From: Pierangelo Masarati <ando@openldap.org>
Date: Sat, 29 Sep 2007 11:45:37 +0000 (+0000)
Subject: better fix for ITS#5154
X-Git-Tag: OPENLDAP_REL_ENG_2_4_9~20^2~584
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=fedcbe9a418cb2cffad4c87dadbba61032b37eab;p=openldap

better fix for ITS#5154
---

diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c
index 2f40e6e32f..3dbef6318b 100644
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -189,9 +189,6 @@ meta_back_bind( Operation *op, SlapReply *rs )
 
 		if ( lerr != LDAP_SUCCESS ) {
 			rc = rs->sr_err = lerr;
-			/* Mark the meta_conn struct as tainted so
-			 * it'll be freed by meta_conn_back_destroy below */
-			LDAP_BACK_CONN_TAINTED_SET( mc );
 
 			/* FIXME: in some cases (e.g. unavailable)
 			 * do not assume it's not candidate; rather
@@ -211,28 +208,19 @@ meta_back_bind( Operation *op, SlapReply *rs )
 		if ( !LDAP_BACK_PCONN_ISPRIV( mc )
 			&& !dn_match( &op->o_req_ndn, &mc->mc_local_ndn ) )
 		{
-			metaconn_t	*tmpmc;
 			int		lerr;
 
 			/* wait for all other ops to release the connection */
-retry_lock:;
 			ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
-			if ( mc->mc_refcnt > 1 ) {
-				ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
-				ldap_pvt_thread_yield();
-				goto retry_lock;
-			}
-
 			assert( mc->mc_refcnt == 1 );
 #if META_BACK_PRINT_CONNTREE > 0
 			meta_back_print_conntree( mi, ">>> meta_back_bind" );
 #endif /* META_BACK_PRINT_CONNTREE */
-			tmpmc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
-				meta_back_conndn_cmp );
-			assert( tmpmc == mc );
 
 			/* delete all cached connections with the current connection */
 			if ( LDAP_BACK_SINGLECONN( mi ) ) {
+				metaconn_t	*tmpmc;
+
 				while ( ( tmpmc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc, meta_back_conn_cmp ) ) != NULL )
 				{
 					Debug( LDAP_DEBUG_TRACE,
@@ -255,23 +243,22 @@ retry_lock:;
 			}
 
 			ber_bvreplace( &mc->mc_local_ndn, &op->o_req_ndn );
-			if ( isroot ) {
-				LDAP_BACK_CONN_ISPRIV_SET( mc );
-				LDAP_BACK_PCONN_SET( mc, op );
-			}
 			lerr = avl_insert( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
 				meta_back_conndn_cmp, meta_back_conndn_dup );
 #if META_BACK_PRINT_CONNTREE > 0
 			meta_back_print_conntree( mi, "<<< meta_back_bind" );
 #endif /* META_BACK_PRINT_CONNTREE */
-			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
-			if ( lerr == -1 ) {
-				/* we can do this because mc_refcnt == 1 */
-				assert( mc->mc_refcnt == 1 );
-				mc->mc_refcnt = 0;
-				meta_back_conn_free( mc );
-				mc = NULL;
+			if ( lerr == 0 ) {
+				if ( isroot ) {
+					LDAP_BACK_CONN_ISPRIV_SET( mc );
+					LDAP_BACK_PCONN_SET( mc, op );
+				}
+				LDAP_BACK_CONN_CACHED_SET( mc );
+
+			} else {
+				LDAP_BACK_CONN_CACHED_CLEAR( mc );
 			}
+			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 		}
 	}
 
diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index ed7ff743cc..d3f8697b48 100644
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -1584,6 +1584,7 @@ done:;
 		meta_back_print_conntree( mi, ">>> meta_back_getconn" );
 #endif /* META_BACK_PRINT_CONNTREE */
 
+		err = 0;
 		if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
 			if ( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num < mi->mi_conn_priv_max ) {
 				LDAP_TAILQ_INSERT_TAIL( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv, mc, mc_q );
@@ -1595,7 +1596,7 @@ done:;
 			}
 			rs->sr_err = 0;
 
-		} else {
+		} else if ( !( sendok & LDAP_BACK_BINDING ) ) {
 			err = avl_insert( &mi->mi_conninfo.lai_tree, ( caddr_t )mc,
 			       	meta_back_conndn_cmp, meta_back_conndn_dup );
 			LDAP_BACK_CONN_CACHED_SET( mc );
@@ -1681,7 +1682,7 @@ meta_back_release_conn_lock(
 	 * that are not privileged would live forever and pollute
 	 * the connection space (and eat up resources).  Maybe this
 	 * should be configurable... */
-	if ( LDAP_BACK_CONN_TAINTED( mc ) ) {
+	if ( LDAP_BACK_CONN_TAINTED( mc ) || !LDAP_BACK_CONN_CACHED( mc ) ) {
 #if META_BACK_PRINT_CONNTREE > 0
 		meta_back_print_conntree( mi, ">>> meta_back_release_conn" );
 #endif /* META_BACK_PRINT_CONNTREE */
@@ -1698,7 +1699,7 @@ meta_back_release_conn_lock(
 				assert( !LDAP_BACK_CONN_CACHED( mc ) );
 			}
 
-		} else {
+		} else if ( LDAP_BACK_CONN_CACHED( mc ) ) {
 			metaconn_t	*tmpmc;
 
 			tmpmc = avl_delete( &mi->mi_conninfo.lai_tree,
diff --git a/tests/data/do_bind.0 b/tests/data/do_bind.0
index df2c85e263..ecbb8725e8 100644
--- a/tests/data/do_bind.0
+++ b/tests/data/do_bind.0
@@ -2,5 +2,5 @@ cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
 bjensen
 cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
 bjorn
-cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
-jaj
+ou=People,dc=example,dc=com
++userPassword:(userPassword=*)
diff --git a/tests/data/slapd-meta-target1.conf b/tests/data/slapd-meta-target1.conf
new file mode 100644
index 0000000000..4b3ded22e2
--- /dev/null
+++ b/tests/data/slapd-meta-target1.conf
@@ -0,0 +1,60 @@
+# stand-alone slapd config -- for testing (with indexing)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include		@SCHEMADIR@/core.schema
+include		@SCHEMADIR@/cosine.schema
+include		@SCHEMADIR@/inetorgperson.schema
+include		@SCHEMADIR@/openldap.schema
+include		@SCHEMADIR@/nis.schema
+include		@DATADIR@/test.schema
+
+#
+pidfile		@TESTDIR@/slapd.1.pid
+argsfile	@TESTDIR@/slapd.1.args
+
+# allow big PDUs from anonymous (for testing purposes)
+sockbuf_max_incoming 4194303
+
+#mod#modulepath	../servers/slapd/back-@BACKEND@/
+#mod#moduleload	back_@BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database	@BACKEND@
+suffix		"dc=example,dc=com"
+directory	@TESTDIR@/db.1.a
+rootdn		"cn=Manager,dc=example,dc=com"
+rootpw		secret
+#bdb#index		objectClass	eq
+#bdb#index		cn,sn,uid	pres,eq,sub
+#hdb#index		objectClass	eq
+#hdb#index		cn,sn,uid	pres,eq,sub
+
+# ITS#5154: force mixed success/failure of binds using same connection
+access to dn="cn=Barbara Jensen,ou=Information Technology DivisioN,ou=People,dc=example,dc=com"
+		attrs=userPassword
+	by * =r
+
+access to attrs=userPassword
+	by * =xr
+
+access to *
+	by * read
+
+#monitor#database	monitor
diff --git a/tests/data/slapd-meta-target2.conf b/tests/data/slapd-meta-target2.conf
new file mode 100644
index 0000000000..fda3b5e75f
--- /dev/null
+++ b/tests/data/slapd-meta-target2.conf
@@ -0,0 +1,52 @@
+# master slapd config -- for testing
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include		@SCHEMADIR@/core.schema
+include		@SCHEMADIR@/cosine.schema
+include		@SCHEMADIR@/inetorgperson.schema
+include		@SCHEMADIR@/openldap.schema
+include		@SCHEMADIR@/nis.schema
+include		@SCHEMADIR@/ppolicy.schema
+pidfile		@TESTDIR@/slapd.2.pid
+argsfile	@TESTDIR@/slapd.2.args
+
+#mod#modulepath	../servers/slapd/back-@BACKEND@/
+#mod#moduleload	back_@BACKEND@.la
+#relaymod#modulepath ../servers/slapd/back-relay/
+#relaymod#moduleload back_relay.la
+#ldapmod#modulepath ../servers/slapd/back-ldap/
+#ldapmod#moduleload back_ldap.la
+#metamod#modulepath ../servers/slapd/back-meta/
+#metamod#moduleload back_meta.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+#rwmmod#modulepath ../servers/slapd/overlays/
+#rwmmod#moduleload rwm.la
+
+idletimeout	5
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database	@BACKEND@
+suffix		"ou=Meta,dc=example,dc=com"
+directory	@TESTDIR@/db.2.a
+rootdn		"cn=Manager,ou=Meta,dc=example,dc=com"
+rootpw		secret
+#bdb#index		objectClass eq
+#hdb#index		objectClass eq
+
+#monitor#database	monitor
diff --git a/tests/data/slapd-meta2.conf b/tests/data/slapd-meta2.conf
deleted file mode 100644
index fda3b5e75f..0000000000
--- a/tests/data/slapd-meta2.conf
+++ /dev/null
@@ -1,52 +0,0 @@
-# master slapd config -- for testing
-# $OpenLDAP$
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2007 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-
-include		@SCHEMADIR@/core.schema
-include		@SCHEMADIR@/cosine.schema
-include		@SCHEMADIR@/inetorgperson.schema
-include		@SCHEMADIR@/openldap.schema
-include		@SCHEMADIR@/nis.schema
-include		@SCHEMADIR@/ppolicy.schema
-pidfile		@TESTDIR@/slapd.2.pid
-argsfile	@TESTDIR@/slapd.2.args
-
-#mod#modulepath	../servers/slapd/back-@BACKEND@/
-#mod#moduleload	back_@BACKEND@.la
-#relaymod#modulepath ../servers/slapd/back-relay/
-#relaymod#moduleload back_relay.la
-#ldapmod#modulepath ../servers/slapd/back-ldap/
-#ldapmod#moduleload back_ldap.la
-#metamod#modulepath ../servers/slapd/back-meta/
-#metamod#moduleload back_meta.la
-#monitormod#modulepath ../servers/slapd/back-monitor/
-#monitormod#moduleload back_monitor.la
-#rwmmod#modulepath ../servers/slapd/overlays/
-#rwmmod#moduleload rwm.la
-
-idletimeout	5
-
-#######################################################################
-# database definitions
-#######################################################################
-
-database	@BACKEND@
-suffix		"ou=Meta,dc=example,dc=com"
-directory	@TESTDIR@/db.2.a
-rootdn		"cn=Manager,ou=Meta,dc=example,dc=com"
-rootpw		secret
-#bdb#index		objectClass eq
-#hdb#index		objectClass eq
-
-#monitor#database	monitor
diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh
index ce0fd87a48..ecbb373d62 100755
--- a/tests/scripts/defines.sh
+++ b/tests/scripts/defines.sh
@@ -114,7 +114,8 @@ SQLSRMASTERCONF=$DATADIR/slapd-sql-syncrepl-master.conf
 TRANSLUCENTLOCALCONF=$DATADIR/slapd-translucent-local.conf
 TRANSLUCENTREMOTECONF=$DATADIR/slapd-translucent-remote.conf
 METACONF=$DATADIR/slapd-meta.conf
-METACONF2=$DATADIR/slapd-meta2.conf
+METACONF1=$DATADIR/slapd-meta-target1.conf
+METACONF2=$DATADIR/slapd-meta-target2.conf
 GLUELDAPCONF=$DATADIR/slapd-glue-ldap.conf
 ACICONF=$DATADIR/slapd-aci.conf
 VALSORTCONF=$DATADIR/slapd-valsort.conf
@@ -241,8 +242,8 @@ BASEDN="dc=example,dc=com"
 MANAGERDN="cn=Manager,$BASEDN"
 UPDATEDN="cn=Replica,$BASEDN"
 PASSWD=secret
-BABSDN="cn=Barbara Jensen,ou=Information Technology DivisioN,OU=People,$BASEDN"
-BJORNSDN="cn=Bjorn Jensen,ou=Information Technology DivisioN,OU=People,$BASEDN"
+BABSDN="cn=Barbara Jensen,ou=Information Technology DivisioN,ou=People,$BASEDN"
+BJORNSDN="cn=Bjorn Jensen,ou=Information Technology DivisioN,ou=People,$BASEDN"
 JAJDN="cn=James A Jones 1,ou=Alumni Association,ou=People,$BASEDN"
 JOHNDDN="cn=John Doe,ou=Information Technology Division,ou=People,$BASEDN"
 MELLIOTDN="cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN"
diff --git a/tests/scripts/test036-meta-concurrency b/tests/scripts/test036-meta-concurrency
index 6ef14eb8ca..0db26091f5 100755
--- a/tests/scripts/test036-meta-concurrency
+++ b/tests/scripts/test036-meta-concurrency
@@ -23,18 +23,6 @@ if test $BACKMETA = metano ; then
 	exit 0
 fi
 
-#### No longer experimental, IMHO
-###if test "x$TEST_META" = "xno" ; then
-###	echo '### Test disabled by "TEST_META=no"; unset TEST_META to re-enable'
-###	echo ""
-###	exit 0
-###else
-###	echo "### this test is experimental; in case of problems,"
-###	echo "### set \"TEST_META=no\" to disable, and report thru"
-###	echo "### the Issue Tracking System <http://www.openldap.org/its/>"
-###	echo ""
-###fi
-
 if test x$TESTLOOPS = x ; then
 	TESTLOOPS=50
 fi
@@ -60,7 +48,7 @@ if test "$BACKEND" = "bdb" || test "$BACKEND" = "hdb" ; then
 fi
 
 echo "Starting slapd on TCP/IP port $PORT1..."
-. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+. $CONFFILTER $BACKEND $MONITORDB < $METACONF1 > $CONF1
 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
 PID=$!
 if test $WAIT != 0 ; then