+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
#include "portable.h"
#include <stdio.h>
#define SLAP_C_BINDING 0x03 /* binding */
#define SLAP_C_CLOSING 0x04 /* closing */
-char* connection_state2str( int state ) {
+const char *
+connection_state2str( int state )
+{
switch( state ) {
case SLAP_C_INVALID: return "!";
case SLAP_C_INACTIVE: return "|";
if( connections == NULL ) {
Debug( LDAP_DEBUG_ANY,
- "connections_init: allocation (%d*%ld) of connection array failed.\n",
+ "connections_init: allocation (%d*%ld) of connection array failed\n",
dtblsize, (long) sizeof(Connection), 0 );
return -1;
}
for ( i = 0; i < dtblsize; i++ ) {
if( connections[i].c_struct_state != SLAP_C_UNINITIALIZED ) {
+ ber_sockbuf_free( connections[i].c_sb );
ldap_pvt_thread_mutex_destroy( &connections[i].c_mutex );
ldap_pvt_thread_mutex_destroy( &connections[i].c_write_mutex );
ldap_pvt_thread_cond_destroy( &connections[i].c_write_cv );
assert( !ber_pvt_sb_in_use( c->c_sb ) );
Debug( LDAP_DEBUG_TRACE,
- "connection_get(%d): connection not used.\n",
- s, c->c_connid, 0 );
+ "connection_get(%d): connection not used\n",
+ s, 0, 0 );
ldap_pvt_thread_mutex_unlock( &c->c_mutex );
return NULL;
long connection_init(
ber_socket_t s,
- const char* name,
- const char* addr,
- int use_tls)
+ const char* url,
+ const char* dnsname,
+ const char* peername,
+ const char* sockname,
+ int use_tls )
{
unsigned long id;
Connection *c;
+
assert( connections != NULL );
+ assert( dnsname != NULL );
+ assert( peername != NULL );
+ assert( sockname != NULL );
+
+#ifndef HAVE_TLS
+ assert( !use_tls );
+#endif
+
if( s == AC_SOCKET_INVALID ) {
Debug( LDAP_DEBUG_ANY,
"connection_init(%ld): invalid.\n",
if( c == NULL ) {
Debug( LDAP_DEBUG_ANY,
- "connection_init(%d): connection table full (%d/%d).\n",
+ "connection_init(%d): connection table full (%d/%d)\n",
s, i, dtblsize);
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return -1;
#endif
assert( c != NULL );
- assert( c->c_struct_state != SLAP_C_USED );
- assert( c->c_conn_state == SLAP_C_INVALID );
if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
+ c->c_authmech = NULL;
c->c_dn = NULL;
c->c_cdn = NULL;
- c->c_client_name = NULL;
- c->c_client_addr = NULL;
+
+ c->c_listener_url = NULL;
+ c->c_peer_domain = NULL;
+ c->c_peer_name = NULL;
+ c->c_sock_name = NULL;
+
c->c_ops = NULL;
c->c_pending_ops = NULL;
- c->c_authmech = NULL;
- c->c_authstate = NULL;
+
+ c->c_sasl_bind_mech = NULL;
+#ifdef HAVE_CYRUS_SASL
+ c->c_sasl_bind_context = NULL;
+#endif
c->c_sb = ber_sockbuf_alloc( );
+ c->c_currentber = NULL;
/* should check status of thread calls */
ldap_pvt_thread_mutex_init( &c->c_mutex );
ldap_pvt_thread_mutex_lock( &c->c_mutex );
assert( c->c_struct_state == SLAP_C_UNUSED );
+ assert( c->c_authmech == NULL );
assert( c->c_dn == NULL );
assert( c->c_cdn == NULL );
- assert( c->c_client_name == NULL );
- assert( c->c_client_addr == NULL );
+ assert( c->c_listener_url == NULL );
+ assert( c->c_peer_domain == NULL );
+ assert( c->c_peer_name == NULL );
+ assert( c->c_sock_name == NULL );
assert( c->c_ops == NULL );
assert( c->c_pending_ops == NULL );
- assert( c->c_authmech == NULL );
- assert( c->c_authstate == NULL );
+ assert( c->c_sasl_bind_mech == NULL );
+#ifdef HAVE_CYRUS_SASL
+ assert( c->c_sasl_bind_context == NULL );
+#endif
+ assert( c->c_currentber == NULL );
- c->c_client_name = ch_strdup( name == NULL ? "" : name );
- c->c_client_addr = ch_strdup( addr );
+ c->c_listener_url = ch_strdup( url );
+ c->c_peer_domain = ch_strdup( dnsname );
+ c->c_peer_name = ch_strdup( peername );
+ c->c_sock_name = ch_strdup( sockname );
c->c_n_ops_received = 0;
c->c_n_ops_executing = 0;
c->c_n_read = 0;
c->c_n_write = 0;
+ /* assume LDAPv3 until bind */
+ c->c_protocol = LDAP_VERSION3;
+
c->c_activitytime = c->c_starttime = slap_get_time();
ber_pvt_sb_set_desc( c->c_sb, s );
if( ber_pvt_sb_set_nonblock( c->c_sb, 1 ) < 0 ) {
Debug( LDAP_DEBUG_ANY,
- "connection_init(%d, %s, %s): set nonblocking failed\n",
- s, c->c_client_name, c->c_client_addr);
+ "connection_init(%d, %s): set nonblocking failed\n",
+ s, c->c_peer_name,0 );
}
id = c->c_connid = conn_nextid++;
#ifdef HAVE_TLS
if ( use_tls ) {
- /* FIXME: >0 means incomplete read */
- if ( ldap_pvt_tls_accept( c->c_sb, NULL ) < 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "connection_init(%d): TLS accept failed.\n",
- s, 0, 0);
- ldap_pvt_thread_mutex_unlock( &c->c_mutex );
- ldap_pvt_thread_mutex_unlock( &connections_mutex );
- connection_destroy( c );
- return -1;
- }
+ c->c_is_tls = 1;
+ c->c_needs_tls_accept = 1;
+ } else {
+ c->c_is_tls = 0;
+ c->c_needs_tls_accept = 0;
}
#endif
backend_connection_destroy(c);
c->c_protocol = 0;
+ c->c_connid = -1;
c->c_activitytime = c->c_starttime = 0;
+ if(c->c_authmech != NULL ) {
+ free(c->c_authmech);
+ c->c_authmech = NULL;
+ }
if(c->c_dn != NULL) {
free(c->c_dn);
c->c_dn = NULL;
free(c->c_cdn);
c->c_cdn = NULL;
}
- if(c->c_client_name != NULL) {
- free(c->c_client_name);
- c->c_client_name = NULL;
+ if(c->c_listener_url != NULL) {
+ free(c->c_listener_url);
+ c->c_listener_url = NULL;
}
- if(c->c_client_addr != NULL) {
- free(c->c_client_addr);
- c->c_client_addr = NULL;
+ if(c->c_peer_domain != NULL) {
+ free(c->c_peer_domain);
+ c->c_peer_domain = NULL;
}
- if(c->c_authmech != NULL ) {
- free(c->c_authmech);
- c->c_authmech = NULL;
+ if(c->c_peer_name != NULL) {
+#ifdef LDAP_PF_LOCAL
+ /*
+ * If peer was a domain socket, unlink. Mind you,
+ * they may be un-named. Should we leave this to
+ * the client?
+ */
+ if (strncmp(c->c_peer_name, "PATH=", 5) == 0) {
+ char *path = c->c_peer_name + 5;
+ if (path != '\0') {
+ (void)unlink(path);
+ }
+ }
+#endif /* LDAP_PF_LOCAL */
+ free(c->c_peer_name);
+ c->c_peer_name = NULL;
}
- if(c->c_authstate != NULL ) {
- free(c->c_authstate);
- c->c_authstate = NULL;
+ if(c->c_sock_name != NULL) {
+ free(c->c_sock_name);
+ c->c_sock_name = NULL;
+ }
+
+ c->c_sasl_bind_in_progress = 0;
+ if(c->c_sasl_bind_mech != NULL) {
+ free(c->c_sasl_bind_mech);
+ c->c_sasl_bind_mech = NULL;
+ }
+#ifdef HAVE_CYRUS_SASL
+ if(c->c_sasl_bind_context != NULL ) {
+ sasl_dispose( &c->c_sasl_bind_context );
+ c->c_sasl_bind_context = NULL;
+ }
+#endif
+
+ if ( c->c_currentber != NULL ) {
+ ber_free( c->c_currentber, 1 );
+ c->c_currentber = NULL;
}
if ( ber_pvt_sb_in_use(c->c_sb) ) {
ber_pvt_sb_close( c->c_sb );
Statslog( LDAP_DEBUG_STATS,
- "conn=%d fd=%d closed.\n",
+ "conn=%ld fd=%d closed\n",
c->c_connid, sd, 0, 0, 0 );
}
/* c_mutex must be locked by caller */
if( c->c_conn_state != SLAP_C_CLOSING ) {
-
Debug( LDAP_DEBUG_TRACE,
- "connection_closing: readying conn=%ld sd=%d for close.\n",
+ "connection_closing: readying conn=%ld sd=%d for close\n",
c->c_connid, ber_pvt_sb_get_desc( c->c_sb ), 0 );
/* update state to closing */
/* don't listen on this port anymore */
slapd_clr_read( ber_pvt_sb_get_desc( c->c_sb ), 1 );
- /* shutdown I/O -- not yet implemented */
-
/* abandon active operations */
connection_abandon( c );
if( c->c_ops != NULL ) {
Debug( LDAP_DEBUG_TRACE,
- "connection_close: deferring conn=%ld sd=%d.\n",
+ "connection_close: deferring conn=%ld sd=%d\n",
c->c_connid, ber_pvt_sb_get_desc( c->c_sb ), 0 );
return;
}
- Debug( LDAP_DEBUG_TRACE, "connection_close: conn=%ld sd=%d.\n",
+ Debug( LDAP_DEBUG_TRACE, "connection_close: conn=%ld sd=%d\n",
c->c_connid, ber_pvt_sb_get_desc( c->c_sb ), 0 );
connection_destroy( c );
num_ops_initiated++;
ldap_pvt_thread_mutex_unlock( &num_ops_mutex );
+ if( conn->c_sasl_bind_in_progress && tag != LDAP_REQ_BIND ) {
+ Debug( LDAP_DEBUG_ANY, "connection_operation: "
+ "error: SASL bind in progress (tag=%ld).\n",
+ (long) tag, 0, 0 );
+ send_ldap_result( conn, arg->co_op,
+ rc = LDAP_OPERATIONS_ERROR,
+ NULL, "SASL bind in progress", NULL, NULL );
+ goto operations_error;
+ }
+
switch ( tag ) {
case LDAP_REQ_BIND:
rc = do_bind( conn, arg->co_op );
break;
}
- if( rc == -1 ) tag = LBER_ERROR;
+ if( rc == SLAPD_DISCONNECT ) tag = LBER_ERROR;
+operations_error:
ldap_pvt_thread_mutex_lock( &num_ops_mutex );
num_ops_completed++;
ldap_pvt_thread_mutex_unlock( &num_ops_mutex );
break;
case LDAP_REQ_BIND:
+ conn->c_sasl_bind_in_progress =
+ rc == LDAP_SASL_BIND_IN_PROGRESS ? 1 : 0;
+
if( conn->c_conn_state == SLAP_C_BINDING) {
conn->c_conn_state = SLAP_C_ACTIVE;
}
- conn->c_bind_in_progress = ( rc == LDAP_SASL_BIND_IN_PROGRESS );
}
ldap_pvt_thread_mutex_lock( &active_threads_mutex );
"connection_read(%d): checking for input on id=%ld\n",
s, c->c_connid, 0 );
+#ifdef HAVE_TLS
+ if ( c->c_is_tls && c->c_needs_tls_accept ) {
+ rc = ldap_pvt_tls_accept( c->c_sb, NULL );
+ if ( rc < 0 ) {
+ struct timeval tv;
+ fd_set rfd;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): TLS accept error error=%d id=%ld, closing\n",
+ s, rc, c->c_connid );
+
+ c->c_needs_tls_accept = 0;
+ /* connections_mutex and c_mutex are locked */
+ connection_closing( c );
+
+ /* Drain input before close, to allow SSL error codes
+ * to propagate to client. */
+ FD_ZERO(&rfd);
+ FD_SET(s, &rfd);
+ ber_pvt_sb_set_readahead(c->c_sb, 0);
+ for (rc=1; rc>0;)
+ {
+ char buf[4096];
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ rc = select(s+1, &rfd, NULL, NULL, &tv);
+ if (rc == 1)
+ rc = ber_pvt_sb_read(c->c_sb, buf, sizeof(buf));
+ }
+ connection_close( c );
+ } else if ( rc == 0 ) {
+ c->c_needs_tls_accept = 0;
+ }
+ connection_return( c );
+ ldap_pvt_thread_mutex_unlock( &connections_mutex );
+ return 0;
+ }
+#endif
+
#define CONNECTION_INPUT_LOOP 1
#ifdef DATA_READY_LOOP
while(!rc)
#endif
{
+ /* How do we do this without getting into a busy loop ? */
rc = connection_input( c );
}
connection_close( c );
}
+ if ( ber_pvt_sb_needs_read( c->c_sb ) )
+ slapd_set_read( s, 1 );
+ if ( ber_pvt_sb_needs_write( c->c_sb ) )
+ slapd_set_write( s, 1 );
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return 0;
int err = errno;
Debug( LDAP_DEBUG_TRACE,
- "ber_get_next on fd %d failed errno %d (%s)\n",
- ber_pvt_sb_get_desc( conn->c_sb ), err,
- err > -1 && err < sys_nerr ? sys_errlist[err] : "unknown" );
+ "ber_get_next on fd %d failed errno=%d (%s)\n",
+ ber_pvt_sb_get_desc( conn->c_sb ), err, sock_errstr(err) );
Debug( LDAP_DEBUG_TRACE,
"\t*** got %ld of %lu so far\n",
- (long)(conn->c_currentber->ber_rwptr - conn->c_currentber->ber_buf),
- conn->c_currentber->ber_len, 0 );
+ (long) ( conn->c_currentber->ber_buf
+ ? conn->c_currentber->ber_rwptr - conn->c_currentber->ber_buf
+ : 0 ),
+ (long) conn->c_currentber->ber_len, 0 );
if ( err != EWOULDBLOCK && err != EAGAIN ) {
/* log, close and send error */
if( conn->c_conn_state == SLAP_C_CLOSING ) {
Debug( LDAP_DEBUG_TRACE,
- "connection_resched: attempting closing conn=%ld sd=%d.\n",
+ "connection_resched: attempting closing conn=%ld sd=%d\n",
conn->c_connid, ber_pvt_sb_get_desc( conn->c_sb ), 0 );
connection_close( conn );
arg->co_conn = conn;
arg->co_op = op;
- arg->co_op->o_bind_in_progress = conn->c_bind_in_progress;
-
arg->co_op->o_dn = ch_strdup( tmpdn != NULL ? tmpdn : "" );
- arg->co_op->o_ndn = dn_normalize_case( ch_strdup( arg->co_op->o_dn ) );
+ arg->co_op->o_ndn = ch_strdup( arg->co_op->o_dn );
+ (void) dn_normalize( arg->co_op->o_ndn );
arg->co_op->o_protocol = conn->c_protocol;
+ arg->co_op->o_connid = conn->c_connid;
arg->co_op->o_authtype = conn->c_authtype;
arg->co_op->o_authmech = conn->c_authmech != NULL
ldap_pvt_thread_cond_signal( &c->c_write_cv );
+ if ( ber_pvt_sb_needs_read( c->c_sb ) )
+ slapd_set_read( s, 1 );
+ if ( ber_pvt_sb_needs_write( c->c_sb ) )
+ slapd_set_write( s, 1 );
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
return 0;
projects / openldap / blobdiff