First cut at thread-local malloc. Only used by search() for now...

Needs work in normalizers, etc.

servers/slapd/Makefile.in

@@ -19,7 +19,7 @@ SRCS	= main.c globals.c config.c daemon.c \
 		schema.c schema_check.c schema_init.c schema_prep.c \
 		schemaparse.c ad.c at.c mr.c syntax.c oc.c saslauthz.c \
 		oidm.c starttls.c index.c sets.c referral.c \
-		root_dse.c sasl.c module.c mra.c mods.c \
+		root_dse.c sasl.c module.c mra.c mods.c sl_malloc.c \
 		limits.c backglue.c operational.c matchedValues.c cancel.c \
 		$(@PLAT@_SRCS)
 
@@ -33,7 +33,7 @@ OBJS	= main.o globals.o config.o daemon.o \
 		schema.o schema_check.o schema_init.o schema_prep.o \
 		schemaparse.o ad.o at.o mr.o syntax.o oc.o saslauthz.o \
 		oidm.o starttls.o index.o sets.o referral.o \
-		root_dse.o sasl.o module.o mra.o mods.o \
+		root_dse.o sasl.o module.o mra.o mods.o sl_malloc.o \
 		limits.o backglue.o operational.o matchedValues.o cancel.o \
 		$(@PLAT@_OBJS)
 

servers/slapd/ava.c

@@ -17,20 +17,23 @@
 
 void
 ava_free(
-    AttributeAssertion *ava,
-    int	freeit
+	Operation *op,
+	AttributeAssertion *ava,
+	int	freeit
 )
 {
-	free( ava->aa_value.bv_val );
+	/* op->o_tmpfree( ava->aa_value.bv_val, op->o_tmpmemctx ); */
+	ch_free( ava->aa_value.bv_val );
 	if ( freeit ) {
-		ch_free( (char *) ava );
+		op->o_tmpfree( (char *) ava, op->o_tmpmemctx );
 	}
 }
 
 int
 get_ava(
-    BerElement	*ber,
-    AttributeAssertion	**ava,
+	Operation *op,
+	BerElement	*ber,
+	AttributeAssertion	**ava,
 	unsigned usage,
 	const char **text
 )
@@ -52,14 +55,14 @@ get_ava(
 		return SLAPD_DISCONNECT;
 	}
 
-	aa = ch_malloc( sizeof( AttributeAssertion ) );
+	aa = op->o_tmpalloc( sizeof( AttributeAssertion ), op->o_tmpmemctx );
 	aa->aa_desc = NULL;
 	aa->aa_value.bv_val = NULL;
 
 	rc = slap_bv2ad( &type, &aa->aa_desc, text );
 
 	if( rc != LDAP_SUCCESS ) {
-		ch_free( aa );
+		op->o_tmpfree( aa, op->o_tmpmemctx );
 		return rc;
 	}
 
@@ -68,7 +71,7 @@ get_ava(
 		usage, &value, &aa->aa_value, text );
 
 	if( rc != LDAP_SUCCESS ) {
-		ch_free( aa );
+		op->o_tmpfree( aa, op->o_tmpmemctx );
 		return rc;
 	}
 

servers/slapd/connection.c

@@ -910,6 +910,21 @@ connection_operation( void *ctx, void *arg_v )
 		goto operations_error;
 	}
 
+	/* For all operations besides Add, we can use thread-local
+	 * storage for most mallocs.
+	 */
+	if ( tag == LDAP_REQ_SEARCH ) {
+		sl_mem_create( ber_len( op->o_ber ) * 16, ctx );
+		ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, ctx );
+		op->o_tmpmemctx = ctx;
+		op->o_tmpalloc = sl_malloc;
+		op->o_tmpfree = sl_free;
+	} else {
+		op->o_tmpmemctx = NULL;
+		op->o_tmpalloc = (BER_MEMALLOC_FN *)ch_malloc;
+		op->o_tmpfree = (BER_MEMFREE_FN *)ch_free;
+	}
+
 	switch ( tag ) {
 	case LDAP_REQ_BIND:
 		INCR_OP(num_ops_initiated_, SLAP_OP_BIND);

servers/slapd/controls.c

@@ -326,6 +326,19 @@ find_ctrl( const char *oid )
 	return NULL;
 }
 
+void slap_free_ctrls(
+	Operation *op,
+	LDAPControl **ctrls
+)
+{
+	int i;
+
+	for (i=0; ctrls[i]; i++) {
+		op->o_tmpfree(ctrls[i], op->o_tmpmemctx );
+	}
+	op->o_tmpfree( ctrls, op->o_tmpmemctx );
+}
+
 int get_ctrls(
 	Operation *op,
 	SlapReply *rs,
@@ -337,6 +350,10 @@ int get_ctrls(
 	char *opaque;
 	BerElement *ber = op->o_ber;
 	struct slap_control *sc;
+	struct berval bv;
+	BER_MEMREALLOC_FN *reallo;
+
+	reallo = op->o_tmpmemctx ? sl_realloc : (BER_MEMREALLOC_FN *)ch_realloc;
 
 	len = ber_pvt_ber_remaining(ber);
 
@@ -370,7 +387,7 @@ int get_ctrls(
 	}
 
 	/* one for first control, one for termination */
-	op->o_ctrls = ch_malloc( 2 * sizeof(LDAPControl *) );
+	op->o_ctrls = op->o_tmpalloc( 2 * sizeof(LDAPControl *), op->o_tmpmemctx );
 
 #if 0
 	if( op->ctrls == NULL ) {
@@ -390,24 +407,14 @@ int get_ctrls(
 		LDAPControl *c;
 		LDAPControl **tctrls;
 
-		c = ch_calloc( 1, sizeof(LDAPControl) );
-
-#if 0
-		if( c == NULL ) {
-			ldap_controls_free(op->o_ctrls);
-			op->o_ctrls = NULL;
-
-			rs->sr_err = LDAP_NO_MEMORY;
-			rs->sr_text = "no memory";
-			goto return_results;
-		}
-#endif
+		c = op->o_tmpalloc( sizeof(LDAPControl), op->o_tmpmemctx );
+		memset(c, 0, sizeof(LDAPControl));
 
 		/* allocate pointer space for current controls (nctrls)
 		 * + this control + extra NULL
 		 */
-		tctrls = ch_realloc( op->o_ctrls,
-			(nctrls+2) * sizeof(LDAPControl *));
+		tctrls = reallo( op->o_ctrls,
+			(nctrls+2) * sizeof(LDAPControl *), op->o_tmpmemctx );
 
 #if 0
 		if( tctrls == NULL ) {
@@ -425,7 +432,8 @@ int get_ctrls(
 		op->o_ctrls[nctrls++] = c;
 		op->o_ctrls[nctrls] = NULL;
 
-		tag = ber_scanf( ber, "{a" /*}*/, &c->ldctl_oid );
+		tag = ber_scanf( ber, "{m" /*}*/, &bv );
+		c->ldctl_oid = bv.bv_val;
 
 		if( tag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
@@ -436,7 +444,7 @@ int get_ctrls(
 				0, 0, 0 );
 #endif
 
-			ldap_controls_free( op->o_ctrls );
+			slap_free_ctrls( op, op->o_ctrls );
 			op->o_ctrls = NULL;
 			rs->sr_err = SLAPD_DISCONNECT;
 			rs->sr_text = "decoding controls error";
@@ -453,7 +461,7 @@ int get_ctrls(
 				op->o_connid, 0, 0 );
 #endif
 
-			ldap_controls_free( op->o_ctrls );
+			slap_free_ctrls( op, op->o_ctrls );
 			op->o_ctrls = NULL;
 			rs->sr_err = LDAP_PROTOCOL_ERROR;
 			rs->sr_text = "OID field is empty";
@@ -475,7 +483,7 @@ int get_ctrls(
 				Debug( LDAP_DEBUG_TRACE, "=> get_ctrls: get crit failed.\n",
 					0, 0, 0 );
 #endif
-				ldap_controls_free( op->o_ctrls );
+				slap_free_ctrls( op, op->o_ctrls );
 				op->o_ctrls = NULL;
 				rs->sr_err = SLAPD_DISCONNECT;
 				rs->sr_text = "decoding controls error";
@@ -487,7 +495,7 @@ int get_ctrls(
 		}
 
 		if( tag == LBER_OCTETSTRING ) {
-			tag = ber_scanf( ber, "o", &c->ldctl_value );
+			tag = ber_scanf( ber, "m", &c->ldctl_value );
 
 			if( tag == LBER_ERROR ) {
 #ifdef NEW_LOGGING
@@ -501,7 +509,7 @@ int get_ctrls(
 					op->o_connid, c->ldctl_oid,
 					c->ldctl_iscritical ? "" : "non" );
 #endif
-				ldap_controls_free( op->o_ctrls );
+				slap_free_ctrls( op, op->o_ctrls );
 				op->o_ctrls = NULL;
 				rs->sr_err = SLAPD_DISCONNECT;
 				rs->sr_text = "decoding controls error";
@@ -711,7 +719,7 @@ static int parseProxyAuthz (
 		return LDAP_SUCCESS;
 	}
 
-	rc = slap_sasl_getdn( op->o_conn,
+	rc = slap_sasl_getdn( op->o_conn, op,
 		ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len,
 		NULL, &dn, SLAP_GETDN_AUTHZID );
 
@@ -888,7 +896,7 @@ int parseValuesReturnFilter (
 		return LDAP_OTHER;
 	}
 	
-	rs->sr_err = get_vrFilter( op->o_conn, ber, &(op->vrFilter), &rs->sr_text);
+	rs->sr_err = get_vrFilter( op, ber, &(op->vrFilter), &rs->sr_text);
 
 	if( rs->sr_err != LDAP_SUCCESS ) {
 		if( rs->sr_err == SLAPD_DISCONNECT ) {
@@ -898,11 +906,12 @@ int parseValuesReturnFilter (
 		} else {
 			send_ldap_result( op, rs );
 		}
-		if( fstr.bv_val != NULL) free( fstr.bv_val );
-		if( op->vrFilter != NULL) vrFilter_free( op->vrFilter ); 
+		if( op->vrFilter != NULL) vrFilter_free( op, op->vrFilter ); 
 
-	} else {
-		vrFilter2bv( op->vrFilter, &fstr );
+	}
+#ifdef LDAP_DEBUG
+	else {
+		vrFilter2bv( op, op->vrFilter, &fstr );
 	}
 
 #ifdef NEW_LOGGING
@@ -913,6 +922,8 @@ int parseValuesReturnFilter (
 	Debug( LDAP_DEBUG_ARGS, "	vrFilter: %s\n",
 		fstr.bv_len ? fstr.bv_val : "empty", 0, 0 );
 #endif
+	op->o_tmpfree( fstr.bv_val, op->o_tmpmemctx );
+#endif
 
 	op->o_valuesreturnfilter = ctrl->ldctl_iscritical
 		? SLAP_CRITICAL_CONTROL

servers/slapd/main.c

@@ -151,6 +151,8 @@ int main( int argc, char **argv )
 	}
 #endif
 
+	sl_mem_init();
+
 #ifdef HAVE_NT_SERVICE_MANAGER
 	{
 		int *i;

servers/slapd/mra.c

@@ -16,18 +16,21 @@
 
 void
 mra_free(
+	Operation *op,
 	MatchingRuleAssertion *mra,
 	int	freeit
 )
 {
+	/* op->o_tmpfree( mra->ma_value.bv_val, op->o_tmpmemctx ); */
 	ch_free( mra->ma_value.bv_val );
 	if ( freeit ) {
-		ch_free( (char *) mra );
+		op->o_tmpfree( (char *) mra, op->o_tmpmemctx );
 	}
 }
 
 int
 get_mra(
+	Operation *op,
 	BerElement	*ber,
 	MatchingRuleAssertion	**mra,
 	const char **text
@@ -218,7 +221,7 @@ get_mra(
 	length = sizeof(ma);
 	/* Append rule_text to end of struct */
 	if (rule_text.bv_val) length += rule_text.bv_len + 1;
-	*mra = ch_malloc( length );
+	*mra = op->o_tmpalloc( length, op->o_tmpmemctx );
 	**mra = ma;
 	if (rule_text.bv_val) {
 		(*mra)->ma_rule_text.bv_len = rule_text.bv_len;

servers/slapd/operation.c

@@ -57,7 +57,7 @@ slap_op_free( Operation *op )
 		free( op->o_authmech.bv_val );
 	}
 	if ( op->o_ctrls != NULL ) {
-		ldap_controls_free( op->o_ctrls );
+		slap_free_ctrls( op, op->o_ctrls );
 	}
 
 #ifdef LDAP_CONNECTIONLESS

servers/slapd/proto-slap.h

@@ -167,11 +167,13 @@ LDAP_SLAPD_F (Attribute *) attrs_dup LDAP_P(( Attribute *a ));
  * ava.c
  */
 LDAP_SLAPD_F (int) get_ava LDAP_P((
+	Operation *op,
 	BerElement *ber,
 	AttributeAssertion **ava,
 	unsigned usage,
 	const char **text ));
 LDAP_SLAPD_F (void) ava_free LDAP_P((
+	Operation *op,
 	AttributeAssertion *ava,
 	int freeit ));
 
@@ -488,20 +490,22 @@ LDAP_SLAPD_F ( SLAP_EXTOP_MAIN_FN ) cancel_extop;
  * filter.c
  */
 LDAP_SLAPD_F (int) get_filter LDAP_P((
-	Connection *conn,
+	Operation *op,
 	BerElement *ber,
 	Filter **filt,
 	const char **text ));
 
 LDAP_SLAPD_F (void) filter_free LDAP_P(( Filter *f ));
+LDAP_SLAPD_F (void) filter_free_x LDAP_P(( Operation *op, Filter *f ));
 LDAP_SLAPD_F (void) filter2bv LDAP_P(( Filter *f, struct berval *bv ));
+LDAP_SLAPD_F (void) filter2bv_x LDAP_P(( Filter *f, struct berval *bv, void *ctx ));
 
-LDAP_SLAPD_F (int) get_vrFilter LDAP_P(( Connection *conn, BerElement *ber,
+LDAP_SLAPD_F (int) get_vrFilter LDAP_P(( Operation *op, BerElement *ber,
 	ValuesReturnFilter **f,
 	const char **text ));
 
-LDAP_SLAPD_F (void) vrFilter_free LDAP_P(( ValuesReturnFilter *f ));
-LDAP_SLAPD_F (void) vrFilter2bv LDAP_P(( ValuesReturnFilter *f, struct berval *fstr ));
+LDAP_SLAPD_F (void) vrFilter_free LDAP_P(( Operation *op, ValuesReturnFilter *f ));
+LDAP_SLAPD_F (void) vrFilter2bv LDAP_P(( Operation *op, ValuesReturnFilter *f, struct berval *fstr ));
 
 LDAP_SLAPD_F (int) filter_has_subordinates LDAP_P(( Filter *filter ));
 LDAP_SLAPD_F (int) filter_escape_value LDAP_P(( struct berval *in, 
@@ -669,10 +673,12 @@ LDAP_SLAPD_F (int) mr_usable_with_at( MatchingRule *mr,
  * mra.c
  */
 LDAP_SLAPD_F (int) get_mra LDAP_P((
+	Operation *op,
 	BerElement *ber,
 	MatchingRuleAssertion **mra,
 	const char **text ));
 LDAP_SLAPD_F (void) mra_free LDAP_P((
+	Operation *op,
 	MatchingRuleAssertion *mra,
 	int freeit ));
 
@@ -863,7 +869,7 @@ LDAP_SLAPD_F (int) slap_sasl_config(
 	const char *fname,
 	int lineno );
 
-LDAP_SLAPD_F (int) slap_sasl_getdn( Connection *conn,
+LDAP_SLAPD_F (int) slap_sasl_getdn( Connection *conn, Operation *op,
 	char *id, int len,
 	char *user_realm, struct berval *dn, int flags );
 
@@ -871,7 +877,7 @@ LDAP_SLAPD_F (int) slap_sasl_getdn( Connection *conn,
  * saslauthz.c
  */
 LDAP_SLAPD_F (void) slap_sasl2dn LDAP_P((
-	Connection *conn,
+	Operation *op,
 	struct berval *saslname,
 	struct berval *dn ));
 LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P((
@@ -961,6 +967,14 @@ LDAP_SLAPD_F (char *) scherr2str LDAP_P((int code)) LDAP_GCCATTR((const));
 LDAP_SLAPD_F (int) dscompare LDAP_P(( const char *s1, const char *s2del,
 	char delim ));
 
+/*
+ * sl_malloc.c
+ */
+LDAP_SLAPD_F (void *) sl_malloc LDAP_P(( ber_len_t size, void *ctx ));
+LDAP_SLAPD_F (void *) sl_realloc LDAP_P(( void *block, ber_len_t size, void *ctx ));
+LDAP_SLAPD_F (void *) sl_calloc LDAP_P(( ber_len_t nelem, ber_len_t size, void *ctx ));
+LDAP_SLAPD_F (void) sl_free LDAP_P(( void *, void *ctx ));
+
 /*
  * starttls.c
  */
@@ -970,6 +984,7 @@ LDAP_SLAPD_F (SLAP_EXTOP_MAIN_FN) starttls_extop;
  * str2filter.c
  */
 LDAP_SLAPD_F (Filter *) str2filter LDAP_P(( const char *str ));
+LDAP_SLAPD_F (Filter *) str2filter_x LDAP_P(( Operation *op, const char *str ));
 
 /* syntax.c */
 LDAP_SLAPD_F (Syntax *) syn_find LDAP_P((

servers/slapd/sasl.c

@@ -438,6 +438,9 @@ slap_auxprop_lookup(
 			op.o_do_not_cache = 1;
 			op.o_is_auth_check = 1;
 			op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
+			op.o_tmpmemctx = conn->c_sasl_bindop->o_tmpmemctx;
+			op.o_tmpalloc = conn->c_sasl_bindop->o_tmpalloc;
+			op.o_tmpfree = conn->c_sasl_bindop->o_tmpfree;
 			op.o_conn = conn;
 			op.o_connid = conn->c_connid;
 			op.ors_scope = LDAP_SCOPE_BASE;
@@ -528,7 +531,7 @@ slap_sasl_checkpass(
 	 * find an answer here.
 	 */
 
-	rc = slap_sasl_getdn( conn, (char *)username, 0, NULL, &op.o_req_ndn,
+	rc = slap_sasl_getdn( conn, NULL, (char *)username, 0, NULL, &op.o_req_ndn,
 		SLAP_GETDN_AUTHCID );
 	if ( rc != LDAP_SUCCESS ) {
 		sasl_seterror( sconn, 0, ldap_err2string( rc ) );
@@ -561,6 +564,9 @@ slap_sasl_checkpass(
 		op.o_do_not_cache = 1;
 		op.o_is_auth_check = 1;
 		op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
+		op.o_tmpmemctx = conn->c_sasl_bindop->o_tmpmemctx;
+		op.o_tmpalloc = conn->c_sasl_bindop->o_tmpalloc;
+		op.o_tmpfree = conn->c_sasl_bindop->o_tmpfree;
 		op.o_conn = conn;
 		op.o_connid = conn->c_connid;
 		op.ors_scope = LDAP_SCOPE_BASE;
@@ -671,7 +677,7 @@ slap_sasl_canonicalize(
 		if ( !rc ) goto done;
 	}
 
-	rc = slap_sasl_getdn( conn, (char *)in, inlen, (char *)user_realm, &dn,
+	rc = slap_sasl_getdn( conn, NULL, (char *)in, inlen, (char *)user_realm, &dn,
 		(flags & SASL_CU_AUTHID) ? SLAP_GETDN_AUTHCID : SLAP_GETDN_AUTHZID );
 	if ( rc != LDAP_SUCCESS ) {
 		sasl_seterror( sconn, 0, ldap_err2string( rc ) );
@@ -836,7 +842,7 @@ slap_sasl_authorize(
 
 	/* Convert the identities to DN's. If no authzid was given, client will
 	   be bound as the DN matching their username */
-	rc = slap_sasl_getdn( conn, (char *)authcid, 0, realm,
+	rc = slap_sasl_getdn( conn, NULL, (char *)authcid, 0, realm,
 		&authcDN, SLAP_GETDN_AUTHCID );
 	if( rc != LDAP_SUCCESS ) {
 		*errstr = ldap_err2string( rc );
@@ -855,7 +861,7 @@ slap_sasl_authorize(
 		conn->c_sasl_dn = authcDN;
 		goto ok;
 	}
-	rc = slap_sasl_getdn( conn, (char *)authzid, 0, realm,
+	rc = slap_sasl_getdn( conn, NULL, (char *)authzid, 0, realm,
 		&authzDN, SLAP_GETDN_AUTHZID );
 	if( rc != LDAP_SUCCESS ) {
 		ch_free( authcDN.bv_val );
@@ -1512,7 +1518,7 @@ done:
 
 static struct berval ext_bv = BER_BVC( "EXTERNAL" );
 
-int slap_sasl_getdn( Connection *conn, char *id, int len,
+int slap_sasl_getdn( Connection *conn, Operation *op, char *id, int len,
 	char *user_realm, struct berval *dn, int flags )
 {
 	char *c1;
@@ -1663,8 +1669,12 @@ int slap_sasl_getdn( Connection *conn, char *id, int len,
 		*dn = dn2;
 	}
 
+	if ( !op ) {
+		op = conn->c_sasl_bindop;
+	}
+
 	/* Run thru regexp */
-	slap_sasl2dn( conn, dn, &dn2 );
+	slap_sasl2dn( op, dn, &dn2 );
 	if( dn2.bv_val ) {
 		ch_free( dn->bv_val );
 		*dn = dn2;

servers/slapd/saslauthz.c

@@ -67,7 +67,7 @@ int slap_sasl_setpolicy( const char *arg )
 
 /* URI format: ldap://<host>/<base>[?[<attrs>][?[<scope>][?[<filter>]]]] */
 
-static int slap_parseURI( struct berval *uri,
+static int slap_parseURI( Operation *op, struct berval *uri,
 	struct berval *searchbase, int *scope, Filter **filter )
 {
 	struct berval bv;
@@ -124,7 +124,7 @@ is_dn:	bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
 
 	/* Grab the filter */
 	if ( ludp->lud_filter ) {
-		*filter = str2filter( ludp->lud_filter );
+		*filter = str2filter_x( op, ludp->lud_filter );
 		if ( *filter == NULL ) {
 			rc = LDAP_PROTOCOL_ERROR;
 			goto done;
@@ -138,7 +138,7 @@ is_dn:	bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
 
 done:
 	if( rc != LDAP_SUCCESS ) {
-		if( *filter ) filter_free( *filter );
+		if( *filter ) filter_free_x( op, *filter );
 	}
 
 	ldap_free_urldesc( ludp );
@@ -383,7 +383,7 @@ static int sasl_sc_smatch( Operation *o, SlapReply *rs )
  */
 
 static
-int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assertDN, struct berval *authc )
+int slap_sasl_match(Operation *opx, struct berval *rule, struct berval *assertDN, struct berval *authc )
 {
 	int rc; 
 	regex_t reg;
@@ -402,7 +402,7 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
 		assertDN->bv_val, rule->bv_val, 0 );
 #endif
 
-	rc = slap_parseURI( rule, &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
+	rc = slap_parseURI( opx, rule, &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
 	if( rc != LDAP_SUCCESS ) goto CONCLUDED;
 
 	/* Massive shortcut: search scope == base */
@@ -450,9 +450,12 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
 	op.o_time = slap_get_time();
 	op.o_do_not_cache = 1;
 	op.o_is_auth_check = 1;
-	op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
-	op.o_conn = conn;
-	op.o_connid = conn->c_connid;
+	op.o_threadctx = opx->o_threadctx;
+	op.o_tmpmemctx = opx->o_tmpmemctx;
+	op.o_tmpalloc = opx->o_tmpalloc;
+	op.o_tmpfree = opx->o_tmpfree;
+	op.o_conn = opx->o_conn;
+	op.o_connid = opx->o_connid;
 
 	op.o_bd->be_search( &op, &rs );
 
@@ -464,7 +467,7 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
 
 CONCLUDED:
 	if( op.o_req_ndn.bv_len ) ch_free( op.o_req_ndn.bv_val );
-	if( op.oq_search.rs_filter ) filter_free( op.oq_search.rs_filter );
+	if( op.oq_search.rs_filter ) filter_free_x( opx, op.oq_search.rs_filter );
 
 #ifdef NEW_LOGGING
 	LDAP_LOG( TRANSPORT, ENTRY, 
@@ -512,7 +515,7 @@ slap_sasl_check_authz( Connection *conn,
 
 	/* Check if the *assertDN matches any **vals */
 	for( i=0; vals[i].bv_val != NULL; i++ ) {
-		rc = slap_sasl_match( conn, &vals[i], assertDN, authc );
+		rc = slap_sasl_match( conn->c_sasl_bindop, &vals[i], assertDN, authc );
 		if ( rc == LDAP_SUCCESS ) goto COMPLETE;
 	}
 	rc = LDAP_INAPPROPRIATE_AUTH;
@@ -541,7 +544,7 @@ COMPLETE:
  * an internal search must be done, and if that search returns exactly one
  * entry, return the DN of that one entry.
  */
-void slap_sasl2dn( Connection *conn,
+void slap_sasl2dn( Operation *opx,
 	struct berval *saslname, struct berval *sasldn )
 {
 	int rc;
@@ -569,7 +572,7 @@ void slap_sasl2dn( Connection *conn,
 		goto FINISHED;
 	}
 
-	rc = slap_parseURI( &regout, &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
+	rc = slap_parseURI( opx, &regout, &op.o_req_ndn, &op.oq_search.rs_scope, &op.oq_search.rs_filter );
 	if( regout.bv_val ) ch_free( regout.bv_val );
 	if( rc != LDAP_SUCCESS ) {
 		goto FINISHED;
@@ -600,17 +603,19 @@ void slap_sasl2dn( Connection *conn,
 		goto FINISHED;
 	}
 
-	op.o_conn = conn;
-	op.o_connid = conn->c_connid;
+	op.o_conn = opx->o_conn;
+	op.o_connid = opx->o_connid;
 	op.o_tag = LDAP_REQ_SEARCH;
 	op.o_protocol = LDAP_VERSION3;
-	op.o_ndn = conn->c_ndn;
+	op.o_ndn = opx->o_conn->c_ndn;
 	op.o_callback = &cb;
 	op.o_time = slap_get_time();
 	op.o_do_not_cache = 1;
 	op.o_is_auth_check = 1;
-	op.o_threadctx = conn->c_sasl_bindop ? conn->c_sasl_bindop->o_threadctx:
-		ldap_pvt_thread_pool_context( &connection_pool );
+	op.o_threadctx = opx->o_threadctx;
+	op.o_tmpmemctx = opx->o_tmpmemctx;
+	op.o_tmpalloc = opx->o_tmpalloc;
+	op.o_tmpfree = opx->o_tmpfree;
 	op.oq_search.rs_deref = LDAP_DEREF_NEVER;
 	op.oq_search.rs_slimit = 1;
 	op.oq_search.rs_attrsonly = 1;
@@ -619,10 +624,10 @@ void slap_sasl2dn( Connection *conn,
 	
 FINISHED:
 	if( sasldn->bv_len ) {
-		conn->c_authz_backend = op.o_bd;
+		opx->o_conn->c_authz_backend = op.o_bd;
 	}
 	if( op.o_req_ndn.bv_len ) ch_free( op.o_req_ndn.bv_val );
-	if( op.oq_search.rs_filter ) filter_free( op.oq_search.rs_filter );
+	if( op.oq_search.rs_filter ) filter_free_x( opx, op.oq_search.rs_filter );
 
 #ifdef NEW_LOGGING
 	LDAP_LOG( TRANSPORT, ENTRY, 

servers/slapd/search.c

@@ -28,7 +28,7 @@
 
 #ifdef LDAP_SLAPI
 #include "slapi.h"
-static char **anlist2charray( AttributeName *an );
+static char **anlist2charray( Operation *op, AttributeName *an );
 static void initSearchPlugin( Operation *op, char **attrs, int managedsait );
 static int doPreSearchPluginFNs( Operation *op );
 static int doSearchRewriteFNs( Operation *op );
@@ -135,7 +135,7 @@ do_search(
 #endif
 
 	/* filter - returns a "normalized" version */
-	rs->sr_err = get_filter( op->o_conn, op->o_ber, &op->ors_filter, &rs->sr_text );
+	rs->sr_err = get_filter( op, op->o_ber, &op->ors_filter, &rs->sr_text );
 	if( rs->sr_err != LDAP_SUCCESS ) {
 		if( rs->sr_err == SLAPD_DISCONNECT ) {
 			rs->sr_err = LDAP_PROTOCOL_ERROR;
@@ -145,7 +145,7 @@ do_search(
 		}
 		goto return_results;
 	}
-	filter2bv( op->ors_filter, &op->ors_filterstr );
+	filter2bv_x( op->ors_filter, &op->ors_filterstr, op->o_tmpmemctx );
 
 #ifdef NEW_LOGGING
 	LDAP_LOG( OPERATION, ARGS, 
@@ -259,7 +259,7 @@ do_search(
 			}
 
 #ifdef LDAP_SLAPI
-			attrs = anlist2charray( op->ors_attrs );
+			attrs = anlist2charray( op, op->ors_attrs );
 			initSearchPlugin( op, attrs, manageDSAit );
 			rs->sr_err = doPreSearchPluginFNs( op );
 			if ( rs->sr_err == LDAP_SUCCESS ) {
@@ -278,7 +278,7 @@ do_search(
 			}
 
 #ifdef LDAP_SLAPI
-			attrs = anlist2charray( op->ors_attrs );
+			attrs = anlist2charray( op, op->ors_attrs );
 			initSearchPlugin( op, attrs, manageDSAit );
 			rs->sr_err = doPreSearchPluginFNs( op );
 			if ( rs->sr_err == LDAP_SUCCESS ) {
@@ -356,7 +356,7 @@ do_search(
 	}
 
 #ifdef LDAP_SLAPI
-	attrs = anlist2charray( op->ors_attrs );
+	attrs = anlist2charray( op, op->ors_attrs );
 	initSearchPlugin( op, attrs, manageDSAit );
 	rs->sr_err = doPreSearchPluginFNs( op );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
@@ -395,11 +395,11 @@ return_results:;
 	if( op->o_req_dn.bv_val != NULL) free( op->o_req_dn.bv_val );
 	if( op->o_req_ndn.bv_val != NULL) free( op->o_req_ndn.bv_val );
 
-	if( op->ors_filterstr.bv_val != NULL) free( op->ors_filterstr.bv_val );
-	if( op->ors_filter != NULL) filter_free( op->ors_filter );
-	if( op->ors_attrs != NULL ) free( op->ors_attrs );
+	if( op->ors_filterstr.bv_val != NULL) op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+	if( op->ors_filter != NULL) filter_free_x( op, op->ors_filter );
+	if( op->ors_attrs != NULL ) op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx );
 #ifdef LDAP_SLAPI
-	if( attrs != NULL) ch_free( attrs );
+	if( attrs != NULL) op->o_tmpfree( attrs, op->o_tmpmemctx );
 #endif /* LDAP_SLAPI */
 
 	return rs->sr_err;
@@ -407,7 +407,7 @@ return_results:;
 
 #ifdef LDAP_SLAPI
 
-static char **anlist2charray( AttributeName *an )
+static char **anlist2charray( Operation *op, AttributeName *an )
 {
 	char **attrs;
 	int i;
@@ -415,7 +415,7 @@ static char **anlist2charray( AttributeName *an )
 	if ( an != NULL ) {
 		for ( i = 0; an[i].an_name.bv_val != NULL; i++ )
 			;
-		attrs = (char **)ch_malloc( (i + 1) * sizeof(char *) );
+		attrs = (char **)op->o_tmpalloc( (i + 1) * sizeof(char *), op->o_tmpmemctx );
 		for ( i = 0; an[i].an_name.bv_val != NULL; i++ ) {
 			attrs[i] = an[i].an_name.bv_val;
 		}
@@ -477,8 +477,8 @@ static int doSearchRewriteFNs( Operation *op )
 		 * SLAPI_SEARCH_STRFILER is not normative.
 		 */
 		slapi_pblock_get( op->o_pb, SLAPI_SEARCH_FILTER, (void *)&op->ors_filter);
-		ch_free( op->ors_filterstr.bv_val );
-		filter2bv( op->ors_filter, &op->ors_filterstr );
+		op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+		filter2bv_x( op->ors_filter, &op->ors_filterstr, op->o_tmpmemctx );
 #ifdef NEW_LOGGING
 		LDAP_LOG( OPERATION, ARGS, 
 			"doSearchRewriteFNs: after compute_rewrite_search filter: %s\n", 

servers/slapd/sl_malloc.c

@@ -0,0 +1,181 @@
+/* sl_malloc.c - malloc routines using a per-thread slab */
+/* $OpenLDAP$ */
+/*
+ * Copyright 2003 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+
+struct slab_heap {
+	void *h_base;
+	void *h_last;
+	void *h_end;
+};
+
+static void
+sl_mem_destroy(
+	void *key,
+	void *data
+)
+{
+	struct slab_heap *sh = data;
+
+	ch_free(sh->h_base);
+	ch_free(sh);
+}
+
+BER_MEMALLOC_FN sl_malloc;
+BER_MEMCALLOC_FN sl_calloc;
+BER_MEMREALLOC_FN sl_realloc;
+BER_MEMFREE_FN sl_free;
+
+static BerMemoryFunctions sl_bmf =
+	{ sl_malloc, sl_calloc, sl_realloc, sl_free };
+
+void
+sl_mem_init()
+{
+	ber_set_option( NULL, LBER_OPT_MEMORY_FNS, &sl_bmf );
+}
+
+void
+sl_mem_create(
+	ber_len_t size,
+	void *ctx
+)
+{
+	struct slab_heap *sh = NULL;
+	int pad = 2*sizeof(int)-1;
+
+	ldap_pvt_thread_pool_getkey( ctx, sl_mem_init, (void **)&sh, NULL );
+
+	/* round up to doubleword boundary */
+	size += pad;
+	size &= ~pad;
+
+	if (!sh) {
+		sh = ch_malloc( sizeof(struct slab_heap) );
+		sh->h_base = ch_malloc( size );
+		ldap_pvt_thread_pool_setkey( ctx, sl_mem_init, (void *)sh, sl_mem_destroy );
+	} else if ( size > sh->h_end - sh->h_base ) {
+		sh->h_base = ch_realloc( sh->h_base, size );
+	}
+	sh->h_last = sh->h_base;
+	sh->h_end = sh->h_base + size;
+}
+
+void *
+sl_malloc(
+    ber_len_t	size,
+    void *ctx
+)
+{
+	struct slab_heap *sh = NULL;
+	int pad = 2*sizeof(int)-1;
+	ber_len_t *new;
+
+	/* ber_set_option calls us like this */
+	if (!ctx) return ber_memalloc_x( size, NULL );
+
+	ldap_pvt_thread_pool_getkey( ctx, sl_mem_init, (void **)&sh, NULL );
+
+	/* round up to doubleword boundary */
+	size += pad + sizeof( ber_len_t );
+	size &= ~pad;
+
+	if (sh->h_last + size >= sh->h_end ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR, 
+			   "sl_malloc: allocation of %lu bytes failed\n", (long)size, 0,0 );
+#else
+		Debug( LDAP_DEBUG_ANY, "sl_malloc of %lu bytes failed\n",
+			(long) size, 0, 0 );
+#endif
+		assert( 0 );
+		exit( EXIT_FAILURE );
+	}
+	new = sh->h_last;
+	*new++ = size - sizeof(ber_len_t);
+	sh->h_last += size;
+	
+	return( (void *)new );
+}
+
+void *
+sl_calloc( ber_len_t n, ber_len_t size, void *ctx )
+{
+	void *new;
+
+	new = sl_malloc( n*size, ctx );
+	if ( new ) {
+		memset( new, 0, n*size );
+	}
+	return new;
+}
+
+void *
+sl_realloc( void *ptr, ber_len_t size, void *ctx )
+{
+	struct slab_heap *sh = NULL;
+	int pad = 2*sizeof(int)-1;
+	ber_len_t *p = (ber_len_t *)ptr;
+	ber_len_t *new;
+
+	ldap_pvt_thread_pool_getkey( ctx, sl_mem_init, (void **)&sh, NULL );
+
+	if ( ptr == NULL ) return sl_malloc( size, ctx );
+
+	if ( ptr < sh->h_base || ptr >= sh->h_end ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR, 
+			   "sl_free: not mine: 0x%lx\n", (long)ptr, 0,0 );
+#else
+		Debug( LDAP_DEBUG_ANY,
+			   "sl_free: not mine: 0x%lx\n", (long)ptr, 0,0 );
+#endif
+		assert( 0 );
+		exit( EXIT_FAILURE );
+	}
+
+	if ( size == 0 ) return NULL;
+
+	/* round up to doubleword boundary */
+	size += pad + sizeof( ber_len_t );
+	size &= ~pad;
+
+	/* We always alloc a new block */
+	if (size <= p[-1]) {
+		p[-1] = size;
+		new = p;
+	} else {
+		new = sl_malloc( size, ctx );
+		AC_MEMCPY( new, ptr, p[-1] );
+	}
+	return new;
+}
+
+void
+sl_free( void *ptr, void *ctx )
+{
+	struct slab_heap *sh = NULL;
+
+	ldap_pvt_thread_pool_getkey( ctx, sl_mem_init, (void **)&sh, NULL );
+
+	if ( ptr < sh->h_base || ptr >= sh->h_end ) {
+#ifdef NEW_LOGGING
+		LDAP_LOG( OPERATION, ERR, 
+			   "sl_free: not mine: 0x%lx\n", (long)ptr, 0,0 );
+#else
+		Debug( LDAP_DEBUG_ANY,
+			   "sl_free: not mine: 0x%lx\n", (long)ptr, 0,0 );
+#endif
+		assert( 0 );
+		exit( EXIT_FAILURE );
+	}
+}

servers/slapd/slap.h

@@ -1839,6 +1839,9 @@ typedef struct slap_op {
 	LDAPControl	**o_ctrls;	 /* controls */
 
 	void	*o_threadctx;		/* thread pool thread context */
+	void	*o_tmpmemctx;		/* slab malloc context */
+	BER_MEMALLOC_FN *o_tmpalloc;
+	BER_MEMFREE_FN *o_tmpfree;
 	void	*o_private;	/* anything the backend needs */
 
 	LDAP_STAILQ_ENTRY(slap_op)	o_next;	/* next operation in list	  */

servers/slapd/str2filter.c

@@ -24,13 +24,12 @@ static Filter	*str2simple( const char *str);
 static int	str2subvals( const char *val, Filter *f);
 
 Filter *
-str2filter( const char *str )
+str2filter_x( Operation *op, const char *str )
 {
 	int rc;
 	Filter	*f = NULL;
-	char berbuf[256];
+	char berbuf[LBER_ELEMENT_SIZEOF];
 	BerElement *ber = (BerElement *)berbuf;
-	Connection conn;
 	const char *text = NULL;
 
 #ifdef NEW_LOGGING
@@ -44,6 +43,9 @@ str2filter( const char *str )
 	}
 
 	ber_init2( ber, NULL, LBER_USE_DER );
+	if ( op->o_tmpmemctx ) {
+		ber_set_option( ber, LBER_OPT_BER_MEMCTX, op->o_tmpmemctx );
+	}
 
 	rc = ldap_pvt_put_filter( ber, str );
 	if( rc < 0 ) {
@@ -52,12 +54,22 @@ str2filter( const char *str )
 
 	ber_reset( ber, 1 );
 
-	conn.c_connid = 0;
-
-	rc = get_filter( &conn, ber, &f, &text );
+	rc = get_filter( op, ber, &f, &text );
 
 done:
 	ber_free_buf( ber );
 
 	return f;
 }
+
+Filter *
+str2filter( const char *str )
+{
+	Operation op = {0};
+
+	op.o_tmpmemctx = NULL;
+	op.o_tmpalloc = ch_malloc;
+	op.o_tmpfree = ch_free;
+
+	return str2filter_x( &op, str );
+}