#define SLAP_C_BINDING 0x03 /* binding */
#define SLAP_C_CLOSING 0x04 /* closing */
+char* connection_state2str( int state ) {
+ switch( state ) {
+ case SLAP_C_INVALID: return "!";
+ case SLAP_C_INACTIVE: return "|";
+ case SLAP_C_ACTIVE: return "";
+ case SLAP_C_BINDING: return "B";
+ case SLAP_C_CLOSING: return "C";
+ }
+
+ return "?";
+}
+
static Connection* connection_get( ber_socket_t s );
static int connection_input( Connection *c );
static int connection_op_activate( Connection *conn, Operation *op );
static int connection_resched( Connection *conn );
+static void connection_abandon( Connection *conn );
+static void connection_destroy( Connection *c );
struct co_arg {
Connection *co_conn;
long connection_init(
ber_socket_t s,
- const char* name,
- const char* addr)
+ const char* url,
+ const char* dnsname,
+ const char* peername,
+ const char* sockname,
+ int use_tls )
{
unsigned long id;
Connection *c;
+
assert( connections != NULL );
+ assert( dnsname != NULL );
+ assert( peername != NULL );
+ assert( sockname != NULL );
+
+#ifndef HAVE_TLS
+ assert( !use_tls );
+#endif
+
if( s == AC_SOCKET_INVALID ) {
Debug( LDAP_DEBUG_ANY,
"connection_init(%ld): invalid.\n",
if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
c->c_dn = NULL;
c->c_cdn = NULL;
- c->c_client_name = NULL;
- c->c_client_addr = NULL;
+
+ c->c_listener_url = NULL;
+ c->c_peer_domain = NULL;
+ c->c_peer_name = NULL;
+ c->c_sock_name = NULL;
+
c->c_ops = NULL;
c->c_pending_ops = NULL;
+ c->c_authmech = NULL;
+ c->c_authstate = NULL;
c->c_sb = ber_sockbuf_alloc( );
assert( c->c_struct_state == SLAP_C_UNUSED );
assert( c->c_dn == NULL );
assert( c->c_cdn == NULL );
- assert( c->c_client_name == NULL );
- assert( c->c_client_addr == NULL );
+ assert( c->c_listener_url == NULL );
+ assert( c->c_peer_domain == NULL );
+ assert( c->c_peer_name == NULL );
+ assert( c->c_sock_name == NULL );
assert( c->c_ops == NULL );
assert( c->c_pending_ops == NULL );
+ assert( c->c_authmech == NULL );
+ assert( c->c_authstate == NULL );
- c->c_client_name = ch_strdup( name == NULL ? "" : name );
- c->c_client_addr = ch_strdup( addr );
+ c->c_listener_url = ch_strdup( url );
+ c->c_peer_domain = ch_strdup( dnsname );
+ c->c_peer_name = ch_strdup( peername );
+ c->c_sock_name = ch_strdup( sockname );
c->c_n_ops_received = 0;
c->c_n_ops_executing = 0;
if( ber_pvt_sb_set_nonblock( c->c_sb, 1 ) < 0 ) {
Debug( LDAP_DEBUG_ANY,
- "connection_init(%d, %s, %s): set nonblocking failed\n",
- s, c->c_client_name, c->c_client_addr);
+ "connection_init(%d, %s): set nonblocking failed\n",
+ s, c->c_peer_name,0 );
}
id = c->c_connid = conn_nextid++;
c->c_conn_state = SLAP_C_INACTIVE;
c->c_struct_state = SLAP_C_USED;
+#ifdef HAVE_TLS
+ if ( use_tls ) {
+ c->c_is_tls = 1;
+ c->c_needs_tls_accept = 1;
+ }
+#endif
+
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
backend_connection_destroy(c);
c->c_protocol = 0;
+ c->c_connid = -1;
c->c_activitytime = c->c_starttime = 0;
free(c->c_cdn);
c->c_cdn = NULL;
}
- if(c->c_client_name != NULL) {
- free(c->c_client_name);
- c->c_client_name = NULL;
+ if(c->c_listener_url != NULL) {
+ free(c->c_listener_url);
+ c->c_listener_url = NULL;
+ }
+ if(c->c_peer_domain != NULL) {
+ free(c->c_peer_domain);
+ c->c_peer_domain = NULL;
}
- if(c->c_client_addr != NULL) {
- free(c->c_client_addr);
- c->c_client_addr = NULL;
+ if(c->c_peer_name != NULL) {
+ free(c->c_peer_name);
+ c->c_peer_name = NULL;
+ }
+ if(c->c_sock_name != NULL) {
+ free(c->c_sock_name);
+ c->c_sock_name = NULL;
+ }
+ if(c->c_authmech != NULL ) {
+ free(c->c_authmech);
+ c->c_authmech = NULL;
+ }
+ if(c->c_authstate != NULL ) {
+ free(c->c_authstate);
+ c->c_authstate = NULL;
}
if ( ber_pvt_sb_in_use(c->c_sb) ) {
return state == SLAP_C_CLOSING;
}
+static void connection_abandon( Connection *c )
+{
+ /* c_mutex must be locked by caller */
+
+ Operation *o;
+
+ for( o = c->c_ops; o != NULL; o = o->o_next ) {
+ ldap_pvt_thread_mutex_lock( &o->o_abandonmutex );
+ o->o_abandon = 1;
+ ldap_pvt_thread_mutex_unlock( &o->o_abandonmutex );
+ }
+
+ /* remove pending operations */
+ for( o = slap_op_pop( &c->c_pending_ops );
+ o != NULL;
+ o = slap_op_pop( &c->c_pending_ops ) )
+ {
+ slap_op_free( o );
+ }
+}
+
void connection_closing( Connection *c )
{
assert( connections != NULL );
/* c_mutex must be locked by caller */
if( c->c_conn_state != SLAP_C_CLOSING ) {
- Operation *o;
Debug( LDAP_DEBUG_TRACE,
"connection_closing: readying conn=%ld sd=%d for close.\n",
/* shutdown I/O -- not yet implemented */
/* abandon active operations */
- for( o = c->c_ops; o != NULL; o = o->o_next ) {
- ldap_pvt_thread_mutex_lock( &o->o_abandonmutex );
- o->o_abandon = 1;
- ldap_pvt_thread_mutex_unlock( &o->o_abandonmutex );
- }
-
- /* remove pending operations */
- for( o = slap_op_pop( &c->c_pending_ops );
- o != NULL;
- o = slap_op_pop( &c->c_pending_ops ) )
- {
- slap_op_free( o );
- }
+ connection_abandon( c );
/* wake write blocked operations */
slapd_clr_write( ber_pvt_sb_get_desc(c->c_sb), 1 );
static void *
connection_operation( void *arg_v )
{
+ int rc;
struct co_arg *arg = arg_v;
ber_tag_t tag = arg->co_op->o_tag;
Connection *conn = arg->co_conn;
switch ( tag ) {
case LDAP_REQ_BIND:
- do_bind( conn, arg->co_op );
+ rc = do_bind( conn, arg->co_op );
break;
case LDAP_REQ_UNBIND:
- do_unbind( conn, arg->co_op );
+ rc = do_unbind( conn, arg->co_op );
break;
case LDAP_REQ_ADD:
- do_add( conn, arg->co_op );
+ rc = do_add( conn, arg->co_op );
break;
case LDAP_REQ_DELETE:
- do_delete( conn, arg->co_op );
+ rc = do_delete( conn, arg->co_op );
break;
case LDAP_REQ_MODRDN:
- do_modrdn( conn, arg->co_op );
+ rc = do_modrdn( conn, arg->co_op );
break;
case LDAP_REQ_MODIFY:
- do_modify( conn, arg->co_op );
+ rc = do_modify( conn, arg->co_op );
break;
case LDAP_REQ_COMPARE:
- do_compare( conn, arg->co_op );
+ rc = do_compare( conn, arg->co_op );
break;
case LDAP_REQ_SEARCH:
- do_search( conn, arg->co_op );
+ rc = do_search( conn, arg->co_op );
break;
case LDAP_REQ_ABANDON:
- do_abandon( conn, arg->co_op );
+ rc = do_abandon( conn, arg->co_op );
+ break;
+
+ case LDAP_REQ_EXTENDED:
+ rc = do_extended( conn, arg->co_op );
break;
default:
- Debug( LDAP_DEBUG_ANY, "unknown request 0x%lx\n",
- arg->co_op->o_tag, 0, 0 );
+ Debug( LDAP_DEBUG_ANY, "unknown LDAP request 0x%lx\n",
+ tag, 0, 0 );
+ arg->co_op->o_tag = LBER_ERROR;
+ send_ldap_disconnect( conn, arg->co_op,
+ LDAP_PROTOCOL_ERROR, "unknown LDAP request" );
+ rc = -1;
break;
}
+ if( rc == -1 ) tag = LBER_ERROR;
+
ldap_pvt_thread_mutex_lock( &num_ops_mutex );
num_ops_completed++;
ldap_pvt_thread_mutex_unlock( &num_ops_mutex );
arg = NULL;
switch( tag ) {
+ case LBER_ERROR:
case LDAP_REQ_UNBIND:
/* c_mutex is locked */
connection_closing( conn );
if( conn->c_conn_state == SLAP_C_BINDING) {
conn->c_conn_state = SLAP_C_ACTIVE;
}
+ conn->c_bind_in_progress = ( rc == LDAP_SASL_BIND_IN_PROGRESS );
}
ldap_pvt_thread_mutex_lock( &active_threads_mutex );
"connection_read(%d): checking for input on id=%ld\n",
s, c->c_connid, 0 );
+#ifdef HAVE_TLS
+ if ( c->c_is_tls && c->c_needs_tls_accept ) {
+ rc = ldap_pvt_tls_accept( c->c_sb, NULL );
+ if ( rc < 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): TLS accept error error=%d id=%ld, closing.\n",
+ s, rc, c->c_connid );
+
+ c->c_needs_tls_accept = 0;
+ /* connections_mutex and c_mutex are locked */
+ connection_closing( c );
+ connection_close( c );
+ } else if ( rc == 0 ) {
+ c->c_needs_tls_accept = 0;
+ }
+ connection_return( c );
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+ return 0;
+ }
+#endif
+
#define CONNECTION_INPUT_LOOP 1
#ifdef DATA_READY_LOOP
while(!rc)
#endif
{
+ /* How do we do this without getting into a busy loop ? */
rc = connection_input( c );
}
connection_close( c );
}
+ if ( ber_pvt_sb_needs_read( c->c_sb ) )
+ slapd_set_read( s, 1 );
+ if ( ber_pvt_sb_needs_write( c->c_sb ) )
+ slapd_set_write( s, 1 );
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return 0;
return -1;
}
+ if(tag == LDAP_REQ_BIND) {
+ /* immediately abandon all exiting operations upon BIND */
+ connection_abandon( conn );
+ }
+
op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++ );
if ( conn->c_conn_state == SLAP_C_BINDING
int status;
ber_tag_t tag = op->o_tag;
+ if(tag == LDAP_REQ_BIND) {
+ conn->c_conn_state = SLAP_C_BINDING;
+ }
+
if ( conn->c_dn != NULL ) {
tmpdn = ch_strdup( conn->c_dn );
} else {
arg->co_conn = conn;
arg->co_op = op;
+ arg->co_op->o_bind_in_progress = conn->c_bind_in_progress;
+
arg->co_op->o_dn = ch_strdup( tmpdn != NULL ? tmpdn : "" );
- arg->co_op->o_ndn = dn_normalize_case( ch_strdup( arg->co_op->o_dn ) );
+ arg->co_op->o_ndn = ch_strdup( arg->co_op->o_dn );
+ (void) dn_normalize_case( arg->co_op->o_ndn );
arg->co_op->o_protocol = conn->c_protocol;
+ arg->co_op->o_connid = conn->c_connid;
+ arg->co_op->o_authtype = conn->c_authtype;
+ arg->co_op->o_authmech = conn->c_authmech != NULL
+ ? ch_strdup( conn->c_authmech ) : NULL;
+
slap_op_add( &conn->c_ops, arg->co_op );
- if(tag == LDAP_REQ_BIND) {
- conn->c_conn_state = SLAP_C_BINDING;
- }
-
- if ( tmpdn != NULL ) {
+ if( tmpdn != NULL ) {
free( tmpdn );
}
ldap_pvt_thread_cond_signal( &c->c_write_cv );
+ if ( ber_pvt_sb_needs_read( c->c_sb ) )
+ slapd_set_read( s, 1 );
+ if ( ber_pvt_sb_needs_write( c->c_sb ) )
+ slapd_set_write( s, 1 );
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return 0;