diff --git a/servers/lloadd/Makefile.in b/servers/lloadd/Makefile.in index 767794f398..c78bb3acd9 100644 --- a/servers/lloadd/Makefile.in +++ b/servers/lloadd/Makefile.in @@ -20,7 +20,7 @@ NT_SRCS = nt_svc.c NT_OBJS = nt_svc.o ../../libraries/liblutil/slapdmsg.res SRCS = backend.c bind.c config.c connection.c client.c \ - daemon.c extended.c operation.c \ + daemon.c extended.c init.c operation.c \ upstream.c libevent_support.c \ $(@PLAT@_SRCS) diff --git a/servers/lloadd/Makefile_server.in b/servers/lloadd/Makefile_server.in index 8a41869d8d..5ffca6b722 100644 --- a/servers/lloadd/Makefile_server.in +++ b/servers/lloadd/Makefile_server.in @@ -21,7 +21,7 @@ XSRCS = version.c NT_SRCS = ../slapd/nt_svc.c NT_OBJS = ../slapd/nt_svc.o ../../libraries/liblutil/slapdmsg.res -SRCS += main.c init.c value.c \ +SRCS += main.c value.c \ ../slapd/ch_malloc.c ../slapd/sl_malloc.c ../slapd/user.c OBJS = $(patsubst %.c,%.o,$(SRCS)) $(@PLAT@_OBJS) diff --git a/servers/lloadd/init.c b/servers/lloadd/init.c index 96481ccc41..41c5a06700 100644 --- a/servers/lloadd/init.c +++ b/servers/lloadd/init.c @@ -67,6 +67,69 @@ int slapMode = SLAP_UNDEFINED_MODE; static const char *lload_name = NULL; +int +lload_global_init( void ) +{ + int rc; + + if ( lload_libevent_init() ) { + return -1; + } + +#ifdef HAVE_TLS + if ( ldap_create( &lload_tls_backend_ld ) ) { + return -1; + } + if ( ldap_create( &lload_tls_ld ) ) { + return -1; + } + + /* Library defaults to full certificate checking. This is correct when + * a client is verifying a server because all servers should have a + * valid cert. But few clients have valid certs, so we want our default + * to be no checking. The config file can override this as usual. + */ + rc = LDAP_OPT_X_TLS_NEVER; + (void)ldap_pvt_tls_set_option( + lload_tls_ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc ); +#endif + + ldap_pvt_thread_mutex_init( &lload_wait_mutex ); + ldap_pvt_thread_cond_init( &lload_wait_cond ); + ldap_pvt_thread_cond_init( &lload_pause_cond ); + + ldap_pvt_thread_mutex_init( &backend_mutex ); + ldap_pvt_thread_mutex_init( &clients_mutex ); + ldap_pvt_thread_mutex_init( &lload_pin_mutex ); + + if ( lload_exop_init() ) { + return -1; + } + return 0; +} + +int +lload_tls_init( void ) +{ +#ifdef HAVE_TLS + int rc, opt = 1; + + /* Force new ctx to be created */ + rc = ldap_pvt_tls_set_option( lload_tls_ld, LDAP_OPT_X_TLS_NEWCTX, &opt ); + if ( rc == 0 ) { + /* The ctx's refcount is bumped up here */ + ldap_pvt_tls_get_option( + lload_tls_ld, LDAP_OPT_X_TLS_CTX, &lload_tls_ctx ); + } else if ( rc != LDAP_NOT_SUPPORTED ) { + Debug( LDAP_DEBUG_ANY, "lload_global_init: " + "TLS init def ctx failed: %d\n", + rc ); + return -1; + } +#endif + return 0; +} + int lload_init( int mode, const char *name ) { @@ -101,16 +164,7 @@ lload_init( int mode, const char *name ) LDAP_STAILQ_INIT( &slapd_rq.task_list ); LDAP_STAILQ_INIT( &slapd_rq.run_list ); - ldap_pvt_thread_mutex_init( &lload_wait_mutex ); - ldap_pvt_thread_cond_init( &lload_wait_cond ); - ldap_pvt_thread_cond_init( &lload_pause_cond ); - - ldap_pvt_thread_mutex_init( &backend_mutex ); - ldap_pvt_thread_mutex_init( &clients_mutex ); - ldap_pvt_thread_mutex_init( &lload_pin_mutex ); - - lload_exop_init(); - + rc = lload_global_init(); break; default: diff --git a/servers/lloadd/main.c b/servers/lloadd/main.c index 605a0f07b6..cfd6290ffa 100644 --- a/servers/lloadd/main.c +++ b/servers/lloadd/main.c @@ -625,10 +625,6 @@ unhandled_option:; Debug( LDAP_DEBUG_ANY, "%s", Versionstr ); - if ( lload_libevent_init() ) { - goto stop; - } - global_host = ldap_pvt_get_fqdn( NULL ); if ( check == CHECK_NONE && lloadd_daemon_init( urls ) != 0 ) { @@ -663,27 +659,6 @@ unhandled_option:; } #endif -#ifdef HAVE_TLS - rc = ldap_create( &lload_tls_backend_ld ); - if ( rc ) { - SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 ); - goto destroy; - } - rc = ldap_create( &lload_tls_ld ); - if ( rc ) { - SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 ); - goto destroy; - } - /* Library defaults to full certificate checking. This is correct when - * a client is verifying a server because all servers should have a - * valid cert. But few clients have valid certs, so we want our default - * to be no checking. The config file can override this as usual. - */ - rc = LDAP_OPT_X_TLS_NEVER; - (void)ldap_pvt_tls_set_option( - lload_tls_ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &rc ); -#endif - rc = lload_init( serverMode, serverName ); if ( rc ) { SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 18 ); @@ -740,24 +715,10 @@ unhandled_option:; goto destroy; } - { - int opt = 1; - - /* Force new ctx to be created */ - rc = ldap_pvt_tls_set_option( - lload_tls_ld, LDAP_OPT_X_TLS_NEWCTX, &opt ); - if ( rc == 0 ) { - /* The ctx's refcount is bumped up here */ - ldap_pvt_tls_get_option( - lload_tls_ld, LDAP_OPT_X_TLS_CTX, &lload_tls_ctx ); - } else if ( rc != LDAP_NOT_SUPPORTED ) { - Debug( LDAP_DEBUG_ANY, "main: " - "TLS init def ctx failed: %d\n", - rc ); - rc = 1; - SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 ); - goto destroy; - } + if ( lload_tls_init() ) { + rc = 1; + SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 ); + goto destroy; } #endif diff --git a/servers/lloadd/module_init.c b/servers/lloadd/module_init.c index 3a65eedfe2..98fcbc2812 100644 --- a/servers/lloadd/module_init.c +++ b/servers/lloadd/module_init.c @@ -33,6 +33,7 @@ #include #include "../servers/slapd/slap.h" +#include "../servers/slapd/config.h" #include "lload.h" #include "lber_pvt.h" @@ -45,7 +46,7 @@ struct lload_conf_info lload_info; void * lload_start_daemon( void *arg ) { - int rc = 0, i; + int rc = 0; daemon_base = event_base_new(); if ( !daemon_base ) { @@ -59,37 +60,21 @@ lload_start_daemon( void *arg ) return (void *)(uintptr_t)rc; } -/* from init.c */ -int -lload_conn_pool_init() -{ - int rc = 0; - - ldap_pvt_thread_mutex_init( &lload_wait_mutex ); - ldap_pvt_thread_cond_init( &lload_pause_cond ); - ldap_pvt_thread_cond_init( &lload_wait_cond ); - - ldap_pvt_thread_mutex_init( &backend_mutex ); - ldap_pvt_thread_mutex_init( &clients_mutex ); - ldap_pvt_thread_mutex_init( &lload_pin_mutex ); - - lload_exop_init(); - Debug( LDAP_DEBUG_TRACE, "lload_conn_pool_init: " - "mutexes initialized.\n" ); - return rc; -} - static int lload_pause_cb( BackendInfo *bi ) { - lload_pause_server(); + if ( daemon_base ) { + lload_pause_server(); + } return 0; } static int lload_unpause_cb( BackendInfo *bi ) { - lload_unpause_server(); + if ( daemon_base ) { + lload_unpause_server(); + } return 0; } @@ -99,20 +84,14 @@ lload_back_open( BackendInfo *bi ) if ( slapMode & SLAP_TOOL_MODE ) { return 0; } - if ( lload_libevent_init() ) { + + if ( lload_tls_init() != 0 ) { return -1; } - global_host = ldap_pvt_get_fqdn( NULL ); -#ifdef HAVE_TLS - if ( ldap_create( &lload_tls_backend_ld ) ) { - return -1; - } -#endif /* HAVE_TLS */ if ( lloadd_daemon_init( listeners_list ) != 0 ) { return -1; } - lload_conn_pool_init(); if ( lload_monitor_open() != 0 ) { return -1; @@ -172,6 +151,10 @@ lload_back_initialize( BackendInfo *bi ) bi->bi_connection_init = 0; bi->bi_connection_destroy = 0; + if ( lload_global_init() ) { + return -1; + } + bi->bi_private = &lload_info; return lload_back_init_cf( bi ); } diff --git a/servers/lloadd/proto-lload.h b/servers/lloadd/proto-lload.h index c0f0dc38b7..e3fd5b4218 100644 --- a/servers/lloadd/proto-lload.h +++ b/servers/lloadd/proto-lload.h @@ -134,6 +134,8 @@ LDAP_SLAPD_F (int) lload_exop_init( void ); /* * init.c */ +LDAP_SLAPD_F (int) lload_global_init( void ); +LDAP_SLAPD_F (int) lload_tls_init( void ); LDAP_SLAPD_F (int) lload_init( int mode, const char *name ); LDAP_SLAPD_F (int) lload_destroy( void ); LDAP_SLAPD_F (void) lload_counters_init( void );