X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fconnection.c;h=766ca439bf0ce53f5c10611bfe00a655a4ff1c87;hb=f8fb4aca7668c722f41941be719203aa8c298e12;hp=9a3b4feb564594fbabbdaa5f8c8a983216f17e1a;hpb=2e0912622bca412c0a1b1a3fdba30f65bf222ade;p=openldap diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c index 9a3b4feb56..766ca439bf 100644 --- a/servers/slapd/connection.c +++ b/servers/slapd/connection.c @@ -1,19 +1,23 @@ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ #include "portable.h" #include +#include #include #include #include #include #include +#include +#include "ldap_pvt.h" +#include "lutil.h" #include "slap.h" /* protected by connections_mutex */ @@ -70,8 +74,13 @@ int connections_init(void) assert( connections == NULL ); if( connections != NULL) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_INFO, + "connections_init: already initialized.\n" )); +#else Debug( LDAP_DEBUG_ANY, "connections_init: already initialized.\n", 0, 0, 0 ); +#endif return -1; } @@ -81,9 +90,15 @@ int connections_init(void) connections = (Connection *) calloc( dtblsize, sizeof(Connection) ); if( connections == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connections_init: allocation (%d * %ld) of connection array failed\n", + dtblsize, (long) sizeof(Connection) )); +#else Debug( LDAP_DEBUG_ANY, "connections_init: allocation (%d*%ld) of connection array failed\n", dtblsize, (long) sizeof(Connection), 0 ); +#endif return -1; } @@ -108,8 +123,13 @@ int connections_destroy(void) /* should check return of every call */ if( connections == NULL) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_INFO, + "connections_destroy: nothing to destroy.\n")); +#else Debug( LDAP_DEBUG_ANY, "connections_destroy: nothing to destroy.\n", 0, 0, 0 ); +#endif return -1; } @@ -166,9 +186,7 @@ int connections_timeout_idle(time_t now) int connindex; Connection* c; - ldap_pvt_thread_mutex_lock( &connections_mutex ); - - for( c = connection_first( &connindex ); + for( c = connection_first( &connindex ); c != NULL; c = connection_next( c, &connindex ) ) { @@ -181,8 +199,6 @@ int connections_timeout_idle(time_t now) } connection_done( c ); - ldap_pvt_thread_mutex_unlock( &connections_mutex ); - return i; } @@ -192,9 +208,14 @@ static Connection* connection_get( ber_socket_t s ) Connection *c; +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ENTRY, + "connection_get: socket %ld\n", (long)s )); +#else Debug( LDAP_DEBUG_ARGS, "connection_get(%ld)\n", (long) s, 0, 0 ); +#endif assert( connections != NULL ); @@ -252,17 +273,27 @@ static Connection* connection_get( ber_socket_t s ) assert( c->c_conn_state == SLAP_C_INVALID ); assert( sd == AC_SOCKET_INVALID ); +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ARGS, + "connection_get: connection %d not used\n", s )); +#else Debug( LDAP_DEBUG_TRACE, "connection_get(%d): connection not used\n", s, 0, 0 ); +#endif ldap_pvt_thread_mutex_unlock( &c->c_mutex ); return NULL; } +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_RESULTS, + "connection_get: get for %d got connid %ld\n",s, c->c_connid )); +#else Debug( LDAP_DEBUG_TRACE, "connection_get(%d): got connid=%ld\n", s, c->c_connid, 0 ); +#endif c->c_n_get++; @@ -270,7 +301,13 @@ static Connection* connection_get( ber_socket_t s ) assert( c->c_conn_state != SLAP_C_INVALID ); assert( sd != AC_SOCKET_INVALID ); - c->c_activitytime = slap_get_time(); +#ifdef SLAPD_MONITOR + c->c_activitytime = slap_get_time(); +#else + if( global_idletimeout > 0 ) { + c->c_activitytime = slap_get_time(); + } +#endif } return c; @@ -287,7 +324,9 @@ long connection_init( const char* dnsname, const char* peername, const char* sockname, - int use_tls ) + int tls_udp_option, + slap_ssf_t ssf, + const char *authid ) { unsigned long id; Connection *c; @@ -299,13 +338,18 @@ long connection_init( assert( sockname != NULL ); #ifndef HAVE_TLS - assert( !use_tls ); + assert( tls_udp_option != 1 ); #endif if( s == AC_SOCKET_INVALID ) { - Debug( LDAP_DEBUG_ANY, - "connection_init(%ld): invalid.\n", - (long) s, 0, 0 ); +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_INFO, + "connection_init: init of socket %ld invalid.\n", (long)s )); +#else + Debug( LDAP_DEBUG_ANY, + "connection_init(%ld): invalid.\n", + (long) s, 0, 0 ); +#endif return -1; } @@ -321,89 +365,108 @@ long connection_init( #else { - unsigned int i; + ber_socket_t i; c = NULL; - for( i=0; i < dtblsize; i++) { - ber_socket_t sd; + for( i=0; i < dtblsize; i++) { + ber_socket_t sd; - ber_sockbuf_ctrl( connections[i].c_sb, LBER_SB_OPT_GET_FD, &sd ); + if( connections[i].c_struct_state == SLAP_C_UNINITIALIZED ) { + assert( connections[i].c_sb == 0 ); + c = &connections[i]; + break; + } + + sd = AC_SOCKET_INVALID; + if (connections[i].c_sb != NULL) + ber_sockbuf_ctrl( connections[i].c_sb, LBER_SB_OPT_GET_FD, &sd ); - if( connections[i].c_struct_state == SLAP_C_UNINITIALIZED ) { - assert( connections[i].c_sb == 0 ); - c = &connections[i]; - break; - } - - if( connections[i].c_struct_state == SLAP_C_UNUSED ) { - assert( sd == AC_SOCKET_INVALID ); - c = &connections[i]; - break; - } - - assert( connections[i].c_struct_state == SLAP_C_USED ); - assert( connections[i].c_conn_state != SLAP_C_INVALID ); - assert( sd != AC_SOCKET_INVALID ); - } - - if( c == NULL ) { - Debug( LDAP_DEBUG_ANY, + if( connections[i].c_struct_state == SLAP_C_UNUSED ) { + assert( sd == AC_SOCKET_INVALID ); + c = &connections[i]; + break; + } + + assert( connections[i].c_struct_state == SLAP_C_USED ); + assert( connections[i].c_conn_state != SLAP_C_INVALID ); + assert( sd != AC_SOCKET_INVALID ); + } + + if( c == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_INFO, + "connection_init: skt %d connection table full (%d/%d)\n", + s, i, dtblsize )); +#else + Debug( LDAP_DEBUG_ANY, "connection_init(%d): connection table full (%d/%d)\n", s, i, dtblsize); - ldap_pvt_thread_mutex_unlock( &connections_mutex ); - return -1; - } +#endif + ldap_pvt_thread_mutex_unlock( &connections_mutex ); + return -1; + } } #endif assert( c != NULL ); - if( c->c_struct_state == SLAP_C_UNINITIALIZED ) { + if( c->c_struct_state == SLAP_C_UNINITIALIZED ) { c->c_authmech = NULL; - c->c_dn = NULL; - c->c_cdn = NULL; + c->c_dn.bv_val = NULL; + c->c_dn.bv_len = 0; + c->c_ndn.bv_val = NULL; + c->c_ndn.bv_len = 0; + c->c_cdn.bv_val = NULL; + c->c_cdn.bv_len = 0; + c->c_groups = NULL; c->c_listener_url = NULL; c->c_peer_domain = NULL; - c->c_peer_name = NULL; - c->c_sock_name = NULL; + c->c_peer_name = NULL; + c->c_sock_name = NULL; - c->c_ops = NULL; - c->c_pending_ops = NULL; + LDAP_STAILQ_INIT(&c->c_ops); + LDAP_STAILQ_INIT(&c->c_pending_ops); c->c_sasl_bind_mech = NULL; -#ifdef HAVE_CYRUS_SASL - c->c_sasl_bind_context = NULL; -#endif + c->c_sasl_context = NULL; + c->c_sasl_extra = NULL; + + c->c_sb = ber_sockbuf_alloc( ); + + { + ber_len_t max = sockbuf_max_incoming; + ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); + } - c->c_sb = ber_sockbuf_alloc( ); c->c_currentber = NULL; - /* should check status of thread calls */ - ldap_pvt_thread_mutex_init( &c->c_mutex ); - ldap_pvt_thread_mutex_init( &c->c_write_mutex ); - ldap_pvt_thread_cond_init( &c->c_write_cv ); + /* should check status of thread calls */ + ldap_pvt_thread_mutex_init( &c->c_mutex ); + ldap_pvt_thread_mutex_init( &c->c_write_mutex ); + ldap_pvt_thread_cond_init( &c->c_write_cv ); - c->c_struct_state = SLAP_C_UNUSED; - } + c->c_struct_state = SLAP_C_UNUSED; + } ldap_pvt_thread_mutex_lock( &c->c_mutex ); assert( c->c_struct_state == SLAP_C_UNUSED ); assert( c->c_authmech == NULL ); - assert( c->c_dn == NULL ); - assert( c->c_cdn == NULL ); + assert( c->c_dn.bv_val == NULL ); + assert( c->c_ndn.bv_val == NULL ); + assert( c->c_cdn.bv_val == NULL ); + assert( c->c_groups == NULL ); assert( c->c_listener_url == NULL ); assert( c->c_peer_domain == NULL ); assert( c->c_peer_name == NULL ); assert( c->c_sock_name == NULL ); - assert( c->c_ops == NULL ); - assert( c->c_pending_ops == NULL ); + assert( LDAP_STAILQ_EMPTY(&c->c_ops) ); + assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) ); assert( c->c_sasl_bind_mech == NULL ); -#ifdef HAVE_CYRUS_SASL - assert( c->c_sasl_bind_context == NULL ); -#endif + assert( c->c_sasl_context == NULL ); + assert( c->c_sasl_extra == NULL ); assert( c->c_currentber == NULL ); c->c_listener_url = ch_strdup( url ); @@ -420,31 +483,70 @@ long connection_init( c->c_n_read = 0; c->c_n_write = 0; - /* assume LDAPv3 until bind */ - c->c_protocol = LDAP_VERSION3; + /* set to zero until bind, implies LDAP_VERSION3 */ + c->c_protocol = 0; - c->c_activitytime = c->c_starttime = slap_get_time(); +#ifdef SLAPD_MONITOR + c->c_activitytime = c->c_starttime = slap_get_time(); +#else + if( global_idletimeout > 0 ) { + c->c_activitytime = c->c_starttime = slap_get_time(); + } +#endif - ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_tcp, LBER_SBIOD_LEVEL_PROVIDER, - (void *)&s ); - ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_readahead, - LBER_SBIOD_LEVEL_PROVIDER, NULL ); +#ifdef LDAP_CONNECTIONLESS + c->c_is_udp = 0; + if (tls_udp_option == 2) + { + c->c_is_udp = 1; #ifdef LDAP_DEBUG - ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug, INT_MAX, NULL ); + ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug, + LBER_SBIOD_LEVEL_PROVIDER, (void*)"udp_" ); #endif - if( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_NONBLOCK, (void *)1 ) < 0 ) { - Debug( LDAP_DEBUG_ANY, - "connection_init(%d, %s): set nonblocking failed\n", - s, c->c_peer_name,0 ); - } + ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_udp, + LBER_SBIOD_LEVEL_PROVIDER, (void *)&s ); + ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_readahead, + LBER_SBIOD_LEVEL_PROVIDER, NULL ); + } else +#endif + { +#ifdef LDAP_DEBUG + ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug, + LBER_SBIOD_LEVEL_PROVIDER, (void*)"tcp_" ); +#endif + ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_tcp, + LBER_SBIOD_LEVEL_PROVIDER, (void *)&s ); + } + +#ifdef LDAP_DEBUG + ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug, + INT_MAX, (void*)"ldap_" ); +#endif + + if( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_NONBLOCK, + c /* non-NULL */ ) < 0 ) + { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_INFO, + "connection_init: conn %d set nonblocking failed\n", + c->c_connid )); +#else + Debug( LDAP_DEBUG_ANY, + "connection_init(%d, %s): set nonblocking failed\n", + s, c->c_peer_name, 0 ); +#endif + } id = c->c_connid = conn_nextid++; c->c_conn_state = SLAP_C_INACTIVE; c->c_struct_state = SLAP_C_USED; + c->c_ssf = c->c_transport_ssf = ssf; + c->c_tls_ssf = 0; + #ifdef HAVE_TLS - if ( use_tls ) { + if ( tls_udp_option == 1 ) { c->c_is_tls = 1; c->c_needs_tls_accept = 1; } else { @@ -453,6 +555,9 @@ long connection_init( } #endif + slap_sasl_open( c ); + slap_sasl_external( c, ssf, authid ); + ldap_pvt_thread_mutex_unlock( &c->c_mutex ); ldap_pvt_thread_mutex_unlock( &connections_mutex ); @@ -461,6 +566,53 @@ long connection_init( return id; } +void connection2anonymous( Connection *c ) +{ + assert( connections != NULL ); + assert( c != NULL ); + + { + ber_len_t max = sockbuf_max_incoming; + ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); + } + + if(c->c_authmech != NULL ) { + free(c->c_authmech); + c->c_authmech = NULL; + } + + if(c->c_dn.bv_val != NULL) { + free(c->c_dn.bv_val); + c->c_dn.bv_val = NULL; + } + c->c_dn.bv_len = 0; + if(c->c_ndn.bv_val != NULL) { + free(c->c_ndn.bv_val); + c->c_ndn.bv_val = NULL; + } + c->c_ndn.bv_len = 0; + + if(c->c_cdn.bv_val != NULL) { + free(c->c_cdn.bv_val); + c->c_cdn.bv_val = NULL; + } + c->c_cdn.bv_len = 0; + + c->c_authc_backend = NULL; + c->c_authz_backend = NULL; + + { + GroupAssertion *g, *n; + for (g = c->c_groups; g; g=n) + { + n = g->next; + free(g); + } + c->c_groups = NULL; + } + +} + static void connection_destroy( Connection *c ) { @@ -471,7 +623,7 @@ connection_destroy( Connection *c ) assert( c != NULL ); assert( c->c_struct_state != SLAP_C_UNUSED ); assert( c->c_conn_state != SLAP_C_INVALID ); - assert( c->c_ops == NULL ); + assert( LDAP_STAILQ_EMPTY(&c->c_ops) ); backend_connection_destroy(c); @@ -480,28 +632,19 @@ connection_destroy( Connection *c ) c->c_activitytime = c->c_starttime = 0; - if(c->c_authmech != NULL ) { - free(c->c_authmech); - c->c_authmech = NULL; - } - if(c->c_dn != NULL) { - free(c->c_dn); - c->c_dn = NULL; - } - if(c->c_cdn != NULL) { - free(c->c_cdn); - c->c_cdn = NULL; - } + connection2anonymous( c ); + if(c->c_listener_url != NULL) { free(c->c_listener_url); c->c_listener_url = NULL; } + if(c->c_peer_domain != NULL) { free(c->c_peer_domain); c->c_peer_domain = NULL; } if(c->c_peer_name != NULL) { -#ifdef LDAP_PF_LOCAL +#ifdef LDAP_PF_lOCAL /* * If peer was a domain socket, unlink. Mind you, * they may be un-named. Should we leave this to @@ -514,6 +657,7 @@ connection_destroy( Connection *c ) } } #endif /* LDAP_PF_LOCAL */ + free(c->c_peer_name); c->c_peer_name = NULL; } @@ -527,12 +671,8 @@ connection_destroy( Connection *c ) free(c->c_sasl_bind_mech); c->c_sasl_bind_mech = NULL; } -#ifdef HAVE_CYRUS_SASL - if(c->c_sasl_bind_context != NULL ) { - sasl_dispose( &c->c_sasl_bind_context ); - c->c_sasl_bind_context = NULL; - } -#endif + + slap_sasl_close( c ); if ( c->c_currentber != NULL ) { ber_free( c->c_currentber, 1 ); @@ -548,9 +688,15 @@ connection_destroy( Connection *c ) c->c_connid, sd, 0, 0, 0 ); } - ber_sockbuf_free( c->c_sb ); + ber_sockbuf_free( c->c_sb ); + c->c_sb = ber_sockbuf_alloc( ); + { + ber_len_t max = sockbuf_max_incoming; + ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); + } + c->c_conn_state = SLAP_C_INVALID; c->c_struct_state = SLAP_C_UNUSED; } @@ -576,17 +722,16 @@ static void connection_abandon( Connection *c ) Operation *o; - for( o = c->c_ops; o != NULL; o = o->o_next ) { + LDAP_STAILQ_FOREACH(o, &c->c_ops, o_next) { ldap_pvt_thread_mutex_lock( &o->o_abandonmutex ); o->o_abandon = 1; ldap_pvt_thread_mutex_unlock( &o->o_abandonmutex ); } /* remove pending operations */ - for( o = slap_op_pop( &c->c_pending_ops ); - o != NULL; - o = slap_op_pop( &c->c_pending_ops ) ) - { + while ( (o = LDAP_STAILQ_FIRST( &c->c_pending_ops )) != NULL) { + LDAP_STAILQ_REMOVE_HEAD( &c->c_pending_ops, o_next ); + LDAP_STAILQ_NEXT(o, o_next) = NULL; slap_op_free( o ); } } @@ -604,10 +749,15 @@ void connection_closing( Connection *c ) ber_socket_t sd; ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd ); +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_DETAIL1, + "connection_closing: conn %d readying socket %d for close.\n", + c->c_connid, sd )); +#else Debug( LDAP_DEBUG_TRACE, "connection_closing: readying conn=%ld sd=%d for close\n", c->c_connid, sd, 0 ); - +#endif /* update state to closing */ c->c_conn_state = SLAP_C_CLOSING; @@ -635,17 +785,27 @@ static void connection_close( Connection *c ) /* note: connections_mutex and c_mutex should be locked by caller */ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_GET_FD, &sd ); - if( c->c_ops != NULL ) { + if( !LDAP_STAILQ_EMPTY(&c->c_ops) ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_DETAIL1, + "connection_close: conn %d deferring sd %d\n", + c->c_connid, sd )); +#else Debug( LDAP_DEBUG_TRACE, "connection_close: deferring conn=%ld sd=%d\n", c->c_connid, sd, 0 ); - +#endif return; } +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_RESULTS, + "connection_close: conn %d sd %d\n", + c->c_connid, sd )); +#else Debug( LDAP_DEBUG_TRACE, "connection_close: conn=%ld sd=%d\n", c->c_connid, sd, 0 ); - +#endif connection_destroy( c ); } @@ -744,9 +904,15 @@ connection_operation( void *arg_v ) ldap_pvt_thread_mutex_unlock( &num_ops_mutex ); if( conn->c_sasl_bind_in_progress && tag != LDAP_REQ_BIND ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_operation: conn %d SASL bind in progress (tag=%ld).\n", + conn->c_connid, (long)tag )); +#else Debug( LDAP_DEBUG_ANY, "connection_operation: " "error: SASL bind in progress (tag=%ld).\n", (long) tag, 0, 0 ); +#endif send_ldap_result( conn, arg->co_op, rc = LDAP_OPERATIONS_ERROR, NULL, "SASL bind in progress", NULL, NULL ); @@ -795,8 +961,14 @@ connection_operation( void *arg_v ) break; default: +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_INFO, + "connection_operation: conn %d unknown LDAP request 0x%lx\n", + conn->c_connid, tag )); +#else Debug( LDAP_DEBUG_ANY, "unknown LDAP request 0x%lx\n", tag, 0, 0 ); +#endif arg->co_op->o_tag = LBER_ERROR; send_ldap_disconnect( conn, arg->co_op, LDAP_PROTOCOL_ERROR, "unknown LDAP request" ); @@ -816,7 +988,8 @@ operations_error: conn->c_n_ops_executing--; conn->c_n_ops_completed++; - slap_op_remove( &conn->c_ops, arg->co_op ); + LDAP_STAILQ_REMOVE( &conn->c_ops, arg->co_op, slap_op, o_next); + LDAP_STAILQ_NEXT(arg->co_op, o_next) = NULL; slap_op_free( arg->co_op ); arg->co_op = NULL; arg->co_conn = NULL; @@ -839,13 +1012,6 @@ operations_error: } } - ldap_pvt_thread_mutex_lock( &active_threads_mutex ); - active_threads--; - if( active_threads < 1 ) { - ldap_pvt_thread_cond_signal(&active_threads_cond); - } - ldap_pvt_thread_mutex_unlock( &active_threads_mutex ); - connection_resched( conn ); ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); @@ -865,10 +1031,15 @@ int connection_read(ber_socket_t s) c = connection_get( s ); if( c == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_INFO, + "connection_read: sock %ld no connection\n", + (long)s )); +#else Debug( LDAP_DEBUG_ANY, "connection_read(%ld): no connection!\n", (long) s, 0, 0 ); - +#endif slapd_remove(s, 0); ldap_pvt_thread_mutex_unlock( &connections_mutex ); @@ -878,34 +1049,53 @@ int connection_read(ber_socket_t s) c->c_n_read++; if( c->c_conn_state == SLAP_C_CLOSING ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_INFO, + "connection_read: conn %d connection closing, ignoring input\n", + c->c_connid)); +#else Debug( LDAP_DEBUG_TRACE, "connection_read(%d): closing, ignoring input for id=%ld\n", s, c->c_connid, 0 ); - +#endif connection_return( c ); ldap_pvt_thread_mutex_unlock( &connections_mutex ); return 0; } +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_DETAIL1, + "connection_read: conn %d checking for input.\n", c->c_connid )); +#else Debug( LDAP_DEBUG_TRACE, "connection_read(%d): checking for input on id=%ld\n", s, c->c_connid, 0 ); +#endif #ifdef HAVE_TLS if ( c->c_is_tls && c->c_needs_tls_accept ) { rc = ldap_pvt_tls_accept( c->c_sb, NULL ); if ( rc < 0 ) { +#if 0 /* required by next #if 0 */ struct timeval tv; fd_set rfd; +#endif +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_read: conn %d TLS accept error, error %d\n", + c->c_connid, rc )); +#else Debug( LDAP_DEBUG_TRACE, - "connection_read(%d): TLS accept error error=%d id=%ld, closing\n", - s, rc, c->c_connid ); - + "connection_read(%d): TLS accept error " + "error=%d id=%ld, closing\n", + s, rc, c->c_connid ); +#endif c->c_needs_tls_accept = 0; /* connections_mutex and c_mutex are locked */ connection_closing( c ); +#if 0 /* Drain input before close, to allow SSL error codes * to propagate to client. */ FD_ZERO(&rfd); @@ -919,9 +1109,25 @@ int connection_read(ber_socket_t s) ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DRAIN, NULL); } +#endif connection_close( c ); + } else if ( rc == 0 ) { + void *ssl; + char *authid; + c->c_needs_tls_accept = 0; + + /* we need to let SASL know */ + ssl = (void *)ldap_pvt_tls_sb_ctx( c->c_sb ); + + c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl ); + if( c->c_tls_ssf > c->c_ssf ) { + c->c_ssf = c->c_tls_ssf; + } + + authid = (char *)ldap_pvt_tls_get_peer( ssl ); + slap_sasl_external( c, c->c_tls_ssf, authid ); } connection_return( c ); ldap_pvt_thread_mutex_unlock( &connections_mutex ); @@ -929,6 +1135,33 @@ int connection_read(ber_socket_t s) } #endif +#ifdef HAVE_CYRUS_SASL + if ( c->c_sasl_layers ) { + c->c_sasl_layers = 0; + + rc = ldap_pvt_sasl_install( c->c_sb, c->c_sasl_context ); + + if( rc != LDAP_SUCCESS ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_read: conn %d SASL install error %d, closing\n", + c->c_connid, rc )); +#else + Debug( LDAP_DEBUG_TRACE, + "connection_read(%d): SASL install error " + "error=%d id=%ld, closing\n", + s, rc, c->c_connid ); +#endif + /* connections_mutex and c_mutex are locked */ + connection_closing( c ); + connection_close( c ); + connection_return( c ); + ldap_pvt_thread_mutex_unlock( &connections_mutex ); + return 0; + } + } +#endif + #define CONNECTION_INPUT_LOOP 1 #ifdef DATA_READY_LOOP @@ -942,19 +1175,31 @@ int connection_read(ber_socket_t s) } if( rc < 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_read: conn %d input error %d, closing.\n", + c->c_connid, rc )); +#else Debug( LDAP_DEBUG_TRACE, "connection_read(%d): input error=%d id=%ld, closing.\n", s, rc, c->c_connid ); - +#endif /* connections_mutex and c_mutex are locked */ connection_closing( c ); connection_close( c ); + connection_return( c ); + ldap_pvt_thread_mutex_unlock( &connections_mutex ); + return 0; } - if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) ) + if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) ) { slapd_set_read( s, 1 ); - if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) + } + + if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) { slapd_set_write( s, 1 ); + } + connection_return( c ); ldap_pvt_thread_mutex_unlock( &connections_mutex ); return 0; @@ -970,26 +1215,57 @@ connection_input( ber_len_t len; ber_int_t msgid; BerElement *ber; +#ifdef LDAP_CONNECTIONLESS + Sockaddr peeraddr; + char *cdn = NULL; +#endif if ( conn->c_currentber == NULL && (conn->c_currentber = ber_alloc()) == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_input: conn %d ber_alloc failed.\n", conn->c_connid )); +#else Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 ); +#endif return -1; } errno = 0; - if ( (tag = ber_get_next( conn->c_sb, &len, conn->c_currentber )) - != LDAP_TAG_MESSAGE ) + +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp) { + char peername[sizeof("IP=255.255.255.255:65336")]; + len = ber_int_sb_read(conn->c_sb, &peeraddr, + sizeof(struct sockaddr)); + if (len != sizeof(struct sockaddr)) + return 1; + sprintf( peername, "IP=%s:%d", + inet_ntoa( peeraddr.sa_in_addr.sin_addr ), + (unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) ); + Statslog( LDAP_DEBUG_STATS, + "conn=%ld UDP request from %s (%s) accepted.\n", + conn->c_connid, peername, + conn->c_sock_name, 0, 0 ); + } +#endif + tag = ber_get_next( conn->c_sb, &len, conn->c_currentber ); + if ( tag != LDAP_TAG_MESSAGE ) { int err = errno; ber_socket_t sd; ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd ); +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_input: conn %d ber_get_next failed, errno %d (%s).\n", + conn->c_connid, err, sock_errstr(err) )); +#else Debug( LDAP_DEBUG_TRACE, "ber_get_next on fd %d failed errno=%d (%s)\n", sd, err, sock_errstr(err) ); - +#endif if ( err != EWOULDBLOCK && err != EAGAIN ) { /* log, close and send error */ ber_free( conn->c_currentber, 1 ); @@ -1005,21 +1281,53 @@ connection_input( if ( (tag = ber_get_int( ber, &msgid )) != LDAP_TAG_MSGID ) { /* log, close and send error */ +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_input: conn %d ber_get_int returns 0x%lx.\n", + conn->c_connid, tag )); +#else Debug( LDAP_DEBUG_ANY, "ber_get_int returns 0x%lx\n", tag, 0, 0 ); +#endif ber_free( ber, 1 ); return -1; } if ( (tag = ber_peek_tag( ber, &len )) == LBER_ERROR ) { /* log, close and send error */ +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_input: conn %d ber_peek_tag returns 0x%lx.\n", + conn->c_connid, tag )); +#else Debug( LDAP_DEBUG_ANY, "ber_peek_tag returns 0x%lx\n", tag, 0, 0 ); +#endif ber_free( ber, 1 ); return -1; } +#ifdef LDAP_CONNECTIONLESS + if (conn->c_is_udp) { + if (tag == LBER_OCTETSTRING) { + ber_get_stringa( ber, &cdn ); + tag = ber_peek_tag(ber, &len); + } + if (tag != LDAP_REQ_ABANDON && tag != LDAP_REQ_SEARCH) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_input: conn %d invalid req for UDP 0x%lx.\n", + conn->c_connid, tag )); +#else + Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0, + 0 ); +#endif + ber_free( ber, 1 ); + return 0; + } + } +#endif if(tag == LDAP_REQ_BIND) { /* immediately abandon all exiting operations upon BIND */ connection_abandon( conn ); @@ -1027,12 +1335,25 @@ connection_input( op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++ ); +#ifdef LDAP_CONNECTIONLESS + op->o_peeraddr = peeraddr; + if (cdn) { + op->o_dn = cdn; + op->o_protocol = LDAP_VERSION2; + } +#endif if ( conn->c_conn_state == SLAP_C_BINDING || conn->c_conn_state == SLAP_C_CLOSING ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_INFO, + "connection_input: conn %d deferring operation\n", + conn->c_connid )); +#else Debug( LDAP_DEBUG_ANY, "deferring operation\n", 0, 0, 0 ); +#endif conn->c_n_ops_pending++; - slap_op_add( &conn->c_pending_ops, op ); + LDAP_STAILQ_INSERT_TAIL( &conn->c_pending_ops, op, o_next ); } else { conn->c_n_ops_executing++; @@ -1056,14 +1377,57 @@ connection_resched( Connection *conn ) Operation *op; if( conn->c_conn_state == SLAP_C_CLOSING ) { + int rc; ber_socket_t sd; - ber_sockbuf_ctrl( conn->c_sb, LBER_SB_OPT_GET_FD, &sd ); - Debug( LDAP_DEBUG_TRACE, - "connection_resched: attempting closing conn=%ld sd=%d\n", - conn->c_connid, sd, 0 ); - connection_close( conn ); + /* us trylock to avoid possible deadlock */ + rc = ldap_pvt_thread_mutex_trylock( &connections_mutex ); + + if( rc ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_DETAIL1, + "connection_resched: conn %d reaquiring locks.\n", + conn->c_connid )); +#else + Debug( LDAP_DEBUG_TRACE, + "connection_resched: reaquiring locks conn=%ld sd=%d\n", + conn->c_connid, sd, 0 ); +#endif + /* + * reaquire locks in the right order... + * this may allow another thread to close this connection, + * so recheck state below. + */ + ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); + ldap_pvt_thread_mutex_lock( &connections_mutex ); + ldap_pvt_thread_mutex_lock( &conn->c_mutex ); + } + + if( conn->c_conn_state != SLAP_C_CLOSING ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_INFO, + "connection_resched: conn %d closed by other thread.\n", + conn->c_connid )); +#else + Debug( LDAP_DEBUG_TRACE, "connection_resched: " + "closed by other thread conn=%ld sd=%d\n", + conn->c_connid, sd, 0 ); +#endif + } else { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_DETAIL1, + "connection_resched: conn %d attempting closing.\n", + conn->c_connid )); +#else + Debug( LDAP_DEBUG_TRACE, "connection_resched: " + "attempting closing conn=%ld sd=%d\n", + conn->c_connid, sd, 0 ); +#endif + connection_close( conn ); + } + + ldap_pvt_thread_mutex_unlock( &connections_mutex ); return 0; } @@ -1072,10 +1436,9 @@ connection_resched( Connection *conn ) return 0; } - for( op = slap_op_pop( &conn->c_pending_ops ); - op != NULL; - op = slap_op_pop( &conn->c_pending_ops ) ) - { + while ((op = LDAP_STAILQ_FIRST( &conn->c_pending_ops )) != NULL) { + LDAP_STAILQ_REMOVE_HEAD( &conn->c_pending_ops, o_next ); + LDAP_STAILQ_NEXT(op, o_next) = NULL; /* pending operations should not be marked for abandonment */ assert(!op->o_abandon); @@ -1094,7 +1457,6 @@ connection_resched( Connection *conn ) static int connection_op_activate( Connection *conn, Operation *op ) { struct co_arg *arg; - char *tmpdn; int status; ber_tag_t tag = op->o_tag; @@ -1102,44 +1464,41 @@ static int connection_op_activate( Connection *conn, Operation *op ) conn->c_conn_state = SLAP_C_BINDING; } - if ( conn->c_dn != NULL ) { - tmpdn = ch_strdup( conn->c_dn ); - } else { - tmpdn = NULL; - } - arg = (struct co_arg *) ch_malloc( sizeof(struct co_arg) ); arg->co_conn = conn; arg->co_op = op; - arg->co_op->o_dn = ch_strdup( tmpdn != NULL ? tmpdn : "" ); - arg->co_op->o_ndn = ch_strdup( arg->co_op->o_dn ); - (void) dn_normalize( arg->co_op->o_ndn ); - - arg->co_op->o_protocol = conn->c_protocol; - arg->co_op->o_connid = conn->c_connid; - + if (!arg->co_op->o_dn.bv_len) { + arg->co_op->o_authz = conn->c_authz; + arg->co_op->o_dn.bv_val = ch_strdup( conn->c_dn.bv_val ? + conn->c_dn.bv_val : "" ); + arg->co_op->o_ndn.bv_val = ch_strdup( conn->c_ndn.bv_val ? + conn->c_ndn.bv_val : "" ); + } arg->co_op->o_authtype = conn->c_authtype; arg->co_op->o_authmech = conn->c_authmech != NULL ? ch_strdup( conn->c_authmech ) : NULL; - slap_op_add( &conn->c_ops, arg->co_op ); - - if( tmpdn != NULL ) { - free( tmpdn ); + if (!arg->co_op->o_protocol) { + arg->co_op->o_protocol = conn->c_protocol + ? conn->c_protocol : LDAP_VERSION3; } + arg->co_op->o_connid = conn->c_connid; - ldap_pvt_thread_mutex_lock( &active_threads_mutex ); - active_threads++; - ldap_pvt_thread_mutex_unlock( &active_threads_mutex ); + LDAP_STAILQ_INSERT_TAIL( &conn->c_ops, arg->co_op, o_next ); - status = ldap_pvt_thread_create( &arg->co_op->o_tid, 1, - connection_operation, (void *) arg ); + status = ldap_pvt_thread_pool_submit( &connection_pool, + connection_operation, (void *) arg ); if ( status != 0 ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_op_activate: conn %d thread pool submit failed.\n", + conn->c_connid )); +#else Debug( LDAP_DEBUG_ANY, - "ldap_pvt_thread_create failed (%d)\n", status, 0, 0 ); - + "ldap_pvt_thread_pool_submit failed (%d)\n", status, 0, 0 ); +#endif /* should move op to pending list */ } @@ -1158,9 +1517,14 @@ int connection_write(ber_socket_t s) slapd_clr_write( s, 0); if( c == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_ERR, + "connection_write: sock %ld no connection!\n",(long)s)); +#else Debug( LDAP_DEBUG_ANY, "connection_write(%ld): no connection!\n", (long) s, 0, 0 ); +#endif slapd_remove(s, 0); ldap_pvt_thread_mutex_unlock( &connections_mutex ); return -1; @@ -1168,10 +1532,15 @@ int connection_write(ber_socket_t s) c->c_n_write++; +#ifdef NEW_LOGGING + LDAP_LOG(( "connection", LDAP_LEVEL_DETAIL1, + "connection_write conn %d waking output.\n", + c->c_connid )); +#else Debug( LDAP_DEBUG_TRACE, "connection_write(%d): waking output for id=%ld\n", s, c->c_connid, 0 ); - +#endif ldap_pvt_thread_cond_signal( &c->c_write_cv ); if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) ) @@ -1182,3 +1551,67 @@ int connection_write(ber_socket_t s) ldap_pvt_thread_mutex_unlock( &connections_mutex ); return 0; } + + +/* + * Create client side and server side connection structures, connected to + * one another, for the front end to use for searches on arbitrary back ends. + */ + +int connection_internal_open( Connection **conn, LDAP **ldp, const char *id ) +{ + int rc; + ber_socket_t fd[2] = {-1,-1}; + Operation *op; + + *conn=NULL; + *ldp=NULL; + + rc = lutil_pair( fd ); + if( rc == -1 ) { + return LDAP_OTHER; + } + + rc = connection_init( fd[1], "INT", "localhost", + "localhost:0", "localhost:00", 0, 256, id ); + if( rc < 0 ) { + tcp_close( fd[0] ); + tcp_close( fd[1] ); + return LDAP_OTHER; + } + slapd_add_internal( fd[1] ); + + /* A search operation, number 0 */ + op = slap_op_alloc( NULL, 0, LDAP_REQ_SEARCH, 0); + op->o_ndn.bv_val = ch_strdup( id ); + op->o_ndn.bv_len = strlen( id ); + op->o_protocol = LDAP_VERSION3; + + (*conn) = connection_get( fd[1] ); + LDAP_STAILQ_INSERT_HEAD( &(*conn)->c_ops, op, o_next); + (*conn)->c_conn_state = SLAP_C_ACTIVE; + + /* Create the client side of the connection */ + rc = ldap_open_internal_connection( ldp, &(fd[0]) ); + if( rc != LDAP_SUCCESS ) { + tcp_close( fd[0] ); + return LDAP_OTHER; + } + + /* The connection_get() will have locked the connection's mutex */ + ldap_pvt_thread_mutex_unlock( &((*conn)->c_mutex) ); + + return LDAP_SUCCESS; +} + + +void connection_internal_close( Connection *conn ) +{ + Operation *op = LDAP_STAILQ_FIRST(&conn->c_ops); + + LDAP_STAILQ_REMOVE_HEAD(&conn->c_ops, o_next); + LDAP_STAILQ_NEXT(op, o_next) = NULL; + slap_op_free( op ); + connection_closing( conn ); + connection_close( conn ); +}