/* $OpenLDAP$ */
/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include <ac/signal.h>
#include <ac/string.h>
#include <ac/time.h>
+#include <ac/unistd.h>
#include "ldap_pvt.h"
#include "lutil.h"
assert( c->c_conn_state != SLAP_C_INVALID );
assert( sd != AC_SOCKET_INVALID );
- c->c_activitytime = slap_get_time();
+#ifdef SLAPD_MONITOR
+ c->c_activitytime = slap_get_time();
+#else
+ if( global_idletimeout > 0 ) {
+ c->c_activitytime = slap_get_time();
+ }
+#endif
}
return c;
const char* dnsname,
const char* peername,
const char* sockname,
- int use_tls,
+ int tls_udp_option,
slap_ssf_t ssf,
const char *authid )
{
assert( sockname != NULL );
#ifndef HAVE_TLS
- assert( !use_tls );
+ assert( tls_udp_option != 1 );
#endif
if( s == AC_SOCKET_INVALID ) {
#else
{
- unsigned int i;
+ ber_socket_t i;
c = NULL;
assert( c != NULL );
- if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
+ if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
c->c_authmech = NULL;
- c->c_dn = NULL;
- c->c_cdn = NULL;
+ c->c_dn.bv_val = NULL;
+ c->c_dn.bv_len = 0;
+ c->c_ndn.bv_val = NULL;
+ c->c_ndn.bv_len = 0;
+ c->c_cdn.bv_val = NULL;
+ c->c_cdn.bv_len = 0;
+ c->c_groups = NULL;
c->c_listener_url = NULL;
c->c_peer_domain = NULL;
- c->c_peer_name = NULL;
- c->c_sock_name = NULL;
+ c->c_peer_name = NULL;
+ c->c_sock_name = NULL;
- c->c_ops = NULL;
- c->c_pending_ops = NULL;
+ LDAP_STAILQ_INIT(&c->c_ops);
+ LDAP_STAILQ_INIT(&c->c_pending_ops);
c->c_sasl_bind_mech = NULL;
c->c_sasl_context = NULL;
c->c_sasl_extra = NULL;
- c->c_sb = ber_sockbuf_alloc( );
+ c->c_sb = ber_sockbuf_alloc( );
+
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
c->c_currentber = NULL;
- /* should check status of thread calls */
- ldap_pvt_thread_mutex_init( &c->c_mutex );
- ldap_pvt_thread_mutex_init( &c->c_write_mutex );
- ldap_pvt_thread_cond_init( &c->c_write_cv );
+ /* should check status of thread calls */
+ ldap_pvt_thread_mutex_init( &c->c_mutex );
+ ldap_pvt_thread_mutex_init( &c->c_write_mutex );
+ ldap_pvt_thread_cond_init( &c->c_write_cv );
- c->c_struct_state = SLAP_C_UNUSED;
- }
+ c->c_struct_state = SLAP_C_UNUSED;
+ }
ldap_pvt_thread_mutex_lock( &c->c_mutex );
assert( c->c_struct_state == SLAP_C_UNUSED );
assert( c->c_authmech == NULL );
- assert( c->c_dn == NULL );
- assert( c->c_cdn == NULL );
+ assert( c->c_dn.bv_val == NULL );
+ assert( c->c_ndn.bv_val == NULL );
+ assert( c->c_cdn.bv_val == NULL );
+ assert( c->c_groups == NULL );
assert( c->c_listener_url == NULL );
assert( c->c_peer_domain == NULL );
assert( c->c_peer_name == NULL );
assert( c->c_sock_name == NULL );
- assert( c->c_ops == NULL );
- assert( c->c_pending_ops == NULL );
+ assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
+ assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) );
assert( c->c_sasl_bind_mech == NULL );
assert( c->c_sasl_context == NULL );
assert( c->c_sasl_extra == NULL );
/* set to zero until bind, implies LDAP_VERSION3 */
c->c_protocol = 0;
- c->c_activitytime = c->c_starttime = slap_get_time();
+#ifdef SLAPD_MONITOR
+ c->c_activitytime = c->c_starttime = slap_get_time();
+#else
+ if( global_idletimeout > 0 ) {
+ c->c_activitytime = c->c_starttime = slap_get_time();
+ }
+#endif
+#ifdef LDAP_CONNECTIONLESS
+ c->c_is_udp = 0;
+ if (tls_udp_option == 2)
+ {
+ c->c_is_udp = 1;
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
- LBER_SBIOD_LEVEL_PROVIDER, (void*)"tcp_" );
+ LBER_SBIOD_LEVEL_PROVIDER, (void*)"udp_" );
#endif
- ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_tcp,
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_udp,
LBER_SBIOD_LEVEL_PROVIDER, (void *)&s );
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_readahead,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
+ } else
+#endif
+ {
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void*)"tcp_" );
+#endif
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_tcp,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)&s );
+ }
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
c->c_tls_ssf = 0;
#ifdef HAVE_TLS
- if ( use_tls ) {
+ if ( tls_udp_option == 1 ) {
c->c_is_tls = 1;
c->c_needs_tls_accept = 1;
} else {
assert( connections != NULL );
assert( c != NULL );
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
if(c->c_authmech != NULL ) {
free(c->c_authmech);
c->c_authmech = NULL;
}
- if(c->c_dn != NULL) {
- free(c->c_dn);
- c->c_dn = NULL;
+ if(c->c_dn.bv_val != NULL) {
+ free(c->c_dn.bv_val);
+ c->c_dn.bv_val = NULL;
+ }
+ c->c_dn.bv_len = 0;
+ if(c->c_ndn.bv_val != NULL) {
+ free(c->c_ndn.bv_val);
+ c->c_ndn.bv_val = NULL;
}
+ c->c_ndn.bv_len = 0;
- if(c->c_cdn != NULL) {
- free(c->c_cdn);
- c->c_cdn = NULL;
+ if(c->c_cdn.bv_val != NULL) {
+ free(c->c_cdn.bv_val);
+ c->c_cdn.bv_val = NULL;
}
+ c->c_cdn.bv_len = 0;
c->c_authc_backend = NULL;
c->c_authz_backend = NULL;
+
+ {
+ GroupAssertion *g, *n;
+ for (g = c->c_groups; g; g=n)
+ {
+ n = g->next;
+ free(g);
+ }
+ c->c_groups = NULL;
+ }
+
}
static void
assert( c != NULL );
assert( c->c_struct_state != SLAP_C_UNUSED );
assert( c->c_conn_state != SLAP_C_INVALID );
- assert( c->c_ops == NULL );
+ assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
backend_connection_destroy(c);
}
ber_sockbuf_free( c->c_sb );
+
c->c_sb = ber_sockbuf_alloc( );
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
c->c_conn_state = SLAP_C_INVALID;
c->c_struct_state = SLAP_C_UNUSED;
}
Operation *o;
- for( o = c->c_ops; o != NULL; o = o->o_next ) {
+ LDAP_STAILQ_FOREACH(o, &c->c_ops, o_next) {
ldap_pvt_thread_mutex_lock( &o->o_abandonmutex );
o->o_abandon = 1;
ldap_pvt_thread_mutex_unlock( &o->o_abandonmutex );
}
/* remove pending operations */
- for( o = slap_op_pop( &c->c_pending_ops );
- o != NULL;
- o = slap_op_pop( &c->c_pending_ops ) )
- {
+ while ( (o = LDAP_STAILQ_FIRST( &c->c_pending_ops )) != NULL) {
+ LDAP_STAILQ_REMOVE_HEAD( &c->c_pending_ops, o_next );
+ LDAP_STAILQ_NEXT(o, o_next) = NULL;
slap_op_free( o );
}
}
/* note: connections_mutex and c_mutex should be locked by caller */
ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd );
- if( c->c_ops != NULL ) {
+ if( !LDAP_STAILQ_EMPTY(&c->c_ops) ) {
#ifdef NEW_LOGGING
LDAP_LOG(( "connection", LDAP_LEVEL_DETAIL1,
"connection_close: conn %d deferring sd %d\n",
conn->c_n_ops_executing--;
conn->c_n_ops_completed++;
- slap_op_remove( &conn->c_ops, arg->co_op );
+ LDAP_STAILQ_REMOVE( &conn->c_ops, arg->co_op, slap_op, o_next);
+ LDAP_STAILQ_NEXT(arg->co_op, o_next) = NULL;
slap_op_free( arg->co_op );
arg->co_op = NULL;
arg->co_conn = NULL;
if ( c->c_is_tls && c->c_needs_tls_accept ) {
rc = ldap_pvt_tls_accept( c->c_sb, NULL );
if ( rc < 0 ) {
+#if 0 /* required by next #if 0 */
struct timeval tv;
fd_set rfd;
+#endif
#ifdef NEW_LOGGING
LDAP_LOG(( "connection", LDAP_LEVEL_ERR,
c->c_needs_tls_accept = 0;
/* we need to let SASL know */
- ssl = (void *)ldap_pvt_tls_sb_handle( c->c_sb );
+ ssl = (void *)ldap_pvt_tls_sb_ctx( c->c_sb );
c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
if( c->c_tls_ssf > c->c_ssf ) {
ber_len_t len;
ber_int_t msgid;
BerElement *ber;
+#ifdef LDAP_CONNECTIONLESS
+ Sockaddr peeraddr;
+ char *cdn = NULL;
+#endif
if ( conn->c_currentber == NULL && (conn->c_currentber = ber_alloc())
== NULL ) {
errno = 0;
+#ifdef LDAP_CONNECTIONLESS
+ if (conn->c_is_udp)
+ {
+ char peername[sizeof("IP=255.255.255.255:65336")];
+ len = ber_int_sb_read(conn->c_sb, &peeraddr,
+ sizeof(struct sockaddr));
+ if (len != sizeof(struct sockaddr))
+ return 1;
+ sprintf( peername, "IP=%s:%d",
+ inet_ntoa( peeraddr.sa_in_addr.sin_addr ),
+ (unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%ld UDP request from %s (%s) accepted.\n",
+ conn->c_connid, peername,
+ conn->c_sock_name, 0, 0 );
+ }
+#endif
tag = ber_get_next( conn->c_sb, &len, conn->c_currentber );
if ( tag != LDAP_TAG_MESSAGE ) {
int err = errno;
return -1;
}
+#ifdef LDAP_CONNECTIONLESS
+ if (conn->c_is_udp) {
+ if (tag == LBER_OCTETSTRING) {
+ ber_get_stringa( ber, &cdn );
+ tag = ber_peek_tag(ber, &len);
+ }
+ if (tag != LDAP_REQ_ABANDON && tag != LDAP_REQ_SEARCH) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "connection", LDAP_LEVEL_ERR,
+ "connection_input: conn %d invalid req for UDP 0x%lx.\n",
+ conn->c_connid, tag ));
+#else
+ Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0,
+ 0 );
+#endif
+ ber_free( ber, 1 );
+ return 0;
+ }
+ }
+#endif
if(tag == LDAP_REQ_BIND) {
/* immediately abandon all exiting operations upon BIND */
connection_abandon( conn );
op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++ );
+#ifdef LDAP_CONNECTIONLESS
+ op->o_peeraddr = peeraddr;
+ if (cdn) {
+ op->o_dn = cdn;
+ op->o_protocol = LDAP_VERSION2;
+ }
+#endif
if ( conn->c_conn_state == SLAP_C_BINDING
|| conn->c_conn_state == SLAP_C_CLOSING )
{
Debug( LDAP_DEBUG_ANY, "deferring operation\n", 0, 0, 0 );
#endif
conn->c_n_ops_pending++;
- slap_op_add( &conn->c_pending_ops, op );
+ LDAP_STAILQ_INSERT_TAIL( &conn->c_pending_ops, op, o_next );
} else {
conn->c_n_ops_executing++;
return 0;
}
- for( op = slap_op_pop( &conn->c_pending_ops );
- op != NULL;
- op = slap_op_pop( &conn->c_pending_ops ) )
- {
+ while ((op = LDAP_STAILQ_FIRST( &conn->c_pending_ops )) != NULL) {
+ LDAP_STAILQ_REMOVE_HEAD( &conn->c_pending_ops, o_next );
+ LDAP_STAILQ_NEXT(op, o_next) = NULL;
/* pending operations should not be marked for abandonment */
assert(!op->o_abandon);
arg->co_conn = conn;
arg->co_op = op;
- arg->co_op->o_authz = conn->c_authz;
- arg->co_op->o_dn = ch_strdup( conn->c_dn != NULL ? conn->c_dn : "" );
- arg->co_op->o_ndn = ch_strdup( arg->co_op->o_dn );
- (void) dn_normalize( arg->co_op->o_ndn );
+ if (!arg->co_op->o_dn.bv_len) {
+ arg->co_op->o_authz = conn->c_authz;
+ arg->co_op->o_dn.bv_val = ch_strdup( conn->c_dn.bv_val ?
+ conn->c_dn.bv_val : "" );
+ arg->co_op->o_ndn.bv_val = ch_strdup( conn->c_ndn.bv_val ?
+ conn->c_ndn.bv_val : "" );
+ }
arg->co_op->o_authtype = conn->c_authtype;
arg->co_op->o_authmech = conn->c_authmech != NULL
? ch_strdup( conn->c_authmech ) : NULL;
- arg->co_op->o_protocol = conn->c_protocol
+ if (!arg->co_op->o_protocol) {
+ arg->co_op->o_protocol = conn->c_protocol
? conn->c_protocol : LDAP_VERSION3;
+ }
arg->co_op->o_connid = conn->c_connid;
- slap_op_add( &conn->c_ops, arg->co_op );
+ LDAP_STAILQ_INSERT_TAIL( &conn->c_ops, arg->co_op, o_next );
status = ldap_pvt_thread_pool_submit( &connection_pool,
connection_operation, (void *) arg );
return 0;
}
-
-/*
- * Create client side and server side connection structures, connected to
- * one another, for the front end to use for searches on arbitrary back ends.
- */
-
-int connection_internal_open( Connection **conn, LDAP **ldp, const char *id )
-{
- int rc;
- ber_socket_t fd[2] = {-1,-1};
- Operation *op;
-
- *conn=NULL;
- *ldp=NULL;
-
- rc = lutil_pair( fd );
- if( rc == -1 ) {
- return LDAP_OTHER;
- }
-
- rc = connection_init( fd[1], "INT", "localhost",
- "localhost:0", "localhost:00", 0, 256, id );
- if( rc < 0 ) {
- tcp_close( fd[0] );
- tcp_close( fd[1] );
- return LDAP_OTHER;
- }
- slapd_add_internal( fd[1] );
-
- /* A search operation, number 0 */
- op = slap_op_alloc( NULL, 0, LDAP_REQ_SEARCH, 0);
- op->o_ndn = ch_strdup( id );
- op->o_protocol = LDAP_VERSION3;
-
- (*conn) = connection_get( fd[1] );
- (*conn)->c_ops = op;
- (*conn)->c_conn_state = SLAP_C_ACTIVE;
-
-
- /* Create the client side of the connection */
- rc = ldap_open_internal_connection( ldp, &(fd[0]) );
- if( rc != LDAP_SUCCESS ) {
- tcp_close( fd[0] );
- return LDAP_OTHER;
- }
-
- /* The connection_get() will have locked the connection's mutex */
- ldap_pvt_thread_mutex_unlock( &((*conn)->c_mutex) );
-
- return LDAP_SUCCESS;
-}
-
-
-void connection_internal_close( Connection *conn )
-{
- Operation *op = conn->c_ops;
-
- slap_op_remove( &conn->c_ops, op );
- slap_op_free( op );
- connection_closing( conn );
- connection_close( conn );
-}