upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-26 17:49:59 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix dangling resources issue in slapd-ldap; completely rework slapo-chain to fix the resource leak/concurrency issue; add support for multiple well-known URIs to set credentials for, and deal with unknown URIs anonymously; similar reworking and cleanup for slapd-meta

Browse source
This commit is contained in:
Pierangelo Masarati 2005-11-19 15:00:50 +00:00
parent 1e66d540e1
commit 7fa4b159bf
23 changed files with 1092 additions and 1730 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
servers/slapd/back-ldap/add.c
View file

@ -36,9 +36,9 @@ ldap_back_add(
Operation *op,
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
struct ldapconn *lc;
ldapconn_t *lc;
int i = 0,
j = 0;
Attribute *a;
@ -103,10 +103,10 @@ retry:
rs->sr_err = ldap_add_ext( lc->lc_ld, op->o_req_dn.bv_val, attrs,
ctrls, NULL, &msgid );
rs->sr_err = ldap_back_op_result( lc, op, rs, msgid,
li->timeout[ LDAP_BACK_OP_ADD ], LDAP_BACK_SENDRESULT );
li->li_timeout[ LDAP_BACK_OP_ADD ], LDAP_BACK_SENDRESULT );
if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( lc, op, rs, LDAP_BACK_SENDERR ) ) {
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
}
}

89
servers/slapd/back-ldap/back-ldap.h
View file

@ -26,7 +26,7 @@
LDAP_BEGIN_DECL
struct ldapconn {
typedef struct ldapconn_t {
Connection *lc_conn;
#define LDAP_BACK_PCONN ((void *)0x0)
#define LDAP_BACK_PCONN_TLS ((void *)0x1)
@ -79,7 +79,7 @@ struct ldapconn {
unsigned lc_refcnt;
unsigned lc_flags;
};
} ldapconn_t;
/*
* identity assertion modes
@ -104,50 +104,58 @@ enum {
LDAP_BACK_OP_LAST
};
struct ldapinfo {
char *url;
LDAPURLDesc *lud;
typedef struct ldap_avl_info_t {
ldap_pvt_thread_mutex_t lai_mutex;
Avlnode *lai_tree;
} ldap_avl_info_t;
slap_bindconf acl_sb;
#define acl_authcID acl_sb.sb_authcId
#define acl_authcDN acl_sb.sb_binddn
#define acl_passwd acl_sb.sb_cred
#define acl_authzID acl_sb.sb_authzId
#define acl_authmethod acl_sb.sb_method
#define acl_sasl_mech acl_sb.sb_saslmech
#define acl_sasl_realm acl_sb.sb_realm
#define acl_secprops acl_sb.sb_secprops
typedef struct ldapinfo_t {
/* li_uri: the string that goes into ldap_initialize()
* TODO: use li_acl.sb_uri instead */
char *li_uri;
/* li_bvuri: an array of each single URI that is equivalent;
* to be checked for the presence of a certain item */
BerVarray li_bvuri;
slap_bindconf li_acl;
#define li_acl_authcID li_acl.sb_authcId
#define li_acl_authcDN li_acl.sb_binddn
#define li_acl_passwd li_acl.sb_cred
#define li_acl_authzID li_acl.sb_authzId
#define li_acl_authmethod li_acl.sb_method
#define li_acl_sasl_mech li_acl.sb_saslmech
#define li_acl_sasl_realm li_acl.sb_realm
#define li_acl_secprops li_acl.sb_secprops
/* ID assert stuff */
int idassert_mode;
int li_idassert_mode;
slap_bindconf idassert_sb;
#define idassert_authcID idassert_sb.sb_authcId
#define idassert_authcDN idassert_sb.sb_binddn
#define idassert_passwd idassert_sb.sb_cred
#define idassert_authzID idassert_sb.sb_authzId
#define idassert_authmethod idassert_sb.sb_method
#define idassert_sasl_mech idassert_sb.sb_saslmech
#define idassert_sasl_realm idassert_sb.sb_realm
#define idassert_secprops idassert_sb.sb_secprops
slap_bindconf li_idassert;
#define li_idassert_authcID li_idassert.sb_authcId
#define li_idassert_authcDN li_idassert.sb_binddn
#define li_idassert_passwd li_idassert.sb_cred
#define li_idassert_authzID li_idassert.sb_authzId
#define li_idassert_authmethod li_idassert.sb_method
#define li_idassert_sasl_mech li_idassert.sb_saslmech
#define li_idassert_sasl_realm li_idassert.sb_realm
#define li_idassert_secprops li_idassert.sb_secprops
unsigned idassert_flags;
unsigned li_idassert_flags;
#define LDAP_BACK_AUTH_NONE 0x00U
#define LDAP_BACK_AUTH_NATIVE_AUTHZ 0x01U
#define LDAP_BACK_AUTH_OVERRIDE 0x02U
#define LDAP_BACK_AUTH_PRESCRIPTIVE 0x04U
BerVarray idassert_authz;
BerVarray li_idassert_authz;
/* end of ID assert stuff */
int nretries;
int li_nretries;
#define LDAP_BACK_RETRY_UNDEFINED (-2)
#define LDAP_BACK_RETRY_FOREVER (-1)
#define LDAP_BACK_RETRY_NEVER (0)
#define LDAP_BACK_RETRY_DEFAULT (3)
ldap_pvt_thread_mutex_t conn_mutex;
unsigned flags;
unsigned li_flags;
#define LDAP_BACK_F_NONE 0x00U
#define LDAP_BACK_F_SAVECRED 0x01U
#define LDAP_BACK_F_USE_TLS 0x02U
@ -163,23 +171,18 @@ struct ldapinfo {
#define LDAP_BACK_F_SUPPORT_T_F_DISCOVER 0x40U
#define LDAP_BACK_F_SUPPORT_T_F_MASK (LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER)
#define LDAP_BACK_SAVECRED(li) ( (li)->flags & LDAP_BACK_F_SAVECRED )
#define LDAP_BACK_USE_TLS(li) ( (li)->flags & LDAP_BACK_F_USE_TLS )
#define LDAP_BACK_PROPAGATE_TLS(li) ( (li)->flags & LDAP_BACK_F_PROPAGATE_TLS )
#define LDAP_BACK_TLS_CRITICAL(li) ( (li)->flags & LDAP_BACK_F_TLS_CRITICAL )
#define LDAP_BACK_CHASE_REFERRALS(li) ( (li)->flags & LDAP_BACK_F_CHASE_REFERRALS )
#define LDAP_BACK_SAVECRED(li) ( (li)->li_flags & LDAP_BACK_F_SAVECRED )
#define LDAP_BACK_USE_TLS(li) ( (li)->li_flags & LDAP_BACK_F_USE_TLS )
#define LDAP_BACK_PROPAGATE_TLS(li) ( (li)->li_flags & LDAP_BACK_F_PROPAGATE_TLS )
#define LDAP_BACK_TLS_CRITICAL(li) ( (li)->li_flags & LDAP_BACK_F_TLS_CRITICAL )
#define LDAP_BACK_CHASE_REFERRALS(li) ( (li)->li_flags & LDAP_BACK_F_CHASE_REFERRALS )
int version;
int li_version;
Avlnode *conntree;
ldap_avl_info_t li_conninfo;
#if 0
/* FIXME: automatic rwm instantiation removed */
int rwm_started;
#endif
time_t timeout[ LDAP_BACK_OP_LAST ];
};
time_t li_timeout[ LDAP_BACK_OP_LAST ];
} ldapinfo_t;
typedef enum ldap_back_send_t {
LDAP_BACK_DONTSEND = 0x00,

255
servers/slapd/back-ldap/bind.c
View file

@ -42,16 +42,16 @@ static LDAP_REBIND_PROC ldap_back_default_rebind;
LDAP_REBIND_PROC *ldap_back_rebind_f = ldap_back_default_rebind;
static int
ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs );
ldap_back_proxy_authz_bind( ldapconn_t *lc, Operation *op, SlapReply *rs );
static int
ldap_back_prepare_conn( struct ldapconn **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
ldap_back_prepare_conn( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
int
ldap_back_bind( Operation *op, SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
struct ldapconn *lc;
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
ldapconn_t *lc;
int rc = 0;
ber_int_t msgid;
@ -79,7 +79,7 @@ ldap_back_bind( Operation *op, SlapReply *rs )
* purpose, a successful bind is followed by a
* bind with the configured identity assertion */
/* NOTE: use with care */
if ( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
if ( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) {
ldap_back_proxy_authz_bind( lc, op, rs );
if ( !LDAP_BACK_CONN_ISBOUND( lc ) ) {
rc = 1;
@ -109,22 +109,22 @@ done:;
/* wait for all other ops to release the connection */
retry_lock:;
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
if ( lc->lc_refcnt > 1 ) {
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
ldap_pvt_thread_yield();
goto retry_lock;
}
assert( lc->lc_refcnt == 1 );
lc = avl_delete( &li->conntree, (caddr_t)lc,
lc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
ldap_back_conn_cmp );
assert( lc != NULL );
ber_bvreplace( &lc->lc_local_ndn, &op->o_req_ndn );
lerr = avl_insert( &li->conntree, (caddr_t)lc,
lerr = avl_insert( &li->li_conninfo.lai_tree, (caddr_t)lc,
ldap_back_conn_cmp, ldap_back_conn_dup );
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
if ( lerr == -1 ) {
/* we can do this because lc_refcnt == 1 */
ldap_back_conn_free( lc );
@ -142,14 +142,14 @@ retry_lock:;
/*
* ldap_back_conn_cmp
*
* compares two struct ldapconn based on the value of the conn pointer;
* compares two ldapconn_t based on the value of the conn pointer;
* used by avl stuff
*/
int
ldap_back_conn_cmp( const void *c1, const void *c2 )
{
const struct ldapconn *lc1 = (const struct ldapconn *)c1;
const struct ldapconn *lc2 = (const struct ldapconn *)c2;
const ldapconn_t *lc1 = (const ldapconn_t *)c1;
const ldapconn_t *lc2 = (const ldapconn_t *)c2;
int rc;
/* If local DNs don't match, it is definitely not a match */
@ -167,14 +167,14 @@ ldap_back_conn_cmp( const void *c1, const void *c2 )
/*
* ldap_back_conn_dup
*
* returns -1 in case a duplicate struct ldapconn has been inserted;
* returns -1 in case a duplicate ldapconn_t has been inserted;
* used by avl stuff
*/
int
ldap_back_conn_dup( void *c1, void *c2 )
{
struct ldapconn *lc1 = (struct ldapconn *)c1;
struct ldapconn *lc2 = (struct ldapconn *)c2;
ldapconn_t *lc1 = (ldapconn_t *)c1;
ldapconn_t *lc2 = (ldapconn_t *)c2;
/* Cannot have more than one shared session with same DN */
if ( dn_match( &lc1->lc_local_ndn, &lc2->lc_local_ndn ) &&
@ -190,8 +190,8 @@ ldap_back_conn_dup( void *c1, void *c2 )
static void
ravl_print( Avlnode *root, int depth )
{
int i;
struct ldapconn *lc;
int i;
ldapconn_t *lc;
if ( root == 0 ) {
return;
@ -227,22 +227,26 @@ myprint( Avlnode *root )
#endif /* PRINT_CONNTREE */
int
ldap_back_freeconn( Operation *op, struct ldapconn *lc )
ldap_back_freeconn( Operation *op, ldapconn_t *lc, int dolock )
{
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
if ( dolock ) {
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
}
assert( lc->lc_refcnt > 0 );
if ( --lc->lc_refcnt == 0 ) {
lc = avl_delete( &li->conntree, (caddr_t)lc,
lc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)lc,
ldap_back_conn_cmp );
assert( lc != NULL );
ldap_back_conn_free( (void *)lc );
}
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
if ( dolock ) {
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
}
return 0;
}
@ -259,10 +263,10 @@ ldap_back_start_tls(
const char **text )
{
int rc = LDAP_SUCCESS;
struct ldapinfo dummy;
ldapinfo_t dummy;
/* this is ridiculous... */
dummy.flags = flags;
dummy.li_flags = flags;
/* start TLS ("tls-[try-]{start,propagate}" statements) */
if ( ( LDAP_BACK_USE_TLS( &dummy ) || ( *is_tls && LDAP_BACK_PROPAGATE_TLS( &dummy ) ) )
@ -392,9 +396,9 @@ retry:;
#endif /* HAVE_TLS */
static int
ldap_back_prepare_conn( struct ldapconn **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
ldap_back_prepare_conn( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
int vers = op->o_protocol;
LDAP *ld = NULL;
#ifdef HAVE_TLS
@ -403,7 +407,7 @@ ldap_back_prepare_conn( struct ldapconn **lcp, Operation *op, SlapReply *rs, lda
assert( lcp != NULL );
rs->sr_err = ldap_initialize( &ld, li->url );
rs->sr_err = ldap_initialize( &ld, li->li_uri );
if ( rs->sr_err != LDAP_SUCCESS ) {
goto error_return;
}
@ -420,7 +424,7 @@ ldap_back_prepare_conn( struct ldapconn **lcp, Operation *op, SlapReply *rs, lda
#ifdef HAVE_TLS
rs->sr_err = ldap_back_start_tls( ld, op->o_protocol, &is_tls,
li->url, li->flags, li->nretries, &rs->sr_text );
li->li_uri, li->li_flags, li->li_nretries, &rs->sr_text );
if ( rs->sr_err != LDAP_SUCCESS ) {
ldap_unbind_ext( ld, NULL, NULL );
goto error_return;
@ -428,8 +432,8 @@ ldap_back_prepare_conn( struct ldapconn **lcp, Operation *op, SlapReply *rs, lda
#endif /* HAVE_TLS */
if ( *lcp == NULL ) {
*lcp = (struct ldapconn *)ch_calloc( 1, sizeof( struct ldapconn ) );
(*lcp)->lc_flags= li->flags;
*lcp = (ldapconn_t *)ch_calloc( 1, sizeof( ldapconn_t ) );
(*lcp)->lc_flags= li->li_flags;
}
(*lcp)->lc_ld = ld;
(*lcp)->lc_refcnt = 1;
@ -456,11 +460,11 @@ error_return:;
return rs->sr_err;
}
struct ldapconn *
ldapconn_t *
ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok )
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
struct ldapconn *lc,
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
ldapconn_t *lc,
lc_curr = { 0 };
int refcnt = 1;
@ -482,14 +486,14 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok )
}
/* Searches for a ldapconn in the avl tree */
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
lc = (struct ldapconn *)avl_find( li->conntree,
lc = (ldapconn_t *)avl_find( li->li_conninfo.lai_tree,
(caddr_t)&lc_curr, ldap_back_conn_cmp );
if ( lc != NULL ) {
refcnt = ++lc->lc_refcnt;
}
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
/* Looks like we didn't get a bind. Open a new session... */
if ( lc == NULL ) {
@ -501,8 +505,8 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok )
ber_dupbv( &lc->lc_local_ndn, &lc_curr.lc_local_ndn );
if ( LDAP_BACK_CONN_ISPRIV( &lc_curr ) ) {
ber_dupbv( &lc->lc_cred, &li->acl_passwd );
ber_dupbv( &lc->lc_bound_ndn, &li->acl_authcDN );
ber_dupbv( &lc->lc_cred, &li->li_acl_passwd );
ber_dupbv( &lc->lc_bound_ndn, &li->li_acl_authcDN );
LDAP_BACK_CONN_ISPRIV_SET( lc );
} else {
@ -527,18 +531,18 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok )
if ( lc->lc_conn == LDAP_BACK_PCONN_TLS
&& !ldap_tls_inplace( lc->lc_ld ) )
{
struct ldapconn *tmplc;
ldapconn_t *tmplc;
lc_curr.lc_conn = LDAP_BACK_PCONN;
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
tmplc = (struct ldapconn *)avl_find( li->conntree,
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
tmplc = (ldapconn_t *)avl_find( li->li_conninfo.lai_tree,
(caddr_t)&lc_curr, ldap_back_conn_cmp );
if ( tmplc != NULL ) {
refcnt = ++tmplc->lc_refcnt;
ldap_back_conn_free( lc );
lc = tmplc;
}
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
if ( tmplc != NULL ) {
goto done;
@ -549,17 +553,17 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok )
LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
/* Inserts the newly created ldapconn in the avl tree */
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
assert( lc->lc_refcnt == 1 );
rs->sr_err = avl_insert( &li->conntree, (caddr_t)lc,
rs->sr_err = avl_insert( &li->li_conninfo.lai_tree, (caddr_t)lc,
ldap_back_conn_cmp, ldap_back_conn_dup );
#if PRINT_CONNTREE > 0
myprint( li->conntree );
myprint( li->li_conninfo.lai_tree );
#endif /* PRINT_CONNTREE */
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
Debug( LDAP_DEBUG_TRACE,
"=>ldap_back_getconn: conn %p inserted (refcnt=%u)\n",
@ -590,14 +594,14 @@ void
ldap_back_release_conn(
Operation *op,
SlapReply *rs,
struct ldapconn *lc )
ldapconn_t *lc )
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
assert( lc->lc_refcnt > 0 );
lc->lc_refcnt--;
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
}
/*
@ -607,18 +611,18 @@ ldap_back_release_conn(
* it from all the callers, and I made the function return the flag, so
* it can be used to simplify the check.
*
* Note: dolock indicates whether li->conn_mutex must be locked or not
* Note: dolock indicates whether li->li_conninfo.lai_mutex must be locked or not
*/
static int
ldap_back_dobind_int(
struct ldapconn *lc,
ldapconn_t *lc,
Operation *op,
SlapReply *rs,
ldap_back_send_t sendok,
int retries,
int dolock )
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
int rc = LDAP_BACK_CONN_ISBOUND( lc );
ber_int_t msgid;
@ -654,7 +658,7 @@ ldap_back_dobind_int(
if ( op->o_conn != NULL &&
!op->o_do_not_cache &&
( BER_BVISNULL( &lc->lc_bound_ndn ) ||
( li->idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
( li->li_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
{
(void)ldap_back_proxy_authz_bind( lc, op, rs );
goto done;
@ -662,32 +666,32 @@ ldap_back_dobind_int(
#ifdef HAVE_CYRUS_SASL
if ( LDAP_BACK_CONN_ISPRIV( lc )
&& li->acl_authmethod == LDAP_AUTH_SASL )
&& li->li_acl_authmethod == LDAP_AUTH_SASL )
{
void *defaults = NULL;
if ( li->acl_secprops != NULL ) {
if ( li->li_acl_secprops != NULL ) {
rc = ldap_set_option( lc->lc_ld,
LDAP_OPT_X_SASL_SECPROPS, li->acl_secprops);
LDAP_OPT_X_SASL_SECPROPS, li->li_acl_secprops);
if ( rc != LDAP_OPT_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "Error: ldap_set_option "
"(%s,SECPROPS,\"%s\") failed!\n",
li->url, li->acl_secprops, 0 );
li->li_uri, li->li_acl_secprops, 0 );
goto done;
}
}
defaults = lutil_sasl_defaults( lc->lc_ld,
li->acl_sasl_mech.bv_val,
li->acl_sasl_realm.bv_val,
li->acl_authcID.bv_val,
li->acl_passwd.bv_val,
li->li_acl_sasl_mech.bv_val,
li->li_acl_sasl_realm.bv_val,
li->li_acl_authcID.bv_val,
li->li_acl_passwd.bv_val,
NULL );
rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld,
li->acl_authcDN.bv_val,
li->acl_sasl_mech.bv_val, NULL, NULL,
li->li_acl_authcDN.bv_val,
li->li_acl_sasl_mech.bv_val, NULL, NULL,
LDAP_SASL_QUIET, lutil_sasl_interact,
defaults );
@ -714,7 +718,7 @@ retry:;
if ( rs->sr_err == LDAP_SERVER_DOWN ) {
if ( retries != LDAP_BACK_RETRY_NEVER ) {
if ( dolock ) {
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
}
assert( lc->lc_refcnt > 0 );
@ -726,7 +730,7 @@ retry:;
rs->sr_err = ldap_back_prepare_conn( &lc, op, rs, sendok );
}
if ( dolock ) {
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
}
if ( rs->sr_err == LDAP_SUCCESS ) {
if ( retries > 0 ) {
@ -736,7 +740,7 @@ retry:;
}
}
ldap_back_freeconn( op, lc );
ldap_back_freeconn( op, lc, dolock );
rs->sr_err = slap_map_api2result( rs );
return 0;
@ -757,11 +761,11 @@ done:;
}
int
ldap_back_dobind( struct ldapconn *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
ldap_back_dobind( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
return ldap_back_dobind_int( lc, op, rs, sendok, li->nretries, 1 );
return ldap_back_dobind_int( lc, op, rs, sendok, li->li_nretries, 1 );
}
/*
@ -774,7 +778,7 @@ static int
ldap_back_default_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
ber_int_t msgid, void *params )
{
struct ldapconn *lc = (struct ldapconn *)params;
ldapconn_t *lc = (ldapconn_t *)params;
#ifdef HAVE_TLS
/* ... otherwise we couldn't get here */
@ -801,7 +805,7 @@ ldap_back_default_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
int
ldap_back_op_result(
struct ldapconn *lc,
ldapconn_t *lc,
Operation *op,
SlapReply *rs,
ber_int_t msgid,
@ -906,40 +910,43 @@ retry:;
/* return true if bound, false if failed */
int
ldap_back_retry( struct ldapconn *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok )
{
int rc = 0;
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
if ( lc->lc_refcnt == 1 ) {
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
if ( (*lcp)->lc_refcnt == 1 ) {
Debug( LDAP_DEBUG_ANY,
"%s ldap_back_retry: retrying URI=\"%s\" DN=\"%s\"\n",
op->o_log_prefix, li->url,
BER_BVISNULL( &lc->lc_bound_ndn ) ?
"" : lc->lc_bound_ndn.bv_val );
op->o_log_prefix, li->li_uri,
BER_BVISNULL( &(*lcp)->lc_bound_ndn ) ?
"" : (*lcp)->lc_bound_ndn.bv_val );
ldap_unbind_ext( lc->lc_ld, NULL, NULL );
lc->lc_ld = NULL;
LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
ldap_unbind_ext( (*lcp)->lc_ld, NULL, NULL );
(*lcp)->lc_ld = NULL;
LDAP_BACK_CONN_ISBOUND_CLEAR( (*lcp) );
/* lc here must be the regular lc, reset and ready for init */
rc = ldap_back_prepare_conn( &lc, op, rs, sendok );
rc = ldap_back_prepare_conn( lcp, op, rs, sendok );
if ( rc == LDAP_SUCCESS ) {
rc = ldap_back_dobind_int( lc, op, rs, sendok, 0, 0 );
rc = ldap_back_dobind_int( *lcp, op, rs, sendok, 0, 0 );
if ( rc == 0 ) {
*lcp = NULL;
}
}
}
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
return rc;
}
static int
ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs )
ldap_back_proxy_authz_bind( ldapconn_t *lc, Operation *op, SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
struct berval binddn = slap_empty_bv;
struct berval bindcred = slap_empty_bv;
int dobind = 0;
@ -969,13 +976,13 @@ ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs )
/* bind as proxyauthzdn only if no idassert mode
* is requested, or if the client's identity
* is authorized */
switch ( li->idassert_mode ) {
switch ( li->li_idassert_mode ) {
case LDAP_BACK_IDASSERT_LEGACY:
if ( !BER_BVISNULL( &op->o_conn->c_ndn ) && !BER_BVISEMPTY( &op->o_conn->c_ndn ) ) {
if ( !BER_BVISNULL( &li->idassert_authcDN ) && !BER_BVISEMPTY( &li->idassert_authcDN ) )
if ( !BER_BVISNULL( &li->li_idassert_authcDN ) && !BER_BVISEMPTY( &li->li_idassert_authcDN ) )
{
binddn = li->idassert_authcDN;
bindcred = li->idassert_passwd;
binddn = li->li_idassert_authcDN;
bindcred = li->li_idassert_passwd;
dobind = 1;
}
}
@ -983,7 +990,7 @@ ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs )
default:
/* NOTE: rootdn can always idassert */
if ( li->idassert_authz && !be_isroot( op ) ) {
if ( li->li_idassert_authz && !be_isroot( op ) ) {
struct berval authcDN;
if ( BER_BVISNULL( &op->o_conn->c_ndn ) ) {
@ -992,10 +999,10 @@ ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs )
} else {
authcDN = op->o_conn->c_ndn;
}
rs->sr_err = slap_sasl_matches( op, li->idassert_authz,
rs->sr_err = slap_sasl_matches( op, li->li_idassert_authz,
&authcDN, &authcDN );
if ( rs->sr_err != LDAP_SUCCESS ) {
if ( li->idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) {
send_ldap_result( op, rs );
LDAP_BACK_CONN_ISBOUND_CLEAR( lc );
@ -1010,13 +1017,13 @@ ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs )
}
}
binddn = li->idassert_authcDN;
bindcred = li->idassert_passwd;
binddn = li->li_idassert_authcDN;
bindcred = li->li_idassert_passwd;
dobind = 1;
break;
}
if ( dobind && li->idassert_authmethod == LDAP_AUTH_SASL ) {
if ( dobind && li->li_idassert_authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
void *defaults = NULL;
struct berval authzID = BER_BVNULL;
@ -1024,12 +1031,12 @@ ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs )
/* if SASL supports native authz, prepare for it */
if ( ( !op->o_do_not_cache || !op->o_is_auth_check ) &&
( li->idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) )
( li->li_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ ) )
{
switch ( li->idassert_mode ) {
switch ( li->li_idassert_mode ) {
case LDAP_BACK_IDASSERT_OTHERID:
case LDAP_BACK_IDASSERT_OTHERDN:
authzID = li->idassert_authzID;
authzID = li->li_idassert_authzID;
break;
case LDAP_BACK_IDASSERT_ANONYMOUS:
@ -1055,10 +1062,10 @@ ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs )
}
}
if ( li->idassert_secprops != NULL ) {
if ( li->li_idassert_secprops != NULL ) {
rs->sr_err = ldap_set_option( lc->lc_ld,
LDAP_OPT_X_SASL_SECPROPS,
(void *)li->idassert_secprops );
(void *)li->li_idassert_secprops );
if ( rs->sr_err != LDAP_OPT_SUCCESS ) {
send_ldap_result( op, rs );
@ -1068,14 +1075,14 @@ ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs )
}
defaults = lutil_sasl_defaults( lc->lc_ld,
li->idassert_sasl_mech.bv_val,
li->idassert_sasl_realm.bv_val,
li->idassert_authcID.bv_val,
li->idassert_passwd.bv_val,
li->li_idassert_sasl_mech.bv_val,
li->li_idassert_sasl_realm.bv_val,
li->li_idassert_authcID.bv_val,
li->li_idassert_passwd.bv_val,
authzID.bv_val );
rs->sr_err = ldap_sasl_interactive_bind_s( lc->lc_ld, binddn.bv_val,
li->idassert_sasl_mech.bv_val, NULL, NULL,
li->li_idassert_sasl_mech.bv_val, NULL, NULL,
LDAP_SASL_QUIET, lutil_sasl_interact,
defaults );
@ -1097,7 +1104,7 @@ ldap_back_proxy_authz_bind( struct ldapconn *lc, Operation *op, SlapReply *rs )
#endif /* HAVE_CYRUS_SASL */
}
switch ( li->idassert_authmethod ) {
switch ( li->li_idassert_authmethod ) {
case LDAP_AUTH_NONE:
LDAP_BACK_CONN_ISBOUND_SET( lc );
goto done;
@ -1152,12 +1159,12 @@ done:;
*/
int
ldap_back_proxy_authz_ctrl(
struct ldapconn *lc,
ldapconn_t *lc,
Operation *op,
SlapReply *rs,
LDAPControl ***pctrls )
{
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
LDAPControl **ctrls = NULL;
int i = 0,
mode;
@ -1170,8 +1177,8 @@ ldap_back_proxy_authz_ctrl(
/* FIXME: SASL/EXTERNAL over ldapi:// doesn't honor the authcID,
* but if it is not set this test fails. We need a different
* means to detect if idassert is enabled */
if ( ( BER_BVISNULL( &li->idassert_authcID ) || BER_BVISEMPTY( &li->idassert_authcID ) )
&& ( BER_BVISNULL( &li->idassert_authcDN ) || BER_BVISEMPTY( &li->idassert_authcDN ) ) )
if ( ( BER_BVISNULL( &li->li_idassert_authcID ) || BER_BVISEMPTY( &li->li_idassert_authcID ) )
&& ( BER_BVISNULL( &li->li_idassert_authcDN ) || BER_BVISEMPTY( &li->li_idassert_authcDN ) ) )
{
goto done;
}
@ -1180,7 +1187,7 @@ ldap_back_proxy_authz_ctrl(
goto done;
}
if ( li->idassert_mode == LDAP_BACK_IDASSERT_LEGACY ) {
if ( li->li_idassert_mode == LDAP_BACK_IDASSERT_LEGACY ) {
if ( op->o_proxy_authz ) {
/*
* FIXME: we do not want to perform proxyAuthz
@ -1207,12 +1214,12 @@ ldap_back_proxy_authz_ctrl(
goto done;
}
if ( BER_BVISNULL( &li->idassert_authcDN ) ) {
if ( BER_BVISNULL( &li->li_idassert_authcDN ) ) {
goto done;
}
} else if ( li->idassert_authmethod == LDAP_AUTH_SASL ) {
if ( ( li->idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ )
} else if ( li->li_idassert_authmethod == LDAP_AUTH_SASL ) {
if ( ( li->li_idassert_flags & LDAP_BACK_AUTH_NATIVE_AUTHZ )
/* && ( !BER_BVISNULL( &op->o_conn->c_ndn )
|| LDAP_BACK_CONN_ISBOUND( lc ) ) */ )
{
@ -1223,7 +1230,7 @@ ldap_back_proxy_authz_ctrl(
goto done;
}
} else if ( li->idassert_authz && !be_isroot( op ) ) {
} else if ( li->li_idassert_authz && !be_isroot( op ) ) {
int rc;
struct berval authcDN;
@ -1232,10 +1239,10 @@ ldap_back_proxy_authz_ctrl(
} else {
authcDN = op->o_conn->c_ndn;
}
rc = slap_sasl_matches( op, li->idassert_authz,
rc = slap_sasl_matches( op, li->li_idassert_authz,
&authcDN, & authcDN );
if ( rc != LDAP_SUCCESS ) {
if ( li->idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE )
if ( li->li_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE )
{
/* op->o_conn->c_ndn is not authorized
* to use idassert */
@ -1271,7 +1278,7 @@ ldap_back_proxy_authz_ctrl(
mode = LDAP_BACK_IDASSERT_NOASSERT;
} else {
mode = li->idassert_mode;
mode = li->li_idassert_mode;
}
switch ( mode ) {
@ -1298,7 +1305,7 @@ ldap_back_proxy_authz_ctrl(
case LDAP_BACK_IDASSERT_OTHERID:
case LDAP_BACK_IDASSERT_OTHERDN:
/* assert idassert DN */
assertedID = li->idassert_authzID;
assertedID = li->li_idassert_authzID;
break;
default:
@ -1320,7 +1327,7 @@ ldap_back_proxy_authz_ctrl(
ctrls[ 0 ]->ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
ctrls[ 0 ]->ldctl_iscritical = 1;
switch ( li->idassert_mode ) {
switch ( li->li_idassert_mode ) {
/* already in u:ID or dn:DN form */
case LDAP_BACK_IDASSERT_OTHERID:
case LDAP_BACK_IDASSERT_OTHERDN:

782
servers/slapd/back-ldap/chain.c
View file

File diff suppressed because it is too large Load diff

4
servers/slapd/back-ldap/compare.c
View file

@ -36,7 +36,7 @@ ldap_back_compare(
Operation *op,
SlapReply *rs )
{
struct ldapconn *lc;
ldapconn_t *lc;
ber_int_t msgid;
int do_retry = 1;
LDAPControl **ctrls = NULL;
@ -63,7 +63,7 @@ retry:
rc = ldap_back_op_result( lc, op, rs, msgid, 0, LDAP_BACK_SENDRESULT );
if ( rc == LDAP_UNAVAILABLE && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( lc, op, rs, LDAP_BACK_SENDERR ) ) {
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
}
}

1218
servers/slapd/back-ldap/config.c
View file

File diff suppressed because it is too large Load diff

8
servers/slapd/back-ldap/delete.c
View file

@ -36,9 +36,9 @@ ldap_back_delete(
Operation *op,
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
struct ldapconn *lc;
ldapconn_t *lc;
ber_int_t msgid;
LDAPControl **ctrls = NULL;
int do_retry = 1;
@ -62,10 +62,10 @@ retry:
rs->sr_err = ldap_delete_ext( lc->lc_ld, op->o_req_ndn.bv_val,
ctrls, NULL, &msgid );
rc = ldap_back_op_result( lc, op, rs, msgid,
li->timeout[ LDAP_BACK_OP_DELETE], LDAP_BACK_SENDRESULT );
li->li_timeout[ LDAP_BACK_OP_DELETE], LDAP_BACK_SENDRESULT );
if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( lc, op, rs, LDAP_BACK_SENDERR ) ) {
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
}
}

8
servers/slapd/back-ldap/extended.c
View file

@ -48,7 +48,7 @@ ldap_back_extended(
for ( i = 0; exop_table[i].extended != NULL; i++ ) {
if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
{
struct ldapconn *lc;
ldapconn_t *lc;
LDAPControl **oldctrls = NULL;
int rc;
@ -98,7 +98,7 @@ ldap_back_exop_passwd(
Operation *op,
SlapReply *rs )
{
struct ldapconn *lc;
ldapconn_t *lc;
req_pwdexop_s *qpw = &op->oq_pwdexop;
LDAPMessage *res;
ber_int_t msgid;
@ -124,7 +124,7 @@ retry:
if ( rc == LDAP_SUCCESS ) {
if ( ldap_result( lc->lc_ld, msgid, 1, NULL, &res ) == -1 ) {
ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
ldap_back_freeconn( op, lc );
ldap_back_freeconn( op, lc, 0 );
lc = NULL;
} else {
@ -168,7 +168,7 @@ retry:
rs->sr_err = slap_map_api2result( rs );
if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( lc, op, rs, LDAP_BACK_SENDERR ) ) {
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
}
}

167
servers/slapd/back-ldap/init.c
View file

@ -80,45 +80,45 @@ ldap_back_initialize( BackendInfo *bi )
int
ldap_back_db_init( Backend *be )
{
struct ldapinfo *li;
ldapinfo_t *li;
li = (struct ldapinfo *)ch_calloc( 1, sizeof( struct ldapinfo ) );
li = (ldapinfo_t *)ch_calloc( 1, sizeof( ldapinfo_t ) );
if ( li == NULL ) {
return -1;
}
BER_BVZERO( &li->acl_authcID );
BER_BVZERO( &li->acl_authcDN );
BER_BVZERO( &li->acl_passwd );
BER_BVZERO( &li->li_acl_authcID );
BER_BVZERO( &li->li_acl_authcDN );
BER_BVZERO( &li->li_acl_passwd );
li->acl_authmethod = LDAP_AUTH_NONE;
BER_BVZERO( &li->acl_sasl_mech );
li->acl_sb.sb_tls = SB_TLS_DEFAULT;
li->li_acl_authmethod = LDAP_AUTH_NONE;
BER_BVZERO( &li->li_acl_sasl_mech );
li->li_acl.sb_tls = SB_TLS_DEFAULT;
li->idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
li->li_idassert_mode = LDAP_BACK_IDASSERT_LEGACY;
BER_BVZERO( &li->idassert_authcID );
BER_BVZERO( &li->idassert_authcDN );
BER_BVZERO( &li->idassert_passwd );
BER_BVZERO( &li->li_idassert_authcID );
BER_BVZERO( &li->li_idassert_authcDN );
BER_BVZERO( &li->li_idassert_passwd );
BER_BVZERO( &li->idassert_authzID );
BER_BVZERO( &li->li_idassert_authzID );
li->idassert_authmethod = LDAP_AUTH_NONE;
BER_BVZERO( &li->idassert_sasl_mech );
li->idassert_sb.sb_tls = SB_TLS_DEFAULT;
li->li_idassert_authmethod = LDAP_AUTH_NONE;
BER_BVZERO( &li->li_idassert_sasl_mech );
li->li_idassert.sb_tls = SB_TLS_DEFAULT;
/* by default, use proxyAuthz control on each operation */
li->idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
li->li_idassert_flags = LDAP_BACK_AUTH_PRESCRIPTIVE;
li->idassert_authz = NULL;
li->li_idassert_authz = NULL;
/* initialize flags */
li->flags = LDAP_BACK_F_CHASE_REFERRALS;
li->li_flags = LDAP_BACK_F_CHASE_REFERRALS;
/* initialize version */
li->version = LDAP_VERSION3;
li->li_version = LDAP_VERSION3;
ldap_pvt_thread_mutex_init( &li->conn_mutex );
ldap_pvt_thread_mutex_init( &li->li_conninfo.lai_mutex );
be->be_private = li;
SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_NOLASTMOD;
@ -131,19 +131,19 @@ ldap_back_db_init( Backend *be )
int
ldap_back_db_open( BackendDB *be )
{
struct ldapinfo *li = (struct ldapinfo *)be->be_private;
ldapinfo_t *li = (ldapinfo_t *)be->be_private;
Debug( LDAP_DEBUG_TRACE,
"ldap_back_db_open: URI=%s\n",
li->url != NULL ? li->url : "", 0, 0 );
li->li_uri != NULL ? li->li_uri : "", 0, 0 );
/* by default, use proxyAuthz control on each operation */
switch ( li->idassert_mode ) {
switch ( li->li_idassert_mode ) {
case LDAP_BACK_IDASSERT_LEGACY:
case LDAP_BACK_IDASSERT_SELF:
/* however, since admin connections are pooled and shared,
* only static authzIDs can be native */
li->idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
li->li_idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
break;
default:
@ -159,7 +159,6 @@ ldap_back_db_open( BackendDB *be )
* the normalized one. See ITS#3406 */
struct berval filter,
base = BER_BVC( "cn=Databases," SLAPD_MONITOR );
struct berval vals[ 2 ];
Attribute a = { 0 };
filter.bv_len = STRLENOF( "(&(namingContexts:distinguishedNameMatch:=)(monitoredInfo=ldap))" )
@ -170,10 +169,8 @@ ldap_back_db_open( BackendDB *be )
be->be_nsuffix[ 0 ].bv_val );
a.a_desc = slap_schema.si_ad_labeledURI;
ber_str2bv( li->url, 0, 0, &vals[ 0 ] );
BER_BVZERO( &vals[ 1 ] );
a.a_vals = vals;
a.a_nvals = vals;
a.a_vals = li->li_bvuri;
a.a_nvals = li->li_bvuri;
if ( monitor_back_register_entry_attrs( NULL, &a, NULL, &base, LDAP_SCOPE_SUBTREE, &filter ) ) {
/* error */
}
@ -182,16 +179,16 @@ ldap_back_db_open( BackendDB *be )
}
#endif /* SLAPD_MONITOR */
if ( li->flags & LDAP_BACK_F_SUPPORT_T_F_DISCOVER ) {
if ( li->li_flags & LDAP_BACK_F_SUPPORT_T_F_DISCOVER ) {
int rc;
li->flags &= ~LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
li->li_flags &= ~LDAP_BACK_F_SUPPORT_T_F_DISCOVER;
rc = slap_discover_feature( li->url, li->version,
rc = slap_discover_feature( li->li_uri, li->li_version,
slap_schema.si_ad_supportedFeatures->ad_cname.bv_val,
LDAP_FEATURE_ABSOLUTE_FILTERS );
if ( rc == LDAP_COMPARE_TRUE ) {
li->flags |= LDAP_BACK_F_SUPPORT_T_F;
li->li_flags |= LDAP_BACK_F_SUPPORT_T_F;
}
}
@ -201,7 +198,7 @@ ldap_back_db_open( BackendDB *be )
void
ldap_back_conn_free( void *v_lc )
{
struct ldapconn *lc = v_lc;
ldapconn_t *lc = v_lc;
if ( lc->lc_ld != NULL ) {
ldap_unbind_ext( lc->lc_ld, NULL, NULL );
@ -224,75 +221,73 @@ ldap_back_db_destroy(
Backend *be
)
{
struct ldapinfo *li;
if ( be->be_private ) {
li = ( struct ldapinfo * )be->be_private;
ldapinfo_t *li = ( ldapinfo_t * )be->be_private;
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
if ( li->url != NULL ) {
ch_free( li->url );
li->url = NULL;
if ( li->li_uri != NULL ) {
ch_free( li->li_uri );
li->li_uri = NULL;
assert( li->li_bvuri != NULL );
ber_bvarray_free( li->li_bvuri );
li->li_bvuri = NULL;
}
if ( li->lud ) {
ldap_free_urldesc( li->lud );
li->lud = NULL;
if ( !BER_BVISNULL( &li->li_acl_authcID ) ) {
ch_free( li->li_acl_authcID.bv_val );
BER_BVZERO( &li->li_acl_authcID );
}
if ( !BER_BVISNULL( &li->acl_authcID ) ) {
ch_free( li->acl_authcID.bv_val );
BER_BVZERO( &li->acl_authcID );
if ( !BER_BVISNULL( &li->li_acl_authcDN ) ) {
ch_free( li->li_acl_authcDN.bv_val );
BER_BVZERO( &li->li_acl_authcDN );
}
if ( !BER_BVISNULL( &li->acl_authcDN ) ) {
ch_free( li->acl_authcDN.bv_val );
BER_BVZERO( &li->acl_authcDN );
if ( !BER_BVISNULL( &li->li_acl_passwd ) ) {
ch_free( li->li_acl_passwd.bv_val );
BER_BVZERO( &li->li_acl_passwd );
}
if ( !BER_BVISNULL( &li->acl_passwd ) ) {
ch_free( li->acl_passwd.bv_val );
BER_BVZERO( &li->acl_passwd );
if ( !BER_BVISNULL( &li->li_acl_sasl_mech ) ) {
ch_free( li->li_acl_sasl_mech.bv_val );
BER_BVZERO( &li->li_acl_sasl_mech );
}
if ( !BER_BVISNULL( &li->acl_sasl_mech ) ) {
ch_free( li->acl_sasl_mech.bv_val );
BER_BVZERO( &li->acl_sasl_mech );
if ( !BER_BVISNULL( &li->li_acl_sasl_realm ) ) {
ch_free( li->li_acl_sasl_realm.bv_val );
BER_BVZERO( &li->li_acl_sasl_realm );
}
if ( !BER_BVISNULL( &li->acl_sasl_realm ) ) {
ch_free( li->acl_sasl_realm.bv_val );
BER_BVZERO( &li->acl_sasl_realm );
if ( !BER_BVISNULL( &li->li_idassert_authcID ) ) {
ch_free( li->li_idassert_authcID.bv_val );
BER_BVZERO( &li->li_idassert_authcID );
}
if ( !BER_BVISNULL( &li->idassert_authcID ) ) {
ch_free( li->idassert_authcID.bv_val );
BER_BVZERO( &li->idassert_authcID );
if ( !BER_BVISNULL( &li->li_idassert_authcDN ) ) {
ch_free( li->li_idassert_authcDN.bv_val );
BER_BVZERO( &li->li_idassert_authcDN );
}
if ( !BER_BVISNULL( &li->idassert_authcDN ) ) {
ch_free( li->idassert_authcDN.bv_val );
BER_BVZERO( &li->idassert_authcDN );
if ( !BER_BVISNULL( &li->li_idassert_passwd ) ) {
ch_free( li->li_idassert_passwd.bv_val );
BER_BVZERO( &li->li_idassert_passwd );
}
if ( !BER_BVISNULL( &li->idassert_passwd ) ) {
ch_free( li->idassert_passwd.bv_val );
BER_BVZERO( &li->idassert_passwd );
if ( !BER_BVISNULL( &li->li_idassert_authzID ) ) {
ch_free( li->li_idassert_authzID.bv_val );
BER_BVZERO( &li->li_idassert_authzID );
}
if ( !BER_BVISNULL( &li->idassert_authzID ) ) {
ch_free( li->idassert_authzID.bv_val );
BER_BVZERO( &li->idassert_authzID );
if ( !BER_BVISNULL( &li->li_idassert_sasl_mech ) ) {
ch_free( li->li_idassert_sasl_mech.bv_val );
BER_BVZERO( &li->li_idassert_sasl_mech );
}
if ( !BER_BVISNULL( &li->idassert_sasl_mech ) ) {
ch_free( li->idassert_sasl_mech.bv_val );
BER_BVZERO( &li->idassert_sasl_mech );
if ( !BER_BVISNULL( &li->li_idassert_sasl_realm ) ) {
ch_free( li->li_idassert_sasl_realm.bv_val );
BER_BVZERO( &li->li_idassert_sasl_realm );
}
if ( !BER_BVISNULL( &li->idassert_sasl_realm ) ) {
ch_free( li->idassert_sasl_realm.bv_val );
BER_BVZERO( &li->idassert_sasl_realm );
if ( li->li_idassert_authz != NULL ) {
ber_bvarray_free( li->li_idassert_authz );
li->li_idassert_authz = NULL;
}
if ( li->idassert_authz != NULL ) {
ber_bvarray_free( li->idassert_authz );
li->idassert_authz = NULL;
}
if ( li->conntree ) {
avl_free( li->conntree, ldap_back_conn_free );
if ( li->li_conninfo.lai_tree ) {
avl_free( li->li_conninfo.lai_tree, ldap_back_conn_free );
}
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_mutex_destroy( &li->conn_mutex );
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
ldap_pvt_thread_mutex_destroy( &li->li_conninfo.lai_mutex );
}
ch_free( be->be_private );

8
servers/slapd/back-ldap/modify.c
View file

@ -36,9 +36,9 @@ ldap_back_modify(
Operation *op,
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
struct ldapconn *lc;
ldapconn_t *lc;
LDAPMod **modv = NULL,
*mods = NULL;
Modifications *ml;
@ -110,10 +110,10 @@ retry:
rs->sr_err = ldap_modify_ext( lc->lc_ld, op->o_req_ndn.bv_val, modv,
ctrls, NULL, &msgid );
rc = ldap_back_op_result( lc, op, rs, msgid,
li->timeout[ LDAP_BACK_OP_MODIFY], LDAP_BACK_SENDRESULT );
li->li_timeout[ LDAP_BACK_OP_MODIFY], LDAP_BACK_SENDRESULT );
if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( lc, op, rs, LDAP_BACK_SENDERR ) ) {
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
}
}

8
servers/slapd/back-ldap/modrdn.c
View file

@ -36,9 +36,9 @@ ldap_back_modrdn(
Operation *op,
SlapReply *rs )
{
struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *)op->o_bd->be_private;
struct ldapconn *lc;
ldapconn_t *lc;
ber_int_t msgid;
LDAPControl **ctrls = NULL;
int do_retry = 1;
@ -70,10 +70,10 @@ retry:
op->orr_newrdn.bv_val, newSup,
op->orr_deleteoldrdn, ctrls, NULL, &msgid );
rc = ldap_back_op_result( lc, op, rs, msgid,
li->timeout[ LDAP_BACK_OP_MODRDN ], LDAP_BACK_SENDRESULT );
li->li_timeout[ LDAP_BACK_OP_MODRDN ], LDAP_BACK_SENDRESULT );
if ( rs->sr_err == LDAP_SERVER_DOWN && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( lc, op, rs, LDAP_BACK_SENDERR ) ) {
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
}
}

20
servers/slapd/back-ldap/proto-ldap.h
View file

@ -32,7 +32,6 @@ extern BI_destroy ldap_back_destroy;
extern BI_db_init ldap_back_db_init;
extern BI_db_open ldap_back_db_open;
extern BI_db_destroy ldap_back_db_destroy;
extern BI_db_config ldap_back_db_config;
extern BI_op_bind ldap_back_bind;
extern BI_op_search ldap_back_search;
@ -48,15 +47,14 @@ extern BI_connection_destroy ldap_back_conn_destroy;
extern BI_entry_get_rw ldap_back_entry_get;
int ldap_back_freeconn( Operation *op, struct ldapconn *lc );
struct ldapconn *ldap_back_getconn(struct slap_op *op, struct slap_rep *rs, ldap_back_send_t sendok);
void ldap_back_release_conn( struct slap_op *op, struct slap_rep *rs, struct ldapconn *lc );
int ldap_back_dobind(struct ldapconn *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok);
int ldap_back_retry(struct ldapconn *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok);
int ldap_back_map_result(SlapReply *rs);
int ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
ber_int_t msgid, time_t timeout, ldap_back_send_t sendok);
int back_ldap_LTX_init_module(int argc, char *argv[]);
int ldap_back_freeconn( Operation *op, ldapconn_t *lc, int dolock );
ldapconn_t *ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok );
void ldap_back_release_conn( Operation *op, SlapReply *rs, ldapconn_t *lc );
int ldap_back_dobind( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
int ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_t sendok );
int ldap_back_map_result( SlapReply *rs );
int ldap_back_op_result( ldapconn_t *lc, Operation *op, SlapReply *rs,
ber_int_t msgid, time_t timeout, ldap_back_send_t sendok );
int ldap_back_init_cf( BackendInfo *bi );
@ -66,7 +64,7 @@ extern void ldap_back_conn_free( void *c );
extern int
ldap_back_proxy_authz_ctrl(
struct ldapconn *lc,
ldapconn_t *lc,
Operation *op,
SlapReply *rs,
LDAPControl ***pctrls );

32
servers/slapd/back-ldap/search.c
View file

@ -49,7 +49,7 @@ ldap_back_munge_filter(
Operation *op,
struct berval *filter )
{
struct ldapinfo *li = (struct ldapinfo *) op->o_bd->be_private;
ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
char *ptr;
int gotit = 0;
@ -75,7 +75,7 @@ ldap_back_munge_filter(
if ( strncmp( ptr, bv_true.bv_val, bv_true.bv_len ) == 0 ) {
oldbv = &bv_true;
if ( li->flags & LDAP_BACK_F_SUPPORT_T_F ) {
if ( li->li_flags & LDAP_BACK_F_SUPPORT_T_F ) {
newbv = &bv_t;
} else {
@ -85,7 +85,7 @@ ldap_back_munge_filter(
} else if ( strncmp( ptr, bv_false.bv_val, bv_false.bv_len ) == 0 )
{
oldbv = &bv_false;
if ( li->flags & LDAP_BACK_F_SUPPORT_T_F ) {
if ( li->li_flags & LDAP_BACK_F_SUPPORT_T_F ) {
newbv = &bv_f;
} else {
@ -141,7 +141,7 @@ ldap_back_search(
Operation *op,
SlapReply *rs )
{
struct ldapconn *lc;
ldapconn_t *lc;
struct timeval tv;
time_t stoptime = (time_t)-1;
LDAPMessage *res,
@ -221,13 +221,20 @@ fail:;
case LDAP_SERVER_DOWN:
if ( do_retry ) {
do_retry = 0;
if ( ldap_back_retry( lc, op, rs, LDAP_BACK_DONTSEND ) ) {
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
goto retry;
}
}
rc = ldap_back_op_result( lc, op, rs, msgid, 0, LDAP_BACK_DONTSEND );
ldap_back_freeconn( op, lc );
lc = NULL;
if ( lc == NULL ) {
/* reset by ldap_back_retry ... */
rs->sr_err = slap_map_api2result( rs );
} else {
rc = ldap_back_op_result( lc, op, rs, msgid, 0, LDAP_BACK_DONTSEND );
ldap_back_freeconn( op, lc, 0 );
lc = NULL;
}
goto finish;
case LDAP_FILTER_ERROR:
@ -417,12 +424,13 @@ fail:;
if ( rc == -1 ) {
if ( do_retry ) {
do_retry = 0;
if ( ldap_back_retry( lc, op, rs, LDAP_BACK_SENDERR ) ) {
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
goto retry;
}
}
rs->sr_err = LDAP_SERVER_DOWN;
goto fail;
rs->sr_err = slap_map_api2result( rs );
goto finish;
}
/*
@ -688,7 +696,7 @@ ldap_back_entry_get(
Entry **ent
)
{
struct ldapconn *lc;
ldapconn_t *lc;
int rc = 1,
do_not_cache;
struct berval bdn;
@ -746,7 +754,7 @@ retry:
if ( rc != LDAP_SUCCESS ) {
if ( rc == LDAP_SERVER_DOWN && do_retry ) {
do_retry = 0;
if ( ldap_back_retry( lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
goto retry;
}
}

10
servers/slapd/back-ldap/unbind.c
View file

@ -38,8 +38,8 @@ ldap_back_conn_destroy(
Connection *conn
)
{
struct ldapinfo *li = (struct ldapinfo *) be->be_private;
struct ldapconn *lc = NULL, lc_curr;
ldapinfo_t *li = (ldapinfo_t *) be->be_private;
ldapconn_t *lc = NULL, lc_curr;
Debug( LDAP_DEBUG_TRACE,
"=>ldap_back_conn_destroy: fetching conn %ld\n",
@ -48,9 +48,9 @@ ldap_back_conn_destroy(
lc_curr.lc_conn = conn;
lc_curr.lc_local_ndn = conn->c_ndn;
ldap_pvt_thread_mutex_lock( &li->conn_mutex );
lc = avl_delete( &li->conntree, (caddr_t)&lc_curr, ldap_back_conn_cmp );
ldap_pvt_thread_mutex_unlock( &li->conn_mutex );
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
lc = avl_delete( &li->li_conninfo.lai_tree, (caddr_t)&lc_curr, ldap_back_conn_cmp );
ldap_pvt_thread_mutex_unlock( &li->li_conninfo.lai_mutex );
if ( lc ) {
Debug( LDAP_DEBUG_TRACE,

10
servers/slapd/back-meta/back-meta.h
View file

@ -257,18 +257,18 @@ typedef struct metainfo_t {
metadncache_t mi_cache;
ldap_pvt_thread_mutex_t mi_conn_mutex;
Avlnode *mi_conntree;
ldap_avl_info_t mi_conninfo;
unsigned flags;
unsigned mi_flags;
#define li_flags mi_flags
/* uses flags as defined in <back-ldap/back-ldap.h> */
#define META_BACK_F_ONERR_STOP 0x00010000U
#define META_BACK_F_DEFER_ROOTDN_BIND 0x00020000U
#define META_BACK_ONERR_STOP(mi) ( (mi)->flags & META_BACK_F_ONERR_STOP )
#define META_BACK_ONERR_STOP(mi) ( (mi)->mi_flags & META_BACK_F_ONERR_STOP )
#define META_BACK_ONERR_CONTINUE(mi) ( !META_BACK_ONERR_CONTINUE( (mi) ) )
#define META_BACK_DEFER_ROOTDN_BIND(mi) ( (mi)->flags & META_BACK_F_DEFER_ROOTDN_BIND )
#define META_BACK_DEFER_ROOTDN_BIND(mi) ( (mi)->mi_flags & META_BACK_F_DEFER_ROOTDN_BIND )
int mi_version;
time_t mi_timeout[ LDAP_BACK_OP_LAST ];

14
servers/slapd/back-meta/bind.c
View file

@ -206,22 +206,22 @@ meta_back_bind( Operation *op, SlapReply *rs )
/* wait for all other ops to release the connection */
retry_lock:;
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
if ( mc->mc_refcnt > 1 ) {
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
ldap_pvt_thread_yield();
goto retry_lock;
}
assert( mc->mc_refcnt == 1 );
mc = avl_delete( &mi->mi_conntree, (caddr_t)mc,
mc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
meta_back_conn_cmp );
assert( mc != NULL );
ber_bvreplace( &mc->mc_local_ndn, &op->o_req_ndn );
lerr = avl_insert( &mi->mi_conntree, (caddr_t)mc,
lerr = avl_insert( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
meta_back_conn_cmp, meta_back_conn_dup );
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
if ( lerr == -1 ) {
for ( i = 0; i < mi->mi_ntargets; ++i ) {
if ( mc->mc_conns[ i ].msc_ld != NULL ) {
@ -548,7 +548,7 @@ retry:;
* to avoid circular loops; mc_mutex is set
* by the caller */
if ( dolock ) {
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
}
if ( mc->mc_refcnt == 1 ) {
@ -571,7 +571,7 @@ retry:;
}
if ( dolock ) {
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
}
if ( rc == LDAP_SUCCESS ) {

22
servers/slapd/back-meta/config.c
View file

@ -160,7 +160,7 @@ meta_back_db_config(
}
mi->mi_targets[ i ].mt_nretries = mi->mi_nretries;
mi->mi_targets[ i ].mt_flags = mi->flags;
mi->mi_targets[ i ].mt_flags = mi->mi_flags;
mi->mi_targets[ i ].mt_version = mi->mi_version;
for ( c = 0; c < LDAP_BACK_OP_LAST; c++ ) {
@ -430,16 +430,16 @@ meta_back_db_config(
fprintf( stderr,
"%s: line %d: deprecated use of \"rebind-as-user {FALSE|true}\" with no arguments.\n",
fname, lineno );
mi->flags |= LDAP_BACK_F_SAVECRED;
mi->mi_flags |= LDAP_BACK_F_SAVECRED;
} else {
switch ( check_true_false( argv[ 1 ] ) ) {
case 0:
mi->flags &= ~LDAP_BACK_F_SAVECRED;
mi->mi_flags &= ~LDAP_BACK_F_SAVECRED;
break;
case 1:
mi->flags |= LDAP_BACK_F_SAVECRED;
mi->mi_flags |= LDAP_BACK_F_SAVECRED;
break;
default:
@ -453,7 +453,7 @@ meta_back_db_config(
} else if ( strcasecmp( argv[ 0 ], "chase-referrals" ) == 0 ) {
unsigned *flagsp = mi->mi_ntargets ?
&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
: &mi->flags;
: &mi->mi_flags;
if ( argc != 2 ) {
fprintf( stderr,
@ -482,7 +482,7 @@ meta_back_db_config(
} else if ( strcasecmp( argv[ 0 ], "tls" ) == 0 ) {
unsigned *flagsp = mi->mi_ntargets ?
&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
: &mi->flags;
: &mi->mi_flags;
if ( argc != 2 ) {
fprintf( stderr,
@ -519,7 +519,7 @@ meta_back_db_config(
} else if ( strcasecmp( argv[ 0 ], "t-f-support" ) == 0 ) {
unsigned *flagsp = mi->mi_ntargets ?
&mi->mi_targets[ mi->mi_ntargets - 1 ].mt_flags
: &mi->flags;
: &mi->mi_flags;
if ( argc != 2 ) {
fprintf( stderr,
@ -560,10 +560,10 @@ meta_back_db_config(
}
if ( strcasecmp( argv[ 1 ], "continue" ) == 0 ) {
mi->flags &= ~META_BACK_F_ONERR_STOP;
mi->mi_flags &= ~META_BACK_F_ONERR_STOP;
} else if ( strcasecmp( argv[ 1 ], "stop" ) == 0 ) {
mi->flags |= META_BACK_F_ONERR_STOP;
mi->mi_flags |= META_BACK_F_ONERR_STOP;
} else {
fprintf( stderr,
@ -583,11 +583,11 @@ meta_back_db_config(
switch ( check_true_false( argv[ 1 ] ) ) {
case 0:
mi->flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
mi->mi_flags &= ~META_BACK_F_DEFER_ROOTDN_BIND;
break;
case 1:
mi->flags |= META_BACK_F_DEFER_ROOTDN_BIND;
mi->mi_flags |= META_BACK_F_DEFER_ROOTDN_BIND;
break;
default:

38
servers/slapd/back-meta/conn.c
View file

@ -186,13 +186,13 @@ meta_back_freeconn(
assert( mc != NULL );
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
if ( --mc->mc_refcnt == 0 ) {
meta_back_conn_free( mc );
}
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
}
/*
@ -444,13 +444,13 @@ meta_back_retry(
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
retry_lock:;
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
assert( mc->mc_refcnt > 0 );
if ( mc->mc_refcnt == 1 ) {
while ( ldap_pvt_thread_mutex_trylock( &mc->mc_mutex ) ) {
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
ldap_pvt_thread_yield();
goto retry_lock;
}
@ -483,7 +483,7 @@ retry_lock:;
mc->mc_tainted = 1;
}
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
return rc == LDAP_SUCCESS ? 1 : 0;
}
@ -734,20 +734,20 @@ meta_back_getconn(
}
/* Searches for a metaconn in the avl tree */
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
mc = (metaconn_t *)avl_find( mi->mi_conntree,
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
mc = (metaconn_t *)avl_find( mi->mi_conninfo.lai_tree,
(caddr_t)&mc_curr, meta_back_conn_cmp );
if ( mc ) {
if ( mc->mc_tainted ) {
rs->sr_err = LDAP_UNAVAILABLE;
rs->sr_text = "remote server unavailable";
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
return NULL;
}
mc->mc_refcnt++;
}
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
switch ( op->o_tag ) {
case LDAP_REQ_ADD:
@ -927,13 +927,13 @@ meta_back_getconn(
/* Retries searching for a metaconn in the avl tree
* the reason is that the connection might have been
* created by meta_back_get_candidate() */
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
mc = (metaconn_t *)avl_find( mi->mi_conntree,
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
mc = (metaconn_t *)avl_find( mi->mi_conninfo.lai_tree,
(caddr_t)&mc_curr, meta_back_conn_cmp );
if ( mc != NULL ) {
mc->mc_refcnt++;
}
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
/* Looks like we didn't get a bind. Open a new session... */
if ( mc == NULL ) {
@ -1088,15 +1088,15 @@ done:;
/*
* Inserts the newly created metaconn in the avl tree
*/
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
err = avl_insert( &mi->mi_conntree, ( caddr_t )mc,
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
err = avl_insert( &mi->mi_conninfo.lai_tree, ( caddr_t )mc,
meta_back_conn_cmp, meta_back_conn_dup );
#if PRINT_CONNTREE > 0
myprint( mi->mi_conntree );
myprint( mi->mi_conninfo.lai_tree );
#endif /* PRINT_CONNTREE */
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
/*
* Err could be -1 in case a duplicate metaconn is inserted
@ -1144,13 +1144,13 @@ meta_back_release_conn(
assert( mc != NULL );
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
assert( mc->mc_refcnt > 0 );
mc->mc_refcnt--;
if ( mc->mc_refcnt == 0 && mc->mc_tainted ) {
(void)avl_delete( &mi->mi_conntree, ( caddr_t )mc,
(void)avl_delete( &mi->mi_conninfo.lai_tree, ( caddr_t )mc,
meta_back_conn_cmp );
meta_back_conn_free( mc );
}
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
}

15
servers/slapd/back-meta/init.c
View file

@ -77,11 +77,10 @@ meta_back_db_init(
{
metainfo_t *mi;
mi = ch_malloc( sizeof( metainfo_t ) );
mi = ch_calloc( 1, sizeof( metainfo_t ) );
if ( mi == NULL ) {
return -1;
}
memset( mi, 0, sizeof( metainfo_t ) );
/*
* At present the default is no default target;
@ -89,7 +88,7 @@ meta_back_db_init(
*/
mi->mi_defaulttarget = META_DEFAULT_TARGET_NONE;
ldap_pvt_thread_mutex_init( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_init( &mi->mi_conninfo.lai_mutex );
ldap_pvt_thread_mutex_init( &mi->mi_cache.mutex );
/* safe default */
@ -222,10 +221,10 @@ meta_back_db_destroy(
/*
* Destroy the connection tree
*/
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
if ( mi->mi_conntree ) {
avl_free( mi->mi_conntree, meta_back_conn_free );
if ( mi->mi_conninfo.lai_tree ) {
avl_free( mi->mi_conninfo.lai_tree, meta_back_conn_free );
}
/*
@ -248,8 +247,8 @@ meta_back_db_destroy(
ldap_pvt_thread_mutex_unlock( &mi->mi_cache.mutex );
ldap_pvt_thread_mutex_destroy( &mi->mi_cache.mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_destroy( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
ldap_pvt_thread_mutex_destroy( &mi->mi_conninfo.lai_mutex );
if ( mi->mi_candidates != NULL ) {
ber_memfree_x( mi->mi_candidates, NULL );

6
servers/slapd/back-meta/unbind.c
View file

@ -50,10 +50,10 @@ meta_back_conn_destroy(
mc_curr.mc_conn = conn;
mc_curr.mc_local_ndn = conn->c_ndn;
ldap_pvt_thread_mutex_lock( &mi->mi_conn_mutex );
mc = avl_delete( &mi->mi_conntree, ( caddr_t )&mc_curr,
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
mc = avl_delete( &mi->mi_conninfo.lai_tree, ( caddr_t )&mc_curr,
meta_back_conn_cmp );
ldap_pvt_thread_mutex_unlock( &mi->mi_conn_mutex );
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
if ( mc ) {
Debug( LDAP_DEBUG_TRACE,

85
servers/slapd/back-monitor/database.c
View file

@ -45,6 +45,9 @@ static int monitor_back_add_plugin( monitor_info_t *mi, Backend *be, Entry *e );
#if 0 && defined(SLAPD_LDBM)
#include "../back-ldbm/back-ldbm.h"
#endif /* defined(SLAPD_LDBM) */
#if defined(SLAPD_META)
#include "../back-meta/back-meta.h"
#endif /* defined(SLAPD_META) */
/* for PATH_MAX on some systems (e.g. Solaris) */
#ifdef HAVE_LIMITS_H
@ -300,34 +303,19 @@ monitor_subsys_database_init(
}
}
if ( 0 ) {
assert( 0 );
#if defined(SLAPD_BDB) || defined(SLAPD_HDB)
if ( strcmp( bi->bi_type, "bdb" ) == 0
} else if ( strcmp( bi->bi_type, "bdb" ) == 0
|| strcmp( bi->bi_type, "hdb" ) == 0 )
{
struct berval bv;
ber_len_t pathlen = 0, len = 0;
char path[ PATH_MAX ] = { '\0' };
char *fname = NULL;
if ( strcmp( bi->bi_type, "bdb" ) == 0
|| strcmp( bi->bi_type, "hdb" ) == 0 )
{
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
fname = bdb->bi_dbenv_home;
#if 0
} else if ( strcmp( bi->bi_type, "ldbm" ) == 0 ) {
struct ldbminfo *ldbm = (struct ldbminfo *) be->be_private;
/* FIXME: there's a conflict
* between back-bdb.h and back.ldbm.h;
* anyway, this code will be moved
* to the backends as soon as the
* issue with filtering on namingContexts
* is fixed */
fname = ldbm->li_directory;
#endif
}
struct bdb_info *bdb = (struct bdb_info *) be->be_private;
char *fname = bdb->bi_dbenv_home;
len = strlen( fname );
if ( fname[ 0 ] != '/' ) {
@ -363,22 +351,53 @@ monitor_subsys_database_init(
&bv, NULL );
ch_free( bv.bv_val );
}
#endif /* defined(SLAPD_LDAP) || defined(SLAPD_HDB) */
#endif /* defined(SLAPD_BDB) || defined(SLAPD_HDB) */
#if defined(SLAPD_LDAP)
if ( strcmp( bi->bi_type, "ldap" ) == 0 ) {
struct ldapinfo *li =
(struct ldapinfo *)be->be_private;
struct berval bv;
} else if ( strcmp( bi->bi_type, "ldap" ) == 0 ) {
ldapinfo_t *li = (ldapinfo_t *)be->be_private;
#if 0
attr_merge_normalize( e, slap_schema.si_ad_labeledURI,
li->li_bvuri, NULL );
#else
char **urls = ldap_str2charray( li->li_uri, " " );
int u;
ber_str2bv( li->url, 0, 0, &bv );
for ( u = 0; urls[ u ] != NULL; u++ ) {
struct berval bv;
ber_str2bv( urls[ u ], 0, 0, &bv );
attr_merge_normalize_one( e,
slap_schema.si_ad_labeledURI,
&bv, NULL );
}
ldap_charray_free( urls );
#endif
attr_merge_normalize_one( e,
slap_schema.si_ad_labeledURI,
&bv, NULL );
}
#endif /* defined(SLAPD_LDAP) */
#if defined(SLAPD_META)
} else if ( strcmp( bi->bi_type, "meta" ) == 0 ) {
metainfo_t *mi = (metainfo_t *)be->be_private;
int t;
for ( t = 0; t < mi->mi_ntargets; t++ ) {
char **urls = ldap_str2charray( mi->mi_targets[ t ].mt_uri, " " );
int u;
for ( u = 0; urls[ u ] != NULL; u++ ) {
struct berval bv;
ber_str2bv( urls[ u ], 0, 0, &bv );
attr_merge_normalize_one( e,
slap_schema.si_ad_labeledURI,
&bv, NULL );
}
}
#endif /* defined(SLAPD_META) */
}
j = -1;
LDAP_STAILQ_FOREACH( bi2, &backendInfo, bi_next ) {

8
tests/data/slapd-chain1.conf
View file

@ -33,9 +33,11 @@ argsfile @TESTDIR@/slapd.1.args
# uses the chain overlay as global;
# no chain-URI is configured, so the URI is parsed out of the referral
overlay chain
chain-acl-bind bindmethod=simple
binddn="cn=Manager,dc=example,dc=com"
credentials=secret
chain-uri @URI2@
chain-idassert-bind bindmethod=simple
binddn="cn=Manager,dc=example,dc=com"
credentials=secret
mode=self
#######################################################################
# database definitions

7
tests/data/slapd-chain2.conf
View file

@ -56,8 +56,9 @@ rootpw secret
# the chain-URI is configured, so only that URI is chained
overlay chain
chain-uri @URI1@
chain-acl-bind bindmethod=simple
binddn="cn=Manager,dc=example,dc=com"
credentials=secret
chain-idassert-bind bindmethod=simple
binddn="cn=Manager,dc=example,dc=com"
credentials=secret
mode=self
#monitor#database monitor