Fixed slapd-bdb/hdb cn=config olcDbIndex modify/replace (ITS#4262)
Fixed slapd-bdb/hdb lockup issue (ITS#4184)
Fixed slapo-rwm static DN free bug (ITS#4248)
+ Fixed slapd-ldap/meta (ITS#4115)
Updated slapo-dynlist (ITS#3756,4224)
Build environment
Updated test033-glue-syncrepl (ITS#4264)
unsigned lc_refcnt;
unsigned lc_flags;
+ time_t lc_time;
} ldapconn_t;
/*
ldap_avl_info_t li_conninfo;
+ time_t li_network_timeout;
+ time_t li_idle_timeout;
time_t li_timeout[ LDAP_BACK_OP_LAST ];
} ldapinfo_t;
retry:;
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, &tv, &res );
if ( rc < 0 ) {
- rc = LDAP_OTHER;
+ rc = LDAP_UNAVAILABLE;
} else if ( rc == 0 ) {
if ( retries != LDAP_BACK_RETRY_NEVER ) {
LDAP_BACK_TV_SET( &tv );
goto retry;
}
- rc = LDAP_OTHER;
+ rc = LDAP_UNAVAILABLE;
} else if ( rc == LDAP_RES_EXTENDED ) {
struct berval *data = NULL;
rc = ldap_install_tls( ld );
} else if ( rc == LDAP_REFERRAL ) {
- rc = LDAP_OTHER;
+ rc = LDAP_UNWILLING_TO_PERFORM;
*text = "unwilling to chase referral returned by Start TLS exop";
}
/* Set LDAP version. This will always succeed: If the client
* bound with a particular version, then so can we.
*/
+ if ( vers == 0 ) {
+ /* assume it's an internal op; set to LDAPv3 */
+ vers = LDAP_VERSION3;
+ }
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, (const void *)&vers );
/* automatically chase referrals ("[dont-]chase-referrals" statement) */
}
} else {
- Debug( LDAP_DEBUG_TRACE,
- "=>ldap_back_getconn: conn %p fetched (refcnt=%u)\n",
- (void *)lc, refcnt, 0 );
+ if ( li->li_idle_timeout != 0 && op->o_time > lc->lc_time + li->li_idle_timeout ) {
+ /* in case of failure, it frees/taints lc and sets it to NULL */
+ if ( ldap_back_retry( &lc, op, rs, sendok ) ) {
+ lc = NULL;
+ }
+ }
+
+ if ( lc ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "=>ldap_back_getconn: conn %p fetched (refcnt=%u)\n",
+ (void *)lc, refcnt, 0 );
+ }
+ }
+
+ if ( li->li_idle_timeout && lc ) {
+ lc->lc_time = op->o_time;
}
done:;
retry:;
/* if result parsing fails, note the failure reason */
- rc = ldap_result( lc->lc_ld, msgid, 1, &tv, &res );
+ rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
switch ( rc ) {
case 0:
if ( timeout ) {
int rc = 0;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
+ assert( lcp != NULL );
+ assert( *lcp != NULL );
+
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
if ( (*lcp)->lc_refcnt == 1 ) {
/* lc here must be the regular lc, reset and ready for init */
rc = ldap_back_prepare_conn( lcp, op, rs, sendok );
- if ( rc == LDAP_SUCCESS ) {
+ if ( rc != LDAP_SUCCESS ) {
+ rc = 0;
+ *lcp = NULL;
+
+ } else {
rc = ldap_back_dobind_int( *lcp, op, rs, sendok, 0, 0 );
if ( rc == 0 ) {
*lcp = NULL;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
struct berval binddn = slap_empty_bv;
struct berval bindcred = slap_empty_bv;
+ struct berval ndn;
int dobind = 0;
int msgid;
int rc;
+ if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ ndn = op->o_conn->c_ndn;
+
+ } else {
+ ndn = op->o_ndn;
+ }
+
/*
* FIXME: we need to let clients use proxyAuthz
* otherwise we cannot do symmetric pools of servers;
* is authorized */
switch ( li->li_idassert_mode ) {
case LDAP_BACK_IDASSERT_LEGACY:
- if ( !BER_BVISNULL( &op->o_conn->c_ndn ) && !BER_BVISEMPTY( &op->o_conn->c_ndn ) ) {
+ if ( !BER_BVISNULL( &ndn ) && !BER_BVISEMPTY( &ndn ) ) {
if ( !BER_BVISNULL( &li->li_idassert_authcDN ) && !BER_BVISEMPTY( &li->li_idassert_authcDN ) )
{
binddn = li->li_idassert_authcDN;
if ( li->li_idassert_authz && !be_isroot( op ) ) {
struct berval authcDN;
- if ( BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ if ( BER_BVISNULL( &ndn ) ) {
authcDN = slap_empty_bv;
} else {
- authcDN = op->o_conn->c_ndn;
+ authcDN = ndn;
}
rs->sr_err = slap_sasl_matches( op, li->li_idassert_authz,
&authcDN, &authcDN );
break;
case LDAP_BACK_IDASSERT_SELF:
- if ( BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ if ( BER_BVISNULL( &ndn ) ) {
/* connection is not authc'd, so don't idassert */
BER_BVSTR( &authzID, "dn:" );
break;
}
- authzID.bv_len = STRLENOF( "dn:" ) + op->o_conn->c_ndn.bv_len;
+ authzID.bv_len = STRLENOF( "dn:" ) + ndn.bv_len;
authzID.bv_val = slap_sl_malloc( authzID.bv_len + 1, op->o_tmpmemctx );
AC_MEMCPY( authzID.bv_val, "dn:", STRLENOF( "dn:" ) );
AC_MEMCPY( authzID.bv_val + STRLENOF( "dn:" ),
- op->o_conn->c_ndn.bv_val, op->o_conn->c_ndn.bv_len + 1 );
+ ndn.bv_val, ndn.bv_len + 1 );
freeauthz = 1;
break;
LDAPControl **ctrls = NULL;
int i = 0,
mode;
- struct berval assertedID;
+ struct berval assertedID,
+ ndn;
*pctrls = NULL;
goto done;
}
+ if ( !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ ndn = op->o_conn->c_ndn;
+
+ } else {
+ ndn = op->o_ndn;
+ }
+
if ( li->li_idassert_mode == LDAP_BACK_IDASSERT_LEGACY ) {
if ( op->o_proxy_authz ) {
/*
goto done;
}
- if ( BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ if ( BER_BVISNULL( &ndn ) ) {
goto done;
}
} else if ( li->li_idassert_authmethod == LDAP_AUTH_SASL ) {
if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ )
- /* && ( !BER_BVISNULL( &op->o_conn->c_ndn )
+ /* && ( !BER_BVISNULL( &ndn )
|| LDAP_BACK_CONN_ISBOUND( lc ) ) */ )
{
/* already asserted in SASL via native authz */
/* NOTE: the test on lc->lc_bound is used to trap
* native authorization of anonymous users,
- * since in that case op->o_conn->c_ndn is NULL */
+ * since in that case ndn is NULL */
goto done;
}
int rc;
struct berval authcDN;
- if ( BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ if ( BER_BVISNULL( &ndn ) ) {
authcDN = slap_empty_bv;
} else {
- authcDN = op->o_conn->c_ndn;
+ authcDN = ndn;
}
rc = slap_sasl_matches( op, li->li_idassert_authz,
&authcDN, & authcDN );
if ( rc != LDAP_SUCCESS ) {
if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE )
{
- /* op->o_conn->c_ndn is not authorized
+ /* ndn is not authorized
* to use idassert */
return rc;
}
case LDAP_BACK_IDASSERT_SELF:
/* original behavior:
* assert the client's identity */
- if ( BER_BVISNULL( &op->o_conn->c_ndn ) ) {
+ if ( BER_BVISNULL( &ndn ) ) {
assertedID = slap_empty_bv;
} else {
- assertedID = op->o_conn->c_ndn;
+ assertedID = ndn;
}
break;
* the tree? Should be all configurable.
*/
- /* "common" configuration info (all occurring before an "uri") */
+ /* "common" configuration info (anything occurring before an "uri") */
ldapinfo_t *lc_common_li;
/* current configuration info */
"DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
- { "chain-cache-uris", "TRUE/FALSE",
+ { "chain-cache-uri", "TRUE/FALSE",
2, 2, 0, ARG_MAGIC|ARG_ON_OFF|CH_CACHE_URI, chain_cf_gen,
- "( OLcfgOvAt:3.2 NAME 'olcCacheURIs' "
+ "( OLcfgOvAt:3.2 NAME 'olcCacheURI' "
"DESC 'Enables caching of URIs not present in configuration' "
"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
#ifdef LDAP_CONTROL_X_CHAINING_BEHAVIOR
"olcChainingBehavior $ "
#endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
- "olcCacheURIs "
+ "olcCacheURI "
") )",
Cft_Overlay, chaincfg, NULL, chain_cfadd },
{ "( OLcfgOvOc:3.2 "
BackendInfo *bd_info = be->bd_info;
void *be_private = be->be_private;
ConfigOCs *be_cf_ocs = be->be_cf_ocs;
- int is_uri = 0;
+ static char *allowed_argv[] = {
+ /* special: put URI here, so in the meanwhile
+ * it detects whether a new URI is being provided */
+ "uri",
+ "nretries",
+ "timeout",
+ /* flags */
+ "tls",
+ /* FIXME: maybe rebind-as-user should be allowed
+ * only within known URIs... */
+ "rebind-as-user",
+ "chase-referrals",
+ "t-f-support",
+ "proxy-whoami",
+ NULL
+ };
+ int which_argv = -1;
argv[ 0 ] += STRLENOF( "chain-" );
- if ( strcasecmp( argv[ 0 ], "uri" ) == 0 ) {
+ for ( which_argv = 0; allowed_argv[ which_argv ]; which_argv++ ) {
+ if ( strcasecmp( argv[ 0 ], allowed_argv[ which_argv ] ) == 0 ) {
+ break;
+ }
+ }
+
+ if ( allowed_argv[ which_argv ] == NULL ) {
+ which_argv = -1;
+
+ if ( lc->lc_cfg_li == lc->lc_common_li ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"%s\" only allowed within a URI directive.\n.",
+ fname, lineno, argv[ 0 ] );
+ return 1;
+ }
+ }
+
+ if ( which_argv == 0 ) {
rc = ldap_chain_db_init_one( be );
if ( rc != 0 ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
return 1;
}
lc->lc_cfg_li = be->be_private;
- is_uri = 1;
}
/* TODO: add checks on what other slapd-ldap(5) args
be->be_private = be_private;
be->bd_info = bd_info;
- if ( is_uri ) {
+ if ( which_argv == 0 ) {
private_destroy:;
if ( rc != 0 ) {
BackendDB db = *be;
LDAP_BACK_CFG_T_F,
LDAP_BACK_CFG_WHOAMI,
LDAP_BACK_CFG_TIMEOUT,
+ LDAP_BACK_CFG_IDLE_TIMEOUT,
LDAP_BACK_CFG_REWRITE,
LDAP_BACK_CFG_LAST
"SYNTAX OMsDirectoryString "
"SINGLE-VALUE )",
NULL, NULL },
+ { "idle-timeout", "timeout", 2, 0, 0,
+ ARG_MAGIC|LDAP_BACK_CFG_IDLE_TIMEOUT,
+ ldap_back_cf_gen, "( OLcfgDbAt:3.15 "
+ "NAME 'olcDbIdleTimeout' "
+ "DESC 'connection idle timeout' "
+ "SYNTAX OMsDirectoryString "
+ "SINGLE-VALUE )",
+ NULL, NULL },
{ "suffixmassage", "[virtual]> <real", 2, 3, 0,
ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
ldap_back_cf_gen, NULL, NULL, NULL },
"$ olcDbTFSupport "
"$ olcDbProxyWhoAmI "
"$ olcDbTimeout "
+ "$ olcDbIdleTimeout "
") )",
Cft_Database, ldapcfg},
{ NULL, 0, NULL }
case LDAP_BACK_CFG_TLS:
enum_to_verb( tls_mode, ( li->li_flags & LDAP_BACK_F_TLS_MASK ), &bv );
- if ( BER_BVISNULL( &bv ) ) {
- /* there's something wrong... */
- assert( 0 );
- rc = 1;
-
- } else {
- value_add_one( &c->rvalue_vals, &bv );
- }
+ assert( !BER_BVISNULL( &bv ) );
+ value_add_one( &c->rvalue_vals, &bv );
break;
case LDAP_BACK_CFG_ACL_AUTHCDN:
case LDAP_BACK_CFG_ACL_BIND: {
int i;
+ if ( li->li_acl_authmethod == LDAP_AUTH_NONE ) {
+ return 1;
+ }
+
bindconf_unparse( &li->li_acl, &bv );
for ( i = 0; isspace( bv.bv_val[ i ] ); i++ )
struct berval bc = BER_BVNULL;
char *ptr;
+ if ( li->li_idassert_authmethod == LDAP_AUTH_NONE ) {
+ return 1;
+ }
+
if ( li->li_idassert_authmethod != LDAP_AUTH_NONE ) {
ber_len_t len;
case LDAP_BACK_CFG_TIMEOUT:
BER_BVZERO( &bv );
+ for ( i = 0; i < LDAP_BACK_OP_LAST; i++ ) {
+ if ( li->li_timeout[ i ] != 0 ) {
+ break;
+ }
+ }
+
+ if ( i == LDAP_BACK_OP_LAST ) {
+ return 1;
+ }
+
slap_cf_aux_table_unparse( li->li_timeout, &bv, timeout_table );
- if ( !BER_BVISNULL( &bv ) ) {
- for ( i = 0; isspace( bv.bv_val[ i ] ); i++ )
- /* count spaces */ ;
+ if ( BER_BVISNULL( &bv ) ) {
+ return 1;
+ }
- if ( i ) {
- bv.bv_len -= i;
- AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ],
- bv.bv_len + 1 );
- }
+ for ( i = 0; isspace( bv.bv_val[ i ] ); i++ )
+ /* count spaces */ ;
- ber_bvarray_add( &c->rvalue_vals, &bv );
+ if ( i ) {
+ bv.bv_len -= i;
+ AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ],
+ bv.bv_len + 1 );
}
+
+ ber_bvarray_add( &c->rvalue_vals, &bv );
break;
+ case LDAP_BACK_CFG_IDLE_TIMEOUT: {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ if ( li->li_idle_timeout == 0 ) {
+ return 1;
+ }
+
+ lutil_unparse_time( buf, sizeof( buf ), li->li_idle_timeout );
+ ber_str2bv( buf, 0, 0, &bv );
+ value_add_one( &c->rvalue_vals, &bv );
+ } break;
+
default:
/* FIXME: we need to handle all... */
assert( 0 );
}
break;
+ case LDAP_BACK_CFG_IDLE_TIMEOUT:
+ li->li_idle_timeout = 0;
+ break;
+
default:
/* FIXME: we need to handle all... */
assert( 0 );
char **urllist = NULL;
int urlrc = LDAP_URL_SUCCESS, i;
- if ( c->argc != 2 ) {
- fprintf( stderr, "%s: line %d: "
- "missing uri "
- "in \"uri <uri>\" line\n",
- c->fname, c->lineno );
- return 1;
- }
-
if ( li->li_uri != NULL ) {
ch_free( li->li_uri );
li->li_uri = NULL;
why = "unknown reason";
break;
}
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg),
"unable to parse uri \"%s\" "
- "in \"uri <uri>\" line: %s\n",
- c->fname, c->lineno, c->value_string, why );
+ "in \"uri <uri>\" line: %s",
+ c->value_string, why );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
urlrc = 1;
goto done_url;
}
|| tmpludp->lud_filter != NULL
|| tmpludp->lud_exts != NULL )
{
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"warning, only protocol, "
"host and port allowed "
"in \"uri <uri>\" statement "
- "for uri #%d of \"%s\"\n",
- c->fname, c->lineno, i, c->value_string );
+ "for uri #%d of \"%s\"",
+ i, c->value_string );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
}
}
urllist[ i ] = ldap_url_desc2str( &tmplud );
if ( urllist[ i ] == NULL ) {
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg),
"unable to rebuild uri "
"in \"uri <uri>\" statement "
- "for \"%s\"\n",
- c->fname, c->lineno, c->argv[ 1 ] );
+ "for \"%s\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
urlrc = 1;
goto done_url;
}
break;
default:
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg),
"\"acl-authcDN <DN>\" incompatible "
- "with auth method %d.",
- c->fname, c->lineno, li->li_acl_authmethod );
+ "with auth method %d",
+ li->li_acl_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
if ( !BER_BVISNULL( &li->li_acl_authcDN ) ) {
break;
default:
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"acl-passwd <cred>\" incompatible "
- "with auth method %d.",
- c->fname, c->lineno, li->li_acl_authmethod );
+ "with auth method %d",
+ li->li_acl_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
if ( !BER_BVISNULL( &li->li_acl_passwd ) ) {
break;
default:
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-authcDN <DN>\" incompatible "
- "with auth method %d.",
- c->fname, c->lineno, li->li_idassert_authmethod );
+ "with auth method %d",
+ li->li_idassert_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
if ( !BER_BVISNULL( &li->li_idassert_authcDN ) ) {
break;
default:
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-passwd <cred>\" incompatible "
- "with auth method %d.",
- c->fname, c->lineno, li->li_idassert_authmethod );
+ "with auth method %d",
+ li->li_idassert_authmethod );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
if ( !BER_BVISNULL( &li->li_idassert_passwd ) ) {
ber_str2bv( c->argv[ 1 ], 0, 0, &in );
rc = authzNormalize( 0, NULL, NULL, &in, &bv, NULL );
if ( rc != LDAP_SUCCESS ) {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-authzFrom <authz>\": "
- "invalid syntax.\n",
- c->fname, c->lineno );
+ "invalid syntax" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
#else /* !SLAP_AUTHZ_SYNTAX */
case LDAP_BACK_CFG_IDASSERT_METHOD:
/* no longer supported */
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-method <args>\": "
- "no longer supported; use \"idassert-bind\".\n",
- c->fname, c->lineno );
+ "no longer supported; use \"idassert-bind\"" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
case LDAP_BACK_CFG_IDASSERT_BIND:
j = verb_to_mask( argvi, idassert_mode );
if ( BER_BVISNULL( &idassert_mode[ j ].word ) ) {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-bind <args>\": "
- "unknown mode \"%s\".\n",
- c->fname, c->lineno, argvi );
+ "unknown mode \"%s\"",
+ argvi );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
if ( strcasecmp( argvi, "native" ) == 0 ) {
if ( li->li_idassert_authmethod != LDAP_AUTH_SASL ) {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-bind <args>\": "
"authz=\"native\" incompatible "
- "with auth method.\n",
- c->fname, c->lineno );
+ "with auth method" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
li->li_idassert_flags |= LDAP_BACK_AUTH_NATIVE_AUTHZ;
li->li_idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
} else {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-bind <args>\": "
- "unknown authz \"%s\".\n",
- c->fname, c->lineno, argvi );
+ "unknown authz \"%s\"",
+ argvi );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
int j;
if ( flags == NULL ) {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-bind <args>\": "
- "unable to parse flags \"%s\".\n",
- c->fname, c->lineno, argvi );
+ "unable to parse flags \"%s\"",
+ argvi );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
li->li_idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
} else {
- fprintf( stderr, "%s: %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"\"idassert-bind <args>\": "
- "unknown flag \"%s\".\n",
+ "unknown flag \"%s\"",
c->fname, c->lineno, flags[ j ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
}
}
break;
case LDAP_BACK_CFG_TIMEOUT:
- if ( c->argc < 2 ) {
- return 1;
- }
-
for ( i = 1; i < c->argc; i++ ) {
if ( isdigit( c->argv[ i ][ 0 ] ) ) {
int j;
}
break;
+ case LDAP_BACK_CFG_IDLE_TIMEOUT: {
+ unsigned long t;
+
+ if ( lutil_parse_time( c->argv[ 1 ], &t ) != 0 ) {
+ snprintf( c->msg, sizeof( c->msg),
+ "unable to parse idle timeout \"%s\"",
+ c->argv[ 1 ] );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+ return 1;
+ }
+ li->li_idle_timeout = (time_t)t;
+ } break;
+
case LDAP_BACK_CFG_REWRITE:
- fprintf( stderr, "%s: line %d: "
+ snprintf( c->msg, sizeof( c->msg ),
"rewrite/remap capabilities have been moved "
"to the \"rwm\" overlay; see slapo-rwm(5) "
"for details (hint: add \"overlay rwm\" "
- "and prefix all directives with \"rwm-\").\n",
- c->fname, c->lineno );
+ "and prefix all directives with \"rwm-\")" );
+ Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
return 1;
default:
if( rs->sr_err != LDAP_SUCCESS ) return rs->sr_err;
/* if auth'd by back-ldap and request is proxied, forward it */
- if ( op->o_conn->c_authz_backend && !strcmp(op->o_conn->c_authz_backend->be_type, "ldap" ) && !dn_match(&op->o_ndn, &op->o_conn->c_ndn)) {
+ if ( op->o_conn->c_authz_backend
+ && !strcmp( op->o_conn->c_authz_backend->be_type, "ldap" )
+ && !dn_match( &op->o_ndn, &op->o_conn->c_ndn ) )
+ {
ldapconn_t *lc;
-
LDAPControl c, *ctrls[2] = {NULL, NULL};
LDAPMessage *res;
Operation op2 = *op;
ber_int_t msgid;
int doretry = 1;
+ char *ptr;
ctrls[0] = &c;
op2.o_ndn = op->o_conn->c_ndn;
lc = ldap_back_getconn(&op2, rs, LDAP_BACK_SENDERR);
- if (!lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR )) {
+ if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
return -1;
}
c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
c.ldctl_iscritical = 1;
- c.ldctl_value.bv_val = ch_malloc(op->o_ndn.bv_len+4);
+ c.ldctl_value.bv_val = op->o_tmpalloc(
+ op->o_ndn.bv_len + STRLENOF( "dn:" ) + 1,
+ op->o_tmpmemctx );
c.ldctl_value.bv_len = op->o_ndn.bv_len + 3;
- strcpy(c.ldctl_value.bv_val, "dn:");
- strcpy(c.ldctl_value.bv_val+3, op->o_ndn.bv_val);
+ ptr = c.ldctl_value.bv_val;
+ ptr = lutil_strcopy( ptr, "dn:" );
+ ptr = lutil_strncopy( ptr, op->o_ndn.bv_val, op->o_ndn.bv_len );
+ ptr[ 0 ] = '\0';
retry:
- rs->sr_err = ldap_whoami(lc->lc_ld, ctrls, NULL, &msgid);
- if (rs->sr_err == LDAP_SUCCESS) {
- if (ldap_result(lc->lc_ld, msgid, 1, NULL, &res) == -1) {
- ldap_get_option(lc->lc_ld, LDAP_OPT_ERROR_NUMBER,
- &rs->sr_err);
+ rs->sr_err = ldap_whoami( lc->lc_ld, ctrls, NULL, &msgid );
+ if ( rs->sr_err == LDAP_SUCCESS ) {
+ if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
+ ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER,
+ &rs->sr_err );
if ( rs->sr_err == LDAP_SERVER_DOWN && doretry ) {
doretry = 0;
- if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) )
+ if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
+ }
}
- ldap_back_freeconn( op, lc, 1 );
- lc = NULL;
} else {
- rs->sr_err = ldap_parse_whoami(lc->lc_ld, res, &bv);
+ /* NOTE: are we sure "bv" will be malloc'ed
+ * with the appropriate memory? */
+ rs->sr_err = ldap_parse_whoami( lc->lc_ld, res, &bv );
ldap_msgfree(res);
}
}
- ch_free(c.ldctl_value.bv_val);
- if (rs->sr_err != LDAP_SUCCESS) {
+ op->o_tmpfree( c.ldctl_value.bv_val, op->o_tmpmemctx );
+ if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = slap_map_api2result( rs );
}
}
} else {
- /* else just do the same as before */
- bv = (struct berval *) ch_malloc( sizeof(struct berval) );
+ /* else just do the same as before */
+ bv = (struct berval *) ch_malloc( sizeof( struct berval ) );
if ( !BER_BVISEMPTY( &op->o_dn ) ) {
- bv->bv_len = op->o_dn.bv_len + STRLENOF("dn:");
+ bv->bv_len = op->o_dn.bv_len + STRLENOF( "dn:" );
bv->bv_val = ch_malloc( bv->bv_len + 1 );
- AC_MEMCPY( bv->bv_val, "dn:", STRLENOF("dn:") );
- AC_MEMCPY( &bv->bv_val[STRLENOF("dn:")], op->o_dn.bv_val,
+ AC_MEMCPY( bv->bv_val, "dn:", STRLENOF( "dn:" ) );
+ AC_MEMCPY( &bv->bv_val[ STRLENOF( "dn:" ) ], op->o_dn.bv_val,
op->o_dn.bv_len );
- bv->bv_val[bv->bv_len] = '\0';
+ bv->bv_val[ bv->bv_len ] = '\0';
+
} else {
bv->bv_len = 0;
bv->bv_val = NULL;
op->o_ctrls, NULL, &msgid );
if ( rc == LDAP_SUCCESS ) {
- if ( ldap_result( lc->lc_ld, msgid, 1, NULL, &res ) == -1 ) {
+ if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
ldap_back_freeconn( op, lc, 0 );
lc = NULL;
* but this is necessary for version matching, and for ACL processing.
*/
- for ( rc = 0; rc != -1; rc = ldap_result( lc->lc_ld, msgid, 0, &tv, &res ) )
+ for ( rc = 0; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
{
/* check for abandon */
if ( op->o_abandon ) {
rc = rs->sr_err = send_search_entry( op, rs );
if ( !BER_BVISNULL( &ent.e_name ) ) {
assert( ent.e_name.bv_val != bdn.bv_val );
- free( ent.e_name.bv_val );
+ op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
BER_BVZERO( &ent.e_name );
}
if ( !BER_BVISNULL( &ent.e_nname ) ) {
- free( ent.e_nname.bv_val );
+ op->o_tmpfree( ent.e_nname.bv_val, op->o_tmpmemctx );
BER_BVZERO( &ent.e_nname );
}
entry_clean( &ent );
rs->sr_err = LDAP_OTHER;
rc = ldap_result( mc->mc_conns[ candidate ].msc_ld,
- msgid, LDAP_MSG_ONE, tvp, &res );
+ msgid, LDAP_MSG_ALL, tvp, &res );
switch ( rc ) {
case -1:
send_ldap_result( op, rs );
#endif
} dncookie;
-/* TODO: allow to define it on a per-target basis */
-#define META_BIND_TIMEOUT 10000
-
int ldap_back_dn_massage(dncookie *dc, struct berval *dn,
struct berval *res);
#define META_ANONYMOUS 2
#endif
+ time_t msc_time;
+
struct metainfo_t *msc_info;
} metasingleconn_t;
unsigned mt_flags;
int mt_version;
+ time_t mt_network_timeout;
+ time_t mt_idle_timeout;
+ struct timeval mt_bind_timeout;
+#define META_BIND_TIMEOUT 10000
time_t mt_timeout[ LDAP_BACK_OP_LAST ];
} metatarget_t;
typedef struct metainfo_t {
int mi_ntargets;
int mi_defaulttarget;
- int mi_network_timeout;
#define META_DEFAULT_TARGET_NONE (-1)
int mi_nretries;
#define META_BACK_DEFER_ROOTDN_BIND(mi) ( (mi)->mi_flags & META_BACK_F_DEFER_ROOTDN_BIND )
int mi_version;
+ time_t mi_network_timeout;
+ time_t mi_idle_timeout;
+ struct timeval mi_bind_timeout;
time_t mi_timeout[ LDAP_BACK_OP_LAST ];
} metainfo_t;
SlapReply *rs,
metatarget_t *mt,
metaconn_t *mc,
- metasingleconn_t *msc,
+ int candidate,
int ispriv,
- int isauthz,
ldap_back_send_t sendok );
extern int
*/
Debug( LDAP_DEBUG_ANY,
"### %s meta_back_bind: more than one"
- " candidate is trying to bind...\n",
+ " candidate selected...\n",
op->o_log_prefix, 0, 0 );
}
lerr = meta_back_single_bind( &op2, rs, mc, i, massage );
if ( lerr != LDAP_SUCCESS ) {
- rs->sr_err = lerr;
+ rc = rs->sr_err = lerr;
candidates[ i ].sr_tag = META_NOT_CANDIDATE;
-
- rc = rs->sr_err;
break;
}
}
struct timeval tv;
int rc;
int nretries = mt->mt_nretries;
+ char buf[ SLAP_TEXT_BUFLEN ];
LDAP_BACK_TV_SET( &tv );
* handle response!!!
*/
retry:;
- tv.tv_sec = 0;
- tv.tv_usec = META_BIND_TIMEOUT;
- switch ( ldap_result( msc->msc_ld, msgid, 0, &tv, &res ) ) {
+ tv = mt->mt_bind_timeout;
+ switch ( ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) ) {
case 0:
- Debug( LDAP_DEBUG_ANY,
- "%s meta_back_single_bind: "
+ snprintf( buf, sizeof( buf ),
"ldap_result=0 nretries=%d%s\n",
- op->o_log_prefix, nretries,
- rebinding ? " rebinding" : "" );
+ nretries, rebinding ? " rebinding" : "" );
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_single_bind[%d]: %s.\n",
+ op->o_log_prefix, candidate, buf );
if ( nretries != META_RETRY_NEVER ) {
ldap_pvt_thread_yield();
ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
}
+ snprintf( buf, sizeof( buf ),
+ "err=%d nretries=%d",
+ rs->sr_err, nretries );
Debug( LDAP_DEBUG_ANY,
- "### %s meta_back_single_bind: "
- "err=%d nretries=%d\n",
- op->o_log_prefix, rs->sr_err, nretries );
+ "### %s meta_back_single_bind[%d]: %s.\n",
+ op->o_log_prefix, candidate, buf );
rc = slap_map_api2result( rs );
if ( rs->sr_err == LDAP_UNAVAILABLE && nretries != META_RETRY_NEVER ) {
if ( rc == LDAP_SUCCESS ) {
LDAPMessage *res;
struct timeval tv;
+ char buf[ SLAP_TEXT_BUFLEN ];
LDAP_BACK_TV_SET( &tv );
* handle response!!!
*/
retry:;
- tv.tv_sec = 0;
- tv.tv_usec = META_BIND_TIMEOUT;
- switch ( ldap_result( msc->msc_ld, msgid, 0, &tv, &res ) ) {
+ tv = mt->mt_bind_timeout;
+ switch ( ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) ) {
case 0:
+ snprintf( buf, sizeof( buf ),
+ "ldap_result=0 nretries=%d%s",
+ nretries, rebinding ? " rebinding" : "" );
Debug( LDAP_DEBUG_ANY,
- "%s meta_back_single_dobind: "
- "ldap_result=0 nretries=%d%s\n",
- op->o_log_prefix, nretries,
- rebinding ? " rebinding" : "" );
+ "%s meta_back_single_dobind[%d]: %s.\n",
+ op->o_log_prefix, candidate, buf );
if ( nretries != META_RETRY_NEVER ) {
ldap_pvt_thread_yield();
ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
}
+ snprintf( buf, sizeof( buf ),
+ "err=%d nretries=%d",
+ rs->sr_err, nretries );
Debug( LDAP_DEBUG_ANY,
- "### %s meta_back_single_dobind: "
- "err=%d nretries=%d\n",
- op->o_log_prefix, rs->sr_err, nretries );
+ "### %s meta_back_single_dobind[%d]: %s.\n",
+ op->o_log_prefix, candidate, buf );
rc = slap_map_api2result( rs );
if ( rc == LDAP_UNAVAILABLE && nretries != META_RETRY_NEVER ) {
/* mc here must be the regular mc,
* reset and ready for init */
rc = meta_back_init_one_conn( op, rs,
- mt, mc, msc,
+ mt, mc, candidate,
LDAP_BACK_CONN_ISPRIV( mc ),
- candidate == mc->mc_authz_target,
LDAP_BACK_DONTSEND );
} else {
}
lrc = ldap_result( msc->msc_ld, msgid[ i ],
- 0, &tv, &res );
+ LDAP_MSG_ALL, &tv, &res );
if ( lrc == 0 ) {
assert( res == NULL );
#include "back-meta.h"
static int
-new_target(
+meta_back_new_target(
metatarget_t *mt )
{
struct ldapmapping *mapping;
return 1;
}
- if ( new_target( &mi->mi_targets[ i ] ) != 0 ) {
+ if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unable to init server"
" in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
mi->mi_targets[ i ].mt_nretries = mi->mi_nretries;
mi->mi_targets[ i ].mt_flags = mi->mi_flags;
mi->mi_targets[ i ].mt_version = mi->mi_version;
-
+ mi->mi_targets[ i ].mt_network_timeout = mi->mi_network_timeout;
+ mi->mi_targets[ i ].mt_idle_timeout = mi->mi_idle_timeout;
+ mi->mi_targets[ i ].mt_bind_timeout = mi->mi_bind_timeout;
for ( c = 0; c < LDAP_BACK_OP_LAST; c++ ) {
mi->mi_targets[ i ].mt_timeout[ c ] = mi->mi_timeout[ c ];
}
/* network timeout when connecting to ldap servers */
} else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
+ int i = mi->mi_ntargets - 1;
unsigned long t;
+ time_t *tp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_network_timeout
+ : &mi->mi_network_timeout;
if ( argc != 2 ) {
Debug( LDAP_DEBUG_ANY,
}
- mi->mi_network_timeout = (int)t;
+ *tp = (time_t)t;
+
+ /* idle timeout when connecting to ldap servers */
+ } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) {
+ int i = mi->mi_ntargets - 1;
+ unsigned long t;
+ time_t *tp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_idle_timeout
+ : &mi->mi_idle_timeout;
+
+ switch ( argc ) {
+ case 1:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing timeout value in \"idle-timeout <seconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ case 2:
+ break;
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: extra cruft after timeout value in \"idle-timeout <seconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( lutil_parse_time( argv[ 1 ], &t ) ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout <seconds>\" line\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+
+ }
+
+ *tp = (time_t)t;
+
+ /* bind timeout when connecting to ldap servers */
+ } else if ( strcasecmp( argv[ 0 ], "bind-timeout" ) == 0 ) {
+ int i = mi->mi_ntargets - 1;
+ unsigned long t;
+ struct timeval *tp = mi->mi_ntargets ?
+ &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_bind_timeout
+ : &mi->mi_bind_timeout;
+
+ switch ( argc ) {
+ case 1:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: missing timeout value in \"bind-timeout <microseconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ case 2:
+ break;
+ default:
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: extra cruft after timeout value in \"bind-timeout <microseconds>\" line\n",
+ fname, lineno, 0 );
+ return 1;
+ }
+
+ if ( lutil_atoul( &t, argv[ 1 ] ) != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: unable to parse timeout \"%s\" in \"bind-timeout <microseconds>\" line\n",
+ fname, lineno, argv[ 1 ] );
+ return 1;
+
+ }
+
+ tp->tv_sec = t/1000000;
+ tp->tv_usec = t%1000000;
/* name to use for meta_back_group */
} else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
SlapReply *rs,
metatarget_t *mt,
metaconn_t *mc,
- metasingleconn_t *msc,
+ int candidate,
int ispriv,
- int isauthz,
ldap_back_send_t sendok )
{
- metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
- int vers;
- dncookie dc;
+ metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private;
+ metasingleconn_t *msc = &mc->mc_conns[ candidate ];
+ int vers;
+ dncookie dc;
+ int isauthz = ( candidate == mc->mc_authz_target );
/*
* Already init'ed
*/
if ( msc->msc_ld != NULL ) {
- return rs->sr_err = LDAP_SUCCESS;
+ if ( mt->mt_idle_timeout == 0 ) {
+ return rs->sr_err = LDAP_SUCCESS;
+ }
+
+ if ( op->o_time > msc->msc_time + mt->mt_idle_timeout ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "%s meta_back_init_one_conn[%d]: idle timeout.\n",
+ op->o_log_prefix, candidate, 0 );
+ if ( meta_back_retry( op, rs, mc, candidate, sendok ) ) {
+ return rs->sr_err;
+ }
+ }
+
+ msc->msc_time = op->o_time;
}
/*
/*
* Set the network timeout if set
*/
- if ( mi->mi_network_timeout != 0 ) {
+ if ( mt->mt_network_timeout != 0 ) {
struct timeval network_timeout;
network_timeout.tv_usec = 0;
- network_timeout.tv_sec = mi->mi_network_timeout;
+ network_timeout.tv_sec = mt->mt_network_timeout;
ldap_set_option( msc->msc_ld, LDAP_OPT_NETWORK_TIMEOUT,
(void *)&network_timeout );
*/
( void )rewrite_session_init( mt->mt_rwmap.rwm_rw, op->o_conn );
+ if ( mt->mt_idle_timeout ) {
+ msc->msc_time = op->o_time;
+ }
+
} else {
rs->sr_err = slap_map_api2result( rs );
if ( sendok & LDAP_BACK_SENDERR ) {
assert( mc->mc_refcnt > 0 );
if ( mc->mc_refcnt == 1 ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
while ( ldap_pvt_thread_mutex_trylock( &mc->mc_mutex ) ) {
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
ldap_pvt_thread_yield();
goto retry_lock;
}
- Debug( LDAP_DEBUG_ANY,
- "%s meta_back_retry: retrying URI=\"%s\" DN=\"%s\"\n",
- op->o_log_prefix, mt->mt_uri,
+ snprintf( buf, sizeof( buf ),
+ "retrying URI=\"%s\" DN=\"%s\"",
+ mt->mt_uri,
BER_BVISNULL( &msc->msc_bound_ndn ) ?
"" : msc->msc_bound_ndn.bv_val );
+ Debug( LDAP_DEBUG_ANY,
+ "%s meta_back_retry[%d]: %s.\n",
+ op->o_log_prefix, candidate, buf );
meta_clear_one_candidate( msc );
LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
/* mc here must be the regular mc, reset and ready for init */
- rc = meta_back_init_one_conn( op, rs, mt, mc, msc,
- LDAP_BACK_CONN_ISPRIV( mc ),
- candidate == mc->mc_authz_target, sendok );
+ rc = meta_back_init_one_conn( op, rs, mt, mc, candidate,
+ LDAP_BACK_CONN_ISPRIV( mc ), sendok );
if ( rc == LDAP_SUCCESS ) {
rc = meta_back_single_dobind( op, rs, mc, candidate,
for ( i = 0; i < mi->mi_ntargets; i++ ) {
metatarget_t *mt = &mi->mi_targets[ i ];
- metasingleconn_t *msc = &mc->mc_conns[ i ];
/*
* The target is activated; if needed, it is
* also init'd
*/
candidates[ i ].sr_err = meta_back_init_one_conn( op,
- rs, mt, mc, msc,
- LDAP_BACK_CONN_ISPRIV( &mc_curr ),
- i == mc->mc_authz_target, sendok );
+ rs, mt, mc, i,
+ LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok );
if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
candidates[ i ].sr_tag = META_CANDIDATE;
ncandidates++;
}
Debug( LDAP_DEBUG_TRACE,
- "==>meta_back_getconn: got target %d for ndn=\"%s\" from cache\n",
+ "==>meta_back_getconn: got target=%d for ndn=\"%s\" from cache\n",
i, op->o_req_ndn.bv_val, 0 );
if ( mc == NULL ) {
* also init'd. In case of error, meta_back_init_one_conn
* sends the appropriate result.
*/
- err = meta_back_init_one_conn( op, rs, mt, mc, msc,
- LDAP_BACK_CONN_ISPRIV( &mc_curr ),
- i == mc->mc_authz_target, sendok );
+ err = meta_back_init_one_conn( op, rs, mt, mc, i,
+ LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok );
if ( err != LDAP_SUCCESS ) {
/*
* FIXME: in case one target cannot
* also init'd
*/
int lerr = meta_back_init_one_conn( op, rs,
- mt, mc, msc,
+ mt, mc, i,
LDAP_BACK_CONN_ISPRIV( &mc_curr ),
- i == mc->mc_authz_target,
sendok );
if ( lerr == LDAP_SUCCESS ) {
candidates[ i ].sr_tag = META_CANDIDATE;
candidates[ i ].sr_err = LDAP_SUCCESS;
ncandidates++;
- Debug( LDAP_DEBUG_TRACE, "%s: meta_back_init_one_conn(%d)\n",
+ Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d]\n",
op->o_log_prefix, i, 0 );
} else {
candidates[ i ].sr_err = lerr;
err = lerr;
- Debug( LDAP_DEBUG_ANY, "%s: meta_back_init_one_conn(%d) failed: %d\n",
+ Debug( LDAP_DEBUG_ANY, "%s: meta_back_getconn[%d] failed: %d\n",
op->o_log_prefix, i, lerr );
continue;
rs->sr_err = LDAP_OTHER;
rc = ldap_result( mc->mc_conns[ candidate ].msc_ld,
- msgid, LDAP_MSG_ONE, tvp, &res );
+ msgid, LDAP_MSG_ALL, tvp, &res );
switch ( rc ) {
case -1:
rs->sr_err = LDAP_OTHER;
* this may change
*/
mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
+ mi->mi_bind_timeout.tv_sec = 0;
+ mi->mi_bind_timeout.tv_usec = META_BIND_TIMEOUT;
ldap_pvt_thread_mutex_init( &mi->mi_conninfo.lai_mutex );
ldap_pvt_thread_mutex_init( &mi->mi_cache.mutex );
rs->sr_err = LDAP_OTHER;
rc = ldap_result( mc->mc_conns[ candidate ].msc_ld,
- msgid, LDAP_MSG_ONE, tvp, &res );
+ msgid, LDAP_MSG_ALL, tvp, &res );
switch ( rc ) {
case -1:
rc = -1;
rs->sr_err = LDAP_OTHER;
rc = ldap_result( mc->mc_conns[ candidate ].msc_ld,
- msgid, LDAP_MSG_ONE, tvp, &res );
+ msgid, LDAP_MSG_ALL, tvp, &res );
switch ( rc ) {
case -1:
break;
*/
get_result:;
rc = ldap_result( msc->msc_ld, candidates[ i ].sr_msgid,
- 0, &tv, &res );
+ LDAP_MSG_ONE, &tv, &res );
if ( rc == 0 ) {
/* FIXME: res should not need to be freed */
ldap_msgfree( res );
res = NULL;
- switch ( rc ) {
+ switch ( rs->sr_err ) {
case LDAP_SIZELIMIT_EXCEEDED:
savepriv = op->o_private;
op->o_private = (void *)i;
candidates[ i ].sr_type = REP_RESULT;
}
+ /* NOTE: ignores response controls
+ * (and intermediate response controls
+ * as well, except for those with search
+ * references); this may not be correct,
+ * but if they're not ignored then
+ * back-meta would need to merge them
+ * consistently (think of pagedResults...)
+ */
if ( ldap_parse_result( msc->msc_ld,
res,
&candidates[ i ].sr_err,
(char **)&candidates[ i ].sr_matched,
NULL /* (char **)&candidates[ i ].sr_text */ ,
&references,
- &candidates[ i ].sr_ctrls, 1 ) != LDAP_SUCCESS )
+ NULL /* &candidates[ i ].sr_ctrls (unused) */ ,
+ 1 ) != LDAP_SUCCESS )
{
res = NULL;
ldap_get_option( msc->msc_ld,
Debug( LDAP_DEBUG_TRACE,
- "=>meta_back_conn_destroy: fetching conn %ld\n",
- conn->c_connid, 0, 0 );
+ "=>meta_back_conn_destroy: fetching conn=%ld DN=\"%s\"\n",
+ conn->c_connid,
+ BER_BVISNULL( &conn->c_ndn ) ? "" : conn->c_ndn.bv_val, 0 );
mc_curr.mc_conn = conn;
mc_curr.mc_local_ndn = conn->c_ndn;
projects / openldap / commitdiff