Merge remote-tracking branch 'origin/mdb.master' into OPENLDAP_REL_ENG_2_4

[openldap] / servers / slapd / back-meta / conn.c

diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index fbc4ee1708a2c2554ccecfbb24c14e89ba12fe3a..7e63fae89604e8b031dd868addb8bf5378b96c71 100644 (file)
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2007 The OpenLDAP Foundation.
+ * Copyright 1999-2013 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -139,12 +139,31 @@ meta_back_conndn_dup(
  * Debug stuff (got it from libavl)
  */
 #if META_BACK_PRINT_CONNTREE > 0
+static void
+meta_back_print( metaconn_t *mc, char *avlstr )
+{
+       int     i;
+
+       fputs( "targets=[", stderr );
+       for ( i = 0; i < mc->mc_info->mi_ntargets; i++ ) {
+               fputc( mc->mc_conns[ i ].msc_ld ? '*' : 'o', stderr);
+       }
+       fputc( ']', stderr );
+
+       fprintf( stderr, " mc=%p local=\"%s\" conn=%p refcnt=%d%s %s\n",
+               (void *)mc,
+               mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
+               (void *)mc->mc_conn,
+               mc->mc_refcnt,
+               LDAP_BACK_CONN_TAINTED( mc ) ? " tainted" : "",
+               avlstr );
+}
+
 static void
 meta_back_ravl_print( Avlnode *root, int depth )
 {
        int             i;
-       metaconn_t      *mc;
-       
+
        if ( root == 0 ) {
                return;
        }
@@ -154,15 +173,11 @@ meta_back_ravl_print( Avlnode *root, int depth )
        for ( i = 0; i < depth; i++ ) {
                fprintf( stderr, "-" );
        }
+       fputc( ' ', stderr );
+
+       meta_back_print( (metaconn_t *)root->avl_data,
+               avl_bf2str( root->avl_bf ) );
 
-       mc = (metaconn_t *)root->avl_data;
-       fprintf( stderr, "mc=%p local=\"%s\" conn=%p %s refcnt=%d%s\n",
-               (void *)mc,
-               mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
-               (void *)mc->mc_conn,
-               avl_bf2str( root->avl_bf ), mc->mc_refcnt,
-               LDAP_BACK_CONN_TAINTED( mc ) ? " tainted" : "" );
-       
        meta_back_ravl_print( root->avl_left, depth + 1 );
 }
 
@@ -192,11 +207,8 @@ meta_back_print_conntree( metainfo_t *mi, char *msg )
 
                LDAP_TAILQ_FOREACH( mc, &mi->mi_conn_priv[ c ].mic_priv, mc_q )
                {
-                       fprintf( stderr, "    [%d] mc=%p local=\"%s\" conn=%p refcnt=%d flags=0x%08x\n",
-                               i,
-                               (void *)mc,
-                               mc->mc_local_ndn.bv_val ? mc->mc_local_ndn.bv_val : "",
-                               (void *)mc->mc_conn, mc->mc_refcnt, mc->msc_mscflags );
+                       fprintf( stderr, "    [%d] ", i );
+                       meta_back_print( mc, "" );
                        i++;
                }
        }
@@ -269,6 +281,7 @@ meta_back_init_one_conn(
        int                     do_return = 0;
 #ifdef HAVE_TLS
        int                     is_ldaps = 0;
+       int                     do_start_tls = 0;
 #endif /* HAVE_TLS */
 
        /* if the server is quarantined, and
@@ -277,11 +290,12 @@ meta_back_init_one_conn(
         * don't return the connection */
        if ( mt->mt_isquarantined ) {
                slap_retry_info_t       *ri = &mt->mt_quarantine;
-               int                     dont_retry = 1;
+               int                     dont_retry = 0;
 
                if ( mt->mt_quarantine.ri_interval ) {
                        ldap_pvt_thread_mutex_lock( &mt->mt_quarantine_mutex );
-                       if ( mt->mt_isquarantined == LDAP_BACK_FQ_YES ) {
+                       dont_retry = ( mt->mt_isquarantined > LDAP_BACK_FQ_NO );
+                       if ( dont_retry ) {
                                dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
                                        || slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
                                if ( !dont_retry ) {
@@ -295,9 +309,10 @@ meta_back_init_one_conn(
                                                Debug( LDAP_DEBUG_ANY, "%s %s.\n",
                                                        op->o_log_prefix, buf, 0 );
                                        }
+
+                                       mt->mt_isquarantined = LDAP_BACK_FQ_RETRYING;
                                }
 
-                               mt->mt_isquarantined = LDAP_BACK_FQ_RETRYING;
                        }
                        ldap_pvt_thread_mutex_unlock( &mt->mt_quarantine_mutex );
                }
@@ -404,15 +419,38 @@ retry_lock:;
 
        /* automatically chase referrals ("chase-referrals [{yes|no}]" statement) */
        ldap_set_option( msc->msc_ld, LDAP_OPT_REFERRALS,
-               LDAP_BACK_CHASE_REFERRALS( mi ) ? LDAP_OPT_ON : LDAP_OPT_OFF );
+               META_BACK_TGT_CHASE_REFERRALS( mt ) ? LDAP_OPT_ON : LDAP_OPT_OFF );
+
+       slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive);
 
 #ifdef HAVE_TLS
+       if ( !is_ldaps ) {
+               slap_bindconf *sb = NULL;
+
+               if ( ispriv ) {
+                       sb = &mt->mt_idassert.si_bc;
+               } else {
+                       sb = &mt->mt_tls;
+               }
+
+               if ( sb->sb_tls_do_init ) {
+                       bindconf_tls_set( sb, msc->msc_ld );
+               } else if ( sb->sb_tls_ctx ) {
+                       ldap_set_option( msc->msc_ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
+               }
+
+               if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
+                       do_start_tls = 1;
+
+               } else if ( META_BACK_TGT_USE_TLS( mt )
+                       || ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
+               {
+                       do_start_tls = 1;
+               }
+       }
+
        /* start TLS ("tls [try-]{start|propagate}" statement) */
-       if ( ( LDAP_BACK_USE_TLS( mi )
-               || ( op->o_conn->c_is_tls
-                       && LDAP_BACK_PROPAGATE_TLS( mi ) ) )
-               && !is_ldaps )
-       {
+       if ( do_start_tls ) {
 #ifdef SLAP_STARTTLS_ASYNCHRONOUS
                /*
                 * use asynchronous StartTLS; in case, chase referral
@@ -471,6 +509,7 @@ retry:;
                                        if ( rs->sr_err == LDAP_SUCCESS ) {
                                                rs->sr_err = err;
                                        }
+                                       rs->sr_err = slap_map_api2result( rs );
                                        
                                        /* FIXME: in case a referral 
                                         * is returned, should we try
@@ -512,7 +551,7 @@ retry:;
                 * overlay, where the "uri" can be parsed out of a referral */
                if ( rs->sr_err == LDAP_SERVER_DOWN
                        || ( rs->sr_err != LDAP_SUCCESS
-                               && LDAP_BACK_TLS_CRITICAL( mi ) ) )
+                               && META_BACK_TGT_TLS_CRITICAL( mt ) ) )
                {
 
 #ifdef DEBUG_205
@@ -557,6 +596,7 @@ retry:;
                                }
                                ber_bvreplace( &msc->msc_cred, &mt->mt_idassert_passwd );
                        }
+                       LDAP_BACK_CONN_ISIDASSERT_SET( msc );
 
                } else {
                        ber_bvreplace( &msc->msc_bound_ndn, &slap_empty_bv );
@@ -670,6 +710,8 @@ meta_back_retry(
 
        assert( mc->mc_refcnt > 0 );
        if ( mc->mc_refcnt == 1 ) {
+               struct berval save_cred;
+
                if ( LogTest( LDAP_DEBUG_ANY ) ) {
                        char    buf[ SLAP_TEXT_BUFLEN ];
 
@@ -688,6 +730,11 @@ meta_back_retry(
                                op->o_log_prefix, candidate, buf );
                }
 
+               /* save credentials, if any, for later use;
+                * meta_clear_one_candidate() would free them */
+               save_cred = msc->msc_cred;
+               BER_BVZERO( &msc->msc_cred );
+
                meta_clear_one_candidate( op, mc, candidate );
                LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
 
@@ -697,6 +744,19 @@ meta_back_retry(
                rc = meta_back_init_one_conn( op, rs, mc, candidate,
                        LDAP_BACK_CONN_ISPRIV( mc ), sendok, 0 );
 
+               /* restore credentials, if any and if needed;
+                * meta_back_init_one_conn() restores msc_bound_ndn, if any;
+                * if no msc_bound_ndn is restored, destroy credentials */
+               if ( !BER_BVISNULL( &msc->msc_bound_ndn )
+                       && BER_BVISNULL( &msc->msc_cred ) )
+               {
+                       msc->msc_cred = save_cred;
+
+               } else if ( !BER_BVISNULL( &save_cred ) ) {
+                       memset( save_cred.bv_val, 0, save_cred.bv_len );
+                       ber_memfree_x( save_cred.bv_val, NULL );
+               }
+
                /* restore the "binding" flag, in case */
                if ( binding ) {
                        LDAP_BACK_CONN_BINDING_SET( msc );
@@ -704,6 +764,7 @@ meta_back_retry(
 
                if ( rc == LDAP_SUCCESS ) {
                        quarantine = 0;
+                       LDAP_BACK_CONN_BINDING_SET( msc ); binding = 1;
                        rc = meta_back_single_dobind( op, rs, mcp, candidate,
                                sendok, mt->mt_nretries, 0 );
 
@@ -850,7 +911,7 @@ meta_back_get_candidate(
 
        } else if ( candidate == META_TARGET_MULTIPLE ) {
                Operation       op2 = *op;
-               SlapReply       rs2 = { 0 };
+               SlapReply       rs2 = { REP_RESULT };
                slap_callback   cb2 = { 0 };
                int             rc;
 
@@ -1010,7 +1071,7 @@ meta_back_getconn(
 {
        metainfo_t      *mi = ( metainfo_t * )op->o_bd->be_private;
        metaconn_t      *mc = NULL,
-                       mc_curr = { 0 };
+                       mc_curr = {{ 0 }};
        int             cached = META_TARGET_NONE,
                        i = META_TARGET_NONE,
                        err = LDAP_SUCCESS,
@@ -1080,6 +1141,7 @@ retry_lock:;
                        }
 
                        if ( mc != NULL ) {
+                               /* move to tail of queue */
                                if ( mc != LDAP_TAILQ_LAST( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv,
                                        metaconn_t, mc_q ) )
                                {
@@ -1120,8 +1182,8 @@ retry_lock:;
                                mc = NULL;
 
                        } else {
-                               if ( ( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
-                                       || ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout ) )
+                               if ( mc->mc_refcnt == 0 && (( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
+                                       || ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout )) )
                                {
 #if META_BACK_PRINT_CONNTREE > 0
                                        meta_back_print_conntree( mi,
@@ -1154,8 +1216,14 @@ retry_lock:;
                                        LDAP_BACK_CONN_TAINTED_SET( mc );
                                        LDAP_BACK_CONN_CACHED_CLEAR( mc );
 
-                                       Debug( LDAP_DEBUG_TRACE, "%s meta_back_getconn: mc=%p conn=%ld expired (tainted).\n",
-                                               op->o_log_prefix, (void *)mc, LDAP_BACK_PCONN_ID( mc ) );
+                                       if ( LogTest( LDAP_DEBUG_TRACE ) ) {
+                                               char buf[STRLENOF("4294967295U") + 1] = { 0 };
+                                               mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) );
+
+                                               Debug( LDAP_DEBUG_TRACE,
+                                                       "%s meta_back_getconn: mc=%p conn=%s expired (tainted).\n",
+                                                       op->o_log_prefix, (void *)mc, buf );
+                                       }
                                }
 
                                mc->mc_refcnt++;
@@ -1472,7 +1540,7 @@ retry_lock2:;
 
                        if ( i == cached 
                                || meta_back_is_candidate( mt, &op->o_req_ndn,
-                                       LDAP_SCOPE_SUBTREE ) )
+                                       op->o_tag == LDAP_REQ_SEARCH ? op->ors_scope : LDAP_SCOPE_SUBTREE ) )
                        {
 
                                /*
@@ -1612,7 +1680,7 @@ done:;
                }
 
 #if META_BACK_PRINT_CONNTREE > 0
-               meta_back_print_conntree( mi, ">>> meta_back_getconn" );
+               meta_back_print_conntree( mi, "<<< meta_back_getconn" );
 #endif /* META_BACK_PRINT_CONNTREE */
                ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 
@@ -1640,10 +1708,14 @@ done:;
 
                        default:
                                LDAP_BACK_CONN_CACHED_CLEAR( mc );
-                               Debug( LDAP_DEBUG_ANY,
-                                       "%s meta_back_getconn: candidates=%d conn=%ld insert failed\n",
-                                       op->o_log_prefix, ncandidates,
-                                       LDAP_BACK_PCONN_ID( mc ) );
+                               if ( LogTest( LDAP_DEBUG_ANY ) ) {
+                                       char buf[STRLENOF("4294967295U") + 1] = { 0 };
+                                       mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) );
+
+                                       Debug( LDAP_DEBUG_ANY,
+                                               "%s meta_back_getconn: candidates=%d conn=%s insert failed\n",
+                                               op->o_log_prefix, ncandidates, buf );
+                               }
        
                                mc->mc_refcnt = 0;      
                                meta_back_conn_free( mc );
@@ -1657,16 +1729,24 @@ done:;
                        }
                }
 
-               Debug( LDAP_DEBUG_TRACE,
-                       "%s meta_back_getconn: candidates=%d conn=%ld inserted\n",
-                       op->o_log_prefix, ncandidates,
-                       LDAP_BACK_PCONN_ID( mc ) );
+               if ( LogTest( LDAP_DEBUG_TRACE ) ) {
+                       char buf[STRLENOF("4294967295U") + 1] = { 0 };
+                       mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) );
+
+                       Debug( LDAP_DEBUG_TRACE,
+                               "%s meta_back_getconn: candidates=%d conn=%s inserted\n",
+                               op->o_log_prefix, ncandidates, buf );
+               }
 
        } else {
-               Debug( LDAP_DEBUG_TRACE,
-                       "%s meta_back_getconn: candidates=%d conn=%ld fetched\n",
-                       op->o_log_prefix, ncandidates,
-                       LDAP_BACK_PCONN_ID( mc ) );
+               if ( LogTest( LDAP_DEBUG_TRACE ) ) {
+                       char buf[STRLENOF("4294967295U") + 1] = { 0 };
+                       mi->mi_ldap_extra->connid2str( &mc->mc_base, buf, sizeof(buf) );
+
+                       Debug( LDAP_DEBUG_TRACE,
+                               "%s meta_back_getconn: candidates=%d conn=%s fetched\n",
+                               op->o_log_prefix, ncandidates, buf );
+               }
        }
 
        return mc;
@@ -1814,4 +1894,3 @@ meta_back_quarantine(
 done:;
        ldap_pvt_thread_mutex_unlock( &mt->mt_quarantine_mutex );
 }
-