X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fconnection.c;h=504fe2cbfe0c13a82f0ef354426eded7eeaadd23;hb=5692be1fe4809dcb921067a0bbcef46974187e2e;hp=bd3f1848ace0e4b2f37c514ec8ba78f3eff3f382;hpb=f9db1ea88905734aef29cac9eb6bfffd5420e14e;p=openldap

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index bd3f1848ac..504fe2cbfe 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -30,6 +30,18 @@ static unsigned long conn_nextid = 0;
 #define SLAP_C_BINDING			0x03	/* binding */
 #define SLAP_C_CLOSING			0x04	/* closing */
 
+char* connection_state2str( int state ) {
+	switch( state ) {
+	case SLAP_C_INVALID:	return "!";		
+	case SLAP_C_INACTIVE:	return "|";		
+	case SLAP_C_ACTIVE:		return "";			
+	case SLAP_C_BINDING:	return "B";
+	case SLAP_C_CLOSING:	return "C";			
+	}
+
+	return "?";
+}
+
 static Connection* connection_get( ber_socket_t s );
 
 static int connection_input( Connection *c );
@@ -37,6 +49,8 @@ static void connection_close( Connection *c );
 
 static int connection_op_activate( Connection *conn, Operation *op );
 static int connection_resched( Connection *conn );
+static void connection_abandon( Connection *conn );
+static void connection_destroy( Connection *c );
 
 struct co_arg {
 	Connection	*co_conn;
@@ -257,13 +271,25 @@ static void connection_return( Connection *c )
 
 long connection_init(
 	ber_socket_t s,
-	const char* name,
-	const char* addr)
+	const char* url,
+	const char* dnsname,
+	const char* peername,
+	const char* sockname,
+	int use_tls )
 {
 	unsigned long id;
 	Connection *c;
+
 	assert( connections != NULL );
 
+	assert( dnsname != NULL );
+	assert( peername != NULL );
+	assert( sockname != NULL );
+
+#ifndef HAVE_TLS
+	assert( !use_tls );
+#endif
+
 	if( s == AC_SOCKET_INVALID ) {
         Debug( LDAP_DEBUG_ANY,
 			"connection_init(%ld): invalid.\n",
@@ -322,10 +348,16 @@ long connection_init(
     if( c->c_struct_state == SLAP_C_UNINITIALIZED ) {
         c->c_dn = NULL;
         c->c_cdn = NULL;
-        c->c_client_name = NULL;
-        c->c_client_addr = NULL;
+
+		c->c_listener_url = NULL;
+		c->c_peer_domain = NULL;
+        c->c_peer_name = NULL;
+        c->c_sock_name = NULL;
+
         c->c_ops = NULL;
         c->c_pending_ops = NULL;
+		c->c_authmech = NULL;
+		c->c_authstate = NULL;
 
         c->c_sb = ber_sockbuf_alloc( );
 
@@ -342,13 +374,19 @@ long connection_init(
     assert( c->c_struct_state == SLAP_C_UNUSED );
     assert(	c->c_dn == NULL );
     assert(	c->c_cdn == NULL );
-    assert( c->c_client_name == NULL );
-    assert( c->c_client_addr == NULL );
+    assert( c->c_listener_url == NULL );
+    assert( c->c_peer_domain == NULL );
+    assert( c->c_peer_name == NULL );
+    assert( c->c_sock_name == NULL );
     assert( c->c_ops == NULL );
     assert( c->c_pending_ops == NULL );
+	assert( c->c_authmech == NULL );
+	assert( c->c_authstate == NULL );
 
-    c->c_client_name = ch_strdup( name == NULL ? "" : name );
-    c->c_client_addr = ch_strdup( addr );
+	c->c_listener_url = ch_strdup( url  );
+	c->c_peer_domain = ch_strdup( dnsname  );
+    c->c_peer_name = ch_strdup( peername  );
+    c->c_sock_name = ch_strdup( sockname );
 
     c->c_n_ops_received = 0;
     c->c_n_ops_executing = 0;
@@ -366,8 +404,8 @@ long connection_init(
 
     if( ber_pvt_sb_set_nonblock( c->c_sb, 1 ) < 0 ) {
         Debug( LDAP_DEBUG_ANY,
-            "connection_init(%d, %s, %s): set nonblocking failed\n",
-            s, c->c_client_name, c->c_client_addr);
+            "connection_init(%d, %s): set nonblocking failed\n",
+            s, c->c_peer_name,0 );
     }
 
     id = c->c_connid = conn_nextid++;
@@ -375,6 +413,13 @@ long connection_init(
     c->c_conn_state = SLAP_C_INACTIVE;
     c->c_struct_state = SLAP_C_USED;
 
+#ifdef HAVE_TLS
+    if ( use_tls ) {
+	    c->c_is_tls = 1;
+	    c->c_needs_tls_accept = 1;
+    }
+#endif
+
     ldap_pvt_thread_mutex_unlock( &c->c_mutex );
     ldap_pvt_thread_mutex_unlock( &connections_mutex );
 
@@ -397,6 +442,7 @@ connection_destroy( Connection *c )
     backend_connection_destroy(c);
 
     c->c_protocol = 0;
+    c->c_connid = -1;
 
     c->c_activitytime = c->c_starttime = 0;
 
@@ -408,13 +454,29 @@ connection_destroy( Connection *c )
 		free(c->c_cdn);
 		c->c_cdn = NULL;
 	}
-	if(c->c_client_name != NULL) {
-		free(c->c_client_name);
-		c->c_client_name = NULL;
+	if(c->c_listener_url != NULL) {
+		free(c->c_listener_url);
+		c->c_listener_url = NULL;
+	}
+	if(c->c_peer_domain != NULL) {
+		free(c->c_peer_domain);
+		c->c_peer_domain = NULL;
 	}
-	if(c->c_client_addr != NULL) {
-		free(c->c_client_addr);
-		c->c_client_addr = NULL;
+	if(c->c_peer_name != NULL) {
+		free(c->c_peer_name);
+		c->c_peer_name = NULL;
+	}
+	if(c->c_sock_name != NULL) {
+		free(c->c_sock_name);
+		c->c_sock_name = NULL;
+	}
+	if(c->c_authmech != NULL ) {
+		free(c->c_authmech);
+		c->c_authmech = NULL;
+	}
+	if(c->c_authstate != NULL ) {
+		free(c->c_authstate);
+		c->c_authstate = NULL;
 	}
 
 	if ( ber_pvt_sb_in_use(c->c_sb) ) {
@@ -449,6 +511,27 @@ int connection_state_closing( Connection *c )
 	return state == SLAP_C_CLOSING;
 }
 
+static void connection_abandon( Connection *c )
+{
+	/* c_mutex must be locked by caller */
+
+	Operation *o;
+
+	for( o = c->c_ops; o != NULL; o = o->o_next ) {
+		ldap_pvt_thread_mutex_lock( &o->o_abandonmutex );
+		o->o_abandon = 1;
+		ldap_pvt_thread_mutex_unlock( &o->o_abandonmutex );
+	}
+
+	/* remove pending operations */
+	for( o = slap_op_pop( &c->c_pending_ops );
+		o != NULL;
+		o = slap_op_pop( &c->c_pending_ops ) )
+	{
+		slap_op_free( o );
+	}
+}
+
 void connection_closing( Connection *c )
 {
 	assert( connections != NULL );
@@ -459,7 +542,6 @@ void connection_closing( Connection *c )
 	/* c_mutex must be locked by caller */
 
 	if( c->c_conn_state != SLAP_C_CLOSING ) {
-		Operation *o;
 
 		Debug( LDAP_DEBUG_TRACE,
 			"connection_closing: readying conn=%ld sd=%d for close.\n",
@@ -474,19 +556,7 @@ void connection_closing( Connection *c )
 		/* shutdown I/O -- not yet implemented */
 
 		/* abandon active operations */
-		for( o = c->c_ops; o != NULL; o = o->o_next ) {
-			ldap_pvt_thread_mutex_lock( &o->o_abandonmutex );
-			o->o_abandon = 1;
-			ldap_pvt_thread_mutex_unlock( &o->o_abandonmutex );
-		}
-
-		/* remove pending operations */
-		for( o = slap_op_pop( &c->c_pending_ops );
-			o != NULL;
-			o = slap_op_pop( &c->c_pending_ops ) )
-		{
-			slap_op_free( o );
-		}
+		connection_abandon( c );
 
 		/* wake write blocked operations */
 		slapd_clr_write( ber_pvt_sb_get_desc(c->c_sb), 1 );
@@ -602,6 +672,7 @@ void connection_done( Connection *c )
 static void *
 connection_operation( void *arg_v )
 {
+	int rc;
 	struct co_arg	*arg = arg_v;
 	ber_tag_t tag = arg->co_op->o_tag;
 	Connection *conn = arg->co_conn;
@@ -612,53 +683,57 @@ connection_operation( void *arg_v )
 
 	switch ( tag ) {
 	case LDAP_REQ_BIND:
-		do_bind( conn, arg->co_op );
+		rc = do_bind( conn, arg->co_op );
 		break;
 
 	case LDAP_REQ_UNBIND:
-		do_unbind( conn, arg->co_op );
+		rc = do_unbind( conn, arg->co_op );
 		break;
 
 	case LDAP_REQ_ADD:
-		do_add( conn, arg->co_op );
+		rc = do_add( conn, arg->co_op );
 		break;
 
 	case LDAP_REQ_DELETE:
-		do_delete( conn, arg->co_op );
+		rc = do_delete( conn, arg->co_op );
 		break;
 
 	case LDAP_REQ_MODRDN:
-		do_modrdn( conn, arg->co_op );
+		rc = do_modrdn( conn, arg->co_op );
 		break;
 
 	case LDAP_REQ_MODIFY:
-		do_modify( conn, arg->co_op );
+		rc = do_modify( conn, arg->co_op );
 		break;
 
 	case LDAP_REQ_COMPARE:
-		do_compare( conn, arg->co_op );
+		rc = do_compare( conn, arg->co_op );
 		break;
 
 	case LDAP_REQ_SEARCH:
-		do_search( conn, arg->co_op );
+		rc = do_search( conn, arg->co_op );
 		break;
 
 	case LDAP_REQ_ABANDON:
-		do_abandon( conn, arg->co_op );
+		rc = do_abandon( conn, arg->co_op );
 		break;
 
-#if 0
 	case LDAP_REQ_EXTENDED:
-		do_extended( conn, arg->co_op );
+		rc = do_extended( conn, arg->co_op );
 		break;
-#endif
 
 	default:
-		Debug( LDAP_DEBUG_ANY, "unknown request 0x%lx\n",
-		    arg->co_op->o_tag, 0, 0 );
+		Debug( LDAP_DEBUG_ANY, "unknown LDAP request 0x%lx\n",
+		    tag, 0, 0 );
+		arg->co_op->o_tag = LBER_ERROR;
+		send_ldap_disconnect( conn, arg->co_op,
+			LDAP_PROTOCOL_ERROR, "unknown LDAP request" );
+		rc = -1;
 		break;
 	}
 
+	if( rc == -1 ) tag = LBER_ERROR;
+
 	ldap_pvt_thread_mutex_lock( &num_ops_mutex );
 	num_ops_completed++;
 	ldap_pvt_thread_mutex_unlock( &num_ops_mutex );
@@ -676,6 +751,7 @@ connection_operation( void *arg_v )
 	arg = NULL;
 
 	switch( tag ) {
+	case LBER_ERROR:
 	case LDAP_REQ_UNBIND:
 		/* c_mutex is locked */
 		connection_closing( conn );
@@ -685,6 +761,7 @@ connection_operation( void *arg_v )
 		if( conn->c_conn_state == SLAP_C_BINDING) {
 			conn->c_conn_state = SLAP_C_ACTIVE;
 		}
+		conn->c_bind_in_progress = ( rc == LDAP_SASL_BIND_IN_PROGRESS );
 	}
 
 	ldap_pvt_thread_mutex_lock( &active_threads_mutex );
@@ -739,6 +816,27 @@ int connection_read(ber_socket_t s)
 		"connection_read(%d): checking for input on id=%ld\n",
 		s, c->c_connid, 0 );
 
+#ifdef HAVE_TLS
+	if ( c->c_is_tls && c->c_needs_tls_accept ) {
+		rc = ldap_pvt_tls_accept( c->c_sb, NULL );
+		if ( rc < 0 ) {
+			Debug( LDAP_DEBUG_TRACE,
+			       "connection_read(%d): TLS accept error error=%d id=%ld, closing.\n",
+			       s, rc, c->c_connid );
+
+			c->c_needs_tls_accept = 0;
+			/* connections_mutex and c_mutex are locked */
+			connection_closing( c );
+			connection_close( c );
+		} else if ( rc == 0 ) {
+			c->c_needs_tls_accept = 0;
+		}
+		connection_return( c );
+		ldap_pvt_thread_mutex_unlock( &connections_mutex );
+		return 0;
+	}
+#endif
+
 #define CONNECTION_INPUT_LOOP 1
 
 #ifdef DATA_READY_LOOP
@@ -747,6 +845,7 @@ int connection_read(ber_socket_t s)
 	while(!rc)
 #endif
 	{
+		/* How do we do this without getting into a busy loop ? */
 		rc = connection_input( c );
 	}
 
@@ -760,6 +859,10 @@ int connection_read(ber_socket_t s)
 		connection_close( c );
 	}
 
+	if ( ber_pvt_sb_needs_read( c->c_sb ) )
+		slapd_set_read( s, 1 );
+	if ( ber_pvt_sb_needs_write( c->c_sb ) )
+		slapd_set_write( s, 1 );
 	connection_return( c );
 	ldap_pvt_thread_mutex_unlock( &connections_mutex );
 	return 0;
@@ -827,6 +930,11 @@ connection_input(
 		return -1;
 	}
 
+	if(tag == LDAP_REQ_BIND) {
+		/* immediately abandon all exiting operations upon BIND */
+		connection_abandon( conn );
+	}
+
 	op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++ );
 
 	if ( conn->c_conn_state == SLAP_C_BINDING
@@ -897,6 +1005,10 @@ static int connection_op_activate( Connection *conn, Operation *op )
 	int status;
 	ber_tag_t tag = op->o_tag;
 
+	if(tag == LDAP_REQ_BIND) {
+		conn->c_conn_state = SLAP_C_BINDING;
+	}
+
 	if ( conn->c_dn != NULL ) {
 		tmpdn = ch_strdup( conn->c_dn );
 	} else {
@@ -907,18 +1019,22 @@ static int connection_op_activate( Connection *conn, Operation *op )
 	arg->co_conn = conn;
 	arg->co_op = op;
 
+	arg->co_op->o_bind_in_progress = conn->c_bind_in_progress;
+
 	arg->co_op->o_dn = ch_strdup( tmpdn != NULL ? tmpdn : "" );
-	arg->co_op->o_ndn = dn_normalize_case( ch_strdup( arg->co_op->o_dn ) );
+	arg->co_op->o_ndn = ch_strdup( arg->co_op->o_dn );
+	(void) dn_normalize_case( arg->co_op->o_ndn );
 
 	arg->co_op->o_protocol = conn->c_protocol;
+	arg->co_op->o_connid = conn->c_connid;
 
+	arg->co_op->o_authtype = conn->c_authtype;
+	arg->co_op->o_authmech = conn->c_authmech != NULL
+		?  ch_strdup( conn->c_authmech ) : NULL;
+	
 	slap_op_add( &conn->c_ops, arg->co_op );
 
-	if(tag == LDAP_REQ_BIND) {
-		conn->c_conn_state = SLAP_C_BINDING;
-	}
-
-	if ( tmpdn != NULL ) {
+	if( tmpdn != NULL ) {
 		free( tmpdn );
 	}
 
@@ -967,6 +1083,10 @@ int connection_write(ber_socket_t s)
 
 	ldap_pvt_thread_cond_signal( &c->c_write_cv );
 
+	if ( ber_pvt_sb_needs_read( c->c_sb ) )
+		slapd_set_read( s, 1 );
+	if ( ber_pvt_sb_needs_write( c->c_sb ) )
+		slapd_set_write( s, 1 );
 	connection_return( c );
 	ldap_pvt_thread_mutex_unlock( &connections_mutex );
 	return 0;