X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fconnection.c;h=504fe2cbfe0c13a82f0ef354426eded7eeaadd23;hb=5692be1fe4809dcb921067a0bbcef46974187e2e;hp=e8defc96748feb770f7cdad77ee84a177764d6da;hpb=e9c2895472d41da41fee1ffb049195b190f6adbc;p=openldap diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index e8defc9674..504fe2cbfe 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -50,6 +50,7 @@ static void connection_close( Connection *c ); static int connection_op_activate( Connection *conn, Operation *op ); static int connection_resched( Connection *conn ); static void connection_abandon( Connection *conn ); +static void connection_destroy( Connection *c ); struct co_arg { Connection *co_conn; @@ -270,13 +271,25 @@ static void connection_return( Connection *c ) long connection_init( ber_socket_t s, - const char* name, - const char* addr) + const char* url, + const char* dnsname, + const char* peername, + const char* sockname, + int use_tls ) { unsigned long id; Connection *c; + assert( connections != NULL ); + assert( dnsname != NULL ); + assert( peername != NULL ); + assert( sockname != NULL ); + +#ifndef HAVE_TLS + assert( !use_tls ); +#endif + if( s == AC_SOCKET_INVALID ) { Debug( LDAP_DEBUG_ANY, "connection_init(%ld): invalid.\n", @@ -335,8 +348,12 @@ long connection_init( if( c->c_struct_state == SLAP_C_UNINITIALIZED ) { c->c_dn = NULL; c->c_cdn = NULL; - c->c_client_name = NULL; - c->c_client_addr = NULL; + + c->c_listener_url = NULL; + c->c_peer_domain = NULL; + c->c_peer_name = NULL; + c->c_sock_name = NULL; + c->c_ops = NULL; c->c_pending_ops = NULL; c->c_authmech = NULL; @@ -357,15 +374,19 @@ long connection_init( assert( c->c_struct_state == SLAP_C_UNUSED ); assert( c->c_dn == NULL ); assert( c->c_cdn == NULL ); - assert( c->c_client_name == NULL ); - assert( c->c_client_addr == NULL ); + assert( c->c_listener_url == NULL ); + assert( c->c_peer_domain == NULL ); + assert( c->c_peer_name == NULL ); + assert( c->c_sock_name == NULL ); assert( c->c_ops == NULL ); assert( c->c_pending_ops == NULL ); assert( c->c_authmech == NULL ); assert( c->c_authstate == NULL ); - c->c_client_name = ch_strdup( name == NULL ? "" : name ); - c->c_client_addr = ch_strdup( addr ); + c->c_listener_url = ch_strdup( url ); + c->c_peer_domain = ch_strdup( dnsname ); + c->c_peer_name = ch_strdup( peername ); + c->c_sock_name = ch_strdup( sockname ); c->c_n_ops_received = 0; c->c_n_ops_executing = 0; @@ -383,8 +404,8 @@ long connection_init( if( ber_pvt_sb_set_nonblock( c->c_sb, 1 ) < 0 ) { Debug( LDAP_DEBUG_ANY, - "connection_init(%d, %s, %s): set nonblocking failed\n", - s, c->c_client_name, c->c_client_addr); + "connection_init(%d, %s): set nonblocking failed\n", + s, c->c_peer_name,0 ); } id = c->c_connid = conn_nextid++; @@ -392,6 +413,13 @@ long connection_init( c->c_conn_state = SLAP_C_INACTIVE; c->c_struct_state = SLAP_C_USED; +#ifdef HAVE_TLS + if ( use_tls ) { + c->c_is_tls = 1; + c->c_needs_tls_accept = 1; + } +#endif + ldap_pvt_thread_mutex_unlock( &c->c_mutex ); ldap_pvt_thread_mutex_unlock( &connections_mutex ); @@ -414,6 +442,7 @@ connection_destroy( Connection *c ) backend_connection_destroy(c); c->c_protocol = 0; + c->c_connid = -1; c->c_activitytime = c->c_starttime = 0; @@ -425,13 +454,21 @@ connection_destroy( Connection *c ) free(c->c_cdn); c->c_cdn = NULL; } - if(c->c_client_name != NULL) { - free(c->c_client_name); - c->c_client_name = NULL; + if(c->c_listener_url != NULL) { + free(c->c_listener_url); + c->c_listener_url = NULL; + } + if(c->c_peer_domain != NULL) { + free(c->c_peer_domain); + c->c_peer_domain = NULL; + } + if(c->c_peer_name != NULL) { + free(c->c_peer_name); + c->c_peer_name = NULL; } - if(c->c_client_addr != NULL) { - free(c->c_client_addr); - c->c_client_addr = NULL; + if(c->c_sock_name != NULL) { + free(c->c_sock_name); + c->c_sock_name = NULL; } if(c->c_authmech != NULL ) { free(c->c_authmech); @@ -779,6 +816,27 @@ int connection_read(ber_socket_t s) "connection_read(%d): checking for input on id=%ld\n", s, c->c_connid, 0 ); +#ifdef HAVE_TLS + if ( c->c_is_tls && c->c_needs_tls_accept ) { + rc = ldap_pvt_tls_accept( c->c_sb, NULL ); + if ( rc < 0 ) { + Debug( LDAP_DEBUG_TRACE, + "connection_read(%d): TLS accept error error=%d id=%ld, closing.\n", + s, rc, c->c_connid ); + + c->c_needs_tls_accept = 0; + /* connections_mutex and c_mutex are locked */ + connection_closing( c ); + connection_close( c ); + } else if ( rc == 0 ) { + c->c_needs_tls_accept = 0; + } + connection_return( c ); + ldap_pvt_thread_mutex_unlock( &connections_mutex ); + return 0; + } +#endif + #define CONNECTION_INPUT_LOOP 1 #ifdef DATA_READY_LOOP @@ -787,6 +845,7 @@ int connection_read(ber_socket_t s) while(!rc) #endif { + /* How do we do this without getting into a busy loop ? */ rc = connection_input( c ); } @@ -800,6 +859,10 @@ int connection_read(ber_socket_t s) connection_close( c ); } + if ( ber_pvt_sb_needs_read( c->c_sb ) ) + slapd_set_read( s, 1 ); + if ( ber_pvt_sb_needs_write( c->c_sb ) ) + slapd_set_write( s, 1 ); connection_return( c ); ldap_pvt_thread_mutex_unlock( &connections_mutex ); return 0; @@ -959,9 +1022,11 @@ static int connection_op_activate( Connection *conn, Operation *op ) arg->co_op->o_bind_in_progress = conn->c_bind_in_progress; arg->co_op->o_dn = ch_strdup( tmpdn != NULL ? tmpdn : "" ); - arg->co_op->o_ndn = dn_normalize_case( ch_strdup( arg->co_op->o_dn ) ); + arg->co_op->o_ndn = ch_strdup( arg->co_op->o_dn ); + (void) dn_normalize_case( arg->co_op->o_ndn ); arg->co_op->o_protocol = conn->c_protocol; + arg->co_op->o_connid = conn->c_connid; arg->co_op->o_authtype = conn->c_authtype; arg->co_op->o_authmech = conn->c_authmech != NULL @@ -1018,6 +1083,10 @@ int connection_write(ber_socket_t s) ldap_pvt_thread_cond_signal( &c->c_write_cv ); + if ( ber_pvt_sb_needs_read( c->c_sb ) ) + slapd_set_read( s, 1 ); + if ( ber_pvt_sb_needs_write( c->c_sb ) ) + slapd_set_write( s, 1 ); connection_return( c ); ldap_pvt_thread_mutex_unlock( &connections_mutex ); return 0;