X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fdaemon.c;h=fb07060016e6216047d58765f8d82acb903c11d4;hb=7684514535dbe9f407b420bab76f06861ad7587d;hp=d8284b5dbde4353f2e8002edf0a7899af23e9e33;hpb=dd4d07406880a71e6fb82ccc63476360b011329b;p=openldap diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c index d8284b5dbd..fb07060016 100644 --- a/servers/slapd/daemon.c +++ b/servers/slapd/daemon.c @@ -42,7 +42,12 @@ #if defined(HAVE_SYS_EPOLL_H) && defined(HAVE_EPOLL) # include -#endif +#elif defined(SLAP_X_DEVPOLL) && defined(HAVE_SYS_DEVPOLL_H) && defined(HAVE_DEVPOLL) +# include +# include +# include +# include +#endif /* ! epoll && ! /dev/poll */ #ifdef HAVE_TCPD # include @@ -114,7 +119,14 @@ static struct slap_daemon { int *sd_index; int sd_epfd; int sd_nfds; -#else /* ! epoll */ +#elif defined(SLAP_X_DEVPOLL) && defined(HAVE_DEVPOLL) + /* eXperimental */ + struct pollfd *sd_pollfd; + int *sd_index; + Listener **sd_l; + int sd_dpfd; + int sd_nfds; +#else /* ! epoll && ! /dev/poll */ #ifndef HAVE_WINSOCK /* In winsock, accept() returns values higher than dtblsize so don't bother with this optimization */ @@ -123,7 +135,7 @@ static struct slap_daemon { fd_set sd_actives; fd_set sd_readers; fd_set sd_writers; -#endif /* ! epoll */ +#endif /* ! epoll && ! /dev/poll */ } slap_daemon; /* @@ -133,7 +145,7 @@ static struct slap_daemon { * with file descriptors and events respectively * * - SLAP__* for private interface; type by now is one of - * EPOLL, SELECT + * EPOLL, DEVPOLL, SELECT * * private interface should not be used in the code. */ @@ -271,7 +283,188 @@ static struct slap_daemon { dtblsize, (tvp) ? (tvp)->tv_sec * 1000 : -1 ); \ } while (0) -#else /* ! epoll */ +#elif defined(SLAP_X_DEVPOLL) && defined(HAVE_DEVPOLL) + +/************************************************************* + * Use Solaris' (>= 2.7) /dev/poll infrastructure - poll(7d) * + *************************************************************/ +# define SLAP_EVENT_FNAME "/dev/poll" +# define SLAP_EVENTS_ARE_INDEXED 0 +/* + * - sd_index is used much like with epoll() + * - sd_l is maintained as an array containing the address + * of the listener; the index is the fd itself + * - sd_pollfd is used to keep track of what data has been + * registered in /dev/poll + */ +# define SLAP_DEVPOLL_SOCK_IX(s) (slap_daemon.sd_index[(s)]) +# define SLAP_DEVPOLL_SOCK_LX(s) (slap_daemon.sd_l[(s)]) +# define SLAP_DEVPOLL_SOCK_EP(s) (slap_daemon.sd_pollfd[SLAP_DEVPOLL_SOCK_IX((s))]) +# define SLAP_DEVPOLL_SOCK_FD(s) (SLAP_DEVPOLL_SOCK_EP((s)).fd) +# define SLAP_DEVPOLL_SOCK_EV(s) (SLAP_DEVPOLL_SOCK_EP((s)).events) +# define SLAP_SOCK_IS_ACTIVE(s) (SLAP_DEVPOLL_SOCK_IX((s)) != -1) +# define SLAP_SOCK_NOT_ACTIVE(s) (SLAP_DEVPOLL_SOCK_IX((s)) == -1) +# define SLAP_SOCK_IS_SET(s, mode) (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) + +# define SLAP_SOCK_IS_READ(s) SLAP_SOCK_IS_SET((s), POLLIN) +# define SLAP_SOCK_IS_WRITE(s) SLAP_SOCK_IS_SET((s), POLLOUT) + +/* as far as I understand, any time we need to communicate with the kernel + * about the number and/or properties of a file descriptor we need it to + * wait for, we have to rewrite the whole set */ +# define SLAP_DEVPOLL_WRITE_POLLFD(s, pfd, n, what, shdn) do { \ + int rc; \ + size_t size = (n) * sizeof( struct pollfd ); \ + /* FIXME: use pwrite? */ \ + rc = write( slap_daemon.sd_dpfd, (pfd), size ); \ + if ( rc != size ) { \ + Debug( LDAP_DEBUG_ANY, "daemon: " SLAP_EVENT_FNAME ": " \ + "%s fd=%d failed errno=%d\n", \ + (what), (s), errno ); \ + if ( (shdn) ) { \ + slapd_shutdown = 2; \ + } \ + } \ +} while (0) + +# define SLAP_DEVPOLL_SOCK_SET(s, mode) do { \ + Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_SET_%s(%d)=%d\n", \ + (mode) == POLLIN ? "READ" : "WRITE", (s), \ + ( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) != (mode) ) ); \ + if ( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) != (mode) ) { \ + struct pollfd pfd; \ + SLAP_DEVPOLL_SOCK_EV((s)) |= (mode); \ + pfd.fd = SLAP_DEVPOLL_SOCK_FD((s)); \ + pfd.events = /* (mode) */ SLAP_DEVPOLL_SOCK_EV((s)); \ + SLAP_DEVPOLL_WRITE_POLLFD((s), &pfd, 1, "SET", 0); \ + } \ +} while (0) + +# define SLAP_DEVPOLL_SOCK_CLR(s, mode) do { \ + Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_CLR_%s(%d)=%d\n", \ + (mode) == POLLIN ? "READ" : "WRITE", (s), \ + ( (SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) == (mode) ) ); \ + if ((SLAP_DEVPOLL_SOCK_EV((s)) & (mode)) == (mode) ) { \ + struct pollfd pfd[2]; \ + SLAP_DEVPOLL_SOCK_EV((s)) &= ~(mode); \ + pfd[0].fd = SLAP_DEVPOLL_SOCK_FD((s)); \ + pfd[0].events = POLLREMOVE; \ + pfd[1] = SLAP_DEVPOLL_SOCK_EP((s)); \ + SLAP_DEVPOLL_WRITE_POLLFD((s), &pfd[0], 2, "CLR", 0); \ + } \ +} while (0) + +# define SLAP_SOCK_SET_READ(s) SLAP_DEVPOLL_SOCK_SET(s, POLLIN) +# define SLAP_SOCK_SET_WRITE(s) SLAP_DEVPOLL_SOCK_SET(s, POLLOUT) + +# define SLAP_SOCK_CLR_READ(s) SLAP_DEVPOLL_SOCK_CLR((s), POLLIN) +# define SLAP_SOCK_CLR_WRITE(s) SLAP_DEVPOLL_SOCK_CLR((s), POLLOUT) + +# ifdef SLAP_LIGHTWEIGHT_DISPATCHER +# define SLAP_SOCK_SET_SUSPEND(s) \ + ( slap_daemon.sd_suspend[SLAP_DEVPOLL_SOCK_IX((s))] = 1 ) +# define SLAP_SOCK_CLR_SUSPEND(s) \ + ( slap_daemon.sd_suspend[SLAP_DEVPOLL_SOCK_IX((s))] = 0 ) +# define SLAP_SOCK_IS_SUSPEND(s) \ + ( slap_daemon.sd_suspend[SLAP_DEVPOLL_SOCK_IX((s))] == 1 ) +# endif /* SLAP_LIGHTWEIGHT_DISPATCHER */ + +# define SLAP_DEVPOLL_EVENT_CLR(i, mode) (revents[(i)].events &= ~(mode)) + +# define SLAP_EVENT_MAX slap_daemon.sd_nfds + +/* If a Listener address is provided, store that in the sd_l array. + * If we can't do this add, the system is out of resources and we + * need to shutdown. + */ +# define SLAP_SOCK_ADD(s, l) do { \ + Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_ADD(%d, %p)\n", (s), (l), 0 ); \ + SLAP_DEVPOLL_SOCK_IX((s)) = slap_daemon.sd_nfds; \ + SLAP_DEVPOLL_SOCK_LX((s)) = (l); \ + SLAP_DEVPOLL_SOCK_FD((s)) = (s); \ + SLAP_DEVPOLL_SOCK_EV((s)) = POLLIN; \ + SLAP_DEVPOLL_WRITE_POLLFD((s), &SLAP_DEVPOLL_SOCK_EP((s)), 1, "ADD", 1); \ + slap_daemon.sd_nfds++; \ +} while (0) + +# define SLAP_DEVPOLL_EV_LISTENER(ptr) ((ptr) != NULL) + +# define SLAP_SOCK_DEL(s) do { \ + int fd, index = SLAP_DEVPOLL_SOCK_IX((s)); \ + Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_DEL(%d)\n", (s), 0, 0 ); \ + if ( index < 0 ) break; \ + if ( index < slap_daemon.sd_nfds - 1 ) { \ + struct pollfd pfd = slap_daemon.sd_pollfd[index]; \ + fd = slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1].fd; \ + slap_daemon.sd_pollfd[index] = slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1]; \ + slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1] = pfd; \ + slap_daemon.sd_index[fd] = index; \ + } \ + slap_daemon.sd_index[(s)] = -1; \ + slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1].events = POLLREMOVE; \ + SLAP_DEVPOLL_WRITE_POLLFD((s), &slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1], 1, "DEL", 0); \ + slap_daemon.sd_pollfd[slap_daemon.sd_nfds - 1].events = 0; \ + slap_daemon.sd_nfds--; \ +} while (0) + +# define SLAP_EVENT_CLR_READ(i) SLAP_DEVPOLL_EVENT_CLR((i), POLLIN) +# define SLAP_EVENT_CLR_WRITE(i) SLAP_DEVPOLL_EVENT_CLR((i), POLLOUT) + +# define SLAP_DEVPOLL_EVENT_CHK(i, mode) (revents[(i)].events & (mode)) + +# define SLAP_EVENT_FD(i) (revents[(i)].fd) + +# define SLAP_EVENT_IS_READ(i) SLAP_DEVPOLL_EVENT_CHK((i), POLLIN) +# define SLAP_EVENT_IS_WRITE(i) SLAP_DEVPOLL_EVENT_CHK((i), POLLOUT) +# define SLAP_EVENT_IS_LISTENER(i) SLAP_DEVPOLL_EV_LISTENER(SLAP_DEVPOLL_SOCK_LX(SLAP_EVENT_FD((i)))) +# define SLAP_EVENT_LISTENER(i) SLAP_DEVPOLL_SOCK_LX(SLAP_EVENT_FD((i))) + +# define SLAP_SOCK_INIT do { \ + slap_daemon.sd_pollfd = ch_calloc( 1, \ + ( sizeof(struct pollfd) * 2 \ + + sizeof( int ) \ + + sizeof( Listener * ) ) * dtblsize ); \ + slap_daemon.sd_index = (int *)&slap_daemon.sd_pollfd[ 2 * dtblsize ]; \ + slap_daemon.sd_l = (Listener **)&slap_daemon.sd_index[ dtblsize ]; \ + slap_daemon.sd_dpfd = open( SLAP_EVENT_FNAME, O_RDWR ); \ + if ( slap_daemon.sd_dpfd == -1 ) { \ + Debug( LDAP_DEBUG_ANY, "daemon: " SLAP_EVENT_FNAME ": " \ + "open(\"" SLAP_EVENT_FNAME "\") failed errno=%d\n", \ + errno, 0, 0 ); \ + SLAP_SOCK_DESTROY; \ + return -1; \ + } \ + for ( i = 0; i < dtblsize; i++ ) { \ + slap_daemon.sd_pollfd[i].fd = -1; \ + slap_daemon.sd_index[i] = -1; \ + } \ +} while (0) + +# define SLAP_SOCK_DESTROY do { \ + if ( slap_daemon.sd_pollfd != NULL ) { \ + ch_free( slap_daemon.sd_pollfd ); \ + slap_daemon.sd_pollfd = NULL; \ + slap_daemon.sd_index = NULL; \ + slap_daemon.sd_l = NULL; \ + close( slap_daemon.sd_dpfd ); \ + } \ +} while ( 0 ) + +# define SLAP_EVENT_DECL struct pollfd *revents + +# define SLAP_EVENT_INIT do { \ + revents = &slap_daemon.sd_pollfd[ dtblsize ]; \ +} while (0) + +# define SLAP_EVENT_WAIT(tvp, nsp) do { \ + struct dvpoll sd_dvpoll; \ + sd_dvpoll.dp_timeout = (tvp) ? (tvp)->tv_sec * 1000 : -1; \ + sd_dvpoll.dp_nfds = dtblsize; \ + sd_dvpoll.dp_fds = revents; \ + *(nsp) = ioctl( slap_daemon.sd_dpfd, DP_POLL, &sd_dvpoll ); \ +} while (0) + +#else /* ! epoll && ! /dev/poll */ /************************************** * Use select system call - select(2) * @@ -301,6 +494,7 @@ static struct slap_daemon { # define SLAP_SOCK_INIT do { \ SLAP_SELECT_CHK_SETSIZE; \ + FD_ZERO(&slap_daemon.sd_actives); \ FD_ZERO(&slap_daemon.sd_readers); \ FD_ZERO(&slap_daemon.sd_writers); \ } while (0) @@ -355,11 +549,11 @@ static struct slap_daemon { # define SLAP_EVENT_CLR_READ(fd) FD_CLR((fd), &readfds) # define SLAP_EVENT_CLR_WRITE(fd) FD_CLR((fd), &writefds) -# define SLAP_EVENT_WAIT(tvp, snp) do { \ +# define SLAP_EVENT_WAIT(tvp, nsp) do { \ *(nsp) = select( SLAP_EVENT_MAX, &readfds, \ nwriters > 0 ? &writefds : NULL, NULL, (tvp) ); \ } while (0) -#endif /* ! epoll */ +#endif /* ! epoll && ! /dev/poll */ #ifdef HAVE_SLP /* @@ -520,8 +714,8 @@ slapd_add( ber_socket_t s, int isactive, Listener *sl ) SLAP_SOCK_ADD(s, sl); - Debug( LDAP_DEBUG_CONNS, "daemon: added %ldr\n", - (long) s, 0, 0 ); + Debug( LDAP_DEBUG_CONNS, "daemon: added %ldr%s listener=%p\n", + (long) s, isactive ? " (active)" : "", (void *)sl ); ldap_pvt_thread_mutex_unlock( &slap_daemon.sd_mutex ); @@ -1115,21 +1309,44 @@ slap_open_listener( #ifdef LDAP_PF_LOCAL case AF_LOCAL: #ifdef LOCAL_CREDS - { - int one = 1; - setsockopt(l.sl_sd, 0, LOCAL_CREDS, &one, sizeof one); - } + { + int one = 1; + setsockopt( l.sl_sd, 0, LOCAL_CREDS, &one, sizeof( one ) ); + } #endif /* LOCAL_CREDS */ - addrlen = sizeof(struct sockaddr_un); - break; + + addrlen = sizeof( struct sockaddr_un ); + break; #endif /* LDAP_PF_LOCAL */ } - if (bind(l.sl_sd, *sal, addrlen)) { +#ifdef LDAP_PF_LOCAL + /* create socket with all permissions set for those systems + * that honor permissions on sockets (e.g. Linux); typically, + * only write is required. To exploit filesystem permissions, + * place the socket in a directory and use directory's + * permissions. Need write perms to the directory to + * create/unlink the socket; likely need exec perms to access + * the socket (ITS#4709) */ + { + mode_t old_umask; + + if ( (*sal)->sa_family == AF_LOCAL ) { + old_umask = umask( 0 ); + } +#endif /* LDAP_PF_LOCAL */ + rc = bind( l.sl_sd, *sal, addrlen ); +#ifdef LDAP_PF_LOCAL + if ( (*sal)->sa_family == AF_LOCAL ) { + umask( old_umask ); + } + } +#endif /* LDAP_PF_LOCAL */ + if ( rc ) { err = sock_errno(); Debug( LDAP_DEBUG_ANY, "daemon: bind(%ld) failed errno=%d (%s)\n", - (long) l.sl_sd, err, sock_errstr(err) ); + (long)l.sl_sd, err, sock_errstr( err ) ); tcp_close( l.sl_sd ); sal++; continue; @@ -1171,9 +1388,9 @@ slap_open_listener( inet_ntop( AF_INET6, &((struct sockaddr_in6 *)*sal)->sin6_addr, addr, sizeof addr); port = ntohs( ((struct sockaddr_in6 *)*sal)->sin6_port ); - l.sl_name.bv_len = strlen(addr) + sizeof("IP= 65535"); + l.sl_name.bv_len = strlen(addr) + sizeof("IP=[]:65535"); l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len ); - snprintf( l.sl_name.bv_val, l.sl_name.bv_len, "IP=%s %d", + snprintf( l.sl_name.bv_val, l.sl_name.bv_len, "IP=[%s]:%d", addr, port ); l.sl_name.bv_len = strlen( l.sl_name.bv_val ); } break; @@ -1378,11 +1595,15 @@ slap_listener( #ifdef LDAP_PF_LOCAL char peername[MAXPATHLEN + sizeof("PATH=")]; #elif defined(LDAP_PF_INET6) - char peername[sizeof("IP=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 65535")]; + char peername[sizeof("IP=[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535")]; #else /* ! LDAP_PF_LOCAL && ! LDAP_PF_INET6 */ char peername[sizeof("IP=255.255.255.255:65336")]; #endif /* LDAP_PF_LOCAL */ + Debug( LDAP_DEBUG_TRACE, + ">>> slap_listener(%s)", + sl->sl_url.bv_val, 0, 0 ); + peername[0] = '\0'; #ifdef LDAP_CONNECTIONLESS @@ -1538,7 +1759,7 @@ slap_listener( peeraddr = (char *) inet_ntop( AF_INET6, &from.sa_in6_addr.sin6_addr, addr, sizeof addr ); - sprintf( peername, "IP=%s %d", + sprintf( peername, "IP=[%s]:%d", peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN, (unsigned) ntohs( from.sa_in6_addr.sin6_port ) ); } @@ -1546,10 +1767,10 @@ slap_listener( # endif /* LDAP_PF_INET6 */ case AF_INET: - peeraddr = inet_ntoa( from.sa_in_addr.sin_addr ); - sprintf( peername, "IP=%s:%d", - peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN, - (unsigned) ntohs( from.sa_in_addr.sin_port ) ); + peeraddr = inet_ntoa( from.sa_in_addr.sin_addr ); + sprintf( peername, "IP=%s:%d", + peeraddr != NULL ? peeraddr : SLAP_STRING_UNKNOWN, + (unsigned) ntohs( from.sa_in_addr.sin_port ) ); break; default: @@ -1634,13 +1855,15 @@ slap_listener_thread( void* ctx, void* ptr ) { - int rc; + int rc; + Listener *sl = (Listener *)ptr; - rc = slap_listener( (Listener*)ptr ); + rc = slap_listener( sl ); if( rc != LDAP_SUCCESS ) { Debug( LDAP_DEBUG_ANY, - "listener_thread: failed %d", rc, 0, 0 ); + "slap_listener_thread(%s): failed err=%d", + sl->sl_url.bv_val, rc, 0 ); } return (void*)NULL;