fix more spurious return stuff; split quarantine in: detection, exploitation, recover...

author Pierangelo Masarati <ando@openldap.org>

Sun, 28 Jan 2007 00:24:10 +0000 (00:24 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Sun, 28 Jan 2007 00:24:10 +0000 (00:24 +0000)
author Pierangelo Masarati <ando@openldap.org>
Sun, 28 Jan 2007 00:24:10 +0000 (00:24 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Sun, 28 Jan 2007 00:24:10 +0000 (00:24 +0000)
diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h

index e0c6b62d41897d932f545665a2807b089ef6737b..442869861d3eab48719c871f845b5ebfe3fe5b45 100644 (file)
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@@ -308,6 +308,8 @@ typedef struct ldapinfo_t {
  #define        LDAP_BACK_F_CANCEL_MASK         (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP)
  #define        LDAP_BACK_F_CANCEL_MASK2        (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER)
  
+#define        LDAP_BACK_F_QUARANTINE          (0x00010000U)
+
  #define        LDAP_BACK_ISSET_F(ff,f)         ( ( (ff) & (f) ) == (f) )
  #define        LDAP_BACK_ISMASK_F(ff,m,f)      ( ( (ff) & (m) ) == (f) )
  
@@ -339,6 +341,8 @@ typedef struct ldapinfo_t {
  #define        LDAP_BACK_CANCEL(li)            LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
  #define        LDAP_BACK_CANCEL_DISCOVER(li)   LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
  
+#define        LDAP_BACK_QUARANTINE(li)        LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
+
         int                     li_version;
  
         /* cached connections; 
@@ -363,7 +367,6 @@ typedef struct ldapinfo_t {
  #define        LDAP_BACK_FQ_RETRYING   (2)
  
         slap_retry_info_t       li_quarantine;
-#define        LDAP_BACK_QUARANTINE(li)        ( (li)->li_quarantine.ri_num != NULL )
         ldap_pvt_thread_mutex_t li_quarantine_mutex;
         ldap_back_quarantine_f  li_quarantine_f;
         void                    *li_quarantine_p;
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c

index e5003530762617b668d57adaf46bd80193da9e79..2247405128a9da26f849df66bc59d27be58750ba 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -665,6 +665,7 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_
         ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
         if ( rs->sr_err != LDAP_SUCCESS ) {
                 ldap_unbind_ext( ld, NULL, NULL );
+               rs->sr_text = "Start TLS failed";
                 goto error_return;
  
         } else if ( li->li_idle_timeout ) {
@@ -691,10 +692,9 @@ error_return:;
                 rs->sr_err = slap_map_api2result( rs );
                 if ( sendok & LDAP_BACK_SENDERR ) {
                         if ( rs->sr_text == NULL ) {
-                               rs->sr_text = "ldap_initialize() failed";
+                               rs->sr_text = "Proxy connection initialization failed";
                         }
                         send_ldap_result( op, rs );
-                       rs->sr_text = NULL;
                 }
  
         } else {
@@ -747,6 +747,7 @@ ldap_back_getconn(
                 if ( dont_retry ) {
                         rs->sr_err = LDAP_UNAVAILABLE;
                         if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+                               rs->sr_text = "Target is quarantined";
                                 send_ldap_result( op, rs );
                         }
                         return NULL;
@@ -1040,10 +1041,9 @@ retry_lock:
                                 LDAP_BACK_CONN_CACHED_CLEAR( lc );
                                 ldap_back_conn_free( lc );
                                 rs->sr_err = LDAP_OTHER;
-                               rs->sr_text = "proxy bind collision";
+                               rs->sr_text = "Proxy bind collision";
                                 if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
                                         send_ldap_result( op, rs );
-                                       rs->sr_text = NULL;
                                 }
                                 return NULL;
                         }
@@ -1371,6 +1371,7 @@ retry:;
                                 /* lc here must be the regular lc, reset and ready for init */
                                 rs->sr_err = ldap_back_prepare_conn( lc, op, rs, sendok );
                                 if ( rs->sr_err != LDAP_SUCCESS ) {
+                                       sendok &= ~LDAP_BACK_SENDERR;
                                         lc->lc_refcnt = 0;
                                 }
                         }
@@ -1400,6 +1401,7 @@ retry:;
                 if ( rs->sr_err != LDAP_SUCCESS &&
                         ( sendok & LDAP_BACK_SENDERR ) )
                 {
+                       rs->sr_text = "Internal proxy bind failure";
                         send_ldap_result( op, rs );
                 }
  
@@ -1407,7 +1409,7 @@ retry:;
         }
  
         rc = ldap_back_op_result( lc, op, rs, msgid,
-               -1, (sendok|LDAP_BACK_BINDING) );
+               -1, ( sendok | LDAP_BACK_BINDING ) );
         if ( rc == LDAP_SUCCESS ) {
                 LDAP_BACK_CONN_ISBOUND_SET( lc );
         }
@@ -1711,6 +1713,7 @@ retry:;
                                 ldap_back_quarantine( op, rs );
                         }
                         if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+                               if ( rs->sr_text == NULL ) rs->sr_text = "Proxy operation retry failed";
                                 send_ldap_result( op, rs );
                         }
                 }
@@ -1756,8 +1759,7 @@ int
  ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
  {
         ldapinfo_t      *li = (ldapinfo_t *)op->o_bd->be_private;
-       int             rc = 0,
-                       binding;
+       int             rc = 0;
  
         assert( lcp != NULL );
         assert( *lcp != NULL );
@@ -1765,7 +1767,7 @@ ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_
         ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
  
         if ( (*lcp)->lc_refcnt == 1 ) {
-               binding = LDAP_BACK_CONN_BINDING( *lcp );
+               int binding = LDAP_BACK_CONN_BINDING( *lcp );
  
                 ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
                 Debug( LDAP_DEBUG_ANY,
@@ -1814,9 +1816,9 @@ ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_
                 ldap_back_release_conn_lock( li, lcp, 0 );
                 assert( *lcp == NULL );
  
-               if ( sendok ) {
+               if ( sendok & LDAP_BACK_SENDERR ) {
                         rs->sr_err = LDAP_UNAVAILABLE;
-                       rs->sr_text = "unable to retry";
+                       rs->sr_text = "Unable to retry";
                         send_ldap_result( op, rs );
                 }
         }
@@ -2061,7 +2063,7 @@ ldap_back_proxy_authz_bind(
                                 binddn->bv_val, LDAP_SASL_SIMPLE,
                                 bindcred, NULL, NULL, &msgid );
                 rc = ldap_back_op_result( lc, op, rs, msgid,
-                       -1, (sendok|LDAP_BACK_BINDING) );
+                       -1, ( sendok | LDAP_BACK_BINDING ) );
                 break;
  
         default:
author	Pierangelo Masarati <ando@openldap.org>
	Sun, 28 Jan 2007 00:24:10 +0000 (00:24 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Sun, 28 Jan 2007 00:24:10 +0000 (00:24 +0000)
servers/slapd/back-ldap/back-ldap.h		patch \| blob \| history
servers/slapd/back-ldap/bind.c		patch \| blob \| history