X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Frequest.c;h=6098f0c904b14c48389c189c55252c6f0ff78dc2;hb=e22dc83ac096d1239a6903199f5dc3231b0f444b;hp=531ac0f4f11be92e7774be833901cebde2699935;hpb=3c1df853e43af018383729a5963eabbe284dcd7c;p=openldap diff --git a/libraries/libldap/request.c b/libraries/libldap/request.c index 531ac0f4f1..6098f0c904 100644 --- a/libraries/libldap/request.c +++ b/libraries/libldap/request.c @@ -1,7 +1,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2006 The OpenLDAP Foundation. + * Copyright 1998-2009 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -209,11 +209,43 @@ ldap_send_server_request( } } + /* async connect... */ + if ( lc != NULL && lc->lconn_status == LDAP_CONNST_CONNECTING ) { + ber_socket_t sd = AC_SOCKET_ERROR; + struct timeval tv = { 0 }; + + ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_GET_FD, &sd ); + + /* poll ... */ + switch ( ldap_int_poll( ld, sd, &tv ) ) { + case 0: + /* go on! */ + lc->lconn_status = LDAP_CONNST_CONNECTED; + break; + + case -2: + /* async only occurs if a network timeout is set */ + + /* honor network timeout */ + if ( time( NULL ) - lc->lconn_created <= ld->ld_options.ldo_tm_net.tv_sec ) + { + /* caller will have to call again */ + ld->ld_errno = LDAP_X_CONNECTING; + } + /* fallthru */ + + default: + /* error */ + break; + } + } + if ( lc == NULL || lc->lconn_status != LDAP_CONNST_CONNECTED ) { - ber_free( ber, 1 ); if ( ld->ld_errno == LDAP_SUCCESS ) { ld->ld_errno = LDAP_SERVER_DOWN; } + + ber_free( ber, 1 ); if ( incparent ) { /* Forget about the bind */ --parentreq->lr_outrefcnt; @@ -223,6 +255,19 @@ ldap_send_server_request( use_connection( ld, lc ); +#ifdef LDAP_CONNECTIONLESS + if ( LDAP_IS_UDP( ld )) { + BerElement tmpber = *ber; + ber_rewind( &tmpber ); + rc = ber_write( &tmpber, ld->ld_options.ldo_peer, + sizeof( struct sockaddr ), 0 ); + if ( rc == -1 ) { + ld->ld_errno = LDAP_ENCODING_ERROR; + return rc; + } + } +#endif + /* If we still have an incomplete write, try to finish it before * dealing with the new request. If we don't finish here, return * LDAP_BUSY and let the caller retry later. We only allow a single @@ -307,11 +352,38 @@ ldap_send_server_request( return( msgid ); } +/* return 0 if no StartTLS ext, 1 if present, 2 if critical */ +static int +find_tls_ext( LDAPURLDesc *srv ) +{ + int i, crit; + char *ext; + + if ( !srv->lud_exts ) + return 0; + + for (i=0; srv->lud_exts[i]; i++) { + crit = 0; + ext = srv->lud_exts[i]; + if ( ext[0] == '!') { + ext++; + crit = 1; + } + if ( !strcasecmp( ext, "StartTLS" ) || + !strcasecmp( ext, "X-StartTLS" ) || + !strcmp( ext, LDAP_EXOP_START_TLS )) { + return crit + 1; + } + } + return 0; +} + LDAPConn * ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb, int connect, LDAPreqinfo *bind ) { LDAPConn *lc; + int async = 0; Debug( LDAP_DEBUG_TRACE, "ldap_new_connection %d %d %d\n", use_ldsb, connect, (bind != NULL) ); @@ -341,12 +413,16 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb, if ( connect ) { LDAPURLDesc **srvp, *srv = NULL; + async = LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_CONNECT_ASYNC ); + for ( srvp = srvlist; *srvp != NULL; srvp = &(*srvp)->lud_next ) { - if ( ldap_int_open_connection( ld, lc, *srvp, 0 ) != -1 ) - { + int rc; + + rc = ldap_int_open_connection( ld, lc, *srvp, async ); + if ( rc != -1 ) { srv = *srvp; - if ( ld->ld_urllist_proc ) { + if ( ld->ld_urllist_proc && ( !async || rc != -2 ) ) { ld->ld_urllist_proc( ld, srvlist, srvp, ld->ld_urllist_params ); } @@ -366,7 +442,7 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb, lc->lconn_server = ldap_url_dup( srv ); } - lc->lconn_status = LDAP_CONNST_CONNECTED; + lc->lconn_status = async ? LDAP_CONNST_CONNECTING : LDAP_CONNST_CONNECTED; #ifdef LDAP_R_COMPILE ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex ); #endif @@ -376,6 +452,38 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb, ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex ); #endif + if ( connect ) { +#ifdef HAVE_TLS + if ( lc->lconn_server->lud_exts ) { + int rc, ext = find_tls_ext( lc->lconn_server ); + if ( ext ) { + LDAPConn *savedefconn; + + savedefconn = ld->ld_defconn; + ++lc->lconn_refcnt; /* avoid premature free */ + ld->ld_defconn = lc; + +#ifdef LDAP_R_COMPILE + ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex ); + ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex ); +#endif + rc = ldap_start_tls_s( ld, NULL, NULL ); +#ifdef LDAP_R_COMPILE + ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex ); + ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex ); +#endif + ld->ld_defconn = savedefconn; + --lc->lconn_refcnt; + + if ( rc != LDAP_SUCCESS && ext == 2 ) { + ldap_free_connection( ld, lc, 1, 0 ); + return NULL; + } + } + } +#endif + } + if ( bind != NULL ) { int err = 0; LDAPConn *savedefconn; @@ -430,7 +538,10 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb, ++lc->lconn_refcnt; /* avoid premature free */ ld->ld_defconn = lc; - Debug( LDAP_DEBUG_TRACE, "anonymous rebind via ldap_bind_s\n", 0, 0, 0); + Debug( LDAP_DEBUG_TRACE, + "anonymous rebind via ldap_sasl_bind(\"\")\n", + 0, 0, 0); + #ifdef LDAP_R_COMPILE ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex ); ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex ); @@ -468,7 +579,13 @@ ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb, break; default: - assert( 0 ); + Debug( LDAP_DEBUG_TRACE, + "ldap_new_connection %p: " + "unexpected response %d " + "from BIND request id=%d\n", + (void *) ld, ldap_msgtype( res ), msgid ); + err = -1; + break; } } } @@ -518,8 +635,7 @@ find_connection( LDAP *ld, LDAPURLDesc *srv, int any ) if ( lsu_port == lcu_port && strcmp( lcu->lud_scheme, lsu->lud_scheme ) == 0 - && lcu->lud_host != NULL && *lcu->lud_host != '\0' - && lsu->lud_host != NULL && *lsu->lud_host != '\0' + && lcu->lud_host != NULL && lsu->lud_host != NULL && strcasecmp( lsu->lud_host, lcu->lud_host ) == 0 ) { found = 1; @@ -572,6 +688,9 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind ) } else { prevlc->lconn_next = tmplc->lconn_next; } + if ( ld->ld_defconn == lc ) { + ld->ld_defconn = NULL; + } break; } prevlc = tmplc; @@ -580,6 +699,28 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind ) ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex ); #endif + /* process connection callbacks */ + { + struct ldapoptions *lo; + ldaplist *ll; + ldap_conncb *cb; + + lo = &ld->ld_options; + if ( lo->ldo_conn_cbs ) { + for ( ll=lo->ldo_conn_cbs; ll; ll=ll->ll_next ) { + cb = ll->ll_data; + cb->lc_del( ld, lc->lconn_sb, cb ); + } + } + lo = LDAP_INT_GLOBAL_OPT(); + if ( lo->ldo_conn_cbs ) { + for ( ll=lo->ldo_conn_cbs; ll; ll=ll->ll_next ) { + cb = ll->ll_data; + cb->lc_del( ld, lc->lconn_sb, cb ); + } + } + } + if ( lc->lconn_status == LDAP_CONNST_CONNECTED ) { ldap_mark_select_clear( ld, lc->lconn_sb ); if ( unbind ) { @@ -593,13 +734,11 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind ) } ldap_int_sasl_close( ld, lc ); +#ifdef HAVE_GSSAPI + ldap_int_gssapi_close( ld, lc ); +#endif ldap_free_urllist( lc->lconn_server ); -#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND - if ( lc->lconn_krbinstance != NULL ) { - LDAP_FREE( lc->lconn_krbinstance ); - } -#endif /* FIXME: is this at all possible? * ldap_ld_free() in unbind.c calls ldap_free_connection() @@ -621,6 +760,8 @@ ldap_free_connection( LDAP *ld, LDAPConn *lc, int force, int unbind ) if ( lc->lconn_sb != ld->ld_sb ) { ber_sockbuf_free( lc->lconn_sb ); + } else { + ber_int_sb_close( lc->lconn_sb ); } if ( lc->lconn_rebind_queue != NULL) { @@ -663,8 +804,9 @@ ldap_dump_connection( LDAP *ld, LDAPConn *lconns, int all ) } Debug( LDAP_DEBUG_TRACE, " refcnt: %d status: %s\n", lc->lconn_refcnt, ( lc->lconn_status == LDAP_CONNST_NEEDSOCKET ) - ? "NeedSocket" : ( lc->lconn_status == LDAP_CONNST_CONNECTING ) - ? "Connecting" : "Connected", 0 ); + ? "NeedSocket" : + ( lc->lconn_status == LDAP_CONNST_CONNECTING ) + ? "Connecting" : "Connected", 0 ); Debug( LDAP_DEBUG_TRACE, " last used: %s%s\n", ldap_pvt_ctime( &lc->lconn_lastused, timebuf ), lc->lconn_rebind_inprogress ? " rebind in progress" : "", 0 ); @@ -716,7 +858,7 @@ ldap_dump_requests_and_responses( LDAP *ld ) Debug( LDAP_DEBUG_TRACE, " outstanding referrals %d, parent count %d\n", lr->lr_outrefcnt, lr->lr_parentcnt, 0 ); } - Debug( LDAP_DEBUG_TRACE, " ld %p request count %d (abandoned %d)\n", + Debug( LDAP_DEBUG_TRACE, " ld %p request count %d (abandoned %lu)\n", (void *)ld, i, ld->ld_nabandoned ); Debug( LDAP_DEBUG_TRACE, "** ld %p Response Queue:\n", (void *)ld, 0, 0 ); if ( ( lm = ld->ld_responses ) == NULL ) { @@ -936,10 +1078,18 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char * } if( srv->lud_crit_exts ) { - /* we do not support any extensions */ - ld->ld_errno = LDAP_NOT_SUPPORTED; - rc = -1; - goto done; + int ok = 0; +#ifdef HAVE_TLS + /* If StartTLS is the only critical ext, OK. */ + if ( find_tls_ext( srv ) == 2 && srv->lud_crit_exts == 1 ) + ok = 1; +#endif + if ( !ok ) { + /* we do not support any other extensions */ + ld->ld_errno = LDAP_NOT_SUPPORTED; + rc = -1; + goto done; + } } /* check connection for re-bind in progress */ @@ -947,7 +1097,7 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char * /* See if we've already requested this DN with this conn */ LDAPRequest *lp; int looped = 0; - int len = srv->lud_dn ? strlen( srv->lud_dn ) : 0; + ber_len_t len = srv->lud_dn ? strlen( srv->lud_dn ) : 0; for ( lp = origreq; lp; ) { if ( lp->lr_conn == lc && len == lp->lr_dn.bv_len @@ -960,7 +1110,7 @@ ldap_chase_v3referrals( LDAP *ld, LDAPRequest *lr, char **refs, int sref, char * if ( lp == origreq ) { lp = lp->lr_child; } else { - lp = lr->lr_refnext; + lp = lp->lr_refnext; } } if ( looped ) { @@ -1206,7 +1356,7 @@ ldap_chase_referrals( LDAP *ld, if (( lc = find_connection( ld, srv, 1 )) != NULL ) { LDAPRequest *lp; int looped = 0; - int len = srv->lud_dn ? strlen( srv->lud_dn ) : 0; + ber_len_t len = srv->lud_dn ? strlen( srv->lud_dn ) : 0; for ( lp = lr; lp; lp = lp->lr_parent ) { if ( lp->lr_conn == lc && len == lp->lr_dn.bv_len ) @@ -1218,7 +1368,7 @@ ldap_chase_referrals( LDAP *ld, } } if ( looped ) { - ldap_free_urllist(srv); + ldap_free_urllist( srv ); ld->ld_errno = LDAP_CLIENT_LOOP; rc = -1; continue;