X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fdaemon.c;h=509ed6a275947cdffbc928ea375b136afcaa1daf;hb=4a5d740e2ee4e700e76b2eac6f079e39f0134c94;hp=0819b986942e2b7d1ba5f05eae382e4d6663bdf7;hpb=cf1d3904a41e67f00fcfcc553cff4b80de8f2cb8;p=openldap

diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index 0819b98694..509ed6a275 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -30,6 +30,13 @@
 #include <unistd.h>
 #endif /* USE_SYSCONF */
 
+#ifdef TCP_WRAPPERS
+#include <tcpd.h>
+
+int allow_severity = LOG_INFO;
+int deny_severity = LOG_NOTICE;
+#endif /* TCP_WRAPPERS */
+
 extern Operation	*op_add();
 
 #ifndef SYSERRLIST_IN_STDIO
@@ -71,16 +78,19 @@ slapd_daemon(
 	int			on = 1;
 
 #ifdef USE_SYSCONF
-        dtblsize = sysconf( _SC_OPEN_MAX );
+	dtblsize = sysconf( _SC_OPEN_MAX );
 #else /* USE_SYSCONF */
-        dtblsize = getdtablesize();
+	dtblsize = getdtablesize();
 #endif /* USE_SYSCONF */
 	/*
 	 * Add greg@greg.rim.or.jp
 	 */
+#ifdef FD_SETSIZE
 	if(dtblsize > FD_SETSIZE) {
 		dtblsize = FD_SETSIZE;
 	}
+#endif	/* !FD_SETSIZE */
+
 	c = (Connection *) ch_calloc( 1, dtblsize * sizeof(Connection) );
 
 	for ( i = 0; i < dtblsize; i++ ) {
@@ -139,16 +149,17 @@ slapd_daemon(
 	}
 
 	(void) SIGNAL( SIGPIPE, SIG_IGN );
-#ifdef SIGSTKFLT
+#ifdef linux
+	/*
+	 * LinuxThreads are implemented using SIGUSR1/USR2,
+	 * so we'll use SIGSTKFLT and SIGUNUSED
+	 */
 	(void) SIGNAL( SIGSTKFLT, (void *) do_nothing );
-#else
-	(void) SIGNAL( SIGUSR1, (void *) do_nothing );
-#endif
-#ifdef SIGUNUSED
 	(void) SIGNAL( SIGUNUSED, (void *) set_shutdown );
-#else
+#else /* !linux */
+	(void) SIGNAL( SIGUSR1, (void *) do_nothing );
 	(void) SIGNAL( SIGUSR2, (void *) set_shutdown );
-#endif
+#endif /* !linux */
 	(void) SIGNAL( SIGTERM, (void *) set_shutdown );
 	(void) SIGNAL( SIGINT, (void *) set_shutdown );
 	(void) SIGNAL( SIGHUP, (void *) set_shutdown );
@@ -177,10 +188,16 @@ slapd_daemon(
 		struct timeval		*tvp;
 		int			len, pid;
 
+		char	*client_name;
+		char	*client_addr;
+
 		FD_ZERO( &writefds );
 		FD_ZERO( &readfds );
 		FD_SET( tcps, &readfds );
 
+		zero.tv_sec = 0;
+		zero.tv_usec = 0;
+
 		pthread_mutex_lock( &active_threads_mutex );
 		Debug( LDAP_DEBUG_CONNS,
 		    "listening for connections on %d, activity on:",
@@ -201,18 +218,16 @@ slapd_daemon(
 		Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 );
 		pthread_mutex_unlock( &new_conn_mutex );
 
-		zero.tv_sec = 0;
-		zero.tv_usec = 0;
 		Debug( LDAP_DEBUG_CONNS, "before select active_threads %d\n",
 		    active_threads, 0, 0 );
-#ifdef PTHREAD_PREEMPTIVE
+#if	defined(PTHREAD_PREEMPTIVE) || defined(NO_THREADS)
 		tvp = NULL;
 #else
 		tvp = active_threads ? &zero : NULL;
 #endif
 		pthread_mutex_unlock( &active_threads_mutex );
 
-		switch ( select( dtblsize, &readfds, &writefds, 0, tvp ) ) {
+		switch ( i = select( dtblsize, &readfds, &writefds, 0, tvp ) ) {
 		case -1:	/* failure - try again */
 			Debug( LDAP_DEBUG_CONNS,
 			    "select failed errno %d (%s)\n",
@@ -227,7 +242,7 @@ slapd_daemon(
 			continue;
 
 		default:	/* something happened - deal with it */
-			Debug( LDAP_DEBUG_CONNS, "select activity\n", 0, 0, 0 );
+			Debug( LDAP_DEBUG_CONNS, "select activity on %d descriptors\n", i, 0, 0 );
 			;	/* FALL */
 		}
 		pthread_mutex_lock( &currenttime_mutex );
@@ -249,8 +264,9 @@ slapd_daemon(
 			}
 			if ( ioctl( ns, FIONBIO, (caddr_t) &on ) == -1 ) {
 				Debug( LDAP_DEBUG_ANY,
-				    "FIONBIO ioctl on %d faled\n", ns, 0, 0 );
+				    "FIONBIO ioctl on %d failed\n", ns, 0, 0 );
 			}
+
 			c[ns].c_sb.sb_sd = ns;
 			Debug( LDAP_DEBUG_CONNS, "new connection on %d\n", ns,
 			    0, 0 );
@@ -258,43 +274,76 @@ slapd_daemon(
 			pthread_mutex_lock( &ops_mutex );
 			c[ns].c_connid = num_conns++;
 			pthread_mutex_unlock( &ops_mutex );
+
 			len = sizeof(from);
+
 			if ( getpeername( ns, (struct sockaddr *) &from, &len )
 			    == 0 ) {
-				char	*s;
-#ifdef REVERSE_LOOKUP
+				char *s;
+				client_addr = inet_ntoa( from.sin_addr );
+
+#if defined(REVERSE_LOOKUP) || defined(TCP_WRAPPERS)
 				hp = gethostbyaddr( (char *)
 				    &(from.sin_addr.s_addr),
 				    sizeof(from.sin_addr.s_addr), AF_INET );
-#else
-				hp = NULL;
-#endif
 
-				Statslog( LDAP_DEBUG_STATS,
-				    "conn=%d fd=%d connection from %s (%s)\n",
-				    c[ns].c_connid, ns, hp == NULL ? "unknown"
-				    : hp->h_name, inet_ntoa( from.sin_addr ),
-				    0 );
+				if(hp) {
+					client_name = hp->h_name;
 
-				if ( c[ns].c_addr != NULL ) {
-					free( c[ns].c_addr );
-				}
-				c[ns].c_addr = strdup( inet_ntoa(
-				    from.sin_addr ) );
-				if ( c[ns].c_domain != NULL ) {
-					free( c[ns].c_domain );
-				}
-				c[ns].c_domain = strdup( hp == NULL ? "" :
-				    hp->h_name );
-				/* normalize the domain */
-				for ( s = c[ns].c_domain; *s; s++ ) {
-					*s = TOLOWER( *s );
+					/* normalize the domain */
+					for ( s = client_name; *s; s++ ) {
+						*s = TOLOWER( *s );
+					}
+
+				} else {
+					client_name = NULL;
 				}
+#else
+				client_name = NULL;
+#endif
+
 			} else {
+				client_name = NULL;;
+				client_addr = NULL;
+			}
+
+#ifdef TCP_WRAPPERS
+			if(!hosts_ctl("slapd", client_name, client_addr,
+				STRING_UNKNOWN))
+			{
+				/* DENY ACCESS */
 				Statslog( LDAP_DEBUG_STATS,
-				    "conn=%d fd=%d connection from unknown\n",
-				    c[ns].c_connid, ns, 0, 0, 0 );
+			   	 "conn=%d fd=%d connection from %s (%s) denied.\n",
+			   	 	c[ns].c_connid, ns,
+						client_name == NULL ? "unknown" : client_name,
+						client_addr == NULL ? "unknown" : client_addr,
+			   	  0 );
+
+				close(ns);
+				pthread_mutex_unlock( &new_conn_mutex );
+				continue;
+			}
+#endif /* TCP_WRAPPERS */
+
+			Statslog( LDAP_DEBUG_STATS,
+			    "conn=%d fd=%d connection from %s (%s) accepted.\n",
+			    	c[ns].c_connid, ns,
+					client_name == NULL ? "unknown" : client_name,
+					client_addr == NULL ? "unknown" : client_addr,
+			     0 );
+
+			if ( c[ns].c_addr != NULL ) {
+				free( c[ns].c_addr );
 			}
+			c[ns].c_addr = strdup( client_addr );
+
+			if ( c[ns].c_domain != NULL ) {
+				free( c[ns].c_domain );
+			}
+
+			c[ns].c_domain = strdup( client_name == NULL
+				? "" : client_name );
+
 			pthread_mutex_lock( &c[ns].c_dnmutex );
 			if ( c[ns].c_dn != NULL ) {
 				free( c[ns].c_dn );
@@ -373,16 +422,17 @@ set_shutdown()
 {
 	Debug( LDAP_DEBUG_ANY, "slapd got shutdown signal\n", 0, 0, 0 );
 	slapd_shutdown = 1;
-#ifdef SIGSTKFLT
+#ifdef linux
+	/*
+	 * LinuxThreads are implemented using SIGUSR1/USR2,
+	 * so we'll use SIGSTKFLT and SIGUNUSED
+	 */
 	pthread_kill( listener_tid, SIGSTKFLT );
-#else
-	pthread_kill( listener_tid, SIGUSR1 );
-#endif
-#ifdef SIGUNUSED
 	(void) SIGNAL( SIGUNUSED, (void *) set_shutdown );
-#else
+#else /* !linux */
+	pthread_kill( listener_tid, SIGUSR1 );
 	(void) SIGNAL( SIGUSR2, (void *) set_shutdown );
-#endif
+#endif /* !linux */
 	(void) SIGNAL( SIGTERM, (void *) set_shutdown );
 	(void) SIGNAL( SIGINT, (void *) set_shutdown );
 	(void) SIGNAL( SIGHUP, (void *) set_shutdown );
@@ -392,9 +442,13 @@ static void
 do_nothing()
 {
 	Debug( LDAP_DEBUG_TRACE, "slapd got do_nothing signal\n", 0, 0, 0 );
-#ifdef SIGSTKFLT
+#ifdef linux
+	/*
+	 * LinuxThreads are implemented using SIGUSR1/USR2,
+	 * so we'll use SIGSTKFLT and SIGUNUSED
+	 */
 	(void) SIGNAL( SIGSTKFLT, (void *) do_nothing );
-#else
+#else /* !linux */
 	(void) SIGNAL( SIGUSR1, (void *) do_nothing );
-#endif
+#endif /* !linux */
 }