From: Julio Sánchez Fernández Date: Wed, 14 Jul 1999 13:16:13 +0000 (+0000) Subject: Bind and listen on TLS port too X-Git-Tag: OPENLDAP_REL_ENG_2_BP~137 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=5b7babdee499237cb3941d27b332433ed9ed96ef;p=openldap Bind and listen on TLS port too --- diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c index f8a45f357b..ccde6b0788 100644 --- a/servers/slapd/daemon.c +++ b/servers/slapd/daemon.c @@ -22,7 +22,16 @@ int deny_severity = LOG_NOTICE; /* globals */ ber_socket_t dtblsize; -static ber_socket_t tcps; +#ifdef HAVE_TLS +#define N_LISTENERS 2 +#else +#define N_LISTENERS 1 +#endif +struct listener_rec { + ber_socket_t tcps; + struct sockaddr_in *addr; + int use_tls; +} listeners[N_LISTENERS]; #ifdef HAVE_WINSOCK2 /* in nt_main.c */ @@ -283,11 +292,18 @@ slapd_daemon_task( { int inetd; struct slapd_args *args = (struct slapd_args *) ptr; - struct sockaddr_in *slapd_addr = args->addr; - - tcps = args->tcps; + int l; + + listeners[0].tcps = args->tcps; + listeners[0].addr = args->addr; + listeners[0].use_tls = 0; +#ifdef HAVE_TLS + listeners[1].tcps = args->tls_tcps; + listeners[1].addr = args->tls_addr; + listeners[1].use_tls = 1; +#endif - inetd = ( slapd_addr == NULL); + inetd = ( listeners[0].addr == NULL); if ( !daemon_initialized ) sockinit(); slapd_listener=1; @@ -297,17 +313,19 @@ slapd_daemon_task( FD_ZERO( &slap_daemon.sd_writers ); if( !inetd ) { - if ( listen( tcps, 5 ) == -1 ) { - int err = errno; - Debug( LDAP_DEBUG_ANY, + for ( l = 0; l < N_LISTENERS; l++ ) { + if ( listen( listeners[l].tcps, 5 ) == -1 ) { + int err = errno; + Debug( LDAP_DEBUG_ANY, "daemon: listen(%ld, 5) failed errno %d (%s)\n", - (long) tcps, err, - err > -1 && err < sys_nerr - ? sys_errlist[err] : "unknown" ); - return( (void*)-1 ); - } + (long) listeners[l].tcps, err, + err > -1 && err < sys_nerr + ? sys_errlist[err] : "unknown" ); + return( (void*)-1 ); + } - slapd_add( tcps ); + slapd_add( listeners[l].tcps ); + } } else { if( connection_init( (ber_socket_t) 0, NULL, NULL ) ) { @@ -381,7 +399,9 @@ slapd_daemon_task( memcpy( &writefds, &slap_daemon.sd_writers, sizeof(fd_set) ); #endif - FD_SET( (unsigned) tcps, &readfds ); + for ( l = 0; l < N_LISTENERS; l++ ) { + FD_SET( (unsigned) listeners[l].tcps, &readfds ); + } #ifndef HAVE_WINSOCK nfds = slap_daemon.sd_nfds; @@ -401,12 +421,12 @@ slapd_daemon_task( tvp = at ? &zero : NULL; #endif - Debug( LDAP_DEBUG_CONNS, + for ( i = 0; i < N_LISTENERS; i++ ) { + Debug( LDAP_DEBUG_CONNS, "daemon: select: tcps=%d active_threads=%d tvp=%s\n", - tcps, at, - tvp == NULL ? "NULL" : "zero" ); - - + listeners[i].tcps, at, + tvp == NULL ? "NULL" : "zero" ); + } switch(ns = select( nfds, &readfds, #ifdef HAVE_WINSOCK @@ -456,18 +476,22 @@ slapd_daemon_task( /* FALL THRU */ } - if ( FD_ISSET( tcps, &readfds ) ) { + for ( l = 0; l < N_LISTENERS; l++ ) { ber_int_t s; int len = sizeof(from); long id; - if ( (s = accept( tcps, + if ( !FD_ISSET( listeners[l].tcps, &readfds ) ) + continue; + + if ( (s = accept( listeners[l].tcps, (struct sockaddr *) &from, &len )) == AC_SOCKET_INVALID ) { int err = errno; Debug( LDAP_DEBUG_ANY, "daemon: accept(%ld) failed errno %d (%s)\n", err, - (long) tcps, err >= 0 && err < sys_nerr ? + (long) listeners[l].tcps, + err >= 0 && err < sys_nerr ? sys_errlist[err] : "unknown"); continue; } @@ -582,10 +606,20 @@ slapd_daemon_task( #else for ( i = 0; i < nfds; i++ ) { int a, r, w; + int is_listener = 0; + for ( l = 0; l < N_LISTENERS; l++ ) { + if ( i == listeners[l].tcps ) { + is_listener = 1; + break; + } + } + if ( is_listener ) { + continue; + } r = FD_ISSET( i, &readfds ); w = FD_ISSET( i, &writefds ); - if ( i != tcps && (r || w) ) { + if ( r || w ) { Debug( LDAP_DEBUG_CONNS, " %d%s%s", i, r ? "r" : "", w ? "w" : "" ); } @@ -602,7 +636,7 @@ slapd_daemon_task( #endif { ber_socket_t wd; - + int is_listener = 0; #ifdef HAVE_WINSOCK wd = writefds.fd_array[i]; #else @@ -612,7 +646,13 @@ slapd_daemon_task( wd = i; #endif - if ( wd == tcps ) { + for ( l = 0; l < N_LISTENERS; l++ ) { + if ( wd == listeners[l].tcps ) { + is_listener = 1; + break; + } + } + if ( is_listener ) { continue; } Debug( LDAP_DEBUG_CONNS, @@ -639,6 +679,7 @@ slapd_daemon_task( #endif { ber_socket_t rd; + int is_listener = 0; #ifdef HAVE_WINSOCK rd = readfds.fd_array[i]; @@ -649,7 +690,13 @@ slapd_daemon_task( rd = i; #endif - if ( rd == tcps ) { + for ( l = 0; l < N_LISTENERS; l++ ) { + if ( rd == listeners[l].tcps ) { + is_listener = 1; + break; + } + } + if ( is_listener ) { continue; } @@ -685,8 +732,10 @@ slapd_daemon_task( 0, 0, 0 ); } - if( tcps >= 0 ) { - slapd_close( tcps ); + for ( l = 0; l < N_LISTENERS; l++ ) { + if ( listeners[l].tcps >= 0 ) { + slapd_close( listeners[l].tcps ); + } } ldap_pvt_thread_mutex_lock( &active_threads_mutex ); @@ -823,6 +872,7 @@ void sockinit() void slap_set_shutdown( int sig ) { + int l; slapd_shutdown = sig; #ifndef HAVE_WINSOCK if(slapd_listener) { @@ -833,7 +883,11 @@ slap_set_shutdown( int sig ) /* trying to "hit" the socket seems to always get a */ /* EWOULDBLOCK error, so just close the listen socket to */ /* break out of the select since we're shutting down anyway */ - tcp_close( tcps ); + for ( l = 0; l < N_LISTENERS; l++ ) { + if ( listeners[l].tcps >= 0 ) { + tcp_close( listeners[l].tcps ); + } + } #endif /* reinstall self */ (void) SIGNAL( sig, slap_set_shutdown ); diff --git a/servers/slapd/main.c b/servers/slapd/main.c index 8850e54a2f..5d818835aa 100644 --- a/servers/slapd/main.c +++ b/servers/slapd/main.c @@ -49,6 +49,9 @@ void *getRegParam( char *svc, char *value ); #endif short port = LDAP_PORT; +#ifdef HAVE_TLS +short tls_port = LDAP_TLS_PORT; +#endif /* * when more than one slapd is running on one machine, each one might have * it's own LOCAL for syslogging and must have its own pid/args files @@ -114,6 +117,10 @@ usage( char *name ) time_t starttime; struct sockaddr_in bind_addr; ber_int_t tcps; +#ifdef HAVE_TLS +struct sockaddr_in tls_bind_addr; +ber_int_t tls_tcps; +#endif #ifdef HAVE_WINSOCK void WINAPI ServiceMain( DWORD argc, LPTSTR *argv ) @@ -146,6 +153,11 @@ int main( int argc, char **argv ) bind_addr.sin_family = AF_INET; bind_addr.sin_addr.s_addr = htonl(INADDR_ANY); bind_addr.sin_port = htons(port); +#ifdef HAVE_TLS + tls_bind_addr.sin_family = AF_INET; + tls_bind_addr.sin_addr.s_addr = htonl(INADDR_ANY); + tls_bind_addr.sin_port = htons(tls_port); +#endif g_argc = argc; g_argv = argv; @@ -195,6 +207,9 @@ int main( int argc, char **argv ) #endif #ifdef HAVE_WINSOCK "n:" +#endif +#ifdef HAVE_TLS + "P:" #endif )) != EOF ) { switch ( i ) { @@ -207,6 +222,13 @@ int main( int argc, char **argv ) { fprintf(stderr, "invalid address (%s) for -a option", optarg); } +#ifdef HAVE_TLS +#ifdef HAVE_WINSOCK + tls_bind_addr.sin_addr.S_un.S_addr = inet_addr(optarg); +#else + inet_aton(optarg, &tls_bind_addr.sin_addr); +#endif +#endif break; #ifdef LDAP_DEBUG @@ -268,6 +290,17 @@ int main( int argc, char **argv ) } } break; +#ifdef HAVE_TLS + case 'P': { /* port on which to listen for TLS */ + tls_port = (short)atoi( optarg ); + if(! tls_port ) { + fprintf(stderr, "-P %s must be numeric\n", optarg); + } else { + tls_bind_addr.sin_port = htons(tls_port); + } + } break; +#endif + case 's': /* set syslog level */ ldap_syslog = atoi( optarg ); break; @@ -353,6 +386,11 @@ int main( int argc, char **argv ) tcps = set_socket( inetd ? NULL : &bind_addr ); if ( tcps == -1 ) goto destroy; +#ifdef HAVE_TLS + tls_tcps = set_socket( inetd ? NULL : &tls_bind_addr ); + if ( tls_tcps == -1 ) + goto destroy; +#endif (void) SIGNAL( LDAP_SIGUSR1, slap_do_nothing ); (void) SIGNAL( LDAP_SIGUSR2, slap_set_shutdown ); @@ -392,6 +430,9 @@ int main( int argc, char **argv ) FILE *fp; args.addr = &bind_addr; +#ifdef HAVE_TLS + args.tls_addr = &tls_bind_addr; +#endif Debug( LDAP_DEBUG_ANY, "slapd starting\n", 0, 0, 0 ); @@ -414,8 +455,14 @@ int main( int argc, char **argv ) } else { args.addr = NULL; +#ifdef HAVE_TLS + args.tls_addr = NULL; +#endif } args.tcps = tcps; +#ifdef HAVE_TLS + args.tls_tcps = tls_tcps; +#endif time( &starttime ); #ifdef HAVE_WINSOCK