const char* dnsname,
const char* peername,
const char* sockname,
- int use_tls,
+ int tls_udp_option,
slap_ssf_t ssf,
const char *authid )
{
assert( sockname != NULL );
#ifndef HAVE_TLS
- assert( !use_tls );
+ assert( tls_udp_option != 1 );
#endif
if( s == AC_SOCKET_INVALID ) {
c->c_activitytime = c->c_starttime = slap_get_time();
+#ifdef LDAP_CONNECTIONLESS
+ c->c_is_udp = 0;
+ if (tls_udp_option == 2)
+ {
+ c->c_is_udp = 1;
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void*)"udp_" );
+#endif
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_udp,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)&s );
+ } else
+#endif
+ {
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_PROVIDER, (void*)"tcp_" );
#endif
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_tcp,
LBER_SBIOD_LEVEL_PROVIDER, (void *)&s );
+ }
ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_readahead,
LBER_SBIOD_LEVEL_PROVIDER, NULL );
c->c_tls_ssf = 0;
#ifdef HAVE_TLS
- if ( use_tls ) {
+ if ( tls_udp_option == 1 ) {
c->c_is_tls = 1;
c->c_needs_tls_accept = 1;
} else {
assert( connections != NULL );
assert( c != NULL );
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
if(c->c_authmech != NULL ) {
free(c->c_authmech);
c->c_authmech = NULL;
c->c_needs_tls_accept = 0;
/* we need to let SASL know */
- ssl = (void *)ldap_pvt_tls_sb_handle( c->c_sb );
+ ssl = (void *)ldap_pvt_tls_sb_ctx( c->c_sb );
c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
if( c->c_tls_ssf > c->c_ssf ) {
ber_len_t len;
ber_int_t msgid;
BerElement *ber;
+#ifdef LDAP_CONNECTIONLESS
+ Sockaddr peeraddr;
+ char *cdn = NULL;
+#endif
if ( conn->c_currentber == NULL && (conn->c_currentber = ber_alloc())
== NULL ) {
errno = 0;
+#ifdef LDAP_CONNECTIONLESS
+ if (conn->c_is_udp)
+ {
+ char peername[sizeof("IP=255.255.255.255:65336")];
+ len = ber_int_sb_read(conn->c_sb, &peeraddr,
+ sizeof(struct sockaddr));
+ if (len != sizeof(struct sockaddr))
+ return 1;
+ sprintf( peername, "IP=%s:%d",
+ inet_ntoa( peeraddr.sa_in_addr.sin_addr ),
+ (unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
+ Statslog( LDAP_DEBUG_STATS,
+ "conn=%ld UDP request from %s (%s) accepted.\n",
+ conn->c_connid, peername,
+ conn->c_sock_name, 0, 0 );
+ }
+#endif
tag = ber_get_next( conn->c_sb, &len, conn->c_currentber );
if ( tag != LDAP_TAG_MESSAGE ) {
int err = errno;
return -1;
}
+#ifdef LDAP_CONNECTIONLESS
+ if (conn->c_is_udp) {
+ if (tag == LBER_OCTETSTRING) {
+ ber_get_stringa( ber, &cdn );
+ tag = ber_peek_tag(ber, &len);
+ }
+ if (tag != LDAP_REQ_ABANDON && tag != LDAP_REQ_SEARCH) {
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "connection", LDAP_LEVEL_ERR,
+ "connection_input: conn %d invalid req for UDP 0x%lx.\n",
+ conn->c_connid, tag ));
+#else
+ Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0,
+ 0 );
+#endif
+ ber_free( ber, 1 );
+ return 0;
+ }
+ }
+#endif
if(tag == LDAP_REQ_BIND) {
/* immediately abandon all exiting operations upon BIND */
connection_abandon( conn );
op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++ );
+#ifdef LDAP_CONNECTIONLESS
+ op->o_peeraddr = peeraddr;
+ if (cdn) {
+ op->o_dn = cdn;
+ op->o_protocol = LDAP_VERSION2;
+ }
+#endif
if ( conn->c_conn_state == SLAP_C_BINDING
|| conn->c_conn_state == SLAP_C_CLOSING )
{
arg->co_conn = conn;
arg->co_op = op;
- arg->co_op->o_authz = conn->c_authz;
- arg->co_op->o_dn = ch_strdup( conn->c_dn != NULL ? conn->c_dn : "" );
+ if (!arg->co_op->o_dn) {
+ arg->co_op->o_authz = conn->c_authz;
+ arg->co_op->o_dn = ch_strdup( conn->c_dn != NULL ? conn->c_dn : "" );
+ }
arg->co_op->o_ndn = ch_strdup( arg->co_op->o_dn );
(void) dn_normalize( arg->co_op->o_ndn );
arg->co_op->o_authtype = conn->c_authtype;
arg->co_op->o_authmech = conn->c_authmech != NULL
? ch_strdup( conn->c_authmech ) : NULL;
- arg->co_op->o_protocol = conn->c_protocol
+ if (!arg->co_op->o_protocol) {
+ arg->co_op->o_protocol = conn->c_protocol
? conn->c_protocol : LDAP_VERSION3;
+ }
arg->co_op->o_connid = conn->c_connid;
slap_op_add( &conn->c_ops, arg->co_op );