#include <ac/signal.h>
#include <ac/string.h>
#include <ac/time.h>
+#include <ac/unistd.h>
#include "ldap_pvt.h"
#include "lutil.h"
assert( c->c_conn_state != SLAP_C_INVALID );
assert( sd != AC_SOCKET_INVALID );
- c->c_activitytime = slap_get_time();
+#ifdef SLAPD_MONITOR
+ c->c_activitytime = slap_get_time();
+#else
+ if( global_idletimeout > 0 ) {
+ c->c_activitytime = slap_get_time();
+ }
+#endif
}
return c;
const char* dnsname,
const char* peername,
const char* sockname,
- int use_tls,
+ int tls_udp_option,
slap_ssf_t ssf,
const char *authid )
{
assert( sockname != NULL );
#ifndef HAVE_TLS
- assert( !use_tls );
+ assert( tls_udp_option != 1 );
#endif
if( s == AC_SOCKET_INVALID ) {
assert( c != NULL );
- if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
+ if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
c->c_authmech = NULL;
- c->c_dn = NULL;
- c->c_cdn = NULL;
+ c->c_dn = NULL;
+ c->c_cdn = NULL;
+ c->c_groups = NULL;
c->c_listener_url = NULL;
c->c_peer_domain = NULL;
- c->c_peer_name = NULL;
- c->c_sock_name = NULL;
+ c->c_peer_name = NULL;
+ c->c_sock_name = NULL;
- c->c_ops = NULL;
- c->c_pending_ops = NULL;
+ c->c_ops = NULL;
+ c->c_pending_ops = NULL;
c->c_sasl_bind_mech = NULL;
c->c_sasl_context = NULL;
c->c_sasl_extra = NULL;
- c->c_sb = ber_sockbuf_alloc( );
+ c->c_sb = ber_sockbuf_alloc( );
+
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
c->c_currentber = NULL;
- /* should check status of thread calls */
- ldap_pvt_thread_mutex_init( &c->c_mutex );
- ldap_pvt_thread_mutex_init( &c->c_write_mutex );
- ldap_pvt_thread_cond_init( &c->c_write_cv );
+ /* should check status of thread calls */
+ ldap_pvt_thread_mutex_init( &c->c_mutex );
+ ldap_pvt_thread_mutex_init( &c->c_write_mutex );
+ ldap_pvt_thread_cond_init( &c->c_write_cv );
- c->c_struct_state = SLAP_C_UNUSED;
- }
+ c->c_struct_state = SLAP_C_UNUSED;
+ }
ldap_pvt_thread_mutex_lock( &c->c_mutex );
assert( c->c_authmech == NULL );
assert( c->c_dn == NULL );
assert( c->c_cdn == NULL );
+ assert( c->c_groups == NULL );
assert( c->c_listener_url == NULL );
assert( c->c_peer_domain == NULL );
assert( c->c_peer_name == NULL );
/* set to zero until bind, implies LDAP_VERSION3 */
c->c_protocol = 0;
- c->c_activitytime = c->c_starttime = slap_get_time();
+#ifdef SLAPD_MONITOR
+ c->c_activitytime = c->c_starttime = slap_get_time();
+#else
+ if( global_idletimeout > 0 ) {
+ c->c_activitytime = c->c_starttime = slap_get_time();
+ }
+#endif
+#ifdef LDAP_CONNECTIONLESS
+ c->c_is_udp = 0;
+ if (tls_udp_option == 2)
+ {
+ c->c_is_udp = 1;
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void*)"udp_" );
+#endif
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_udp,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)&s );
+ } else
+#endif
+ {
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void*)"tcp_" );
#endif
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_tcp,
LBER_SBIOD_LEVEL_PROVIDER, (void *)&s );
+ }
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_readahead,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
c->c_tls_ssf = 0;
#ifdef HAVE_TLS
- if ( use_tls ) {
+ if ( tls_udp_option == 1 ) {
c->c_is_tls = 1;
c->c_needs_tls_accept = 1;
} else {
assert( connections != NULL );
assert( c != NULL );
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
if(c->c_authmech != NULL ) {
free(c->c_authmech);
c->c_authmech = NULL;
c->c_authc_backend = NULL;
c->c_authz_backend = NULL;
+
+ {
+ GroupAssertion *g, *n;
+ for (g = c->c_groups; g; g=n)
+ {
+ n = g->next;
+ free(g);
+ }
+ c->c_groups = NULL;
+ }
+
}
static void
}
ber_sockbuf_free( c->c_sb );
+
c->c_sb = ber_sockbuf_alloc( );
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
c->c_conn_state = SLAP_C_INVALID;
c->c_struct_state = SLAP_C_UNUSED;
}
if ( c->c_is_tls && c->c_needs_tls_accept ) {
rc = ldap_pvt_tls_accept( c->c_sb, NULL );
if ( rc < 0 ) {
+#if 0 /* required by next #if 0 */
struct timeval tv;
fd_set rfd;
+#endif
#ifdef NEW_LOGGING
LDAP_LOG(( "connection", LDAP_LEVEL_ERR,
c->c_needs_tls_accept = 0;
/* we need to let SASL know */
- ssl = (void *)ldap_pvt_tls_sb_handle( c->c_sb );
+ ssl = (void *)ldap_pvt_tls_sb_ctx( c->c_sb );
c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
if( c->c_tls_ssf > c->c_ssf ) {
ber_len_t len;
ber_int_t msgid;
BerElement *ber;
+#ifdef LDAP_CONNECTIONLESS
+ Sockaddr peeraddr;
+ char *cdn = NULL;
+#endif
if ( conn->c_currentber == NULL && (conn->c_currentber = ber_alloc())
== NULL ) {
errno = 0;
+#ifdef LDAP_CONNECTIONLESS
+ if (conn->c_is_udp)
+ {
+ char peername[sizeof("IP=255.255.255.255:65336")];
+ len = ber_int_sb_read(conn->c_sb, &peeraddr,
+ sizeof(struct sockaddr));
+ if (len != sizeof(struct sockaddr))
+ return 1;
+ sprintf( peername, "IP=%s:%d",
+ inet_ntoa( peeraddr.sa_in_addr.sin_addr ),
+ (unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%ld UDP request from %s (%s) accepted.\n",
+ conn->c_connid, peername,
+ conn->c_sock_name, 0, 0 );
+ }
+#endif
tag = ber_get_next( conn->c_sb, &len, conn->c_currentber );
if ( tag != LDAP_TAG_MESSAGE ) {
int err = errno;
return -1;
}
+#ifdef LDAP_CONNECTIONLESS
+ if (conn->c_is_udp) {
+ if (tag == LBER_OCTETSTRING) {
+ ber_get_stringa( ber, &cdn );
+ tag = ber_peek_tag(ber, &len);
+ }
+ if (tag != LDAP_REQ_ABANDON && tag != LDAP_REQ_SEARCH) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "connection", LDAP_LEVEL_ERR,
+ "connection_input: conn %d invalid req for UDP 0x%lx.\n",
+ conn->c_connid, tag ));
+#else
+ Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0,
+ 0 );
+#endif
+ ber_free( ber, 1 );
+ return 0;
+ }
+ }
+#endif
if(tag == LDAP_REQ_BIND) {
/* immediately abandon all exiting operations upon BIND */
connection_abandon( conn );
op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++ );
+#ifdef LDAP_CONNECTIONLESS
+ op->o_peeraddr = peeraddr;
+ if (cdn) {
+ op->o_dn = cdn;
+ op->o_protocol = LDAP_VERSION2;
+ }
+#endif
if ( conn->c_conn_state == SLAP_C_BINDING
|| conn->c_conn_state == SLAP_C_CLOSING )
{
arg->co_conn = conn;
arg->co_op = op;
- arg->co_op->o_authz = conn->c_authz;
- arg->co_op->o_dn = ch_strdup( conn->c_dn != NULL ? conn->c_dn : "" );
+ if (!arg->co_op->o_dn) {
+ arg->co_op->o_authz = conn->c_authz;
+ arg->co_op->o_dn = ch_strdup( conn->c_dn != NULL ? conn->c_dn : "" );
+ }
arg->co_op->o_ndn = ch_strdup( arg->co_op->o_dn );
(void) dn_normalize( arg->co_op->o_ndn );
arg->co_op->o_authtype = conn->c_authtype;
arg->co_op->o_authmech = conn->c_authmech != NULL
? ch_strdup( conn->c_authmech ) : NULL;
- arg->co_op->o_protocol = conn->c_protocol
+ if (!arg->co_op->o_protocol) {
+ arg->co_op->o_protocol = conn->c_protocol
? conn->c_protocol : LDAP_VERSION3;
+ }
arg->co_op->o_connid = conn->c_connid;
slap_op_add( &conn->c_ops, arg->co_op );
projects / openldap / blobdiff