1 /* $NetBSD: connection.c,v 1.2 2020/08/11 13:15:39 christos Exp $ */ 2 3 /* $OpenLDAP$ */ 4 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 5 * 6 * Copyright 1998-2020 The OpenLDAP Foundation. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted only as authorized by the OpenLDAP 11 * Public License. 12 * 13 * A copy of this license is available in the file LICENSE in the 14 * top-level directory of the distribution or, alternatively, at 15 * <http://www.OpenLDAP.org/license.html>. 16 */ 17 /* Portions Copyright (c) 1995 Regents of the University of Michigan. 18 * All rights reserved. 19 * 20 * Redistribution and use in source and binary forms are permitted 21 * provided that this notice is preserved and that due credit is given 22 * to the University of Michigan at Ann Arbor. The name of the University 23 * may not be used to endorse or promote products derived from this 24 * software without specific prior written permission. This software 25 * is provided ``as is'' without express or implied warranty. 26 */ 27 28 #include <sys/cdefs.h> 29 __RCSID("$NetBSD: connection.c,v 1.2 2020/08/11 13:15:39 christos Exp $"); 30 31 #include "portable.h" 32 33 #include <stdio.h> 34 #ifdef HAVE_LIMITS_H 35 #include <limits.h> 36 #endif 37 38 #include <ac/socket.h> 39 #include <ac/errno.h> 40 #include <ac/string.h> 41 #include <ac/time.h> 42 #include <ac/unistd.h> 43 44 #include "lutil.h" 45 #include "slap.h" 46 47 #ifdef LDAP_CONNECTIONLESS 48 #include "../../libraries/liblber/lber-int.h" /* ber_int_sb_read() */ 49 #endif 50 51 #ifdef LDAP_SLAPI 52 #include "slapi/slapi.h" 53 #endif 54 55 /* protected by connections_mutex */ 56 static ldap_pvt_thread_mutex_t connections_mutex; 57 static Connection *connections = NULL; 58 59 static ldap_pvt_thread_mutex_t conn_nextid_mutex; 60 static unsigned long conn_nextid = SLAPD_SYNC_SYNCCONN_OFFSET; 61 62 static const char conn_lost_str[] = "connection lost"; 63 64 const char * 65 connection_state2str( int state ) 66 { 67 switch( state ) { 68 case SLAP_C_INVALID: return "!"; 69 case SLAP_C_INACTIVE: return "|"; 70 case SLAP_C_CLOSING: return "C"; 71 case SLAP_C_ACTIVE: return ""; 72 case SLAP_C_BINDING: return "B"; 73 case SLAP_C_CLIENT: return "L"; 74 } 75 76 return "?"; 77 } 78 79 static Connection* connection_get( ber_socket_t s ); 80 81 typedef struct conn_readinfo { 82 Operation *op; 83 ldap_pvt_thread_start_t *func; 84 void *arg; 85 void *ctx; 86 int nullop; 87 } conn_readinfo; 88 89 static int connection_input( Connection *c, conn_readinfo *cri ); 90 static void connection_close( Connection *c ); 91 92 static int connection_op_activate( Operation *op ); 93 static void connection_op_queue( Operation *op ); 94 static int connection_resched( Connection *conn ); 95 static void connection_abandon( Connection *conn ); 96 static void connection_destroy( Connection *c ); 97 98 static ldap_pvt_thread_start_t connection_operation; 99 100 /* 101 * Initialize connection management infrastructure. 102 */ 103 int connections_init(void) 104 { 105 int i; 106 107 assert( connections == NULL ); 108 109 if( connections != NULL) { 110 Debug( LDAP_DEBUG_ANY, "connections_init: already initialized.\n", 111 0, 0, 0 ); 112 return -1; 113 } 114 115 /* should check return of every call */ 116 ldap_pvt_thread_mutex_init( &connections_mutex ); 117 ldap_pvt_thread_mutex_init( &conn_nextid_mutex ); 118 119 connections = (Connection *) ch_calloc( dtblsize, sizeof(Connection) ); 120 121 if( connections == NULL ) { 122 Debug( LDAP_DEBUG_ANY, "connections_init: " 123 "allocation (%d*%ld) of connection array failed\n", 124 dtblsize, (long) sizeof(Connection), 0 ); 125 return -1; 126 } 127 128 assert( connections[0].c_struct_state == SLAP_C_UNINITIALIZED ); 129 assert( connections[dtblsize-1].c_struct_state == SLAP_C_UNINITIALIZED ); 130 131 for (i=0; i<dtblsize; i++) connections[i].c_conn_idx = i; 132 133 /* 134 * per entry initialization of the Connection array initialization 135 * will be done by connection_init() 136 */ 137 138 return 0; 139 } 140 141 /* 142 * Destroy connection management infrastructure. 143 */ 144 145 int connections_destroy(void) 146 { 147 ber_socket_t i; 148 149 /* should check return of every call */ 150 151 if( connections == NULL) { 152 Debug( LDAP_DEBUG_ANY, "connections_destroy: nothing to destroy.\n", 153 0, 0, 0 ); 154 return -1; 155 } 156 157 for ( i = 0; i < dtblsize; i++ ) { 158 if( connections[i].c_struct_state != SLAP_C_UNINITIALIZED ) { 159 ber_sockbuf_free( connections[i].c_sb ); 160 ldap_pvt_thread_mutex_destroy( &connections[i].c_mutex ); 161 ldap_pvt_thread_mutex_destroy( &connections[i].c_write1_mutex ); 162 ldap_pvt_thread_mutex_destroy( &connections[i].c_write2_mutex ); 163 ldap_pvt_thread_cond_destroy( &connections[i].c_write1_cv ); 164 ldap_pvt_thread_cond_destroy( &connections[i].c_write2_cv ); 165 #ifdef LDAP_SLAPI 166 if ( slapi_plugins_used ) { 167 slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION, 168 &connections[i] ); 169 } 170 #endif 171 } 172 } 173 174 free( connections ); 175 connections = NULL; 176 177 ldap_pvt_thread_mutex_destroy( &connections_mutex ); 178 ldap_pvt_thread_mutex_destroy( &conn_nextid_mutex ); 179 return 0; 180 } 181 182 /* 183 * shutdown all connections 184 */ 185 int connections_shutdown(void) 186 { 187 ber_socket_t i; 188 189 for ( i = 0; i < dtblsize; i++ ) { 190 if( connections[i].c_struct_state != SLAP_C_UNINITIALIZED ) { 191 ldap_pvt_thread_mutex_lock( &connections[i].c_mutex ); 192 if( connections[i].c_struct_state == SLAP_C_USED ) { 193 194 /* give persistent clients a chance to cleanup */ 195 if( connections[i].c_conn_state == SLAP_C_CLIENT ) { 196 ldap_pvt_thread_pool_submit( &connection_pool, 197 connections[i].c_clientfunc, connections[i].c_clientarg ); 198 } else { 199 /* c_mutex is locked */ 200 connection_closing( &connections[i], "slapd shutdown" ); 201 connection_close( &connections[i] ); 202 } 203 } 204 ldap_pvt_thread_mutex_unlock( &connections[i].c_mutex ); 205 } 206 } 207 208 return 0; 209 } 210 211 /* 212 * Timeout idle connections. 213 */ 214 int connections_timeout_idle(time_t now) 215 { 216 int i = 0, writers = 0; 217 ber_socket_t connindex; 218 Connection* c; 219 time_t old; 220 221 old = slapd_get_writetime(); 222 223 for( c = connection_first( &connindex ); 224 c != NULL; 225 c = connection_next( c, &connindex ) ) 226 { 227 /* Don't timeout a slow-running request or a persistent 228 * outbound connection. But if it has a writewaiter, see 229 * if the waiter has been there too long. 230 */ 231 if(( c->c_n_ops_executing && !c->c_writewaiter) 232 || c->c_conn_state == SLAP_C_CLIENT ) { 233 continue; 234 } 235 236 if( global_idletimeout && 237 difftime( c->c_activitytime+global_idletimeout, now) < 0 ) { 238 /* close it */ 239 connection_closing( c, "idletimeout" ); 240 connection_close( c ); 241 i++; 242 continue; 243 } 244 if ( c->c_writewaiter && global_writetimeout ) { 245 writers = 1; 246 if( difftime( c->c_activitytime+global_writetimeout, now) < 0 ) { 247 /* close it */ 248 connection_closing( c, "writetimeout" ); 249 connection_close( c ); 250 i++; 251 continue; 252 } 253 } 254 } 255 connection_done( c ); 256 if ( old && !writers ) 257 slapd_clr_writetime( old ); 258 259 return i; 260 } 261 262 /* Drop all client connections */ 263 void connections_drop() 264 { 265 Connection* c; 266 ber_socket_t connindex; 267 268 for( c = connection_first( &connindex ); 269 c != NULL; 270 c = connection_next( c, &connindex ) ) 271 { 272 /* Don't close a slow-running request or a persistent 273 * outbound connection. 274 */ 275 if(( c->c_n_ops_executing && !c->c_writewaiter) 276 || c->c_conn_state == SLAP_C_CLIENT ) { 277 continue; 278 } 279 connection_closing( c, "dropping" ); 280 connection_close( c ); 281 } 282 connection_done( c ); 283 } 284 285 static Connection* connection_get( ber_socket_t s ) 286 { 287 Connection *c; 288 289 Debug( LDAP_DEBUG_ARGS, 290 "connection_get(%ld)\n", 291 (long) s, 0, 0 ); 292 293 assert( connections != NULL ); 294 295 if(s == AC_SOCKET_INVALID) return NULL; 296 297 assert( s < dtblsize ); 298 c = &connections[s]; 299 300 if( c != NULL ) { 301 ldap_pvt_thread_mutex_lock( &c->c_mutex ); 302 303 assert( c->c_struct_state != SLAP_C_UNINITIALIZED ); 304 305 if( c->c_struct_state != SLAP_C_USED ) { 306 /* connection must have been closed due to resched */ 307 308 Debug( LDAP_DEBUG_CONNS, 309 "connection_get(%d): connection not used\n", 310 s, 0, 0 ); 311 assert( c->c_conn_state == SLAP_C_INVALID ); 312 assert( c->c_sd == AC_SOCKET_INVALID ); 313 314 ldap_pvt_thread_mutex_unlock( &c->c_mutex ); 315 return NULL; 316 } 317 318 Debug( LDAP_DEBUG_TRACE, 319 "connection_get(%d): got connid=%lu\n", 320 s, c->c_connid, 0 ); 321 322 c->c_n_get++; 323 324 assert( c->c_struct_state == SLAP_C_USED ); 325 assert( c->c_conn_state != SLAP_C_INVALID ); 326 assert( c->c_sd != AC_SOCKET_INVALID ); 327 328 #ifndef SLAPD_MONITOR 329 if ( global_idletimeout > 0 ) 330 #endif /* ! SLAPD_MONITOR */ 331 { 332 c->c_activitytime = slap_get_time(); 333 } 334 } 335 336 return c; 337 } 338 339 static void connection_return( Connection *c ) 340 { 341 ldap_pvt_thread_mutex_unlock( &c->c_mutex ); 342 } 343 344 Connection * connection_init( 345 ber_socket_t s, 346 Listener *listener, 347 const char* dnsname, 348 const char* peername, 349 int flags, 350 slap_ssf_t ssf, 351 struct berval *authid 352 LDAP_PF_LOCAL_SENDMSG_ARG(struct berval *peerbv)) 353 { 354 unsigned long id; 355 Connection *c; 356 int doinit = 0; 357 ber_socket_t sfd = SLAP_FD2SOCK(s); 358 359 assert( connections != NULL ); 360 361 assert( listener != NULL ); 362 assert( dnsname != NULL ); 363 assert( peername != NULL ); 364 365 #ifndef HAVE_TLS 366 assert( !( flags & CONN_IS_TLS )); 367 #endif 368 369 if( s == AC_SOCKET_INVALID ) { 370 Debug( LDAP_DEBUG_ANY, 371 "connection_init: init of socket %ld invalid.\n", (long)s, 0, 0 ); 372 return NULL; 373 } 374 375 assert( s >= 0 ); 376 assert( s < dtblsize ); 377 c = &connections[s]; 378 if( c->c_struct_state == SLAP_C_UNINITIALIZED ) { 379 doinit = 1; 380 } else { 381 assert( c->c_struct_state == SLAP_C_UNUSED ); 382 } 383 384 if( doinit ) { 385 c->c_send_ldap_result = slap_send_ldap_result; 386 c->c_send_search_entry = slap_send_search_entry; 387 c->c_send_search_reference = slap_send_search_reference; 388 c->c_send_ldap_extended = slap_send_ldap_extended; 389 c->c_send_ldap_intermediate = slap_send_ldap_intermediate; 390 391 BER_BVZERO( &c->c_authmech ); 392 BER_BVZERO( &c->c_dn ); 393 BER_BVZERO( &c->c_ndn ); 394 395 c->c_listener = NULL; 396 BER_BVZERO( &c->c_peer_domain ); 397 BER_BVZERO( &c->c_peer_name ); 398 399 LDAP_STAILQ_INIT(&c->c_ops); 400 LDAP_STAILQ_INIT(&c->c_pending_ops); 401 402 #ifdef LDAP_X_TXN 403 c->c_txn = CONN_TXN_INACTIVE; 404 c->c_txn_backend = NULL; 405 LDAP_STAILQ_INIT(&c->c_txn_ops); 406 #endif 407 408 BER_BVZERO( &c->c_sasl_bind_mech ); 409 c->c_sasl_done = 0; 410 c->c_sasl_authctx = NULL; 411 c->c_sasl_sockctx = NULL; 412 c->c_sasl_extra = NULL; 413 c->c_sasl_bindop = NULL; 414 415 c->c_sb = ber_sockbuf_alloc( ); 416 417 { 418 ber_len_t max = sockbuf_max_incoming; 419 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); 420 } 421 422 c->c_currentber = NULL; 423 424 /* should check status of thread calls */ 425 ldap_pvt_thread_mutex_init( &c->c_mutex ); 426 ldap_pvt_thread_mutex_init( &c->c_write1_mutex ); 427 ldap_pvt_thread_mutex_init( &c->c_write2_mutex ); 428 ldap_pvt_thread_cond_init( &c->c_write1_cv ); 429 ldap_pvt_thread_cond_init( &c->c_write2_cv ); 430 431 #ifdef LDAP_SLAPI 432 if ( slapi_plugins_used ) { 433 slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, c ); 434 } 435 #endif 436 } 437 438 ldap_pvt_thread_mutex_lock( &c->c_mutex ); 439 440 assert( BER_BVISNULL( &c->c_authmech ) ); 441 assert( BER_BVISNULL( &c->c_dn ) ); 442 assert( BER_BVISNULL( &c->c_ndn ) ); 443 assert( c->c_listener == NULL ); 444 assert( BER_BVISNULL( &c->c_peer_domain ) ); 445 assert( BER_BVISNULL( &c->c_peer_name ) ); 446 assert( LDAP_STAILQ_EMPTY(&c->c_ops) ); 447 assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) ); 448 #ifdef LDAP_X_TXN 449 assert( c->c_txn == CONN_TXN_INACTIVE ); 450 assert( c->c_txn_backend == NULL ); 451 assert( LDAP_STAILQ_EMPTY(&c->c_txn_ops) ); 452 #endif 453 assert( BER_BVISNULL( &c->c_sasl_bind_mech ) ); 454 assert( c->c_sasl_done == 0 ); 455 assert( c->c_sasl_authctx == NULL ); 456 assert( c->c_sasl_sockctx == NULL ); 457 assert( c->c_sasl_extra == NULL ); 458 assert( c->c_sasl_bindop == NULL ); 459 assert( c->c_currentber == NULL ); 460 assert( c->c_writewaiter == 0); 461 assert( c->c_writers == 0); 462 463 c->c_listener = listener; 464 c->c_sd = s; 465 466 if ( flags & CONN_IS_CLIENT ) { 467 c->c_connid = 0; 468 ldap_pvt_thread_mutex_lock( &connections_mutex ); 469 c->c_conn_state = SLAP_C_CLIENT; 470 c->c_struct_state = SLAP_C_USED; 471 ldap_pvt_thread_mutex_unlock( &connections_mutex ); 472 c->c_close_reason = "?"; /* should never be needed */ 473 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_FD, &sfd ); 474 ldap_pvt_thread_mutex_unlock( &c->c_mutex ); 475 476 return c; 477 } 478 479 ber_str2bv( dnsname, 0, 1, &c->c_peer_domain ); 480 ber_str2bv( peername, 0, 1, &c->c_peer_name ); 481 482 c->c_n_ops_received = 0; 483 c->c_n_ops_executing = 0; 484 c->c_n_ops_pending = 0; 485 c->c_n_ops_completed = 0; 486 487 c->c_n_get = 0; 488 c->c_n_read = 0; 489 c->c_n_write = 0; 490 491 /* set to zero until bind, implies LDAP_VERSION3 */ 492 c->c_protocol = 0; 493 494 #ifndef SLAPD_MONITOR 495 if ( global_idletimeout > 0 ) 496 #endif /* ! SLAPD_MONITOR */ 497 { 498 c->c_activitytime = c->c_starttime = slap_get_time(); 499 } 500 501 #ifdef LDAP_CONNECTIONLESS 502 c->c_is_udp = 0; 503 if( flags & CONN_IS_UDP ) { 504 c->c_is_udp = 1; 505 #ifdef LDAP_DEBUG 506 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug, 507 LBER_SBIOD_LEVEL_PROVIDER, (void*)"udp_" ); 508 #endif 509 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_udp, 510 LBER_SBIOD_LEVEL_PROVIDER, (void *)&sfd ); 511 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_readahead, 512 LBER_SBIOD_LEVEL_PROVIDER, NULL ); 513 } else 514 #endif /* LDAP_CONNECTIONLESS */ 515 #ifdef LDAP_PF_LOCAL 516 if ( flags & CONN_IS_IPC ) { 517 #ifdef LDAP_DEBUG 518 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug, 519 LBER_SBIOD_LEVEL_PROVIDER, (void*)"ipc_" ); 520 #endif 521 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_fd, 522 LBER_SBIOD_LEVEL_PROVIDER, (void *)&sfd ); 523 #ifdef LDAP_PF_LOCAL_SENDMSG 524 if ( !BER_BVISEMPTY( peerbv )) 525 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_UNGET_BUF, peerbv ); 526 #endif 527 } else 528 #endif /* LDAP_PF_LOCAL */ 529 { 530 #ifdef LDAP_DEBUG 531 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug, 532 LBER_SBIOD_LEVEL_PROVIDER, (void*)"tcp_" ); 533 #endif 534 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_tcp, 535 LBER_SBIOD_LEVEL_PROVIDER, (void *)&sfd ); 536 } 537 538 #ifdef LDAP_DEBUG 539 ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug, 540 INT_MAX, (void*)"ldap_" ); 541 #endif 542 543 if( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_NONBLOCK, 544 c /* non-NULL */ ) < 0 ) 545 { 546 Debug( LDAP_DEBUG_ANY, 547 "connection_init(%d, %s): set nonblocking failed\n", 548 s, c->c_peer_name.bv_val, 0 ); 549 550 c->c_listener = NULL; 551 if(c->c_peer_domain.bv_val != NULL) { 552 free(c->c_peer_domain.bv_val); 553 } 554 BER_BVZERO( &c->c_peer_domain ); 555 if(c->c_peer_name.bv_val != NULL) { 556 free(c->c_peer_name.bv_val); 557 } 558 BER_BVZERO( &c->c_peer_name ); 559 560 ber_sockbuf_free( c->c_sb ); 561 c->c_sb = NULL; 562 c->c_sd = AC_SOCKET_INVALID; 563 ldap_pvt_thread_mutex_unlock( &c->c_mutex ); 564 565 return NULL; 566 } 567 568 ldap_pvt_thread_mutex_lock( &conn_nextid_mutex ); 569 id = c->c_connid = conn_nextid++; 570 ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex ); 571 572 ldap_pvt_thread_mutex_lock( &connections_mutex ); 573 c->c_conn_state = SLAP_C_INACTIVE; 574 c->c_struct_state = SLAP_C_USED; 575 ldap_pvt_thread_mutex_unlock( &connections_mutex ); 576 c->c_close_reason = "?"; /* should never be needed */ 577 578 c->c_ssf = c->c_transport_ssf = ssf; 579 c->c_tls_ssf = c->c_sasl_ssf = 0; 580 581 #ifdef HAVE_TLS 582 if ( flags & CONN_IS_TLS ) { 583 c->c_is_tls = 1; 584 c->c_needs_tls_accept = 1; 585 } else { 586 c->c_is_tls = 0; 587 c->c_needs_tls_accept = 0; 588 } 589 #endif 590 591 slap_sasl_open( c, 0 ); 592 slap_sasl_external( c, ssf, authid ); 593 594 slapd_add_internal( s, 1 ); 595 596 backend_connection_init(c); 597 ldap_pvt_thread_mutex_unlock( &c->c_mutex ); 598 599 if ( !(flags & CONN_IS_UDP )) 600 Statslog( LDAP_DEBUG_STATS, 601 "conn=%ld fd=%ld ACCEPT from %s (%s)\n", 602 id, (long) s, peername, listener->sl_name.bv_val, 0 ); 603 604 return c; 605 } 606 607 void connection2anonymous( Connection *c ) 608 { 609 assert( connections != NULL ); 610 assert( c != NULL ); 611 612 { 613 ber_len_t max = sockbuf_max_incoming; 614 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); 615 } 616 617 if ( !BER_BVISNULL( &c->c_authmech ) ) { 618 ch_free(c->c_authmech.bv_val); 619 } 620 BER_BVZERO( &c->c_authmech ); 621 622 if ( !BER_BVISNULL( &c->c_dn ) ) { 623 ch_free(c->c_dn.bv_val); 624 } 625 BER_BVZERO( &c->c_dn ); 626 627 if ( !BER_BVISNULL( &c->c_ndn ) ) { 628 ch_free(c->c_ndn.bv_val); 629 } 630 BER_BVZERO( &c->c_ndn ); 631 632 if ( !BER_BVISNULL( &c->c_sasl_authz_dn ) ) { 633 ber_memfree_x( c->c_sasl_authz_dn.bv_val, NULL ); 634 } 635 BER_BVZERO( &c->c_sasl_authz_dn ); 636 637 c->c_authz_backend = NULL; 638 } 639 640 static void 641 connection_destroy( Connection *c ) 642 { 643 unsigned long connid; 644 const char *close_reason; 645 Sockbuf *sb; 646 ber_socket_t sd; 647 648 assert( connections != NULL ); 649 assert( c != NULL ); 650 assert( c->c_struct_state != SLAP_C_UNUSED ); 651 assert( c->c_conn_state != SLAP_C_INVALID ); 652 assert( LDAP_STAILQ_EMPTY(&c->c_ops) ); 653 assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) ); 654 #ifdef LDAP_X_TXN 655 assert( c->c_txn == CONN_TXN_INACTIVE ); 656 assert( c->c_txn_backend == NULL ); 657 assert( LDAP_STAILQ_EMPTY(&c->c_txn_ops) ); 658 #endif 659 assert( c->c_writewaiter == 0); 660 assert( c->c_writers == 0); 661 662 /* only for stats (print -1 as "%lu" may give unexpected results ;) */ 663 connid = c->c_connid; 664 close_reason = c->c_close_reason; 665 666 ldap_pvt_thread_mutex_lock( &connections_mutex ); 667 c->c_struct_state = SLAP_C_PENDING; 668 ldap_pvt_thread_mutex_unlock( &connections_mutex ); 669 670 backend_connection_destroy(c); 671 672 c->c_protocol = 0; 673 c->c_connid = -1; 674 675 c->c_activitytime = c->c_starttime = 0; 676 677 connection2anonymous( c ); 678 c->c_listener = NULL; 679 680 if(c->c_peer_domain.bv_val != NULL) { 681 free(c->c_peer_domain.bv_val); 682 } 683 BER_BVZERO( &c->c_peer_domain ); 684 if(c->c_peer_name.bv_val != NULL) { 685 free(c->c_peer_name.bv_val); 686 } 687 BER_BVZERO( &c->c_peer_name ); 688 689 c->c_sasl_bind_in_progress = 0; 690 if(c->c_sasl_bind_mech.bv_val != NULL) { 691 free(c->c_sasl_bind_mech.bv_val); 692 } 693 BER_BVZERO( &c->c_sasl_bind_mech ); 694 695 slap_sasl_close( c ); 696 697 if ( c->c_currentber != NULL ) { 698 ber_free( c->c_currentber, 1 ); 699 c->c_currentber = NULL; 700 } 701 702 703 #ifdef LDAP_SLAPI 704 /* call destructors, then constructors; avoids unnecessary allocation */ 705 if ( slapi_plugins_used ) { 706 slapi_int_clear_object_extensions( SLAPI_X_EXT_CONNECTION, c ); 707 } 708 #endif 709 710 sd = c->c_sd; 711 c->c_sd = AC_SOCKET_INVALID; 712 c->c_conn_state = SLAP_C_INVALID; 713 c->c_struct_state = SLAP_C_UNUSED; 714 c->c_close_reason = "?"; /* should never be needed */ 715 716 sb = c->c_sb; 717 c->c_sb = ber_sockbuf_alloc( ); 718 { 719 ber_len_t max = sockbuf_max_incoming; 720 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); 721 } 722 723 /* c must be fully reset by this point; when we call slapd_remove 724 * it may get immediately reused by a new connection. 725 */ 726 if ( sd != AC_SOCKET_INVALID ) { 727 slapd_remove( sd, sb, 1, 0, 0 ); 728 729 if ( close_reason == NULL ) { 730 Statslog( LDAP_DEBUG_STATS, "conn=%lu fd=%ld closed\n", 731 connid, (long) sd, 0, 0, 0 ); 732 } else { 733 Statslog( LDAP_DEBUG_STATS, "conn=%lu fd=%ld closed (%s)\n", 734 connid, (long) sd, close_reason, 0, 0 ); 735 } 736 } 737 } 738 739 int connection_valid( Connection *c ) 740 { 741 /* c_mutex must be locked by caller */ 742 743 assert( c != NULL ); 744 745 return c->c_struct_state == SLAP_C_USED && 746 c->c_conn_state >= SLAP_C_ACTIVE && 747 c->c_conn_state <= SLAP_C_CLIENT; 748 } 749 750 static void connection_abandon( Connection *c ) 751 { 752 /* c_mutex must be locked by caller */ 753 754 Operation *o, *next, op = {0}; 755 Opheader ohdr = {0}; 756 757 op.o_hdr = &ohdr; 758 op.o_conn = c; 759 op.o_connid = c->c_connid; 760 op.o_tag = LDAP_REQ_ABANDON; 761 762 for ( o = LDAP_STAILQ_FIRST( &c->c_ops ); o; o=next ) { 763 SlapReply rs = {REP_RESULT}; 764 765 next = LDAP_STAILQ_NEXT( o, o_next ); 766 /* don't abandon an op twice */ 767 if ( o->o_abandon ) 768 continue; 769 op.orn_msgid = o->o_msgid; 770 o->o_abandon = 1; 771 op.o_bd = frontendDB; 772 frontendDB->be_abandon( &op, &rs ); 773 } 774 775 #ifdef LDAP_X_TXN 776 /* remove operations in pending transaction */ 777 while ( (o = LDAP_STAILQ_FIRST( &c->c_txn_ops )) != NULL) { 778 LDAP_STAILQ_REMOVE_HEAD( &c->c_txn_ops, o_next ); 779 LDAP_STAILQ_NEXT(o, o_next) = NULL; 780 slap_op_free( o, NULL ); 781 } 782 783 /* clear transaction */ 784 c->c_txn_backend = NULL; 785 c->c_txn = CONN_TXN_INACTIVE; 786 #endif 787 788 /* remove pending operations */ 789 while ( (o = LDAP_STAILQ_FIRST( &c->c_pending_ops )) != NULL) { 790 LDAP_STAILQ_REMOVE_HEAD( &c->c_pending_ops, o_next ); 791 LDAP_STAILQ_NEXT(o, o_next) = NULL; 792 slap_op_free( o, NULL ); 793 } 794 } 795 796 static void 797 connection_wake_writers( Connection *c ) 798 { 799 /* wake write blocked operations */ 800 ldap_pvt_thread_mutex_lock( &c->c_write1_mutex ); 801 if ( c->c_writers > 0 ) { 802 c->c_writers = -c->c_writers; 803 ldap_pvt_thread_cond_broadcast( &c->c_write1_cv ); 804 ldap_pvt_thread_mutex_unlock( &c->c_write1_mutex ); 805 if ( c->c_writewaiter ) { 806 ldap_pvt_thread_mutex_lock( &c->c_write2_mutex ); 807 ldap_pvt_thread_cond_signal( &c->c_write2_cv ); 808 slapd_clr_write( c->c_sd, 1 ); 809 ldap_pvt_thread_mutex_unlock( &c->c_write2_mutex ); 810 } 811 ldap_pvt_thread_mutex_lock( &c->c_write1_mutex ); 812 while ( c->c_writers ) { 813 ldap_pvt_thread_cond_wait( &c->c_write1_cv, &c->c_write1_mutex ); 814 } 815 ldap_pvt_thread_mutex_unlock( &c->c_write1_mutex ); 816 } else { 817 ldap_pvt_thread_mutex_unlock( &c->c_write1_mutex ); 818 slapd_clr_write( c->c_sd, 1 ); 819 } 820 } 821 822 void connection_closing( Connection *c, const char *why ) 823 { 824 assert( connections != NULL ); 825 assert( c != NULL ); 826 827 if ( c->c_struct_state != SLAP_C_USED ) return; 828 829 assert( c->c_conn_state != SLAP_C_INVALID ); 830 831 /* c_mutex must be locked by caller */ 832 833 if( c->c_conn_state != SLAP_C_CLOSING ) { 834 Debug( LDAP_DEBUG_CONNS, 835 "connection_closing: readying conn=%lu sd=%d for close\n", 836 c->c_connid, c->c_sd, 0 ); 837 /* update state to closing */ 838 c->c_conn_state = SLAP_C_CLOSING; 839 c->c_close_reason = why; 840 841 /* don't listen on this port anymore */ 842 slapd_clr_read( c->c_sd, 0 ); 843 844 /* abandon active operations */ 845 connection_abandon( c ); 846 847 /* wake write blocked operations */ 848 connection_wake_writers( c ); 849 850 } else if( why == NULL && c->c_close_reason == conn_lost_str ) { 851 /* Client closed connection after doing Unbind. */ 852 c->c_close_reason = NULL; 853 } 854 } 855 856 static void 857 connection_close( Connection *c ) 858 { 859 assert( connections != NULL ); 860 assert( c != NULL ); 861 862 if ( c->c_struct_state != SLAP_C_USED ) return; 863 864 assert( c->c_conn_state == SLAP_C_CLOSING ); 865 866 /* NOTE: c_mutex should be locked by caller */ 867 868 if ( !LDAP_STAILQ_EMPTY(&c->c_ops) || 869 !LDAP_STAILQ_EMPTY(&c->c_pending_ops) ) 870 { 871 Debug( LDAP_DEBUG_CONNS, 872 "connection_close: deferring conn=%lu sd=%d\n", 873 c->c_connid, c->c_sd, 0 ); 874 return; 875 } 876 877 Debug( LDAP_DEBUG_TRACE, "connection_close: conn=%lu sd=%d\n", 878 c->c_connid, c->c_sd, 0 ); 879 880 connection_destroy( c ); 881 } 882 883 unsigned long connections_nextid(void) 884 { 885 unsigned long id; 886 assert( connections != NULL ); 887 888 ldap_pvt_thread_mutex_lock( &conn_nextid_mutex ); 889 890 id = conn_nextid; 891 892 ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex ); 893 894 return id; 895 } 896 897 /* 898 * Loop through the connections: 899 * 900 * for (c = connection_first(&i); c; c = connection_next(c, &i)) ...; 901 * connection_done(c); 902 * 903 * 'i' is the cursor, initialized by connection_first(). 904 * 'c_mutex' is locked in the returned connection. The functions must 905 * be passed the previous return value so they can unlock it again. 906 */ 907 908 Connection* connection_first( ber_socket_t *index ) 909 { 910 assert( connections != NULL ); 911 assert( index != NULL ); 912 913 ldap_pvt_thread_mutex_lock( &connections_mutex ); 914 for( *index = 0; *index < dtblsize; (*index)++) { 915 if( connections[*index].c_struct_state != SLAP_C_UNINITIALIZED ) { 916 break; 917 } 918 } 919 ldap_pvt_thread_mutex_unlock( &connections_mutex ); 920 921 return connection_next(NULL, index); 922 } 923 924 /* Next connection in loop, see connection_first() */ 925 Connection* connection_next( Connection *c, ber_socket_t *index ) 926 { 927 assert( connections != NULL ); 928 assert( index != NULL ); 929 assert( *index <= dtblsize ); 930 931 if( c != NULL ) ldap_pvt_thread_mutex_unlock( &c->c_mutex ); 932 933 c = NULL; 934 935 ldap_pvt_thread_mutex_lock( &connections_mutex ); 936 for(; *index < dtblsize; (*index)++) { 937 int c_struct; 938 if( connections[*index].c_struct_state == SLAP_C_UNINITIALIZED ) { 939 /* FIXME: accessing c_conn_state without locking c_mutex */ 940 assert( connections[*index].c_conn_state == SLAP_C_INVALID ); 941 continue; 942 } 943 944 if( connections[*index].c_struct_state == SLAP_C_USED ) { 945 c = &connections[(*index)++]; 946 if ( ldap_pvt_thread_mutex_trylock( &c->c_mutex )) { 947 /* avoid deadlock */ 948 ldap_pvt_thread_mutex_unlock( &connections_mutex ); 949 ldap_pvt_thread_mutex_lock( &c->c_mutex ); 950 ldap_pvt_thread_mutex_lock( &connections_mutex ); 951 if ( c->c_struct_state != SLAP_C_USED ) { 952 ldap_pvt_thread_mutex_unlock( &c->c_mutex ); 953 c = NULL; 954 continue; 955 } 956 } 957 assert( c->c_conn_state != SLAP_C_INVALID ); 958 break; 959 } 960 961 c_struct = connections[*index].c_struct_state; 962 if ( c_struct == SLAP_C_PENDING ) 963 continue; 964 assert( c_struct == SLAP_C_UNUSED ); 965 /* FIXME: accessing c_conn_state without locking c_mutex */ 966 assert( connections[*index].c_conn_state == SLAP_C_INVALID ); 967 } 968 969 ldap_pvt_thread_mutex_unlock( &connections_mutex ); 970 return c; 971 } 972 973 /* End connection loop, see connection_first() */ 974 void connection_done( Connection *c ) 975 { 976 assert( connections != NULL ); 977 978 if( c != NULL ) ldap_pvt_thread_mutex_unlock( &c->c_mutex ); 979 } 980 981 /* 982 * connection_activity - handle the request operation op on connection 983 * conn. This routine figures out what kind of operation it is and 984 * calls the appropriate stub to handle it. 985 */ 986 987 #ifdef SLAPD_MONITOR 988 /* FIXME: returns 0 in case of failure */ 989 #define INCR_OP_INITIATED(index) \ 990 do { \ 991 ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex ); \ 992 ldap_pvt_mp_add_ulong(op->o_counters->sc_ops_initiated_[(index)], 1); \ 993 ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex ); \ 994 } while (0) 995 #define INCR_OP_COMPLETED(index) \ 996 do { \ 997 ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex ); \ 998 ldap_pvt_mp_add_ulong(op->o_counters->sc_ops_completed, 1); \ 999 ldap_pvt_mp_add_ulong(op->o_counters->sc_ops_completed_[(index)], 1); \ 1000 ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex ); \ 1001 } while (0) 1002 #else /* !SLAPD_MONITOR */ 1003 #define INCR_OP_INITIATED(index) do { } while (0) 1004 #define INCR_OP_COMPLETED(index) \ 1005 do { \ 1006 ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex ); \ 1007 ldap_pvt_mp_add_ulong(op->o_counters->sc_ops_completed, 1); \ 1008 ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex ); \ 1009 } while (0) 1010 #endif /* !SLAPD_MONITOR */ 1011 1012 /* 1013 * NOTE: keep in sync with enum in slapd.h 1014 */ 1015 static BI_op_func *opfun[] = { 1016 do_bind, 1017 do_unbind, 1018 do_search, 1019 do_compare, 1020 do_modify, 1021 do_modrdn, 1022 do_add, 1023 do_delete, 1024 do_abandon, 1025 do_extended, 1026 NULL 1027 }; 1028 1029 /* Counters are per-thread, not per-connection. 1030 */ 1031 static void 1032 conn_counter_destroy( void *key, void *data ) 1033 { 1034 slap_counters_t **prev, *sc; 1035 1036 ldap_pvt_thread_mutex_lock( &slap_counters.sc_mutex ); 1037 for ( prev = &slap_counters.sc_next, sc = slap_counters.sc_next; sc; 1038 prev = &sc->sc_next, sc = sc->sc_next ) { 1039 if ( sc == data ) { 1040 int i; 1041 1042 *prev = sc->sc_next; 1043 /* Copy data to main counter */ 1044 ldap_pvt_mp_add( slap_counters.sc_bytes, sc->sc_bytes ); 1045 ldap_pvt_mp_add( slap_counters.sc_pdu, sc->sc_pdu ); 1046 ldap_pvt_mp_add( slap_counters.sc_entries, sc->sc_entries ); 1047 ldap_pvt_mp_add( slap_counters.sc_refs, sc->sc_refs ); 1048 ldap_pvt_mp_add( slap_counters.sc_ops_initiated, sc->sc_ops_initiated ); 1049 ldap_pvt_mp_add( slap_counters.sc_ops_completed, sc->sc_ops_completed ); 1050 #ifdef SLAPD_MONITOR 1051 for ( i = 0; i < SLAP_OP_LAST; i++ ) { 1052 ldap_pvt_mp_add( slap_counters.sc_ops_initiated_[ i ], sc->sc_ops_initiated_[ i ] ); 1053 ldap_pvt_mp_add( slap_counters.sc_ops_initiated_[ i ], sc->sc_ops_completed_[ i ] ); 1054 } 1055 #endif /* SLAPD_MONITOR */ 1056 slap_counters_destroy( sc ); 1057 ber_memfree_x( data, NULL ); 1058 break; 1059 } 1060 } 1061 ldap_pvt_thread_mutex_unlock( &slap_counters.sc_mutex ); 1062 } 1063 1064 static void 1065 conn_counter_init( Operation *op, void *ctx ) 1066 { 1067 slap_counters_t *sc; 1068 void *vsc = NULL; 1069 1070 if ( ldap_pvt_thread_pool_getkey( 1071 ctx, (void *)conn_counter_init, &vsc, NULL ) || !vsc ) { 1072 vsc = ch_malloc( sizeof( slap_counters_t )); 1073 sc = vsc; 1074 slap_counters_init( sc ); 1075 ldap_pvt_thread_pool_setkey( ctx, (void*)conn_counter_init, vsc, 1076 conn_counter_destroy, NULL, NULL ); 1077 1078 ldap_pvt_thread_mutex_lock( &slap_counters.sc_mutex ); 1079 sc->sc_next = slap_counters.sc_next; 1080 slap_counters.sc_next = sc; 1081 ldap_pvt_thread_mutex_unlock( &slap_counters.sc_mutex ); 1082 } 1083 op->o_counters = vsc; 1084 } 1085 1086 static void * 1087 connection_operation( void *ctx, void *arg_v ) 1088 { 1089 int rc = LDAP_OTHER, cancel; 1090 Operation *op = arg_v; 1091 SlapReply rs = {REP_RESULT}; 1092 ber_tag_t tag = op->o_tag; 1093 slap_op_t opidx = SLAP_OP_LAST; 1094 Connection *conn = op->o_conn; 1095 void *memctx = NULL; 1096 void *memctx_null = NULL; 1097 ber_len_t memsiz; 1098 1099 conn_counter_init( op, ctx ); 1100 ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex ); 1101 /* FIXME: returns 0 in case of failure */ 1102 ldap_pvt_mp_add_ulong(op->o_counters->sc_ops_initiated, 1); 1103 ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex ); 1104 1105 op->o_threadctx = ctx; 1106 op->o_tid = ldap_pvt_thread_pool_tid( ctx ); 1107 1108 switch ( tag ) { 1109 case LDAP_REQ_BIND: 1110 case LDAP_REQ_UNBIND: 1111 case LDAP_REQ_ADD: 1112 case LDAP_REQ_DELETE: 1113 case LDAP_REQ_MODDN: 1114 case LDAP_REQ_MODIFY: 1115 case LDAP_REQ_COMPARE: 1116 case LDAP_REQ_SEARCH: 1117 case LDAP_REQ_ABANDON: 1118 case LDAP_REQ_EXTENDED: 1119 break; 1120 default: 1121 Debug( LDAP_DEBUG_ANY, "connection_operation: " 1122 "conn %lu unknown LDAP request 0x%lx\n", 1123 conn->c_connid, tag, 0 ); 1124 op->o_tag = LBER_ERROR; 1125 rs.sr_err = LDAP_PROTOCOL_ERROR; 1126 rs.sr_text = "unknown LDAP request"; 1127 send_ldap_disconnect( op, &rs ); 1128 rc = SLAPD_DISCONNECT; 1129 goto operations_error; 1130 } 1131 1132 if( conn->c_sasl_bind_in_progress && tag != LDAP_REQ_BIND ) { 1133 Debug( LDAP_DEBUG_ANY, "connection_operation: " 1134 "error: SASL bind in progress (tag=%ld).\n", 1135 (long) tag, 0, 0 ); 1136 send_ldap_error( op, &rs, LDAP_OPERATIONS_ERROR, 1137 "SASL bind in progress" ); 1138 rc = LDAP_OPERATIONS_ERROR; 1139 goto operations_error; 1140 } 1141 1142 #ifdef LDAP_X_TXN 1143 if (( conn->c_txn == CONN_TXN_SPECIFY ) && ( 1144 ( tag == LDAP_REQ_ADD ) || 1145 ( tag == LDAP_REQ_DELETE ) || 1146 ( tag == LDAP_REQ_MODIFY ) || 1147 ( tag == LDAP_REQ_MODRDN ))) 1148 { 1149 /* Disable SLAB allocator for all update operations 1150 issued inside of a transaction */ 1151 op->o_tmpmemctx = NULL; 1152 op->o_tmpmfuncs = &ch_mfuncs; 1153 } else 1154 #endif 1155 { 1156 /* We can use Thread-Local storage for most mallocs. We can 1157 * also use TL for ber parsing, but not on Add or Modify. 1158 */ 1159 #if 0 1160 memsiz = ber_len( op->o_ber ) * 64; 1161 if ( SLAP_SLAB_SIZE > memsiz ) memsiz = SLAP_SLAB_SIZE; 1162 #endif 1163 memsiz = SLAP_SLAB_SIZE; 1164 1165 memctx = slap_sl_mem_create( memsiz, SLAP_SLAB_STACK, ctx, 1 ); 1166 op->o_tmpmemctx = memctx; 1167 op->o_tmpmfuncs = &slap_sl_mfuncs; 1168 if ( tag != LDAP_REQ_ADD && tag != LDAP_REQ_MODIFY ) { 1169 /* Note - the ber and its buffer are already allocated from 1170 * regular memory; this only affects subsequent mallocs that 1171 * ber_scanf may invoke. 1172 */ 1173 ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx ); 1174 } 1175 } 1176 1177 opidx = slap_req2op( tag ); 1178 assert( opidx != SLAP_OP_LAST ); 1179 INCR_OP_INITIATED( opidx ); 1180 rc = (*(opfun[opidx]))( op, &rs ); 1181 1182 operations_error: 1183 if ( rc == SLAPD_DISCONNECT ) { 1184 tag = LBER_ERROR; 1185 1186 } else if ( opidx != SLAP_OP_LAST ) { 1187 /* increment completed operations count 1188 * only if operation was initiated 1189 * and rc != SLAPD_DISCONNECT */ 1190 INCR_OP_COMPLETED( opidx ); 1191 } 1192 1193 ldap_pvt_thread_mutex_lock( &conn->c_mutex ); 1194 1195 if ( opidx == SLAP_OP_BIND && conn->c_conn_state == SLAP_C_BINDING ) 1196 conn->c_conn_state = SLAP_C_ACTIVE; 1197 1198 cancel = op->o_cancel; 1199 if ( cancel != SLAP_CANCEL_NONE && cancel != SLAP_CANCEL_DONE ) { 1200 if ( cancel == SLAP_CANCEL_REQ ) { 1201 op->o_cancel = rc == SLAPD_ABANDON 1202 ? SLAP_CANCEL_ACK : LDAP_TOO_LATE; 1203 } 1204 1205 do { 1206 /* Fake a cond_wait with thread_yield, then 1207 * verify the result properly mutex-protected. 1208 */ 1209 ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); 1210 do { 1211 ldap_pvt_thread_yield(); 1212 } while ( (cancel = op->o_cancel) != SLAP_CANCEL_NONE 1213 && cancel != SLAP_CANCEL_DONE ); 1214 ldap_pvt_thread_mutex_lock( &conn->c_mutex ); 1215 } while ( (cancel = op->o_cancel) != SLAP_CANCEL_NONE 1216 && cancel != SLAP_CANCEL_DONE ); 1217 } 1218 1219 ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx_null ); 1220 1221 LDAP_STAILQ_REMOVE( &conn->c_ops, op, Operation, o_next); 1222 LDAP_STAILQ_NEXT(op, o_next) = NULL; 1223 conn->c_n_ops_executing--; 1224 conn->c_n_ops_completed++; 1225 1226 switch( tag ) { 1227 case LBER_ERROR: 1228 case LDAP_REQ_UNBIND: 1229 /* c_mutex is locked */ 1230 connection_closing( conn, 1231 tag == LDAP_REQ_UNBIND ? NULL : "operations error" ); 1232 break; 1233 } 1234 1235 connection_resched( conn ); 1236 ldap_pvt_thread_mutex_unlock( &conn->c_mutex ); 1237 slap_op_free( op, ctx ); 1238 return NULL; 1239 } 1240 1241 static const Listener dummy_list = { BER_BVC(""), BER_BVC("") }; 1242 1243 Connection *connection_client_setup( 1244 ber_socket_t s, 1245 ldap_pvt_thread_start_t *func, 1246 void *arg ) 1247 { 1248 Connection *c; 1249 ber_socket_t sfd = SLAP_SOCKNEW( s ); 1250 1251 c = connection_init( sfd, (Listener *)&dummy_list, "", "", 1252 CONN_IS_CLIENT, 0, NULL 1253 LDAP_PF_LOCAL_SENDMSG_ARG(NULL)); 1254 if ( c ) { 1255 c->c_clientfunc = func; 1256 c->c_clientarg = arg; 1257 1258 slapd_add_internal( sfd, 0 ); 1259 } 1260 return c; 1261 } 1262 1263 void connection_client_enable( 1264 Connection *c ) 1265 { 1266 slapd_set_read( c->c_sd, 1 ); 1267 } 1268 1269 void connection_client_stop( 1270 Connection *c ) 1271 { 1272 Sockbuf *sb; 1273 ber_socket_t s = c->c_sd; 1274 1275 /* get (locked) connection */ 1276 c = connection_get( s ); 1277 1278 assert( c->c_conn_state == SLAP_C_CLIENT ); 1279 1280 c->c_listener = NULL; 1281 c->c_conn_state = SLAP_C_INVALID; 1282 c->c_struct_state = SLAP_C_UNUSED; 1283 c->c_sd = AC_SOCKET_INVALID; 1284 c->c_close_reason = "?"; /* should never be needed */ 1285 sb = c->c_sb; 1286 c->c_sb = ber_sockbuf_alloc( ); 1287 { 1288 ber_len_t max = sockbuf_max_incoming; 1289 ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max ); 1290 } 1291 slapd_remove( s, sb, 0, 1, 0 ); 1292 1293 connection_return( c ); 1294 } 1295 1296 static int connection_read( ber_socket_t s, conn_readinfo *cri ); 1297 1298 static void* connection_read_thread( void* ctx, void* argv ) 1299 { 1300 int rc ; 1301 conn_readinfo cri = { NULL, NULL, NULL, NULL, 0 }; 1302 ber_socket_t s = (long)argv; 1303 1304 /* 1305 * read incoming LDAP requests. If there is more than one, 1306 * the first one is returned with new_op 1307 */ 1308 cri.ctx = ctx; 1309 if( ( rc = connection_read( s, &cri ) ) < 0 ) { 1310 Debug( LDAP_DEBUG_CONNS, "connection_read(%d) error\n", s, 0, 0 ); 1311 return (void*)(long)rc; 1312 } 1313 1314 /* execute a single queued request in the same thread */ 1315 if( cri.op && !cri.nullop ) { 1316 rc = (long)connection_operation( ctx, cri.op ); 1317 } else if ( cri.func ) { 1318 rc = (long)cri.func( ctx, cri.arg ); 1319 } 1320 1321 return (void*)(long)rc; 1322 } 1323 1324 int connection_read_activate( ber_socket_t s ) 1325 { 1326 int rc; 1327 1328 /* 1329 * suspend reading on this file descriptor until a connection processing 1330 * thread reads data on it. Otherwise the listener thread will repeatedly 1331 * submit the same event on it to the pool. 1332 */ 1333 rc = slapd_clr_read( s, 0 ); 1334 if ( rc ) 1335 return rc; 1336 1337 /* Don't let blocked writers block a pause request */ 1338 if ( connections[s].c_writewaiter && 1339 ldap_pvt_thread_pool_pausing( &connection_pool )) 1340 connection_wake_writers( &connections[s] ); 1341 1342 rc = ldap_pvt_thread_pool_submit( &connection_pool, 1343 connection_read_thread, (void *)(long)s ); 1344 1345 if( rc != 0 ) { 1346 Debug( LDAP_DEBUG_ANY, 1347 "connection_read_activate(%d): submit failed (%d)\n", 1348 s, rc, 0 ); 1349 } 1350 1351 return rc; 1352 } 1353 1354 static int 1355 connection_read( ber_socket_t s, conn_readinfo *cri ) 1356 { 1357 int rc = 0; 1358 Connection *c; 1359 1360 assert( connections != NULL ); 1361 1362 /* get (locked) connection */ 1363 c = connection_get( s ); 1364 1365 if( c == NULL ) { 1366 Debug( LDAP_DEBUG_ANY, 1367 "connection_read(%ld): no connection!\n", 1368 (long) s, 0, 0 ); 1369 1370 return -1; 1371 } 1372 1373 c->c_n_read++; 1374 1375 if( c->c_conn_state == SLAP_C_CLOSING ) { 1376 Debug( LDAP_DEBUG_CONNS, 1377 "connection_read(%d): closing, ignoring input for id=%lu\n", 1378 s, c->c_connid, 0 ); 1379 connection_return( c ); 1380 return 0; 1381 } 1382 1383 if ( c->c_conn_state == SLAP_C_CLIENT ) { 1384 cri->func = c->c_clientfunc; 1385 cri->arg = c->c_clientarg; 1386 /* read should already be cleared */ 1387 connection_return( c ); 1388 return 0; 1389 } 1390 1391 Debug( LDAP_DEBUG_TRACE, 1392 "connection_read(%d): checking for input on id=%lu\n", 1393 s, c->c_connid, 0 ); 1394 1395 #ifdef HAVE_TLS 1396 if ( c->c_is_tls && c->c_needs_tls_accept ) { 1397 rc = ldap_pvt_tls_accept( c->c_sb, slap_tls_ctx ); 1398 if ( rc < 0 ) { 1399 Debug( LDAP_DEBUG_TRACE, 1400 "connection_read(%d): TLS accept failure " 1401 "error=%d id=%lu, closing\n", 1402 s, rc, c->c_connid ); 1403 1404 c->c_needs_tls_accept = 0; 1405 /* c_mutex is locked */ 1406 connection_closing( c, "TLS negotiation failure" ); 1407 connection_close( c ); 1408 connection_return( c ); 1409 return 0; 1410 1411 } else if ( rc == 0 ) { 1412 void *ssl; 1413 struct berval authid = BER_BVNULL; 1414 1415 c->c_needs_tls_accept = 0; 1416 1417 /* we need to let SASL know */ 1418 ssl = ldap_pvt_tls_sb_ctx( c->c_sb ); 1419 1420 c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl ); 1421 if( c->c_tls_ssf > c->c_ssf ) { 1422 c->c_ssf = c->c_tls_ssf; 1423 } 1424 1425 rc = dnX509peerNormalize( ssl, &authid ); 1426 if ( rc != LDAP_SUCCESS ) { 1427 Debug( LDAP_DEBUG_TRACE, "connection_read(%d): " 1428 "unable to get TLS client DN, error=%d id=%lu\n", 1429 s, rc, c->c_connid ); 1430 } 1431 Statslog( LDAP_DEBUG_STATS, 1432 "conn=%lu fd=%d TLS established tls_ssf=%u ssf=%u\n", 1433 c->c_connid, (int) s, c->c_tls_ssf, c->c_ssf, 0 ); 1434 slap_sasl_external( c, c->c_tls_ssf, &authid ); 1435 if ( authid.bv_val ) free( authid.bv_val ); 1436 } else if ( rc == 1 && ber_sockbuf_ctrl( c->c_sb, 1437 LBER_SB_OPT_NEEDS_WRITE, NULL )) { /* need to retry */ 1438 slapd_set_write( s, 1 ); 1439 connection_return( c ); 1440 return 0; 1441 } 1442 1443 /* if success and data is ready, fall thru to data input loop */ 1444 if( !ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DATA_READY, NULL ) ) 1445 { 1446 slapd_set_read( s, 1 ); 1447 connection_return( c ); 1448 return 0; 1449 } 1450 } 1451 #endif 1452 1453 #ifdef HAVE_CYRUS_SASL 1454 if ( c->c_sasl_layers ) { 1455 /* If previous layer is not removed yet, give up for now */ 1456 if ( !c->c_sasl_sockctx ) { 1457 slapd_set_read( s, 1 ); 1458 connection_return( c ); 1459 return 0; 1460 } 1461 1462 c->c_sasl_layers = 0; 1463 1464 rc = ldap_pvt_sasl_install( c->c_sb, c->c_sasl_sockctx ); 1465 if( rc != LDAP_SUCCESS ) { 1466 Debug( LDAP_DEBUG_TRACE, 1467 "connection_read(%d): SASL install error " 1468 "error=%d id=%lu, closing\n", 1469 s, rc, c->c_connid ); 1470 1471 /* c_mutex is locked */ 1472 connection_closing( c, "SASL layer install failure" ); 1473 connection_close( c ); 1474 connection_return( c ); 1475 return 0; 1476 } 1477 } 1478 #endif 1479 1480 #define CONNECTION_INPUT_LOOP 1 1481 /* #define DATA_READY_LOOP 1 */ 1482 1483 do { 1484 /* How do we do this without getting into a busy loop ? */ 1485 rc = connection_input( c, cri ); 1486 } 1487 #ifdef DATA_READY_LOOP 1488 while( !rc && ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DATA_READY, NULL )); 1489 #elif defined CONNECTION_INPUT_LOOP 1490 while(!rc); 1491 #else 1492 while(0); 1493 #endif 1494 1495 if( rc < 0 ) { 1496 Debug( LDAP_DEBUG_CONNS, 1497 "connection_read(%d): input error=%d id=%lu, closing.\n", 1498 s, rc, c->c_connid ); 1499 1500 /* c_mutex is locked */ 1501 connection_closing( c, conn_lost_str ); 1502 connection_close( c ); 1503 connection_return( c ); 1504 return 0; 1505 } 1506 1507 if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) { 1508 slapd_set_write( s, 0 ); 1509 } 1510 1511 slapd_set_read( s, 1 ); 1512 connection_return( c ); 1513 1514 return 0; 1515 } 1516 1517 static int 1518 connection_input( Connection *conn , conn_readinfo *cri ) 1519 { 1520 Operation *op; 1521 ber_tag_t tag; 1522 ber_len_t len; 1523 ber_int_t msgid; 1524 BerElement *ber; 1525 int rc; 1526 #ifdef LDAP_CONNECTIONLESS 1527 Sockaddr peeraddr; 1528 char *cdn = NULL; 1529 #endif 1530 char *defer = NULL; 1531 void *ctx; 1532 1533 if ( conn->c_currentber == NULL && 1534 ( conn->c_currentber = ber_alloc()) == NULL ) 1535 { 1536 Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 ); 1537 return -1; 1538 } 1539 1540 sock_errset(0); 1541 1542 #ifdef LDAP_CONNECTIONLESS 1543 if ( conn->c_is_udp ) { 1544 #if defined(LDAP_PF_INET6) 1545 char peername[sizeof("IP=[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535")]; 1546 char addr[INET6_ADDRSTRLEN]; 1547 #else 1548 char peername[sizeof("IP=255.255.255.255:65336")]; 1549 char addr[INET_ADDRSTRLEN]; 1550 #endif 1551 const char *peeraddr_string = NULL; 1552 1553 len = ber_int_sb_read(conn->c_sb, &peeraddr, sizeof(Sockaddr)); 1554 if (len != sizeof(Sockaddr)) return 1; 1555 1556 #if defined(LDAP_PF_INET6) 1557 if (peeraddr.sa_addr.sa_family == AF_INET6) { 1558 if ( IN6_IS_ADDR_V4MAPPED(&peeraddr.sa_in6_addr.sin6_addr) ) { 1559 #if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP ) 1560 peeraddr_string = inet_ntop( AF_INET, 1561 ((struct in_addr *)&peeraddr.sa_in6_addr.sin6_addr.s6_addr[12]), 1562 addr, sizeof(addr) ); 1563 #else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */ 1564 peeraddr_string = inet_ntoa( *((struct in_addr *) 1565 &peeraddr.sa_in6_addr.sin6_addr.s6_addr[12]) ); 1566 #endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */ 1567 if ( !peeraddr_string ) peeraddr_string = SLAP_STRING_UNKNOWN; 1568 sprintf( peername, "IP=%s:%d", peeraddr_string, 1569 (unsigned) ntohs( peeraddr.sa_in6_addr.sin6_port ) ); 1570 } else { 1571 peeraddr_string = inet_ntop( AF_INET6, 1572 &peeraddr.sa_in6_addr.sin6_addr, 1573 addr, sizeof addr ); 1574 if ( !peeraddr_string ) peeraddr_string = SLAP_STRING_UNKNOWN; 1575 sprintf( peername, "IP=[%s]:%d", peeraddr_string, 1576 (unsigned) ntohs( peeraddr.sa_in6_addr.sin6_port ) ); 1577 } 1578 } else 1579 #endif 1580 #if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP ) 1581 { 1582 peeraddr_string = inet_ntop( AF_INET, &peeraddr.sa_in_addr.sin_addr, 1583 addr, sizeof(addr) ); 1584 #else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */ 1585 peeraddr_string = inet_ntoa( peeraddr.sa_in_addr.sin_addr ); 1586 #endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */ 1587 sprintf( peername, "IP=%s:%d", 1588 peeraddr_string, 1589 (unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) ); 1590 } 1591 Statslog( LDAP_DEBUG_STATS, 1592 "conn=%lu UDP request from %s (%s) accepted.\n", 1593 conn->c_connid, peername, conn->c_sock_name.bv_val, 0, 0 ); 1594 } 1595 #endif 1596 1597 tag = ber_get_next( conn->c_sb, &len, conn->c_currentber ); 1598 if ( tag != LDAP_TAG_MESSAGE ) { 1599 int err = sock_errno(); 1600 1601 if ( err != EWOULDBLOCK && err != EAGAIN ) { 1602 /* log, close and send error */ 1603 Debug( LDAP_DEBUG_TRACE, 1604 "ber_get_next on fd %d failed errno=%d (%s)\n", 1605 conn->c_sd, err, sock_errstr(err) ); 1606 ber_free( conn->c_currentber, 1 ); 1607 conn->c_currentber = NULL; 1608 1609 return -2; 1610 } 1611 return 1; 1612 } 1613 1614 ber = conn->c_currentber; 1615 conn->c_currentber = NULL; 1616 1617 if ( (tag = ber_get_int( ber, &msgid )) != LDAP_TAG_MSGID ) { 1618 /* log, close and send error */ 1619 Debug( LDAP_DEBUG_ANY, "ber_get_int returns 0x%lx\n", tag, 0, 0 ); 1620 ber_free( ber, 1 ); 1621 return -1; 1622 } 1623 1624 if ( (tag = ber_peek_tag( ber, &len )) == LBER_ERROR ) { 1625 /* log, close and send error */ 1626 Debug( LDAP_DEBUG_ANY, "ber_peek_tag returns 0x%lx\n", tag, 0, 0 ); 1627 ber_free( ber, 1 ); 1628 1629 return -1; 1630 } 1631 1632 #ifdef LDAP_CONNECTIONLESS 1633 if( conn->c_is_udp ) { 1634 if( tag == LBER_OCTETSTRING ) { 1635 if ( (tag = ber_get_stringa( ber, &cdn )) != LBER_ERROR ) 1636 tag = ber_peek_tag( ber, &len ); 1637 } 1638 if( tag != LDAP_REQ_ABANDON && tag != LDAP_REQ_SEARCH ) { 1639 Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag, 0, 0 ); 1640 ber_free( ber, 1 ); 1641 return 0; 1642 } 1643 } 1644 #endif 1645 1646 if(tag == LDAP_REQ_BIND) { 1647 /* immediately abandon all existing operations upon BIND */ 1648 connection_abandon( conn ); 1649 } 1650 1651 ctx = cri->ctx; 1652 op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++, ctx ); 1653 1654 Debug( LDAP_DEBUG_TRACE, "op tag 0x%lx, time %ld\n", tag, 1655 (long) op->o_time, 0); 1656 1657 op->o_conn = conn; 1658 /* clear state if the connection is being reused from inactive */ 1659 if ( conn->c_conn_state == SLAP_C_INACTIVE ) { 1660 memset( &conn->c_pagedresults_state, 0, 1661 sizeof( conn->c_pagedresults_state ) ); 1662 } 1663 1664 op->o_res_ber = NULL; 1665 1666 #ifdef LDAP_CONNECTIONLESS 1667 if (conn->c_is_udp) { 1668 if ( cdn ) { 1669 ber_str2bv( cdn, 0, 1, &op->o_dn ); 1670 op->o_protocol = LDAP_VERSION2; 1671 } 1672 op->o_res_ber = ber_alloc_t( LBER_USE_DER ); 1673 if (op->o_res_ber == NULL) return 1; 1674 1675 rc = ber_write( op->o_res_ber, (char *)&peeraddr, 1676 sizeof(struct sockaddr), 0 ); 1677 1678 if (rc != sizeof(struct sockaddr)) { 1679 Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 ); 1680 return 1; 1681 } 1682 1683 if (op->o_protocol == LDAP_VERSION2) { 1684 rc = ber_printf(op->o_res_ber, "{is{" /*}}*/, op->o_msgid, ""); 1685 if (rc == -1) { 1686 Debug( LDAP_DEBUG_ANY, "ber_write failed\n", 0, 0, 0 ); 1687 return rc; 1688 } 1689 } 1690 } 1691 #endif /* LDAP_CONNECTIONLESS */ 1692 1693 rc = 0; 1694 1695 /* Don't process requests when the conn is in the middle of a 1696 * Bind, or if it's closing. Also, don't let any single conn 1697 * use up all the available threads, and don't execute if we're 1698 * currently blocked on output. And don't execute if there are 1699 * already pending ops, let them go first. Abandon operations 1700 * get exceptions to some, but not all, cases. 1701 */ 1702 switch( tag ){ 1703 default: 1704 /* Abandon and Unbind are exempt from these checks */ 1705 if (conn->c_conn_state == SLAP_C_CLOSING) { 1706 defer = "closing"; 1707 break; 1708 } else if (conn->c_writewaiter) { 1709 defer = "awaiting write"; 1710 break; 1711 } else if (conn->c_n_ops_pending) { 1712 defer = "pending operations"; 1713 break; 1714 } 1715 /* FALLTHRU */ 1716 case LDAP_REQ_ABANDON: 1717 /* Unbind is exempt from these checks */ 1718 if (conn->c_n_ops_executing >= connection_pool_max/2) { 1719 defer = "too many executing"; 1720 break; 1721 } else if (conn->c_conn_state == SLAP_C_BINDING) { 1722 defer = "binding"; 1723 break; 1724 } 1725 /* FALLTHRU */ 1726 case LDAP_REQ_UNBIND: 1727 break; 1728 } 1729 1730 if( defer ) { 1731 int max = conn->c_dn.bv_len 1732 ? slap_conn_max_pending_auth 1733 : slap_conn_max_pending; 1734 1735 Debug( LDAP_DEBUG_ANY, 1736 "connection_input: conn=%lu deferring operation: %s\n", 1737 conn->c_connid, defer, 0 ); 1738 conn->c_n_ops_pending++; 1739 LDAP_STAILQ_INSERT_TAIL( &conn->c_pending_ops, op, o_next ); 1740 rc = ( conn->c_n_ops_pending > max ) ? -1 : 0; 1741 1742 } else { 1743 conn->c_n_ops_executing++; 1744 1745 /* 1746 * The first op will be processed in the same thread context, 1747 * as long as there is only one op total. 1748 * Subsequent ops will be submitted to the pool by 1749 * calling connection_op_activate() 1750 */ 1751 if ( cri->op == NULL ) { 1752 /* the first incoming request */ 1753 connection_op_queue( op ); 1754 cri->op = op; 1755 } else { 1756 if ( !cri->nullop ) { 1757 cri->nullop = 1; 1758 rc = ldap_pvt_thread_pool_submit( &connection_pool, 1759 connection_operation, (void *) cri->op ); 1760 } 1761 connection_op_activate( op ); 1762 } 1763 } 1764 1765 #ifdef NO_THREADS 1766 if ( conn->c_struct_state != SLAP_C_USED ) { 1767 /* connection must have got closed underneath us */ 1768 return 1; 1769 } 1770 #endif 1771 1772 assert( conn->c_struct_state == SLAP_C_USED ); 1773 return rc; 1774 } 1775 1776 static int 1777 connection_resched( Connection *conn ) 1778 { 1779 Operation *op; 1780 1781 if( conn->c_writewaiter ) 1782 return 0; 1783 1784 if( conn->c_conn_state == SLAP_C_CLOSING ) { 1785 Debug( LDAP_DEBUG_CONNS, "connection_resched: " 1786 "attempting closing conn=%lu sd=%d\n", 1787 conn->c_connid, conn->c_sd, 0 ); 1788 connection_close( conn ); 1789 return 0; 1790 } 1791 1792 if( conn->c_conn_state != SLAP_C_ACTIVE ) { 1793 /* other states need different handling */ 1794 return 0; 1795 } 1796 1797 while ((op = LDAP_STAILQ_FIRST( &conn->c_pending_ops )) != NULL) { 1798 if ( conn->c_n_ops_executing > connection_pool_max/2 ) break; 1799 1800 LDAP_STAILQ_REMOVE_HEAD( &conn->c_pending_ops, o_next ); 1801 LDAP_STAILQ_NEXT(op, o_next) = NULL; 1802 1803 /* pending operations should not be marked for abandonment */ 1804 assert(!op->o_abandon); 1805 1806 conn->c_n_ops_pending--; 1807 conn->c_n_ops_executing++; 1808 1809 connection_op_activate( op ); 1810 1811 if ( conn->c_conn_state == SLAP_C_BINDING ) break; 1812 } 1813 return 0; 1814 } 1815 1816 static void 1817 connection_init_log_prefix( Operation *op ) 1818 { 1819 if ( op->o_connid == (unsigned long)(-1) ) { 1820 snprintf( op->o_log_prefix, sizeof( op->o_log_prefix ), 1821 "conn=-1 op=%lu", op->o_opid ); 1822 1823 } else { 1824 snprintf( op->o_log_prefix, sizeof( op->o_log_prefix ), 1825 "conn=%lu op=%lu", op->o_connid, op->o_opid ); 1826 } 1827 } 1828 1829 static int connection_bind_cleanup_cb( Operation *op, SlapReply *rs ) 1830 { 1831 op->o_conn->c_sasl_bindop = NULL; 1832 1833 ch_free( op->o_callback ); 1834 op->o_callback = NULL; 1835 1836 return SLAP_CB_CONTINUE; 1837 } 1838 1839 static int connection_bind_cb( Operation *op, SlapReply *rs ) 1840 { 1841 ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex ); 1842 op->o_conn->c_sasl_bind_in_progress = 1843 ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS ); 1844 1845 /* Moved here from bind.c due to ITS#4158 */ 1846 op->o_conn->c_sasl_bindop = NULL; 1847 if ( op->orb_method == LDAP_AUTH_SASL ) { 1848 if( rs->sr_err == LDAP_SUCCESS ) { 1849 ber_dupbv(&op->o_conn->c_dn, &op->orb_edn); 1850 if( !BER_BVISEMPTY( &op->orb_edn ) ) { 1851 /* edn is always normalized already */ 1852 ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn ); 1853 } 1854 op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx ); 1855 BER_BVZERO( &op->orb_edn ); 1856 op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech; 1857 BER_BVZERO( &op->o_conn->c_sasl_bind_mech ); 1858 1859 op->o_conn->c_sasl_ssf = op->orb_ssf; 1860 if( op->orb_ssf > op->o_conn->c_ssf ) { 1861 op->o_conn->c_ssf = op->orb_ssf; 1862 } 1863 1864 if( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) { 1865 ber_len_t max = sockbuf_max_incoming_auth; 1866 ber_sockbuf_ctrl( op->o_conn->c_sb, 1867 LBER_SB_OPT_SET_MAX_INCOMING, &max ); 1868 } 1869 1870 /* log authorization identity */ 1871 Statslog( LDAP_DEBUG_STATS, 1872 "%s BIND dn=\"%s\" mech=%s sasl_ssf=%d ssf=%d\n", 1873 op->o_log_prefix, 1874 BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val, 1875 op->o_conn->c_authmech.bv_val, 1876 op->orb_ssf, op->o_conn->c_ssf ); 1877 1878 Debug( LDAP_DEBUG_TRACE, 1879 "do_bind: SASL/%s bind: dn=\"%s\" sasl_ssf=%d\n", 1880 op->o_conn->c_authmech.bv_val, 1881 BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val, 1882 op->orb_ssf ); 1883 1884 } else if ( rs->sr_err != LDAP_SASL_BIND_IN_PROGRESS ) { 1885 if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) { 1886 free( op->o_conn->c_sasl_bind_mech.bv_val ); 1887 BER_BVZERO( &op->o_conn->c_sasl_bind_mech ); 1888 } 1889 } 1890 } 1891 ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex ); 1892 1893 ch_free( op->o_callback ); 1894 op->o_callback = NULL; 1895 1896 return SLAP_CB_CONTINUE; 1897 } 1898 1899 static void connection_op_queue( Operation *op ) 1900 { 1901 ber_tag_t tag = op->o_tag; 1902 1903 if (tag == LDAP_REQ_BIND) { 1904 slap_callback *sc = ch_calloc( 1, sizeof( slap_callback )); 1905 sc->sc_response = connection_bind_cb; 1906 sc->sc_cleanup = connection_bind_cleanup_cb; 1907 sc->sc_next = op->o_callback; 1908 op->o_callback = sc; 1909 op->o_conn->c_conn_state = SLAP_C_BINDING; 1910 } 1911 1912 if (!op->o_dn.bv_len) { 1913 op->o_authz = op->o_conn->c_authz; 1914 if ( BER_BVISNULL( &op->o_conn->c_sasl_authz_dn )) { 1915 ber_dupbv( &op->o_dn, &op->o_conn->c_dn ); 1916 ber_dupbv( &op->o_ndn, &op->o_conn->c_ndn ); 1917 } else { 1918 ber_dupbv( &op->o_dn, &op->o_conn->c_sasl_authz_dn ); 1919 ber_dupbv( &op->o_ndn, &op->o_conn->c_sasl_authz_dn ); 1920 } 1921 } 1922 1923 op->o_authtype = op->o_conn->c_authtype; 1924 ber_dupbv( &op->o_authmech, &op->o_conn->c_authmech ); 1925 1926 if (!op->o_protocol) { 1927 op->o_protocol = op->o_conn->c_protocol 1928 ? op->o_conn->c_protocol : LDAP_VERSION3; 1929 } 1930 1931 if (op->o_conn->c_conn_state == SLAP_C_INACTIVE && 1932 op->o_protocol > LDAP_VERSION2) 1933 { 1934 op->o_conn->c_conn_state = SLAP_C_ACTIVE; 1935 } 1936 1937 op->o_connid = op->o_conn->c_connid; 1938 connection_init_log_prefix( op ); 1939 1940 LDAP_STAILQ_INSERT_TAIL( &op->o_conn->c_ops, op, o_next ); 1941 } 1942 1943 static int connection_op_activate( Operation *op ) 1944 { 1945 int rc; 1946 1947 connection_op_queue( op ); 1948 1949 rc = ldap_pvt_thread_pool_submit( &connection_pool, 1950 connection_operation, (void *) op ); 1951 1952 if ( rc != 0 ) { 1953 Debug( LDAP_DEBUG_ANY, 1954 "connection_op_activate: submit failed (%d) for conn=%lu\n", 1955 rc, op->o_connid, 0 ); 1956 /* should move op to pending list */ 1957 } 1958 1959 return rc; 1960 } 1961 1962 int connection_write(ber_socket_t s) 1963 { 1964 Connection *c; 1965 Operation *op; 1966 1967 assert( connections != NULL ); 1968 1969 c = connection_get( s ); 1970 if( c == NULL ) { 1971 Debug( LDAP_DEBUG_ANY, 1972 "connection_write(%ld): no connection!\n", 1973 (long)s, 0, 0 ); 1974 return -1; 1975 } 1976 1977 slapd_clr_write( s, 0 ); 1978 1979 #ifdef HAVE_TLS 1980 if ( c->c_is_tls && c->c_needs_tls_accept ) { 1981 connection_return( c ); 1982 connection_read_activate( s ); 1983 return 0; 1984 } 1985 #endif 1986 1987 c->c_n_write++; 1988 1989 Debug( LDAP_DEBUG_TRACE, 1990 "connection_write(%d): waking output for id=%lu\n", 1991 s, c->c_connid, 0 ); 1992 ldap_pvt_thread_mutex_lock( &c->c_write2_mutex ); 1993 ldap_pvt_thread_cond_signal( &c->c_write2_cv ); 1994 ldap_pvt_thread_mutex_unlock( &c->c_write2_mutex ); 1995 1996 if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) ) { 1997 slapd_set_read( s, 1 ); 1998 } 1999 if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) { 2000 slapd_set_write( s, 1 ); 2001 } 2002 2003 /* If there are ops pending because of a writewaiter, 2004 * start one up. 2005 */ 2006 while ((op = LDAP_STAILQ_FIRST( &c->c_pending_ops )) != NULL) { 2007 if ( !c->c_writewaiter ) break; 2008 if ( c->c_n_ops_executing > connection_pool_max/2 ) break; 2009 2010 LDAP_STAILQ_REMOVE_HEAD( &c->c_pending_ops, o_next ); 2011 LDAP_STAILQ_NEXT(op, o_next) = NULL; 2012 2013 /* pending operations should not be marked for abandonment */ 2014 assert(!op->o_abandon); 2015 2016 c->c_n_ops_pending--; 2017 c->c_n_ops_executing++; 2018 2019 connection_op_activate( op ); 2020 2021 break; 2022 } 2023 2024 connection_return( c ); 2025 return 0; 2026 } 2027 2028 #ifdef LDAP_SLAPI 2029 typedef struct conn_fake_extblock { 2030 void *eb_conn; 2031 void *eb_op; 2032 } conn_fake_extblock; 2033 2034 static void 2035 connection_fake_destroy( 2036 void *key, 2037 void *data ) 2038 { 2039 Connection conn = {0}; 2040 Operation op = {0}; 2041 Opheader ohdr = {0}; 2042 2043 conn_fake_extblock *eb = data; 2044 2045 op.o_hdr = &ohdr; 2046 op.o_hdr->oh_extensions = eb->eb_op; 2047 conn.c_extensions = eb->eb_conn; 2048 op.o_conn = &conn; 2049 conn.c_connid = -1; 2050 op.o_connid = -1; 2051 2052 ber_memfree_x( eb, NULL ); 2053 slapi_int_free_object_extensions( SLAPI_X_EXT_OPERATION, &op ); 2054 slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION, &conn ); 2055 } 2056 #endif 2057 2058 void 2059 connection_fake_init( 2060 Connection *conn, 2061 OperationBuffer *opbuf, 2062 void *ctx ) 2063 { 2064 connection_fake_init2( conn, opbuf, ctx, 1 ); 2065 } 2066 2067 void 2068 operation_fake_init( 2069 Connection *conn, 2070 Operation *op, 2071 void *ctx, 2072 int newmem ) 2073 { 2074 /* set memory context */ 2075 op->o_tmpmemctx = slap_sl_mem_create(SLAP_SLAB_SIZE, SLAP_SLAB_STACK, ctx, 2076 newmem ); 2077 op->o_tmpmfuncs = &slap_sl_mfuncs; 2078 op->o_threadctx = ctx; 2079 op->o_tid = ldap_pvt_thread_pool_tid( ctx ); 2080 2081 op->o_counters = &slap_counters; 2082 op->o_conn = conn; 2083 op->o_connid = op->o_conn->c_connid; 2084 connection_init_log_prefix( op ); 2085 } 2086 2087 2088 void 2089 connection_fake_init2( 2090 Connection *conn, 2091 OperationBuffer *opbuf, 2092 void *ctx, 2093 int newmem ) 2094 { 2095 Operation *op = (Operation *) opbuf; 2096 2097 conn->c_connid = -1; 2098 conn->c_conn_idx = -1; 2099 conn->c_send_ldap_result = slap_send_ldap_result; 2100 conn->c_send_search_entry = slap_send_search_entry; 2101 conn->c_send_search_reference = slap_send_search_reference; 2102 conn->c_send_ldap_extended = slap_send_ldap_extended; 2103 conn->c_send_ldap_intermediate = slap_send_ldap_intermediate; 2104 conn->c_listener = (Listener *)&dummy_list; 2105 conn->c_peer_domain = slap_empty_bv; 2106 conn->c_peer_name = slap_empty_bv; 2107 2108 memset( opbuf, 0, sizeof( *opbuf )); 2109 op->o_hdr = &opbuf->ob_hdr; 2110 op->o_controls = opbuf->ob_controls; 2111 2112 operation_fake_init( conn, op, ctx, newmem ); 2113 2114 #ifdef LDAP_SLAPI 2115 if ( slapi_plugins_used ) { 2116 conn_fake_extblock *eb; 2117 void *ebx = NULL; 2118 2119 /* Use thread keys to make sure these eventually get cleaned up */ 2120 if ( ldap_pvt_thread_pool_getkey( ctx, (void *)connection_fake_init, 2121 &ebx, NULL )) { 2122 eb = ch_malloc( sizeof( *eb )); 2123 slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn ); 2124 slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op ); 2125 eb->eb_conn = conn->c_extensions; 2126 eb->eb_op = op->o_hdr->oh_extensions; 2127 ldap_pvt_thread_pool_setkey( ctx, (void *)connection_fake_init, 2128 eb, connection_fake_destroy, NULL, NULL ); 2129 } else { 2130 eb = ebx; 2131 conn->c_extensions = eb->eb_conn; 2132 op->o_hdr->oh_extensions = eb->eb_op; 2133 } 2134 } 2135 #endif /* LDAP_SLAPI */ 2136 2137 slap_op_time( &op->o_time, &op->o_tincr ); 2138 } 2139 2140 void 2141 connection_assign_nextid( Connection *conn ) 2142 { 2143 ldap_pvt_thread_mutex_lock( &conn_nextid_mutex ); 2144 conn->c_connid = conn_nextid++; 2145 ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex ); 2146 } 2147