+ sprintf( peername, "PATH=%s", from.sa_un_addr.sun_path );
+ ssf = local_ssf;
+ {
+ uid_t uid;
+ gid_t gid;
+
+ if( getpeereid( s, &uid, &gid ) == 0 ) {
+ authid.bv_val = ch_malloc(
+ STRLENOF( "gidNumber=4294967295+uidNumber=4294967295,"
+ "cn=peercred,cn=external,cn=auth" ) + 1 );
+ authid.bv_len = sprintf( authid.bv_val,
+ "gidNumber=%d+uidNumber=%d,"
+ "cn=peercred,cn=external,cn=auth",
+ (int) gid, (int) uid );
+ assert( authid.bv_len <=
+ STRLENOF( "gidNumber=4294967295+uidNumber=4294967295,"
+ "cn=peercred,cn=external,cn=auth" ) );
+ }
+ }
+ dnsname = "local";
+ break;
+#endif /* LDAP_PF_LOCAL */
+
+# ifdef LDAP_PF_INET6
+ case AF_INET6:
+ if ( IN6_IS_ADDR_V4MAPPED(&from.sa_in6_addr.sin6_addr) ) {
+ peeraddr = inet_ntoa( *((struct in_addr *)
+ &from.sa_in6_addr.sin6_addr.s6_addr[12]) );
+ sprintf( peername, "IP=%s:%d",
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ (unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
+ } else {
+ char addr[INET6_ADDRSTRLEN];
+
+ peeraddr = (char *) inet_ntop( AF_INET6,
+ &from.sa_in6_addr.sin6_addr,
+ addr, sizeof addr );
+ sprintf( peername, "IP=%s %d",
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ (unsigned) ntohs( from.sa_in6_addr.sin6_port ) );
+ }
+ break;
+# endif /* LDAP_PF_INET6 */
+
+ case AF_INET:
+ peeraddr = inet_ntoa( from.sa_in_addr.sin_addr );
+ sprintf( peername, "IP=%s:%d",
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ (unsigned) ntohs( from.sa_in_addr.sin_port ) );
+ break;
+
+ default:
+ slapd_close(s);
+ return 0;
+ }
+
+ if ( ( from.sa_addr.sa_family == AF_INET )
+#ifdef LDAP_PF_INET6
+ || ( from.sa_addr.sa_family == AF_INET6 )
+#endif
+ )
+ {
+ dnsname = NULL;
+#ifdef SLAPD_RLOOKUPS
+ if ( use_reverse_lookup ) {
+ char *herr;
+ if (ldap_pvt_get_hname( (const struct sockaddr *)&from, len, hbuf,
+ sizeof(hbuf), &herr ) == 0) {
+ ldap_pvt_str2lower( hbuf );
+ dnsname = hbuf;
+ }
+ }
+#endif /* SLAPD_RLOOKUPS */
+
+#ifdef HAVE_TCPD
+ {
+ int rc;
+ ldap_pvt_thread_mutex_lock( &slap_daemon.tcpd_mutex );
+ rc = hosts_ctl("slapd",
+ dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ SLAP_STRING_UNKNOWN );
+ ldap_pvt_thread_mutex_unlock( &slap_daemon.tcpd_mutex );
+ if ( !rc ) {
+ /* DENY ACCESS */
+ Statslog( LDAP_DEBUG_STATS,
+ "fd=%ld DENIED from %s (%s)\n",
+ (long) s,
+ dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
+ peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN,
+ 0, 0 );
+ slapd_close(s);
+ return 0;
+ }
+ }
+#endif /* HAVE_TCPD */
+ }
+
+ id = connection_init(s, sl,
+ dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN,
+ peername,
+#ifdef HAVE_TLS
+ sl->sl_is_tls ? CONN_IS_TLS : 0,
+#else
+ 0,
+#endif
+ ssf,
+ authid.bv_val ? &authid : NULL );
+
+ if( authid.bv_val ) ch_free(authid.bv_val);
+
+ if( id < 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: connection_init(%ld, %s, %s) failed.\n",
+ (long) s, peername, sl->sl_name.bv_val );
+ slapd_close(s);
+ return 0;
+ }
+
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%ld fd=%ld ACCEPT from %s (%s)\n",
+ id, (long) s, peername, sl->sl_name.bv_val,
+ 0 );
+
+ return 0;
+}
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+static void*
+slap_listener_thread(
+ void* ctx,
+ void* ptr )
+{
+ int rc;
+
+ rc = slap_listener( (Listener*)ptr );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_ANY,
+ "listener_thread: failed %d", rc, 0, 0 );
+ }
+
+ return (void*)NULL;
+}
+
+static int
+slap_listener_activate(
+ Listener* sl )
+{
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, "slap_listener_activate(%d): %s\n",
+ sl->sl_sd, sl->sl_busy ? "busy" : "", 0 );
+
+ sl->sl_busy++;
+
+ rc = ldap_pvt_thread_pool_submit( &connection_pool,
+ slap_listener_thread, (void *) sl );
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "listener_activate(%d): submit failed (%d)\n",
+ sl->sl_sd, rc, 0 );
+ }
+ return rc;
+}
+#endif
+
+static void *
+slapd_daemon_task(
+ void *ptr )
+{
+ int l;
+ time_t last_idle_check = 0;
+ struct timeval idle;
+ int ebadf = 0;
+
+#define SLAPD_IDLE_CHECK_LIMIT 4
+
+ if ( global_idletimeout > 0 ) {
+ last_idle_check = slap_get_time();
+ /* Set the select timeout.
+ * Don't just truncate, preserve the fractions of
+ * seconds to prevent sleeping for zero time.
+ */
+ idle.tv_sec = global_idletimeout / SLAPD_IDLE_CHECK_LIMIT;
+ idle.tv_usec = global_idletimeout - \
+ ( idle.tv_sec * SLAPD_IDLE_CHECK_LIMIT );
+ idle.tv_usec *= 1000000 / SLAPD_IDLE_CHECK_LIMIT;
+ } else {
+ idle.tv_sec = 0;
+ idle.tv_usec = 0;
+ }
+
+ slapd_add( wake_sds[0], 0, NULL );
+
+ for ( l = 0; slap_listeners[l] != NULL; l++ ) {
+ if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ) continue;
+
+#ifdef LDAP_CONNECTIONLESS
+ /* Since this is connectionless, the data port is the
+ * listening port. The listen() and accept() calls
+ * are unnecessary.
+ */
+ if ( slap_listeners[l]->sl_is_udp )
+ continue;
+#endif
+
+ if ( listen( slap_listeners[l]->sl_sd, SLAPD_LISTEN_BACKLOG ) == -1 ) {
+ int err = sock_errno();
+
+#ifdef LDAP_PF_INET6
+ /* If error is EADDRINUSE, we are trying to listen to INADDR_ANY and
+ * we are already listening to in6addr_any, then we want to ignore
+ * this and continue.
+ */
+ if ( err == EADDRINUSE ) {
+ int i;
+ struct sockaddr_in sa = slap_listeners[l]->sl_sa.sa_in_addr;
+ struct sockaddr_in6 sa6;
+
+ if ( sa.sin_family == AF_INET &&
+ sa.sin_addr.s_addr == htonl(INADDR_ANY) ) {
+ for ( i = 0 ; i < l; i++ ) {
+ sa6 = slap_listeners[i]->sl_sa.sa_in6_addr;
+ if ( sa6.sin6_family == AF_INET6 &&
+ !memcmp( &sa6.sin6_addr, &in6addr_any,
+ sizeof(struct in6_addr) ) )
+ {
+ break;
+ }
+ }
+
+ if ( i < l ) {
+ /* We are already listening to in6addr_any */
+ Debug( LDAP_DEBUG_CONNS,
+ "daemon: Attempt to listen to 0.0.0.0 failed, "
+ "already listening on ::, assuming IPv4 included\n",
+ 0, 0, 0 );
+ slapd_close( slap_listeners[l]->sl_sd );
+ slap_listeners[l]->sl_sd = AC_SOCKET_INVALID;
+ continue;
+ }
+ }
+ }
+#endif
+ Debug( LDAP_DEBUG_ANY,
+ "daemon: listen(%s, 5) failed errno=%d (%s)\n",
+ slap_listeners[l]->sl_url.bv_val, err,
+ sock_errstr(err) );
+ return (void*)-1;
+ }
+
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ /* make the listening socket non-blocking */
+ if ( ber_pvt_socket_set_nonblock( slap_listeners[l]->sl_sd, 1 ) < 0 ) {
+ Debug( LDAP_DEBUG_ANY, "slapd_daemon_task: "
+ "set nonblocking on a listening socket failed\n",
+ 0, 0, 0 );
+ slapd_shutdown = 2;
+ return (void*)-1;
+ }
+#endif
+
+ slapd_add( slap_listeners[l]->sl_sd, 0, slap_listeners[l] );
+ }
+
+#ifdef HAVE_NT_SERVICE_MANAGER
+ if ( started_event != NULL ) {
+ ldap_pvt_thread_cond_signal( &started_event );
+ }
+#endif
+
+#ifdef SLAP_SEM_LOAD_CONTROL
+ /*
+ * initialize count and lazyness of a semaphore
+ */
+ (void) ldap_lazy_sem_init(
+ SLAP_MAX_WORKER_THREADS + 4 /* max workers + margin */,
+ 4 /* lazyness */ );
+#endif
+
+ /* initialization complete. Here comes the loop. */
+
+ while ( !slapd_shutdown ) {
+ ber_socket_t i;
+ int ns, nwriters;
+ int at;
+ ber_socket_t nfds;
+#if SLAP_EVENTS_ARE_INDEXED
+ ber_socket_t nrfds, nwfds;
+#endif
+#define SLAPD_EBADF_LIMIT 16
+
+ time_t now;
+
+ SLAP_EVENT_DECL;
+
+ struct timeval tv;
+ struct timeval *tvp;
+
+ struct timeval *cat;
+ time_t tdelta = 1;
+ struct re_s* rtask;
+ now = slap_get_time();
+
+ if( ( global_idletimeout > 0 ) &&
+ difftime( last_idle_check +