From 1b42fde372eccf984009bdc05b47ee189999c5da Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Wed, 7 Dec 2005 17:35:02 +0000 Subject: [PATCH] implement (per-target) per-conn proxy-side idle-timeout (ITS#4115); revitalize (per-target) network-timeout in back-meta; fix issue with connection initialization error in ldap_back_retry(); cleanup configuration of back-ldap --- servers/slapd/back-ldap/back-ldap.h | 3 + servers/slapd/back-ldap/bind.c | 28 +++- servers/slapd/back-ldap/config.c | 198 ++++++++++++++++++---------- servers/slapd/back-meta/back-meta.h | 10 +- servers/slapd/back-meta/bind.c | 41 +++--- servers/slapd/back-meta/config.c | 45 ++++++- servers/slapd/back-meta/conn.c | 70 ++++++---- 7 files changed, 269 insertions(+), 126 deletions(-) diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h index 8ec1a372bc..33e90f141c 100644 --- a/servers/slapd/back-ldap/back-ldap.h +++ b/servers/slapd/back-ldap/back-ldap.h @@ -79,6 +79,7 @@ typedef struct ldapconn_t { unsigned lc_refcnt; unsigned lc_flags; + time_t lc_time; } ldapconn_t; /* @@ -183,6 +184,8 @@ typedef struct ldapinfo_t { ldap_avl_info_t li_conninfo; + time_t li_network_timeout; + time_t li_idle_timeout; time_t li_timeout[ LDAP_BACK_OP_LAST ]; } ldapinfo_t; diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index 2000f829ea..c67eb60640 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -581,9 +581,22 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok ) } } else { - Debug( LDAP_DEBUG_TRACE, - "=>ldap_back_getconn: conn %p fetched (refcnt=%u)\n", - (void *)lc, refcnt, 0 ); + if ( li->li_idle_timeout != 0 && op->o_time > lc->lc_time + li->li_idle_timeout ) { + /* in case of failure, it frees/taints lc and sets it to NULL */ + if ( ldap_back_retry( &lc, op, rs, sendok ) ) { + lc = NULL; + } + } + + if ( lc ) { + Debug( LDAP_DEBUG_TRACE, + "=>ldap_back_getconn: conn %p fetched (refcnt=%u)\n", + (void *)lc, refcnt, 0 ); + } + } + + if ( li->li_idle_timeout && lc ) { + lc->lc_time = op->o_time; } done:; @@ -925,6 +938,9 @@ ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_ int rc = 0; ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private; + assert( lcp != NULL ); + assert( *lcp != NULL ); + ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex ); if ( (*lcp)->lc_refcnt == 1 ) { @@ -940,7 +956,11 @@ ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_ /* lc here must be the regular lc, reset and ready for init */ rc = ldap_back_prepare_conn( lcp, op, rs, sendok ); - if ( rc == LDAP_SUCCESS ) { + if ( rc != LDAP_SUCCESS ) { + rc = 0; + *lcp = NULL; + + } else { rc = ldap_back_dobind_int( *lcp, op, rs, sendok, 0, 0 ); if ( rc == 0 ) { *lcp = NULL; diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c index f1c76916cd..07221bdfbd 100644 --- a/servers/slapd/back-ldap/config.c +++ b/servers/slapd/back-ldap/config.c @@ -60,6 +60,7 @@ enum { LDAP_BACK_CFG_T_F, LDAP_BACK_CFG_WHOAMI, LDAP_BACK_CFG_TIMEOUT, + LDAP_BACK_CFG_IDLE_TIMEOUT, LDAP_BACK_CFG_REWRITE, LDAP_BACK_CFG_LAST @@ -214,6 +215,14 @@ static ConfigTable ldapcfg[] = { "SYNTAX OMsDirectoryString " "SINGLE-VALUE )", NULL, NULL }, + { "idle-timeout", "timeout", 2, 0, 0, + ARG_MAGIC|LDAP_BACK_CFG_IDLE_TIMEOUT, + ldap_back_cf_gen, "( OLcfgDbAt:3.15 " + "NAME 'olcDbIdleTimeout' " + "DESC 'connection idle timeout' " + "SYNTAX OMsDirectoryString " + "SINGLE-VALUE )", + NULL, NULL }, { "suffixmassage", "[virtual]> li_flags & LDAP_BACK_F_TLS_MASK ), &bv ); - if ( BER_BVISNULL( &bv ) ) { - /* there's something wrong... */ - assert( 0 ); - rc = 1; - - } else { - value_add_one( &c->rvalue_vals, &bv ); - } + assert( !BER_BVISNULL( &bv ) ); + value_add_one( &c->rvalue_vals, &bv ); break; case LDAP_BACK_CFG_ACL_AUTHCDN: @@ -330,6 +334,10 @@ ldap_back_cf_gen( ConfigArgs *c ) case LDAP_BACK_CFG_ACL_BIND: { int i; + if ( li->li_acl_authmethod == LDAP_AUTH_NONE ) { + return 1; + } + bindconf_unparse( &li->li_acl, &bv ); for ( i = 0; isspace( bv.bv_val[ i ] ); i++ ) @@ -373,6 +381,10 @@ ldap_back_cf_gen( ConfigArgs *c ) struct berval bc = BER_BVNULL; char *ptr; + if ( li->li_idassert_authmethod == LDAP_AUTH_NONE ) { + return 1; + } + if ( li->li_idassert_authmethod != LDAP_AUTH_NONE ) { ber_len_t len; @@ -506,22 +518,46 @@ ldap_back_cf_gen( ConfigArgs *c ) case LDAP_BACK_CFG_TIMEOUT: BER_BVZERO( &bv ); + for ( i = 0; i < LDAP_BACK_OP_LAST; i++ ) { + if ( li->li_timeout[ i ] != 0 ) { + break; + } + } + + if ( i == LDAP_BACK_OP_LAST ) { + return 1; + } + slap_cf_aux_table_unparse( li->li_timeout, &bv, timeout_table ); - if ( !BER_BVISNULL( &bv ) ) { - for ( i = 0; isspace( bv.bv_val[ i ] ); i++ ) - /* count spaces */ ; + if ( BER_BVISNULL( &bv ) ) { + return 1; + } - if ( i ) { - bv.bv_len -= i; - AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], - bv.bv_len + 1 ); - } + for ( i = 0; isspace( bv.bv_val[ i ] ); i++ ) + /* count spaces */ ; - ber_bvarray_add( &c->rvalue_vals, &bv ); + if ( i ) { + bv.bv_len -= i; + AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ], + bv.bv_len + 1 ); } + + ber_bvarray_add( &c->rvalue_vals, &bv ); break; + case LDAP_BACK_CFG_IDLE_TIMEOUT: { + char buf[ SLAP_TEXT_BUFLEN ]; + + if ( li->li_idle_timeout == 0 ) { + return 1; + } + + lutil_unparse_time( buf, sizeof( buf ), li->li_idle_timeout ); + ber_str2bv( buf, 0, 0, &bv ); + value_add_one( &c->rvalue_vals, &bv ); + } break; + default: /* FIXME: we need to handle all... */ assert( 0 ); @@ -599,6 +635,10 @@ ldap_back_cf_gen( ConfigArgs *c ) } break; + case LDAP_BACK_CFG_IDLE_TIMEOUT: + li->li_idle_timeout = 0; + break; + default: /* FIXME: we need to handle all... */ assert( 0 ); @@ -614,14 +654,6 @@ ldap_back_cf_gen( ConfigArgs *c ) char **urllist = NULL; int urlrc = LDAP_URL_SUCCESS, i; - if ( c->argc != 2 ) { - fprintf( stderr, "%s: line %d: " - "missing uri " - "in \"uri \" line\n", - c->fname, c->lineno ); - return 1; - } - if ( li->li_uri != NULL ) { ch_free( li->li_uri ); li->li_uri = NULL; @@ -671,10 +703,11 @@ ldap_back_cf_gen( ConfigArgs *c ) why = "unknown reason"; break; } - fprintf( stderr, "%s: line %d: " + snprintf( c->msg, sizeof( c->msg), "unable to parse uri \"%s\" " - "in \"uri \" line: %s\n", - c->fname, c->lineno, c->value_string, why ); + "in \"uri \" line: %s", + c->value_string, why ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); urlrc = 1; goto done_url; } @@ -690,12 +723,13 @@ ldap_back_cf_gen( ConfigArgs *c ) || tmpludp->lud_filter != NULL || tmpludp->lud_exts != NULL ) { - fprintf( stderr, "%s: line %d: " + snprintf( c->msg, sizeof( c->msg ), "warning, only protocol, " "host and port allowed " "in \"uri \" statement " - "for uri #%d of \"%s\"\n", - c->fname, c->lineno, i, c->value_string ); + "for uri #%d of \"%s\"", + i, c->value_string ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); } } @@ -724,11 +758,12 @@ ldap_back_cf_gen( ConfigArgs *c ) urllist[ i ] = ldap_url_desc2str( &tmplud ); if ( urllist[ i ] == NULL ) { - fprintf( stderr, "%s: line %d: " + snprintf( c->msg, sizeof( c->msg), "unable to rebuild uri " "in \"uri \" statement " - "for \"%s\"\n", - c->fname, c->lineno, c->argv[ 1 ] ); + "for \"%s\"", + c->argv[ 1 ] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); urlrc = 1; goto done_url; } @@ -777,10 +812,11 @@ done_url:; break; default: - fprintf( stderr, "%s: line %d: " + snprintf( c->msg, sizeof( c->msg), "\"acl-authcDN \" incompatible " - "with auth method %d.", - c->fname, c->lineno, li->li_acl_authmethod ); + "with auth method %d", + li->li_acl_authmethod ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } if ( !BER_BVISNULL( &li->li_acl_authcDN ) ) { @@ -802,10 +838,11 @@ done_url:; break; default: - fprintf( stderr, "%s: line %d: " + snprintf( c->msg, sizeof( c->msg ), "\"acl-passwd \" incompatible " - "with auth method %d.", - c->fname, c->lineno, li->li_acl_authmethod ); + "with auth method %d", + li->li_acl_authmethod ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } if ( !BER_BVISNULL( &li->li_acl_passwd ) ) { @@ -897,10 +934,11 @@ done_url:; break; default: - fprintf( stderr, "%s: line %d: " + snprintf( c->msg, sizeof( c->msg ), "\"idassert-authcDN \" incompatible " - "with auth method %d.", - c->fname, c->lineno, li->li_idassert_authmethod ); + "with auth method %d", + li->li_idassert_authmethod ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } if ( !BER_BVISNULL( &li->li_idassert_authcDN ) ) { @@ -922,10 +960,11 @@ done_url:; break; default: - fprintf( stderr, "%s: line %d: " + snprintf( c->msg, sizeof( c->msg ), "\"idassert-passwd \" incompatible " - "with auth method %d.", - c->fname, c->lineno, li->li_idassert_authmethod ); + "with auth method %d", + li->li_idassert_authmethod ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } if ( !BER_BVISNULL( &li->li_idassert_passwd ) ) { @@ -943,10 +982,10 @@ done_url:; ber_str2bv( c->argv[ 1 ], 0, 0, &in ); rc = authzNormalize( 0, NULL, NULL, &in, &bv, NULL ); if ( rc != LDAP_SUCCESS ) { - fprintf( stderr, "%s: %d: " + snprintf( c->msg, sizeof( c->msg ), "\"idassert-authzFrom \": " - "invalid syntax.\n", - c->fname, c->lineno ); + "invalid syntax" ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } #else /* !SLAP_AUTHZ_SYNTAX */ @@ -957,10 +996,10 @@ done_url:; case LDAP_BACK_CFG_IDASSERT_METHOD: /* no longer supported */ - fprintf( stderr, "%s: %d: " + snprintf( c->msg, sizeof( c->msg ), "\"idassert-method \": " - "no longer supported; use \"idassert-bind\".\n", - c->fname, c->lineno ); + "no longer supported; use \"idassert-bind\"" ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; case LDAP_BACK_CFG_IDASSERT_BIND: @@ -971,10 +1010,11 @@ done_url:; j = verb_to_mask( argvi, idassert_mode ); if ( BER_BVISNULL( &idassert_mode[ j ].word ) ) { - fprintf( stderr, "%s: %d: " + snprintf( c->msg, sizeof( c->msg ), "\"idassert-bind \": " - "unknown mode \"%s\".\n", - c->fname, c->lineno, argvi ); + "unknown mode \"%s\"", + argvi ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } @@ -985,11 +1025,11 @@ done_url:; if ( strcasecmp( argvi, "native" ) == 0 ) { if ( li->li_idassert_authmethod != LDAP_AUTH_SASL ) { - fprintf( stderr, "%s: %d: " + snprintf( c->msg, sizeof( c->msg ), "\"idassert-bind \": " "authz=\"native\" incompatible " - "with auth method.\n", - c->fname, c->lineno ); + "with auth method" ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } li->li_idassert_flags |= LDAP_BACK_AUTH_NATIVE_AUTHZ; @@ -998,10 +1038,11 @@ done_url:; li->li_idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ; } else { - fprintf( stderr, "%s: %d: " + snprintf( c->msg, sizeof( c->msg ), "\"idassert-bind \": " - "unknown authz \"%s\".\n", - c->fname, c->lineno, argvi ); + "unknown authz \"%s\"", + argvi ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } @@ -1011,10 +1052,11 @@ done_url:; int j; if ( flags == NULL ) { - fprintf( stderr, "%s: %d: " + snprintf( c->msg, sizeof( c->msg ), "\"idassert-bind \": " - "unable to parse flags \"%s\".\n", - c->fname, c->lineno, argvi ); + "unable to parse flags \"%s\"", + argvi ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } @@ -1029,10 +1071,11 @@ done_url:; li->li_idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE ); } else { - fprintf( stderr, "%s: %d: " + snprintf( c->msg, sizeof( c->msg ), "\"idassert-bind \": " - "unknown flag \"%s\".\n", + "unknown flag \"%s\"", c->fname, c->lineno, flags[ j ] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; } } @@ -1084,10 +1127,6 @@ done_url:; break; case LDAP_BACK_CFG_TIMEOUT: - if ( c->argc < 2 ) { - return 1; - } - for ( i = 1; i < c->argc; i++ ) { if ( isdigit( c->argv[ i ][ 0 ] ) ) { int j; @@ -1110,13 +1149,26 @@ done_url:; } break; + case LDAP_BACK_CFG_IDLE_TIMEOUT: { + unsigned long t; + + if ( lutil_parse_time( c->argv[ 1 ], &t ) != 0 ) { + snprintf( c->msg, sizeof( c->msg), + "unable to parse idle timeout \"%s\"", + c->argv[ 1 ] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); + return 1; + } + li->li_idle_timeout = (time_t)t; + } break; + case LDAP_BACK_CFG_REWRITE: - fprintf( stderr, "%s: line %d: " + snprintf( c->msg, sizeof( c->msg ), "rewrite/remap capabilities have been moved " "to the \"rwm\" overlay; see slapo-rwm(5) " "for details (hint: add \"overlay rwm\" " - "and prefix all directives with \"rwm-\").\n", - c->fname, c->lineno ); + "and prefix all directives with \"rwm-\")" ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 ); return 1; default: diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h index 8ac932bb99..2a260e21f8 100644 --- a/servers/slapd/back-meta/back-meta.h +++ b/servers/slapd/back-meta/back-meta.h @@ -177,6 +177,8 @@ typedef struct metasingleconn_t { #define META_ANONYMOUS 2 #endif + time_t msc_time; + struct metainfo_t *msc_info; } metasingleconn_t; @@ -228,6 +230,8 @@ typedef struct metatarget_t { unsigned mt_flags; int mt_version; + time_t mt_network_timeout; + time_t mt_idle_timeout; time_t mt_timeout[ LDAP_BACK_OP_LAST ]; } metatarget_t; @@ -248,7 +252,6 @@ typedef struct metacandidates_t { typedef struct metainfo_t { int mi_ntargets; int mi_defaulttarget; - int mi_network_timeout; #define META_DEFAULT_TARGET_NONE (-1) int mi_nretries; @@ -271,6 +274,8 @@ typedef struct metainfo_t { #define META_BACK_DEFER_ROOTDN_BIND(mi) ( (mi)->mi_flags & META_BACK_F_DEFER_ROOTDN_BIND ) int mi_version; + time_t mi_network_timeout; + time_t mi_idle_timeout; time_t mi_timeout[ LDAP_BACK_OP_LAST ]; } metainfo_t; @@ -313,9 +318,8 @@ meta_back_init_one_conn( SlapReply *rs, metatarget_t *mt, metaconn_t *mc, - metasingleconn_t *msc, + int candidate, int ispriv, - int isauthz, ldap_back_send_t sendok ); extern int diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c index b300e745a4..158e862b10 100644 --- a/servers/slapd/back-meta/bind.c +++ b/servers/slapd/back-meta/bind.c @@ -147,7 +147,7 @@ meta_back_bind( Operation *op, SlapReply *rs ) */ Debug( LDAP_DEBUG_ANY, "### %s meta_back_bind: more than one" - " candidate is trying to bind...\n", + " candidate selected...\n", op->o_log_prefix, 0, 0 ); } @@ -334,6 +334,7 @@ rebind:; struct timeval tv; int rc; int nretries = mt->mt_nretries; + char buf[ SLAP_TEXT_BUFLEN ]; LDAP_BACK_TV_SET( &tv ); @@ -345,11 +346,12 @@ retry:; tv.tv_usec = META_BIND_TIMEOUT; switch ( ldap_result( msc->msc_ld, msgid, 0, &tv, &res ) ) { case 0: - Debug( LDAP_DEBUG_ANY, - "%s meta_back_single_bind: " + snprintf( buf, sizeof( buf ), "ldap_result=0 nretries=%d%s\n", - op->o_log_prefix, nretries, - rebinding ? " rebinding" : "" ); + nretries, rebinding ? " rebinding" : "" ); + Debug( LDAP_DEBUG_ANY, + "%s meta_back_single_bind[%d]: %s.\n", + op->o_log_prefix, candidate, buf ); if ( nretries != META_RETRY_NEVER ) { ldap_pvt_thread_yield(); @@ -381,10 +383,12 @@ retry:; ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL ); } + snprintf( buf, sizeof( buf ), + "err=%d nretries=%d", + rs->sr_err, nretries ); Debug( LDAP_DEBUG_ANY, - "### %s meta_back_single_bind: " - "err=%d nretries=%d\n", - op->o_log_prefix, rs->sr_err, nretries ); + "### %s meta_back_single_bind[%d]: %s.\n", + op->o_log_prefix, candidate, buf ); rc = slap_map_api2result( rs ); if ( rs->sr_err == LDAP_UNAVAILABLE && nretries != META_RETRY_NEVER ) { @@ -487,6 +491,7 @@ rebind:; if ( rc == LDAP_SUCCESS ) { LDAPMessage *res; struct timeval tv; + char buf[ SLAP_TEXT_BUFLEN ]; LDAP_BACK_TV_SET( &tv ); @@ -498,11 +503,12 @@ retry:; tv.tv_usec = META_BIND_TIMEOUT; switch ( ldap_result( msc->msc_ld, msgid, 0, &tv, &res ) ) { case 0: + snprintf( buf, sizeof( buf ), + "ldap_result=0 nretries=%d%s", + nretries, rebinding ? " rebinding" : "" ); Debug( LDAP_DEBUG_ANY, - "%s meta_back_single_dobind: " - "ldap_result=0 nretries=%d%s\n", - op->o_log_prefix, nretries, - rebinding ? " rebinding" : "" ); + "%s meta_back_single_dobind[%d]: %s.\n", + op->o_log_prefix, candidate, buf ); if ( nretries != META_RETRY_NEVER ) { ldap_pvt_thread_yield(); @@ -535,10 +541,12 @@ retry:; ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL ); } + snprintf( buf, sizeof( buf ), + "err=%d nretries=%d", + rs->sr_err, nretries ); Debug( LDAP_DEBUG_ANY, - "### %s meta_back_single_dobind: " - "err=%d nretries=%d\n", - op->o_log_prefix, rs->sr_err, nretries ); + "### %s meta_back_single_dobind[%d]: %s.\n", + op->o_log_prefix, candidate, buf ); rc = slap_map_api2result( rs ); if ( rc == LDAP_UNAVAILABLE && nretries != META_RETRY_NEVER ) { @@ -558,9 +566,8 @@ retry:; /* mc here must be the regular mc, * reset and ready for init */ rc = meta_back_init_one_conn( op, rs, - mt, mc, msc, + mt, mc, candidate, LDAP_BACK_CONN_ISPRIV( mc ), - candidate == mc->mc_authz_target, LDAP_BACK_DONTSEND ); } else { diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c index 3516b82e35..9e50749618 100644 --- a/servers/slapd/back-meta/config.c +++ b/servers/slapd/back-meta/config.c @@ -35,7 +35,7 @@ #include "back-meta.h" static int -new_target( +meta_back_new_target( metatarget_t *mt ) { struct ldapmapping *mapping; @@ -146,7 +146,7 @@ meta_back_db_config( return 1; } - if ( new_target( &mi->mi_targets[ i ] ) != 0 ) { + if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) { Debug( LDAP_DEBUG_ANY, "%s: line %d: unable to init server" " in \"uri ://[:port]/\" line\n", @@ -157,6 +157,8 @@ meta_back_db_config( mi->mi_targets[ i ].mt_nretries = mi->mi_nretries; mi->mi_targets[ i ].mt_flags = mi->mi_flags; mi->mi_targets[ i ].mt_version = mi->mi_version; + mi->mi_targets[ i ].mt_idle_timeout = mi->mi_idle_timeout; + mi->mi_targets[ i ].mt_network_timeout = mi->mi_network_timeout; for ( c = 0; c < LDAP_BACK_OP_LAST; c++ ) { mi->mi_targets[ i ].mt_timeout[ c ] = mi->mi_timeout[ c ]; @@ -344,7 +346,11 @@ meta_back_db_config( /* network timeout when connecting to ldap servers */ } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) { + int i = mi->mi_ntargets - 1; unsigned long t; + time_t *tp = mi->mi_ntargets ? + &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_network_timeout + : &mi->mi_network_timeout; if ( argc != 2 ) { Debug( LDAP_DEBUG_ANY, @@ -361,7 +367,40 @@ meta_back_db_config( } - mi->mi_network_timeout = (int)t; + *tp = (time_t)t; + + /* idle timeout when connecting to ldap servers */ + } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) { + int i = mi->mi_ntargets - 1; + unsigned long t; + time_t *tp = mi->mi_ntargets ? + &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_idle_timeout + : &mi->mi_idle_timeout; + + switch ( argc ) { + case 1: + Debug( LDAP_DEBUG_ANY, + "%s: line %d: missing timeout value in \"idle-timeout \" line\n", + fname, lineno, 0 ); + return 1; + case 2: + break; + default: + Debug( LDAP_DEBUG_ANY, + "%s: line %d: extra cruft after timeout value in \"idle-timeout \" line\n", + fname, lineno, 0 ); + return 1; + } + + if ( lutil_parse_time( argv[ 1 ], &t ) ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout \" line\n", + fname, lineno, argv[ 1 ] ); + return 1; + + } + + *tp = (time_t)t; /* name to use for meta_back_group */ } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0 diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c index 772771abf9..a37f8f4816 100644 --- a/servers/slapd/back-meta/conn.c +++ b/servers/slapd/back-meta/conn.c @@ -206,20 +206,34 @@ meta_back_init_one_conn( SlapReply *rs, metatarget_t *mt, metaconn_t *mc, - metasingleconn_t *msc, + int candidate, int ispriv, - int isauthz, ldap_back_send_t sendok ) { - metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private; - int vers; - dncookie dc; + metainfo_t *mi = ( metainfo_t * )op->o_bd->be_private; + metasingleconn_t *msc = &mc->mc_conns[ candidate ]; + int vers; + dncookie dc; + int isauthz = ( candidate == mc->mc_authz_target ); /* * Already init'ed */ if ( msc->msc_ld != NULL ) { - return rs->sr_err = LDAP_SUCCESS; + if ( mt->mt_idle_timeout == 0 ) { + return rs->sr_err = LDAP_SUCCESS; + } + + if ( op->o_time > msc->msc_time + mt->mt_idle_timeout ) { + Debug( LDAP_DEBUG_TRACE, + "%s meta_back_init_one_conn[%d]: idle timeout.\n", + op->o_log_prefix, candidate, 0 ); + if ( meta_back_retry( op, rs, mc, candidate, sendok ) ) { + return rs->sr_err; + } + } + + msc->msc_time = op->o_time; } /* @@ -344,11 +358,11 @@ retry:; /* * Set the network timeout if set */ - if ( mi->mi_network_timeout != 0 ) { + if ( mt->mt_network_timeout != 0 ) { struct timeval network_timeout; network_timeout.tv_usec = 0; - network_timeout.tv_sec = mi->mi_network_timeout; + network_timeout.tv_sec = mt->mt_network_timeout; ldap_set_option( msc->msc_ld, LDAP_OPT_NETWORK_TIMEOUT, (void *)&network_timeout ); @@ -414,6 +428,10 @@ error_return:; */ ( void )rewrite_session_init( mt->mt_rwmap.rwm_rw, op->o_conn ); + if ( mt->mt_idle_timeout ) { + msc->msc_time = op->o_time; + } + } else { rs->sr_err = slap_map_api2result( rs ); if ( sendok & LDAP_BACK_SENDERR ) { @@ -449,17 +467,22 @@ retry_lock:; assert( mc->mc_refcnt > 0 ); if ( mc->mc_refcnt == 1 ) { + char buf[ SLAP_TEXT_BUFLEN ]; + while ( ldap_pvt_thread_mutex_trylock( &mc->mc_mutex ) ) { ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex ); ldap_pvt_thread_yield(); goto retry_lock; } - Debug( LDAP_DEBUG_ANY, - "%s meta_back_retry: retrying URI=\"%s\" DN=\"%s\"\n", - op->o_log_prefix, mt->mt_uri, + snprintf( buf, sizeof( buf ), + "retrying URI=\"%s\" DN=\"%s\"", + mt->mt_uri, BER_BVISNULL( &msc->msc_bound_ndn ) ? "" : msc->msc_bound_ndn.bv_val ); + Debug( LDAP_DEBUG_ANY, + "%s meta_back_retry[%d]: %s.\n", + op->o_log_prefix, candidate, buf ); meta_clear_one_candidate( msc ); LDAP_BACK_CONN_ISBOUND_CLEAR( msc ); @@ -467,9 +490,8 @@ retry_lock:; ( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn ); /* mc here must be the regular mc, reset and ready for init */ - rc = meta_back_init_one_conn( op, rs, mt, mc, msc, - LDAP_BACK_CONN_ISPRIV( mc ), - candidate == mc->mc_authz_target, sendok ); + rc = meta_back_init_one_conn( op, rs, mt, mc, candidate, + LDAP_BACK_CONN_ISPRIV( mc ), sendok ); if ( rc == LDAP_SUCCESS ) { rc = meta_back_single_dobind( op, rs, mc, candidate, @@ -804,16 +826,14 @@ meta_back_getconn( for ( i = 0; i < mi->mi_ntargets; i++ ) { metatarget_t *mt = &mi->mi_targets[ i ]; - metasingleconn_t *msc = &mc->mc_conns[ i ]; /* * The target is activated; if needed, it is * also init'd */ candidates[ i ].sr_err = meta_back_init_one_conn( op, - rs, mt, mc, msc, - LDAP_BACK_CONN_ISPRIV( &mc_curr ), - i == mc->mc_authz_target, sendok ); + rs, mt, mc, i, + LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok ); if ( candidates[ i ].sr_err == LDAP_SUCCESS ) { candidates[ i ].sr_tag = META_CANDIDATE; ncandidates++; @@ -920,7 +940,7 @@ meta_back_getconn( } Debug( LDAP_DEBUG_TRACE, - "==>meta_back_getconn: got target %d for ndn=\"%s\" from cache\n", + "==>meta_back_getconn: got target=%d for ndn=\"%s\" from cache\n", i, op->o_req_ndn.bv_val, 0 ); if ( mc == NULL ) { @@ -957,9 +977,8 @@ meta_back_getconn( * also init'd. In case of error, meta_back_init_one_conn * sends the appropriate result. */ - err = meta_back_init_one_conn( op, rs, mt, mc, msc, - LDAP_BACK_CONN_ISPRIV( &mc_curr ), - i == mc->mc_authz_target, sendok ); + err = meta_back_init_one_conn( op, rs, mt, mc, i, + LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok ); if ( err != LDAP_SUCCESS ) { /* * FIXME: in case one target cannot @@ -1014,16 +1033,15 @@ meta_back_getconn( * also init'd */ int lerr = meta_back_init_one_conn( op, rs, - mt, mc, msc, + mt, mc, i, LDAP_BACK_CONN_ISPRIV( &mc_curr ), - i == mc->mc_authz_target, sendok ); if ( lerr == LDAP_SUCCESS ) { candidates[ i ].sr_tag = META_CANDIDATE; candidates[ i ].sr_err = LDAP_SUCCESS; ncandidates++; - Debug( LDAP_DEBUG_TRACE, "%s: meta_back_init_one_conn(%d)\n", + Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d]\n", op->o_log_prefix, i, 0 ); } else { @@ -1040,7 +1058,7 @@ meta_back_getconn( candidates[ i ].sr_err = lerr; err = lerr; - Debug( LDAP_DEBUG_ANY, "%s: meta_back_init_one_conn(%d) failed: %d\n", + Debug( LDAP_DEBUG_ANY, "%s: meta_back_getconn[%d] failed: %d\n", op->o_log_prefix, i, lerr ); continue; -- 2.39.5