULL );
        return 0;
}

#ifdef SLAP_LIGHTWEIGHT_LISTENER
void*
slapd_handle_listener_thread(
        void* ctx,
        void* ptr )
{
        int rc;

        rc = slapd_handle_listener( (Listener*)ptr );

        if( rc != LDAP_SUCCESS ) {
                Debug( LDAP_DEBUG_ANY,
                        "slapd_handle_listener_thread: failed", 0, 0, 0 );
        }

        return (void*)NULL;
}

static int
new_connection_activate(
        Listener* sl )
{
        int status;

        if( !slapd_suspend( sl->sl_sd ) ) return (0);

        status = ldap_pvt_thread_pool_submit( &connection_pool,
                slapd_handle_listener_thread, (void *) sl );

        if( status != 0 ) {
                Debug( LDAP_DEBUG_ANY,
                        "new_connection_activate: ldap_pvt_thread_pool_submit failed\n",
                        0, 0, 0 );
                return (-1);
        }

        return (0);
}
#endif

static void *
slapd_daemon_task(
        void *ptr )
{
        int l;
        time_t last_idle_check = 0;
        struct timeval idle;
        int ebadf = 0;

#define SLAPD_IDLE_CHECK_LIMIT 4

        if ( global_idletimeout > 0 ) {
                last_idle_check = slap_get_time();
                /* Set the select timeout.
                 * Don't just truncate, preserve the fractions of
                 * seconds to prevent sleeping for zero time.
                 */
                idle.tv_sec = global_idletimeout / SLAPD_IDLE_CHECK_LIMIT;
                idle.tv_usec = global_idletimeout - \
                        ( idle.tv_sec * SLAPD_IDLE_CHECK_LIMIT );
                idle.tv_usec *= 1000000 / SLAPD_IDLE_CHECK_LIMIT;
        } else {
                idle.tv_sec = 0;
                idle.tv_usec = 0;
        }

        slapd_add( wake_sds[0], 0, NULL );

        for ( l = 0; slap_listeners[l] != NULL; l++ ) {
                if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ) continue;

#ifdef LDAP_CONNECTIONLESS
                /* Since this is connectionless, the data port is the
                 * listening port. The listen() and accept() calls
                 * are unnecessary.
                 */
                if ( slap_listeners[l]->sl_is_udp ) {
                        slapd_add( slap_listeners[l]->sl_sd, 1, slap_listeners[l] );
                        continue;
                }
#endif

                if ( listen( slap_listeners[l]->sl_sd, SLAPD_LISTEN_BACKLOG ) == -1 ) {
                        int err = sock_errno();

#ifdef LDAP_PF_INET6
                        /* If error is EADDRINUSE, we are trying to listen to INADDR_ANY and
                         * we are already listening to in6addr_any, then we want to ignore
                         * this and continue.
                         */
                        if ( err == EADDRINUSE ) {
                                int i;
                                struct sockaddr_in sa = slap_listeners[l]->sl_sa.sa_in_addr;
                                struct sockaddr_in6 sa6;
                                
                                if ( sa.sin_family == AF_INET &&
                                     sa.sin_addr.s_addr == htonl(INADDR_ANY) ) {
                                        for ( i = 0 ; i < l; i++ ) {
                                                sa6 = slap_listeners[i]->sl_sa.sa_in6_addr;
                                                if ( sa6.sin6_family == AF_INET6 &&
                                                     !memcmp( &sa6.sin6_addr, &in6addr_any,
                                                                sizeof(struct in6_addr) ) )
                                                {
                                                        break;
                                                }
                                        }

                                        if ( i < l ) {
                                                /* We are already listening to in6addr_any */
                                                Debug( LDAP_DEBUG_CONNS,
                                                        "daemon: Attempt to listen to 0.0.0.0 failed, "
                                                        "already listening on ::, assuming IPv4 included\n",
                                                        0, 0, 0 );
                                                slapd_close( slap_listeners[l]->sl_sd );
                                                slap_listeners[l]->sl_sd = AC_SOCKET_INVALID;
                                                continue;
                                        }
                                }
                        }
#endif                          
                        Debug( LDAP_DEBUG_ANY,
                                "daemon: listen(%s, 5) failed errno=%d (%s)\n",
                                        slap_listeners[l]->sl_url.bv_val, err,
                                        sock_errstr(err) );
                        return (void*)-1;
                }

#ifdef SLAP_LIGHTWEIGHT_LISTENER
                /* make the listening socket non-blocking */
                if ( ber_pvt_socket_set_nonblock( slap_listeners[l]->sl_sd, 1 ) < 0 ) {
                        Debug( LDAP_DEBUG_ANY, "slapd_daemon_task: "
                                "set nonblocking on a listening socket failed\n",
                                0, 0, 0 );
                        slapd_shutdown = 2;
                        return (void*)-1;
                }
#endif

                slapd_add( slap_listeners[l]->sl_sd, 0, slap_listeners[l] );
        }

#ifdef HAVE_NT_SERVICE_MANAGER
        if ( started_event != NULL ) }
                ldap_pvt_thread_cond_signal( &started_event );
        }
#endif

#ifdef SLAP_SEM_LOAD_CONTROL
        /*
         * initialize count and lazyness of a semaphore
         */
        (void) ldap_lazy_sem_init(
                SLAP_MAX_WORKER_THREADS + 4 /* max workers + margin */,
                4 /* lazyness */ );
#endif

        /* initialization complete. Here comes the loop. */

        while ( !slapd_shutdown ) {
                ber_socket_t i;
                int ns, nwriters;
                int at;
                ber_socket_t nfds;
#if SLAP_EVENTS_ARE_INDEXED
                ber_socket_t nrfds, nwfds;
#endif
#define SLAPD_EBADF_LIMIT 16

                time_t  now;

                SLAP_EVENT_DECL;

                struct timeval          tv;
                struct timeval          *tvp;

                struct timeval          *cat;
                time_t                          tdelta = 1;
                struct re_s*            rtask;
                now = slap_get_time();

                if( ( global_idletimeout > 0 ) &&
                        difftime( last_idle_check +
                        global_idletimeout/SLAPD_IDLE_CHECK_LIMIT, now ) < 0 ) {
                        connections_timeout_idle( now );
                        last_idle_check = now;
                }
                tv = idle;

#ifdef SIGHUP
                if( slapd_gentle_shutdown ) {
                        ber_socket_t active;

                        if( slapd_gentle_shutdown == 1 ) {
                                Debug( LDAP_DEBUG_ANY, "slapd gentle shutdown\n", 0, 0, 0 );
                                close_listeners( 1 );
                                frontendDB->be_restrictops |= SLAP_RESTRICT_OP_WRITES;
                                slapd_gentle_shutdown = 2;
                        }

                        ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );
                        active = slap_daemon.sd_nactives;
                        ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );
                        if( active == 0 ) {
                                slapd_shutdown = 2;
                                break;
                        }
                }
#endif

                at = 0;

                ldap_pvt_thread_mutex_lock( &slap_daemon.sd_mutex );

                nwriters = slap_daemon.sd_nwriters;
                SLAP_EVENT_INIT;

                for ( l = 0; slap_listeners[l] != NULL; l++ ) {
                        if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID )
                                continue;
                        if ( slap_listeners[l]->sl_is_mute )
                                SLAP_SOCK_SET_MUTE( slap_listeners[l]->sl_sd );
                        else
                        if ( SLAP_SOCK_IS_MUTE( slap_listeners[l]->sl_sd ))
                            SLAP_SOCK_CLR_MUTE( slap_listeners[l]->sl_sd );
                }

                nfds = SLAP_EVENT_MAX;

                if ( global_idletimeout && slap_daemon.sd_nactives ) at = 1;

                ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex );

                if ( at 
#if defined(HAVE_YIELDING_SELECT) || defined(NO_THREADS)
                        &&  ( tv.tv_sec || tv.tv_usec )
#endif
                        )
                {
                        tvp = &tv;
                } else {
                        tvp = NULL;
                }

                ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
                rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat );
                while ( cat && cat->tv_sec && cat->tv_sec <= now ) {
                        if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) {
                                ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
                        } else {
                                ldap_pvt_runqueue_runtask( &slapd_rq, rtask );
                                ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
                                ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
                                ldap_pvt_thread_pool_submit( &connection_pool,
                                                                                        rtask->routine, (void *) rtask );
                                ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
                        }
                        rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat );
                }
                ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );

                if ( cat && cat->tv_sec ) {
                        time_t diff = difftime( cat->tv_sec, now );
                        if ( diff == 0 ) diff = tdelta;
                        if ( tvp == NULL || diff < tv.tv_sec ) {
                                tv.tv_sec = diff;
                                tv.tv_usec = 0;
                                tvp = &tv;
                        }
                }

                for ( l = 0; slap_listeners[l] != NULL; l++ ) {
                        if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ||
                            slap_listeners[l]->sl_is_mute )
                        {
                                continue;
                        }

                        Debug( LDAP_DEBUG_CONNS,
                                "daemon: select: listen=%d active_threads=%d tvp=%s\n",
                                slap_listeners[l]->sl_sd, at,
                                tvp == NULL ? "NULL" : "zero" );
                }

                switch(ns = SLAP_EVENT_WAIT(tvp)) {
                case -1: {      /* failure - try again */
                                int err = sock_errno();

                                if( err == EBADF
#ifdef WSAENOTSOCK
                                        /* you'd think this would be EBADF */
                                        || err == WSAENOTSOCK
#endif
                                ) {
                                        if (++ebadf < SLAPD_EBADF_LIMIT)
                                                continue;
                                }

                                if( err != EINTR ) {
                                        Debug( LDAP_DEBUG_CONNS,
                                                "daemon: select failed (%d): %s\n",
                                                err, sock_errstr(err), 0 );
                                        slapd_shutdown = 2;
                                }
                        }
                        continue;

                case 0:         /* timeout - let threads run */
                        ebadf = 0;
#ifndef HAVE_YIELDING_SELECT
                        Debug( LDAP_DEBUG_CONNS, "daemon: select timeout - yielding\n",
                            0, 0, 0 );

                        ldap_pvt_thread_yield();
#endif
                        continue;

                default:        /* something happened - deal with it */
                        if( slapd_shutdown ) continue;

                        ebadf = 0;
                        Debug( LDAP_DEBUG_CONNS, "daemon: activity on %d descriptors\n",
                                ns, 0, 0 );
                        /* FALL THRU */
                }

#if SLAP_EVENTS_ARE_INDEXED
                if ( SLAP_EVENT_IS_READ( wake_sds[0] )) {
                        char c[BUFSIZ];
                        tcp_read( wake_sds[0], c, sizeof(c) );
                        waking = 0;
                        ns--;
                        SLAP_EVENT_CLR_READ( wake_sds[0] );
                        continue;
                }

                /* The event slot equals the descriptor number - this is
                 * true for Unix select and poll. We treat Windows select
                 * like this too, even though it's a kludge.
                 */
                for ( l = 0; slap_listeners[l] != NULL; l++ ) {
                        int rc;

                        if ( ns <= 0 ) break;
                        if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ) continue;
                        if ( !SLAP_EVENT_IS_READ( slap_listeners[l]->sl_sd )) continue;
                        

#ifdef SLAP_LIGHTWEIGHT_LISTENER
                        rc = new_connection_activate(slap_listeners[l]);
#else
                        rc = slapd_handle_listener(slap_listeners[l]);
#endif

#ifdef LDAP_CONNECTIONLESS
                        /* This is a UDP session, let the data loop process it */
                        if ( rc ) continue;
#endif

                        ns--;

                        /* Don't need to look at this in the data loops */
                        SLAP_EVENT_CLR_READ( slap_listeners[l]->sl_sd );
                        SLAP_EVENT_CLR_WRITE( slap_listeners[l]->sl_sd );
                }

                /* bypass the following tests if no descriptors left */
                if ( ns <= 0 ) {
#ifndef HAVE_YIELDING_SELECT
                        ldap_pvt_thread_yield();
#endif
                        continue;
                }

                Debug( LDAP_DEBUG_CONNS, "daemon: activity on:", 0, 0, 0 );
#ifdef HAVE_WINSOCK
                nrfds = readfds.fd_count;
                nwfds = writefds.fd_count;
                for ( i = 0; i < readfds.fd_count; i++ ) {
                        Debug( LDAP_DEBUG_CONNS, " %d%s",
                                readfds.fd_array[i], "r", 0 );
                }
                for ( i = 0; i < writefds.fd_count; i++ ) {
                        Debug( LDAP_DEBUG_CONNS, " %d%s",
                                writefds.fd_array[i], "w", 0 );
                }

#else
                nrfds = 0;
                nwfds = 0;
                for ( i = 0; i < nfds; i++ ) {
                        int     r, w;

                        r = SLAP_EVENT_IS_READ( i );
                        /* writefds was not initialized if nwriters was zero */
                        w = nwriters ? SLAP_EVENT_IS_WRITE( i ) : 0;
                        if ( r || w ) {
                                Debug( LDAP_DEBUG_CONNS, " %d%s%s", i,
                                    r ? "r" : "", w ? "w" : "" );
                                if ( r ) {
                                        nrfds++;
                                        ns--;
                                }
                                if ( w ) {
                                        nwfds++;
                                        ns--;
                                }
                        }
                        if ( ns <= 0 ) break;
                }
#endif
                Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 );


                /* loop through the writers */
                for ( i = 0; nwfds > 0; i++ )
                {
                        ber_socket_t wd;
#ifdef HAVE_WINSOCK
                        wd = writefds.fd_array[i];
#else
                        if( ! SLAP_EVENT_IS_WRITE( i ) ) {
                                continue;
                        }
                        wd = i;
#endif
                        nwfds--;

                        Debug( LDAP_DEBUG_CONNS,
                                "daemon: write active on %d\n",
                                wd, 0, 0 );
                        /*
                         * NOTE: it is possible that the connection was closed
                         * and that the stream is now inactive.
                         * connection_write() must valid the stream is still
                         * active.
                         */

                        if ( connection_write( wd ) < 0 ) {
                                if ( SLAP_EVENT_IS_READ( wd )) {
                                        SLAP_EVENT_CLR_READ( (unsigned) wd );
                                        nrfds--;
                                }
                                slapd_close( wd );
                        }
                        SLAP_EVENT_CLR_WRITE( wd );
                }

                for ( i = 0; nrfds > 0; i++ )
                {
                        ber_socket_t rd;
#ifdef HAVE_WINSOCK
                        rd = readfds.fd_array[i];
#else
                        if( ! SLAP_EVENT_IS_READ( i ) ) {
                                continue;
                        }
                        rd = i;
#endif
                        nrfds--;

                        Debug ( LDAP_DEBUG_CONNS,
                                "daemon: read activity on %d\n", rd, 0, 0 );
                        /*
                         * NOTE: it is possible that the connection was closed
                         * and that the stream is now inactive.
                         * connection_read() must valid the stream is still
                         * active.
                         */

#ifdef SLAP_LIGHTWEIGHT_LISTENER
                        connection_processing_activate( rd );
#else
                        if ( connection_read( rd ) < 0 ) {
                                slapd_close( rd );
                        }
#endif
                }
#else   /* !SLAP_EVENTS_ARE_INDEXED */
        /* FIXME */
        /* The events are returned in an arbitrary list. This is true
         * for /dev/poll, epoll and kqueue. In order to prioritize things
         * so that we can handle wake_sds first, listeners second, and then
         * all other connections last (as we do for select), we would need
         * to use multiple event handles and cascade them.
         *
         * That seems like a bit of hassle. So the wake_sds check has been
         * skipped. For epoll and kqueue we can associate arbitrary data with
         * an event, so we could use pointers to the listener structure
         * instead of just the file descriptor. For /dev/poll we have to
         * search the listeners array for a matching descriptor.
         */
                /* if waking is set and we woke up, we'll read whatever
                 * we can.
                 */
                if ( waking ) {
                        char c[BUFSIZ];
                        tcp_read( wake_sds[0], c, sizeof(c) );
                        waking = 0;
                        ns--;
                        continue;
                }

#ifdef LDAP_DEBUG
                Debug( LDAP_DEBUG_CONNS, "daemon: activity on:", 0, 0, 0 );

                for (i=0; i<ns; i++) {
                        int     r, w;

                        if ( SLAP_EVENT_IS_LISTENER(i)
#ifdef LDAP_CONNECTIONLESS
                                && !((SLAP_EVENT_LISTENER(i))->sl_is_udp)
#endif
                                )
                        {
                                continue;
                        }

                        /* Don't log internal wake events */
                        if ( SLAP_EVENT_FD( i ) == wake_sds[0] ) continue;

                        r = SLAP_EVENT_IS_READ( i );
                        w = SLAP_EVENT_IS_WRITE( i );
                        if ( r || w ) {
                                Debug( LDAP_DEBUG_CONNS, " %d%s%s", SLAP_EVENT_FD(i),
                                    r ? "r" : "", w ? "w" : "" );
                        }
                }
#endif

                for (i=0; i<ns; i++) {
                        int rc = 1, fd;

                        if ( SLAP_EVENT_IS_LISTENER(i) ) {
#ifdef SLAP_LIGHTWEIGHT_LISTENER
                                rc = new_connection_activate( SLAP_EVENT_LISTENER( i ));
#else
                                rc = slapd_handle_listener( SLAP_EVENT_LISTENER( i ));
#endif
                        }
                        /* If we found a regular listener, rc is now zero, and we
                         * can skip the data portion. But if it was a UDP listener
                         * then rc is still 1, and we want to handle the data.
                         */
                        if ( rc ) {
                                fd = SLAP_EVENT_FD( i );

                                /* Ignore wake events, they were handled above */
                                if ( fd == wake_sds[0] ) continue;

                                if( SLAP_EVENT_IS_WRITE( i ) ) {
                                        Debug( LDAP_DEBUG_CONNS,
                                                "daemon: write active on %d\n",
                                                fd, 0, 0 );
                                        /*
                                         * NOTE: it is possible that the connection was closed
                                         * and that the stream is now inactive.
                                         * connection_write() must valid the stream is still
                                         * active.
                                         */

                                        if ( connection_write( fd ) < 0 ) {
                                                slapd_close( fd );
                                                continue;
                                        }
                                }
                                if( SLAP_EVENT_IS_READ( i ) ) {
                                        Debug( LDAP_DEBUG_CONNS,
                                                "daemon: read active on %d\n",
                                                fd, 0, 0 );
                                        /*
                                         * NOTE: it is possible that the connection was closed
                                         * and that the stream is now inactive.
                                         * connection_read() must valid the stream is still
                                         * active.
                                         */

#ifdef SLAP_LIGHTWEIGHT_LISTENER
                                        if ( fd != wake_sds[0] ) {
                                                connection_processing_activate( fd );
                                        }
#else
                                        if ( connection_read( fd ) < 0 ) slapd_close( fd );
#endif
                                }
                        }
                }
#endif  /* SLAP_EVENTS_ARE_INDEXED */

#ifndef HAVE_YIELDING_SELECT
                ldap_pvt_thread_yield();
#endif
        }

        if( slapd_shutdown == 1 ) {
                Debug( LDAP_DEBUG_ANY,
                        "daemon: shutdown requested and initiated.\n",
                        0, 0, 0 );

        } else if ( slapd_shutdown == 2 ) {
#ifdef HAVE_NT_SERVICE_MANAGER
                        Debug( LDAP_DEBUG_ANY,
                               "daemon: shutdown initiated by Service Manager.\n",
                               0, 0, 0);
#else /* !HAVE_NT_SERVICE_MANAGER */
                        Debug( LDAP_DEBUG_ANY,
                               "daemon: abnormal condition, shutdown initiated.\n",
                               0, 0, 0 );
#endif /* !HAVE_NT_SERVICE_MANAGER */
        } else {
                Debug( LDAP_DEBUG_ANY,
                       "daemon: no active streams, shutdown initiated.\n",
                       0, 0, 0 );
        }

        if( slapd_gentle_shutdown != 2 ) close_listeners ( 0 );

        if( !slapd_gentle_shutdown ) {
                slapd_abrupt_shutdown = 1;
                connections_shutdown();
        }

        Debug( LDAP_DEBUG_ANY,
            "slapd shutdown: waiting for %d threads to terminate\n",
            ldap_pvt_thread_pool_backload(&connection_pool), 0, 0 );
        ldap_pvt_thread_pool_destroy(&connection_pool, 1);

        free ( slap_listeners );
        slap_listeners = NULL;

        return NULL;
}


int slapd_daemon( void )
{
        int rc;

        connections_init();

#define SLAPD_LISTENER_THREAD 1
#if defined( SLAPD_LISTENER_THREAD )
        {
                ldap_pvt_thread_t       listener_tid;

                /* listener as a separate THREAD */
                rc = ldap_pvt_thread_create( &listener_tid,
                        0, slapd_daemon_task, NULL );

                if ( rc != 0 ) {
                        Debug( LDAP_DEBUG_ANY,
                        "listener ldap_pvt_thread_create failed (%d)\n", rc, 0, 0 );
                        return rc;
                }
 
                /* wait for the listener thread to complete */
                ldap_pvt_thread_join( listener_tid, (void *) NULL );
        }
#else
        /* experimental code */
        slapd_daemon_task( NULL );
#endif

        return 0;

}

static int sockinit(void)
{
#if defined( HAVE_WINSOCK2 )
    WORD wVersionRequested;
        WSADATA wsaData;
        int err;

        wVersionRequested = MAKEWORD( 2, 0 );

        err = WSAStartup( wVersionRequested, &wsaData );
        if ( err != 0 ) {
                /* Tell the user that we couldn't find a usable */
                /* WinSock DLL.                                  */
                return -1;
        }

        /* Confirm that the WinSock DLL supports 2.0.*/
        /* Note that if the DLL supports versions greater    */
        /* than 2.0 in addition to 2.0, it will still return */
        /* 2.0 in wVersion since that is the version we      */
        /* requested.                                        */

        if ( LOBYTE( wsaData.wVersion ) != 2 ||
                HIBYTE( wsaData.wVersion ) != 0 )
        {
            /* Tell the user that we couldn't find a usable */
            /* WinSock DLL.                                  */
            WSACleanup();
            return -1;
        }

        /* The WinSock DLL is acceptable. Proceed. */
#elif defined( HAVE_WINSOCK )
        WSADATA wsaData;
        if ( WSAStartup( 0x0101, &wsaData ) != 0 ) return -1;
#endif

        return 0;
}

static int sockdestroy(void)
{
#if defined( HAVE_WINSOCK2 ) || defined( HAVE_WINSOCK )
        WSACleanup();
#endif
        return 0;
}

RETSIGTYPE
slap_sig_shutdown( int sig )
{
#if 0
        Debug(LDAP_DEBUG_TRACE, "slap_sig_shutdown: signal %d\n", sig, 0, 0);
#endif

        /*
         * If the NT Service Manager is controlling the server, we don't
         * want SIGBREAK to kill the server. For some strange reason,
         * SIGBREAK is generated when a user logs out.
         */

#if HAVE_NT_SERVICE_MANAGER && SIGBREAK
        if (is_NT_Service && sig == SIGBREAK) {
                /* empty */;
        } else
#endif
#ifdef SIGHUP
        if (sig == SIGHUP && global_gentlehup && slapd_gentle_shutdown == 0) {
                slapd_gentle_shutdown = 1;
        } else
#endif
        {
                slapd_shutdown = 1;
        }

        WAKE_LISTENER(1);

        /* reinstall self */
        (void) SIGNAL_REINSTALL( sig, slap_sig_shutdown );
}

RETSIGTYPE
slap_sig_wake( int sig )
{
        WAKE_LISTENER(1);

        /* reinstall self */
        (void) SIGNAL_REINSTALL( sig, slap_sig_wake );
}


void slapd_add_internal(ber_socket_t s, int isactive) {
        slapd_add(s, isactive, NULL);
}

Listener ** slapd_get_listeners(void) {
        return slap_listeners;
}

void slap_wake_listener() {
        WAKE_LISTENER(1);
}