diff options
Diffstat (limited to 'servers/slapd/daemon.c')
-rw-r--r-- | servers/slapd/daemon.c | 3088 |
1 files changed, 3088 insertions, 0 deletions
diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c new file mode 100644 index 0000000..a3e8713 --- /dev/null +++ b/servers/slapd/daemon.c @@ -0,0 +1,3088 @@ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software <http://www.openldap.org/>. + * + * Copyright 1998-2018 The OpenLDAP Foundation. + * Portions Copyright 2007 by Howard Chu, Symas Corporation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * <http://www.OpenLDAP.org/license.html>. + */ +/* Portions Copyright (c) 1995 Regents of the University of Michigan. + * All rights reserved. + * + * Redistribution and use in source and binary forms are permitted + * provided that this notice is preserved and that due credit is given + * to the University of Michigan at Ann Arbor. The name of the University + * may not be used to endorse or promote products derived from this + * software without specific prior written permission. This software + * is provided ``as is'' without express or implied warranty. + */ + +#include "portable.h" + +#include <stdio.h> + +#include <ac/ctype.h> +#include <ac/errno.h> +#include <ac/socket.h> +#include <ac/string.h> +#include <ac/time.h> +#include <ac/unistd.h> + +#include "slap.h" +#include "ldap_pvt_thread.h" +#include "lutil.h" + +#include "ldap_rq.h" + +#if defined(HAVE_SYS_EPOLL_H) && defined(HAVE_EPOLL) +# include <sys/epoll.h> +#elif defined(SLAP_X_DEVPOLL) && defined(HAVE_SYS_DEVPOLL_H) && defined(HAVE_DEVPOLL) +# include <sys/types.h> +# include <sys/stat.h> +# include <fcntl.h> +# include <sys/devpoll.h> +#endif /* ! epoll && ! /dev/poll */ + +#ifdef HAVE_TCPD +int allow_severity = LOG_INFO; +int deny_severity = LOG_NOTICE; +#endif /* TCP Wrappers */ + +#ifdef LDAP_PF_LOCAL +# include <sys/stat.h> +/* this should go in <ldap.h> as soon as it is accepted */ +# define LDAPI_MOD_URLEXT "x-mod" +#endif /* LDAP_PF_LOCAL */ + +#ifdef LDAP_PF_INET6 +int slap_inet4or6 = AF_UNSPEC; +#else /* ! INETv6 */ +int slap_inet4or6 = AF_INET; +#endif /* ! INETv6 */ + +/* globals */ +time_t starttime; +ber_socket_t dtblsize; +slap_ssf_t local_ssf = LDAP_PVT_SASL_LOCAL_SSF; +struct runqueue_s slapd_rq; + +#ifndef SLAPD_MAX_DAEMON_THREADS +#define SLAPD_MAX_DAEMON_THREADS 16 +#endif +int slapd_daemon_threads = 1; +int slapd_daemon_mask; + +#ifdef LDAP_TCP_BUFFER +int slapd_tcp_rmem; +int slapd_tcp_wmem; +#endif /* LDAP_TCP_BUFFER */ + +Listener **slap_listeners = NULL; +static volatile sig_atomic_t listening = 1; /* 0 when slap_listeners closed */ +static ldap_pvt_thread_t *listener_tid; + +#ifndef SLAPD_LISTEN_BACKLOG +#define SLAPD_LISTEN_BACKLOG 1024 +#endif /* ! SLAPD_LISTEN_BACKLOG */ + +#define DAEMON_ID(fd) (fd & slapd_daemon_mask) + +static ber_socket_t wake_sds[SLAPD_MAX_DAEMON_THREADS][2]; +static int emfile; + +static time_t chk_writetime; + +static volatile int waking; +#ifdef NO_THREADS +#define WAKE_LISTENER(l,w) do { \ + if ((w) && ++waking < 5) { \ + tcp_write( SLAP_FD2SOCK(wake_sds[l][1]), "0", 1 ); \ + } \ +} while (0) +#else /* ! NO_THREADS */ +#define WAKE_LISTENER(l,w) do { \ + if (w) { \ + tcp_write( SLAP_FD2SOCK(wake_sds[l][1]), "0", 1 ); \ + } \ +} while (0) +#endif /* ! NO_THREADS */ + +volatile sig_atomic_t slapd_shutdown = 0; +volatile sig_atomic_t slapd_gentle_shutdown = 0; +volatile sig_atomic_t slapd_abrupt_shutdown = 0; + +#ifdef HAVE_WINSOCK +ldap_pvt_thread_mutex_t slapd_ws_mutex; +SOCKET *slapd_ws_sockets; +#define SD_READ 1 +#define SD_WRITE 2 +#define SD_ACTIVE 4 +#define SD_LISTENER 8 +#endif + +#ifdef HAVE_TCPD +static ldap_pvt_thread_mutex_t sd_tcpd_mutex; +#endif /* TCP Wrappers */ + +typedef struct slap_daemon_st { + ldap_pvt_thread_mutex_t sd_mutex; + + ber_socket_t sd_nactives; + int sd_nwriters; + int sd_nfds; + +#if defined(HAVE_EPOLL) + struct epoll_event *sd_epolls; + int *sd_index; + int sd_epfd; +#elif defined(SLAP_X_DEVPOLL) && defined(HAVE_DEVPOLL) + /* eXperimental */ + struct pollfd *sd_pollfd; + int *sd_index; + Listener **sd_l; + int sd_dpfd; +#else /* ! epoll && ! /dev/poll */ +#ifdef HAVE_WINSOCK + char *sd_flags; + char *sd_rflags; +#else /* ! HAVE_WINSOCK */ + fd_set sd_actives; + fd_set sd_readers; + fd_set sd_writers; +#endif /* ! HAVE_WINSOCK */ +#endif /* ! epoll && ! /dev/poll */ +} slap_daemon_st; + +static slap_daemon_st slap_daemon[SLAPD_MAX_DAEMON_THREADS]; + +/* + * NOTE: naming convention for macros: + * + * - SLAP_SOCK_* and SLAP_EVENT_* for public interface that deals + * with file descriptors and events respectively + * + * - SLAP_<type>_* for private interface; type by now is one of + * EPOLL, DEVPOLL, SELECT + * + * private interface should not be used in the code. + */ +#if defined(HAVE_EPOLL) +/*************************************** + * Use epoll infrastructure - epoll(4) * + ***************************************/ +# define SLAP_EVENT_FNAME "epoll" +# define SLAP_EVENTS_ARE_INDEXED 0 +# define SLAP_EPOLL_SOCK_IX(t,s) (slap_daemon[t].sd_index[(s)]) +# define SLAP_EPOLL_SOCK_EP(t,s) (slap_daemon[t].sd_epolls[SLAP_EPOLL_SOCK_IX(t,s)]) +# define SLAP_EPOLL_SOCK_EV(t,s) (SLAP_EPOLL_SOCK_EP(t,s).events) +# define SLAP_SOCK_IS_ACTIVE(t,s) (SLAP_EPOLL_SOCK_IX(t,s) != -1) +# define SLAP_SOCK_NOT_ACTIVE(t,s) (SLAP_EPOLL_SOCK_IX(t,s) == -1) +# define SLAP_EPOLL_SOCK_IS_SET(t,s, mode) (SLAP_EPOLL_SOCK_EV(t,s) & (mode)) + +# define SLAP_SOCK_IS_READ(t,s) SLAP_EPOLL_SOCK_IS_SET(t,(s), EPOLLIN) +# define SLAP_SOCK_IS_WRITE(t,s) SLAP_EPOLL_SOCK_IS_SET(t,(s), EPOLLOUT) + +# define SLAP_EPOLL_SOCK_SET(t,s, mode) do { \ + if ( (SLAP_EPOLL_SOCK_EV(t,s) & (mode)) != (mode) ) { \ + SLAP_EPOLL_SOCK_EV(t,s) |= (mode); \ + epoll_ctl( slap_daemon[t].sd_epfd, EPOLL_CTL_MOD, (s), \ + &SLAP_EPOLL_SOCK_EP(t,s) ); \ + } \ +} while (0) + +# define SLAP_EPOLL_SOCK_CLR(t,s, mode) do { \ + if ( (SLAP_EPOLL_SOCK_EV(t,s) & (mode)) ) { \ + SLAP_EPOLL_SOCK_EV(t,s) &= ~(mode); \ + epoll_ctl( slap_daemon[t].sd_epfd, EPOLL_CTL_MOD, s, \ + &SLAP_EPOLL_SOCK_EP(t,s) ); \ + } \ +} while (0) + +# define SLAP_SOCK_SET_READ(t,s) SLAP_EPOLL_SOCK_SET(t,s, EPOLLIN) +# define SLAP_SOCK_SET_WRITE(t,s) SLAP_EPOLL_SOCK_SET(t,s, EPOLLOUT) + +# define SLAP_SOCK_CLR_READ(t,s) SLAP_EPOLL_SOCK_CLR(t,(s), EPOLLIN) +# define SLAP_SOCK_CLR_WRITE(t,s) SLAP_EPOLL_SOCK_CLR(t,(s), EPOLLOUT) + +# define SLAP_SOCK_SET_SUSPEND(t,s) \ + ( slap_daemon[t].sd_suspend[SLAP_EPOLL_SOCK_IX(t,s)] = 1 ) +# define SLAP_SOCK_CLR_SUSPEND(t,s) \ + ( slap_daemon[t].sd_suspend[SLAP_EPOLL_SOCK_IX(t,s)] = 0 ) +# define SLAP_SOCK_IS_SUSPEND(t,s) \ + ( slap_daemon[t].sd_suspend[SLAP_EPOLL_SOCK_IX(t,s)] == 1 ) + +# define SLAP_EPOLL_EVENT_CLR(i, mode) (revents[(i)].events &= ~(mode)) + +# define SLAP_EVENT_MAX(t) slap_daemon[t].sd_nfds + +/* If a Listener address is provided, store that as the epoll data. + * Otherwise, store the address of this socket's slot in the + * index array. If we can't do this add, the system is out of + * resources and we need to shutdown. + */ +# define SLAP_SOCK_ADD(t, s, l) do { \ + int rc; \ + SLAP_EPOLL_SOCK_IX(t,(s)) = slap_daemon[t].sd_nfds; \ + SLAP_EPOLL_SOCK_EP(t,(s)).data.ptr = (l) ? (l) : (void *)(&SLAP_EPOLL_SOCK_IX(t,s)); \ + SLAP_EPOLL_SOCK_EV(t,(s)) = EPOLLIN; \ + rc = epoll_ctl(slap_daemon[t].sd_epfd, EPOLL_CTL_ADD, \ + (s), &SLAP_EPOLL_SOCK_EP(t,(s))); \ + if ( rc == 0 ) { \ + slap_daemon[t].sd_nfds++; \ + } else { \ + Debug( LDAP_DEBUG_ANY, \ + "daemon: epoll_ctl(ADD,fd=%d) failed, errno=%d, shutting down\n", \ + s, errno, 0 ); \ + slapd_shutdown = 2; \ + } \ +} while (0) + +# define SLAP_EPOLL_EV_LISTENER(t,ptr) \ + (((int *)(ptr) >= slap_daemon[t].sd_index && \ + (int *)(ptr) <= &slap_daemon[t].sd_index[dtblsize]) ? 0 : 1 ) + +# define SLAP_EPOLL_EV_PTRFD(t,ptr) (SLAP_EPOLL_EV_LISTENER(t,ptr) ? \ + ((Listener *)ptr)->sl_sd : \ + (ber_socket_t) ((int *)(ptr) - slap_daemon[t].sd_index)) + +# define SLAP_SOCK_DEL(t,s) do { \ + int fd, rc, index = SLAP_EPOLL_SOCK_IX(t,(s)); \ + if ( index < 0 ) break; \ + rc = epoll_ctl(slap_daemon[t].sd_epfd, EPOLL_CTL_DEL, \ + (s), &SLAP_EPOLL_SOCK_EP(t,(s))); \ + slap_daemon[t].sd_epolls[index] = \ + slap_daemon[t].sd_epolls[slap_daemon[t].sd_nfds-1]; \ + fd = SLAP_EPOLL_EV_PTRFD(t,slap_daemon[t].sd_epolls[index].data.ptr); \ + slap_daemon[t].sd_index[fd] = index; \ + slap_daemon[t].sd_index[(s)] = -1; \ + slap_daemon[t].sd_nfds--; \ +} while (0) + +# define SLAP_EVENT_CLR_READ(i) SLAP_EPOLL_EVENT_CLR((i), EPOLLIN) +# define SLAP_EVENT_CLR_WRITE(i) SLAP_EPOLL_EVENT_CLR((i), EPOLLOUT) + +# define SLAP_EPOLL_EVENT_CHK(i, mode) (revents[(i)].events & mode) + +# define SLAP_EVENT_IS_READ(i) SLAP_EPOLL_EVENT_CHK((i), EPOLLIN) +# define SLAP_EVENT_IS_WRITE(i) SLAP_EPOLL_EVENT_CHK((i), EPOLLOUT) +# define SLAP_EVENT_IS_LISTENER(t,i) SLAP_EPOLL_EV_LISTENER(t,revents[(i)].data.ptr) +# define SLAP_EVENT_LISTENER(t,i) ((Listener *)(revents[(i)].data.ptr)) + +# define SLAP_EVENT_FD(t,i) SLAP_EPOLL_EV_PTRFD(t,revents[(i)].data.ptr) + +# define SLAP_SOCK_INIT(t) do { \ + int j; \ + slap_daemon[t].sd_epolls = ch_calloc(1, \ + ( sizeof(struct epoll_event) * 2 \ + + sizeof(int) ) * dtblsize * 2); \ + slap_daemon[t].sd_index = (int *)&slap_daemon[t].sd_epolls[ 2 * dtblsize ]; \ + slap_daemon[t].sd_epfd = epoll_create( dtblsize / slapd_daemon_threads ); \ + for ( j = 0; j < dtblsize; j++ ) slap_daemon[t].sd_index[j] = -1; \ +} while (0) + +# define SLAP_SOCK_DESTROY(t) do { \ + if ( slap_daemon[t].sd_epolls != NULL ) { \ + ch_free( slap_daemon[t].sd_epolls ); \ + slap_daemon[t].sd_epolls = NULL; \ + slap_daemon[t].sd_index = NULL; \ + close( slap_daemon[t].sd_epfd ); \ + } \ +} while ( 0 ) + +# define SLAP_EVENT_DECL struct epoll_event *revents + +# define SLAP_EVENT_INIT(t) do { \ + revents = slap_daemon[t].sd_epolls + dtblsize; \ +} while (0) + +# define SLAP_EVENT_WAIT(t, tvp, nsp) do { \ + *(nsp) = epoll_wait( slap_daemon[t].sd_epfd, revents, \ + dtblsize, (tvp) ? (tvp)->tv_sec * 1000 : -1 ); \ +} while (0) + +#elif defined(SLAP_X_DEVPOLL) && defined(HAVE_DEVPOLL) + +/************************************************************* + * Use Solaris' (>= 2.7) /dev/poll infrastructure - poll(7d) * + *************************************************************/ +# define SLAP_EVENT_FNAME "/dev/poll" +# define SLAP_EVENTS_ARE_INDEXED 0 +/* + * - sd_index is used much like with epoll() + * - sd_l is maintained as an array containing the address + * of the listener; the index is the fd itself + * - sd_pollfd is used to keep track of what data has been + * registered in /dev/poll + */ +# define SLAP_DEVPOLL_SOCK_IX(t,s) (slap_daemon[t].sd_index[(s)]) +# define SLAP_DEVPOLL_SOCK_LX(t,s) (slap_daemon[t].sd_l[(s)]) +# define SLAP_DEVPOLL_SOCK_EP(t,s) (slap_daemon[t].sd_pollfd[SLAP_DEVPOLL_SOCK_IX(t,(s))]) +# define SLAP_DEVPOLL_SOCK_FD(t,s) (SLAP_DEVPOLL_SOCK_EP(t,(s)).fd) +# define SLAP_DEVPOLL_SOCK_EV(t,s) (SLAP_DEVPOLL_SOCK_EP(t,(s)).events) +# define SLAP_SOCK_IS_ACTIVE(t,s) (SLAP_DEVPOLL_SOCK_IX(t,(s)) != -1) +# define SLAP_SOCK_NOT_ACTIVE(t,s) (SLAP_DEVPOLL_SOCK_IX(t,(s)) == -1) +# define SLAP_SOCK_IS_SET(t,s, mode) (SLAP_DEVPOLL_SOCK_EV(t,(s)) & (mode)) + +# define SLAP_SOCK_IS_READ(t,s) SLAP_SOCK_IS_SET(t,(s), POLLIN) +# define SLAP_SOCK_IS_WRITE(t,s) SLAP_SOCK_IS_SET(t,(s), POLLOUT) + +/* as far as I understand, any time we need to communicate with the kernel + * about the number and/or properties of a file descriptor we need it to + * wait for, we have to rewrite the whole set */ +# define SLAP_DEVPOLL_WRITE_POLLFD(t,s, pfd, n, what, shdn) do { \ + int rc; \ + size_t size = (n) * sizeof( struct pollfd ); \ + /* FIXME: use pwrite? */ \ + rc = write( slap_daemon[t].sd_dpfd, (pfd), size ); \ + if ( rc != size ) { \ + Debug( LDAP_DEBUG_ANY, "daemon: " SLAP_EVENT_FNAME ": " \ + "%s fd=%d failed errno=%d\n", \ + (what), (s), errno ); \ + if ( (shdn) ) { \ + slapd_shutdown = 2; \ + } \ + } \ +} while (0) + +# define SLAP_DEVPOLL_SOCK_SET(t,s, mode) do { \ + Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_SET_%s(%d)=%d\n", \ + (mode) == POLLIN ? "READ" : "WRITE", (s), \ + ( (SLAP_DEVPOLL_SOCK_EV(t,(s)) & (mode)) != (mode) ) ); \ + if ( (SLAP_DEVPOLL_SOCK_EV(t,(s)) & (mode)) != (mode) ) { \ + struct pollfd pfd; \ + SLAP_DEVPOLL_SOCK_EV(t,(s)) |= (mode); \ + pfd.fd = SLAP_DEVPOLL_SOCK_FD(t,(s)); \ + pfd.events = /* (mode) */ SLAP_DEVPOLL_SOCK_EV(t,(s)); \ + SLAP_DEVPOLL_WRITE_POLLFD(t,(s), &pfd, 1, "SET", 0); \ + } \ +} while (0) + +# define SLAP_DEVPOLL_SOCK_CLR(t,s, mode) do { \ + Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_CLR_%s(%d)=%d\n", \ + (mode) == POLLIN ? "READ" : "WRITE", (s), \ + ( (SLAP_DEVPOLL_SOCK_EV(t,(s)) & (mode)) == (mode) ) ); \ + if ((SLAP_DEVPOLL_SOCK_EV(t,(s)) & (mode)) == (mode) ) { \ + struct pollfd pfd[2]; \ + SLAP_DEVPOLL_SOCK_EV(t,(s)) &= ~(mode); \ + pfd[0].fd = SLAP_DEVPOLL_SOCK_FD(t,(s)); \ + pfd[0].events = POLLREMOVE; \ + pfd[1] = SLAP_DEVPOLL_SOCK_EP(t,(s)); \ + SLAP_DEVPOLL_WRITE_POLLFD(t,(s), &pfd[0], 2, "CLR", 0); \ + } \ +} while (0) + +# define SLAP_SOCK_SET_READ(t,s) SLAP_DEVPOLL_SOCK_SET(t,s, POLLIN) +# define SLAP_SOCK_SET_WRITE(t,s) SLAP_DEVPOLL_SOCK_SET(t,s, POLLOUT) + +# define SLAP_SOCK_CLR_READ(t,s) SLAP_DEVPOLL_SOCK_CLR(t,(s), POLLIN) +# define SLAP_SOCK_CLR_WRITE(t,s) SLAP_DEVPOLL_SOCK_CLR(t,(s), POLLOUT) + +# define SLAP_SOCK_SET_SUSPEND(t,s) \ + ( slap_daemon[t].sd_suspend[SLAP_DEVPOLL_SOCK_IX(t,(s))] = 1 ) +# define SLAP_SOCK_CLR_SUSPEND(t,s) \ + ( slap_daemon[t].sd_suspend[SLAP_DEVPOLL_SOCK_IX(t,(s))] = 0 ) +# define SLAP_SOCK_IS_SUSPEND(t,s) \ + ( slap_daemon[t].sd_suspend[SLAP_DEVPOLL_SOCK_IX(t,(s))] == 1 ) + +# define SLAP_DEVPOLL_EVENT_CLR(i, mode) (revents[(i)].events &= ~(mode)) + +# define SLAP_EVENT_MAX(t) slap_daemon[t].sd_nfds + +/* If a Listener address is provided, store that in the sd_l array. + * If we can't do this add, the system is out of resources and we + * need to shutdown. + */ +# define SLAP_SOCK_ADD(t, s, l) do { \ + Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_ADD(%d, %p)\n", (s), (l), 0 ); \ + SLAP_DEVPOLL_SOCK_IX(t,(s)) = slap_daemon[t].sd_nfds; \ + SLAP_DEVPOLL_SOCK_LX(t,(s)) = (l); \ + SLAP_DEVPOLL_SOCK_FD(t,(s)) = (s); \ + SLAP_DEVPOLL_SOCK_EV(t,(s)) = POLLIN; \ + SLAP_DEVPOLL_WRITE_POLLFD(t,(s), &SLAP_DEVPOLL_SOCK_EP((s)), 1, "ADD", 1); \ + slap_daemon[t].sd_nfds++; \ +} while (0) + +# define SLAP_DEVPOLL_EV_LISTENER(ptr) ((ptr) != NULL) + +# define SLAP_SOCK_DEL(t,s) do { \ + int fd, index = SLAP_DEVPOLL_SOCK_IX(t,(s)); \ + Debug( LDAP_DEBUG_CONNS, "SLAP_SOCK_DEL(%d)\n", (s), 0, 0 ); \ + if ( index < 0 ) break; \ + if ( index < slap_daemon[t].sd_nfds - 1 ) { \ + struct pollfd pfd = slap_daemon[t].sd_pollfd[index]; \ + fd = slap_daemon[t].sd_pollfd[slap_daemon[t].sd_nfds - 1].fd; \ + slap_daemon[t].sd_pollfd[index] = slap_daemon[t].sd_pollfd[slap_daemon[t].sd_nfds - 1]; \ + slap_daemon[t].sd_pollfd[slap_daemon[t].sd_nfds - 1] = pfd; \ + slap_daemon[t].sd_index[fd] = index; \ + } \ + slap_daemon[t].sd_index[(s)] = -1; \ + slap_daemon[t].sd_pollfd[slap_daemon[t].sd_nfds - 1].events = POLLREMOVE; \ + SLAP_DEVPOLL_WRITE_POLLFD(t,(s), &slap_daemon[t].sd_pollfd[slap_daemon[t].sd_nfds - 1], 1, "DEL", 0); \ + slap_daemon[t].sd_pollfd[slap_daemon[t].sd_nfds - 1].events = 0; \ + slap_daemon[t].sd_nfds--; \ +} while (0) + +# define SLAP_EVENT_CLR_READ(i) SLAP_DEVPOLL_EVENT_CLR((i), POLLIN) +# define SLAP_EVENT_CLR_WRITE(i) SLAP_DEVPOLL_EVENT_CLR((i), POLLOUT) + +# define SLAP_DEVPOLL_EVENT_CHK(i, mode) (revents[(i)].events & (mode)) + +# define SLAP_EVENT_FD(t,i) (revents[(i)].fd) + +# define SLAP_EVENT_IS_READ(i) SLAP_DEVPOLL_EVENT_CHK((i), POLLIN) +# define SLAP_EVENT_IS_WRITE(i) SLAP_DEVPOLL_EVENT_CHK((i), POLLOUT) +# define SLAP_EVENT_IS_LISTENER(t,i) SLAP_DEVPOLL_EV_LISTENER(SLAP_DEVPOLL_SOCK_LX(SLAP_EVENT_FD(t,(i)))) +# define SLAP_EVENT_LISTENER(t,i) SLAP_DEVPOLL_SOCK_LX(SLAP_EVENT_FD(t,(i))) + +# define SLAP_SOCK_INIT(t) do { \ + slap_daemon[t].sd_pollfd = ch_calloc( 1, \ + ( sizeof(struct pollfd) * 2 \ + + sizeof( int ) \ + + sizeof( Listener * ) ) * dtblsize ); \ + slap_daemon[t].sd_index = (int *)&slap_daemon[t].sd_pollfd[ 2 * dtblsize ]; \ + slap_daemon[t].sd_l = (Listener **)&slap_daemon[t].sd_index[ dtblsize ]; \ + slap_daemon[t].sd_dpfd = open( SLAP_EVENT_FNAME, O_RDWR ); \ + if ( slap_daemon[t].sd_dpfd == -1 ) { \ + Debug( LDAP_DEBUG_ANY, "daemon: " SLAP_EVENT_FNAME ": " \ + "open(\"" SLAP_EVENT_FNAME "\") failed errno=%d\n", \ + errno, 0, 0 ); \ + SLAP_SOCK_DESTROY; \ + return -1; \ + } \ + for ( i = 0; i < dtblsize; i++ ) { \ + slap_daemon[t].sd_pollfd[i].fd = -1; \ + slap_daemon[t].sd_index[i] = -1; \ + } \ +} while (0) + +# define SLAP_SOCK_DESTROY(t) do { \ + if ( slap_daemon[t].sd_pollfd != NULL ) { \ + ch_free( slap_daemon[t].sd_pollfd ); \ + slap_daemon[t].sd_pollfd = NULL; \ + slap_daemon[t].sd_index = NULL; \ + slap_daemon[t].sd_l = NULL; \ + close( slap_daemon[t].sd_dpfd ); \ + } \ +} while ( 0 ) + +# define SLAP_EVENT_DECL struct pollfd *revents + +# define SLAP_EVENT_INIT(t) do { \ + revents = &slap_daemon[t].sd_pollfd[ dtblsize ]; \ +} while (0) + +# define SLAP_EVENT_WAIT(t, tvp, nsp) do { \ + struct dvpoll sd_dvpoll; \ + sd_dvpoll.dp_timeout = (tvp) ? (tvp)->tv_sec * 1000 : -1; \ + sd_dvpoll.dp_nfds = dtblsize; \ + sd_dvpoll.dp_fds = revents; \ + *(nsp) = ioctl( slap_daemon[t].sd_dpfd, DP_POLL, &sd_dvpoll ); \ +} while (0) + +#else /* ! epoll && ! /dev/poll */ +# ifdef HAVE_WINSOCK +# define SLAP_EVENT_FNAME "WSselect" +/* Winsock provides a "select" function but its fd_sets are + * actually arrays of sockets. Since these sockets are handles + * and not a contiguous range of small integers, we manage our + * own "fd" table of socket handles and use their indices as + * descriptors. + * + * All of our listener/connection structures use fds; the actual + * I/O functions use sockets. The SLAP_FD2SOCK macro in proto-slap.h + * handles the mapping. + * + * Despite the mapping overhead, this is about 45% more efficient + * than just using Winsock's select and FD_ISSET directly. + * + * Unfortunately Winsock's select implementation doesn't scale well + * as the number of connections increases. This probably needs to be + * rewritten to use the Winsock overlapped/asynchronous I/O functions. + */ +# define SLAP_EVENTS_ARE_INDEXED 1 +# define SLAP_EVENT_DECL fd_set readfds, writefds; char *rflags +# define SLAP_EVENT_INIT(t) do { \ + int i; \ + FD_ZERO( &readfds ); \ + FD_ZERO( &writefds ); \ + rflags = slap_daemon[t].sd_rflags; \ + memset( rflags, 0, slap_daemon[t].sd_nfds ); \ + for ( i=0; i<slap_daemon[t].sd_nfds; i++ ) { \ + if ( slap_daemon[t].sd_flags[i] & SD_READ ) \ + FD_SET( slapd_ws_sockets[i], &readfds );\ + if ( slap_daemon[t].sd_flags[i] & SD_WRITE ) \ + FD_SET( slapd_ws_sockets[i], &writefds ); \ + } } while ( 0 ) + +# define SLAP_EVENT_MAX(t) slap_daemon[t].sd_nfds + +# define SLAP_EVENT_WAIT(t, tvp, nsp) do { \ + int i; \ + *(nsp) = select( SLAP_EVENT_MAX(t), &readfds, \ + nwriters > 0 ? &writefds : NULL, NULL, (tvp) ); \ + for ( i=0; i<readfds.fd_count; i++) { \ + int fd = slapd_sock2fd(readfds.fd_array[i]); \ + if ( fd >= 0 ) { \ + slap_daemon[t].sd_rflags[fd] = SD_READ; \ + if ( fd >= *(nsp)) *(nsp) = fd+1; \ + } \ + } \ + for ( i=0; i<writefds.fd_count; i++) { \ + int fd = slapd_sock2fd(writefds.fd_array[i]); \ + if ( fd >= 0 ) { \ + slap_daemon[t].sd_rflags[fd] = SD_WRITE; \ + if ( fd >= *(nsp)) *(nsp) = fd+1; \ + } \ + } \ +} while (0) + +# define SLAP_EVENT_IS_READ(fd) (rflags[fd] & SD_READ) +# define SLAP_EVENT_IS_WRITE(fd) (rflags[fd] & SD_WRITE) + +# define SLAP_EVENT_CLR_READ(fd) rflags[fd] &= ~SD_READ +# define SLAP_EVENT_CLR_WRITE(fd) rflags[fd] &= ~SD_WRITE + +# define SLAP_SOCK_INIT(t) do { \ + if (!t) { \ + ldap_pvt_thread_mutex_init( &slapd_ws_mutex ); \ + slapd_ws_sockets = ch_malloc( dtblsize * ( sizeof(SOCKET) + 2)); \ + memset( slapd_ws_sockets, -1, dtblsize * sizeof(SOCKET) ); \ + } \ + slap_daemon[t].sd_flags = (char *)(slapd_ws_sockets + dtblsize); \ + slap_daemon[t].sd_rflags = slap_daemon[t].sd_flags + dtblsize; \ + memset( slap_daemon[t].sd_flags, 0, dtblsize ); \ + slapd_ws_sockets[t*2] = wake_sds[t][0]; \ + slapd_ws_sockets[t*2+1] = wake_sds[t][1]; \ + wake_sds[t][0] = t*2; \ + wake_sds[t][1] = t*2+1; \ + slap_daemon[t].sd_nfds = t*2 + 2; \ + } while ( 0 ) + +# define SLAP_SOCK_DESTROY(t) do { \ + ch_free( slapd_ws_sockets ); slapd_ws_sockets = NULL; \ + slap_daemon[t].sd_flags = NULL; \ + slap_daemon[t].sd_rflags = NULL; \ + ldap_pvt_thread_mutex_destroy( &slapd_ws_mutex ); \ + } while ( 0 ) + +# define SLAP_SOCK_IS_ACTIVE(t,fd) ( slap_daemon[t].sd_flags[fd] & SD_ACTIVE ) +# define SLAP_SOCK_IS_READ(t,fd) ( slap_daemon[t].sd_flags[fd] & SD_READ ) +# define SLAP_SOCK_IS_WRITE(t,fd) ( slap_daemon[t].sd_flags[fd] & SD_WRITE ) +# define SLAP_SOCK_NOT_ACTIVE(t,fd) (!slap_daemon[t].sd_flags[fd]) + +# define SLAP_SOCK_SET_READ(t,fd) ( slap_daemon[t].sd_flags[fd] |= SD_READ ) +# define SLAP_SOCK_SET_WRITE(t,fd) ( slap_daemon[t].sd_flags[fd] |= SD_WRITE ) + +# define SLAP_SELECT_ADDTEST(t,s) do { \ + if ((s) >= slap_daemon[t].sd_nfds) slap_daemon[t].sd_nfds = (s)+1; \ +} while (0) + +# define SLAP_SOCK_CLR_READ(t,fd) ( slap_daemon[t].sd_flags[fd] &= ~SD_READ ) +# define SLAP_SOCK_CLR_WRITE(t,fd) ( slap_daemon[t].sd_flags[fd] &= ~SD_WRITE ) + +# define SLAP_SOCK_ADD(t,s, l) do { \ + SLAP_SELECT_ADDTEST(t,(s)); \ + slap_daemon[t].sd_flags[s] = SD_ACTIVE|SD_READ; \ +} while ( 0 ) + +# define SLAP_SOCK_DEL(t,s) do { \ + slap_daemon[t].sd_flags[s] = 0; \ + slapd_sockdel( s ); \ +} while ( 0 ) + +# else /* !HAVE_WINSOCK */ + +/************************************** + * Use select system call - select(2) * + **************************************/ +# define SLAP_EVENT_FNAME "select" +/* select */ +# define SLAP_EVENTS_ARE_INDEXED 1 +# define SLAP_EVENT_DECL fd_set readfds, writefds + +# define SLAP_EVENT_INIT(t) do { \ + AC_MEMCPY( &readfds, &slap_daemon[t].sd_readers, sizeof(fd_set) ); \ + if ( nwriters ) { \ + AC_MEMCPY( &writefds, &slap_daemon[t].sd_writers, sizeof(fd_set) ); \ + } else { \ + FD_ZERO( &writefds ); \ + } \ +} while (0) + +# ifdef FD_SETSIZE +# define SLAP_SELECT_CHK_SETSIZE do { \ + if (dtblsize > FD_SETSIZE) dtblsize = FD_SETSIZE; \ +} while (0) +# else /* ! FD_SETSIZE */ +# define SLAP_SELECT_CHK_SETSIZE do { ; } while (0) +# endif /* ! FD_SETSIZE */ + +# define SLAP_SOCK_INIT(t) do { \ + SLAP_SELECT_CHK_SETSIZE; \ + FD_ZERO(&slap_daemon[t].sd_actives); \ + FD_ZERO(&slap_daemon[t].sd_readers); \ + FD_ZERO(&slap_daemon[t].sd_writers); \ +} while (0) + +# define SLAP_SOCK_DESTROY(t) + +# define SLAP_SOCK_IS_ACTIVE(t,fd) FD_ISSET((fd), &slap_daemon[t].sd_actives) +# define SLAP_SOCK_IS_READ(t,fd) FD_ISSET((fd), &slap_daemon[t].sd_readers) +# define SLAP_SOCK_IS_WRITE(t,fd) FD_ISSET((fd), &slap_daemon[t].sd_writers) + +# define SLAP_SOCK_NOT_ACTIVE(t,fd) (!SLAP_SOCK_IS_ACTIVE(t,fd) && \ + !SLAP_SOCK_IS_READ(t,fd) && !SLAP_SOCK_IS_WRITE(t,fd)) + +# define SLAP_SOCK_SET_READ(t,fd) FD_SET((fd), &slap_daemon[t].sd_readers) +# define SLAP_SOCK_SET_WRITE(t,fd) FD_SET((fd), &slap_daemon[t].sd_writers) + +# define SLAP_EVENT_MAX(t) slap_daemon[t].sd_nfds +# define SLAP_SELECT_ADDTEST(t,s) do { \ + if ((s) >= slap_daemon[t].sd_nfds) slap_daemon[t].sd_nfds = (s)+1; \ +} while (0) + +# define SLAP_SOCK_CLR_READ(t,fd) FD_CLR((fd), &slap_daemon[t].sd_readers) +# define SLAP_SOCK_CLR_WRITE(t,fd) FD_CLR((fd), &slap_daemon[t].sd_writers) + +# define SLAP_SOCK_ADD(t,s, l) do { \ + SLAP_SELECT_ADDTEST(t,(s)); \ + FD_SET((s), &slap_daemon[t].sd_actives); \ + FD_SET((s), &slap_daemon[t].sd_readers); \ +} while (0) + +# define SLAP_SOCK_DEL(t,s) do { \ + FD_CLR((s), &slap_daemon[t].sd_actives); \ + FD_CLR((s), &slap_daemon[t].sd_readers); \ + FD_CLR((s), &slap_daemon[t].sd_writers); \ +} while (0) + +# define SLAP_EVENT_IS_READ(fd) FD_ISSET((fd), &readfds) +# define SLAP_EVENT_IS_WRITE(fd) FD_ISSET((fd), &writefds) + +# define SLAP_EVENT_CLR_READ(fd) FD_CLR((fd), &readfds) +# define SLAP_EVENT_CLR_WRITE(fd) FD_CLR((fd), &writefds) + +# define SLAP_EVENT_WAIT(t, tvp, nsp) do { \ + *(nsp) = select( SLAP_EVENT_MAX(t), &readfds, \ + nwriters > 0 ? &writefds : NULL, NULL, (tvp) ); \ +} while (0) +# endif /* !HAVE_WINSOCK */ +#endif /* ! epoll && ! /dev/poll */ + +#ifdef HAVE_SLP +/* + * SLP related functions + */ +#include <slp.h> + +#define LDAP_SRVTYPE_PREFIX "service:ldap://" +#define LDAPS_SRVTYPE_PREFIX "service:ldaps://" +static char** slapd_srvurls = NULL; +static SLPHandle slapd_hslp = 0; +int slapd_register_slp = 0; +const char *slapd_slp_attrs = NULL; + +static SLPError slapd_slp_cookie; + +static void +slapd_slp_init( const char* urls ) +{ + int i; + SLPError err; + + slapd_srvurls = ldap_str2charray( urls, " " ); + + if ( slapd_srvurls == NULL ) return; + + /* find and expand INADDR_ANY URLs */ + for ( i = 0; slapd_srvurls[i] != NULL; i++ ) { + if ( strcmp( slapd_srvurls[i], "ldap:///" ) == 0 ) { + slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i], + global_host_bv.bv_len + + sizeof( LDAP_SRVTYPE_PREFIX ) ); + strcpy( lutil_strcopy(slapd_srvurls[i], + LDAP_SRVTYPE_PREFIX ), global_host_bv.bv_val ); + } else if ( strcmp( slapd_srvurls[i], "ldaps:///" ) == 0 ) { + slapd_srvurls[i] = (char *) ch_realloc( slapd_srvurls[i], + global_host_bv.bv_len + + sizeof( LDAPS_SRVTYPE_PREFIX ) ); + strcpy( lutil_strcopy(slapd_srvurls[i], + LDAPS_SRVTYPE_PREFIX ), global_host_bv.bv_val ); + } + } + + /* open the SLP handle */ + err = SLPOpen( "en", 0, &slapd_hslp ); + + if ( err != SLP_OK ) { + Debug( LDAP_DEBUG_CONNS, "daemon: SLPOpen() failed with %ld\n", + (long)err, 0, 0 ); + } +} + +static void +slapd_slp_deinit( void ) +{ + if ( slapd_srvurls == NULL ) return; + + ldap_charray_free( slapd_srvurls ); + slapd_srvurls = NULL; + + /* close the SLP handle */ + SLPClose( slapd_hslp ); +} + +static void +slapd_slp_regreport( + SLPHandle hslp, + SLPError errcode, + void *cookie ) +{ + /* return the error code in the cookie */ + *(SLPError*)cookie = errcode; +} + +static void +slapd_slp_reg() +{ + int i; + SLPError err; + + if ( slapd_srvurls == NULL ) return; + + for ( i = 0; slapd_srvurls[i] != NULL; i++ ) { + if ( strncmp( slapd_srvurls[i], LDAP_SRVTYPE_PREFIX, + sizeof( LDAP_SRVTYPE_PREFIX ) - 1 ) == 0 || + strncmp( slapd_srvurls[i], LDAPS_SRVTYPE_PREFIX, + sizeof( LDAPS_SRVTYPE_PREFIX ) - 1 ) == 0 ) + { + err = SLPReg( slapd_hslp, + slapd_srvurls[i], + SLP_LIFETIME_MAXIMUM, + "ldap", + (slapd_slp_attrs) ? slapd_slp_attrs : "", + SLP_TRUE, + slapd_slp_regreport, + &slapd_slp_cookie ); + + if ( err != SLP_OK || slapd_slp_cookie != SLP_OK ) { + Debug( LDAP_DEBUG_CONNS, + "daemon: SLPReg(%s) failed with %ld, cookie = %ld\n", + slapd_srvurls[i], (long)err, (long)slapd_slp_cookie ); + } + } + } +} + +static void +slapd_slp_dereg( void ) +{ + int i; + SLPError err; + + if ( slapd_srvurls == NULL ) return; + + for ( i = 0; slapd_srvurls[i] != NULL; i++ ) { + err = SLPDereg( slapd_hslp, + slapd_srvurls[i], + slapd_slp_regreport, + &slapd_slp_cookie ); + + if ( err != SLP_OK || slapd_slp_cookie != SLP_OK ) { + Debug( LDAP_DEBUG_CONNS, + "daemon: SLPDereg(%s) failed with %ld, cookie = %ld\n", + slapd_srvurls[i], (long)err, (long)slapd_slp_cookie ); + } + } +} +#endif /* HAVE_SLP */ + +#ifdef HAVE_WINSOCK +/* Manage the descriptor to socket table */ +ber_socket_t +slapd_socknew( ber_socket_t s ) +{ + ber_socket_t i; + ldap_pvt_thread_mutex_lock( &slapd_ws_mutex ); + for ( i = 0; i < dtblsize && slapd_ws_sockets[i] != INVALID_SOCKET; i++ ); + if ( i == dtblsize ) { + WSASetLastError( WSAEMFILE ); + } else { + slapd_ws_sockets[i] = s; + } + ldap_pvt_thread_mutex_unlock( &slapd_ws_mutex ); + return i; +} + +void +slapd_sockdel( ber_socket_t s ) +{ + ldap_pvt_thread_mutex_lock( &slapd_ws_mutex ); + slapd_ws_sockets[s] = INVALID_SOCKET; + ldap_pvt_thread_mutex_unlock( &slapd_ws_mutex ); +} + +ber_socket_t +slapd_sock2fd( ber_socket_t s ) +{ + ber_socket_t i; + for ( i=0; i<dtblsize && slapd_ws_sockets[i] != s; i++); + if ( i == dtblsize ) + i = -1; + return i; +} +#endif + +/* + * Add a descriptor to daemon control + * + * If isactive, the descriptor is a live server session and is subject + * to idletimeout control. Otherwise, the descriptor is a passive + * listener or an outbound client session, and not subject to + * idletimeout. The underlying event handler may record the Listener + * argument to differentiate Listener's from real sessions. + */ +static void +slapd_add( ber_socket_t s, int isactive, Listener *sl, int id ) +{ + if (id < 0) + id = DAEMON_ID(s); + ldap_pvt_thread_mutex_lock( &slap_daemon[id].sd_mutex ); + + assert( SLAP_SOCK_NOT_ACTIVE(id, s) ); + + if ( isactive ) slap_daemon[id].sd_nactives++; + + SLAP_SOCK_ADD(id, s, sl); + + Debug( LDAP_DEBUG_CONNS, "daemon: added %ldr%s listener=%p\n", + (long) s, isactive ? " (active)" : "", (void *)sl ); + + ldap_pvt_thread_mutex_unlock( &slap_daemon[id].sd_mutex ); + + WAKE_LISTENER(id,1); +} + +/* + * Remove the descriptor from daemon control + */ +void +slapd_remove( + ber_socket_t s, + Sockbuf *sb, + int wasactive, + int wake, + int locked ) +{ + int waswriter; + int wasreader; + int id = DAEMON_ID(s); + + if ( !locked ) + ldap_pvt_thread_mutex_lock( &slap_daemon[id].sd_mutex ); + + assert( SLAP_SOCK_IS_ACTIVE( id, s )); + + if ( wasactive ) slap_daemon[id].sd_nactives--; + + waswriter = SLAP_SOCK_IS_WRITE(id, s); + wasreader = SLAP_SOCK_IS_READ(id, s); + + Debug( LDAP_DEBUG_CONNS, "daemon: removing %ld%s%s\n", + (long) s, + wasreader ? "r" : "", + waswriter ? "w" : "" ); + + if ( waswriter ) slap_daemon[id].sd_nwriters--; + + SLAP_SOCK_DEL(id, s); + + if ( sb ) + ber_sockbuf_free(sb); + + /* If we ran out of file descriptors, we dropped a listener from + * the select() loop. Now that we're removing a session from our + * control, we can try to resume a dropped listener to use. + */ + if ( emfile && listening ) { + int i; + for ( i = 0; slap_listeners[i] != NULL; i++ ) { + Listener *lr = slap_listeners[i]; + + if ( lr->sl_sd == AC_SOCKET_INVALID ) continue; + if ( lr->sl_sd == s ) continue; + if ( lr->sl_mute ) { + lr->sl_mute = 0; + emfile--; + if ( DAEMON_ID(lr->sl_sd) != id ) + WAKE_LISTENER(DAEMON_ID(lr->sl_sd), wake); + break; + } + } + /* Walked the entire list without enabling anything; emfile + * counter is stale. Reset it. + */ + if ( slap_listeners[i] == NULL ) emfile = 0; + } + ldap_pvt_thread_mutex_unlock( &slap_daemon[id].sd_mutex ); + WAKE_LISTENER(id, wake || slapd_gentle_shutdown == 2); +} + +void +slapd_clr_write( ber_socket_t s, int wake ) +{ + int id = DAEMON_ID(s); + ldap_pvt_thread_mutex_lock( &slap_daemon[id].sd_mutex ); + + if ( SLAP_SOCK_IS_WRITE( id, s )) { + assert( SLAP_SOCK_IS_ACTIVE( id, s )); + + SLAP_SOCK_CLR_WRITE( id, s ); + slap_daemon[id].sd_nwriters--; + } + + ldap_pvt_thread_mutex_unlock( &slap_daemon[id].sd_mutex ); + WAKE_LISTENER(id,wake); +} + +void +slapd_set_write( ber_socket_t s, int wake ) +{ + int id = DAEMON_ID(s); + ldap_pvt_thread_mutex_lock( &slap_daemon[id].sd_mutex ); + + assert( SLAP_SOCK_IS_ACTIVE( id, s )); + + if ( !SLAP_SOCK_IS_WRITE( id, s )) { + SLAP_SOCK_SET_WRITE( id, s ); + slap_daemon[id].sd_nwriters++; + } + if (( wake & 2 ) && global_writetimeout && !chk_writetime ) { + if (id) + ldap_pvt_thread_mutex_lock( &slap_daemon[0].sd_mutex ); + if (!chk_writetime) + chk_writetime = slap_get_time(); + if (id) + ldap_pvt_thread_mutex_unlock( &slap_daemon[0].sd_mutex ); + } + + ldap_pvt_thread_mutex_unlock( &slap_daemon[id].sd_mutex ); + WAKE_LISTENER(id,wake); +} + +int +slapd_clr_read( ber_socket_t s, int wake ) +{ + int rc = 1; + int id = DAEMON_ID(s); + ldap_pvt_thread_mutex_lock( &slap_daemon[id].sd_mutex ); + + if ( SLAP_SOCK_IS_ACTIVE( id, s )) { + SLAP_SOCK_CLR_READ( id, s ); + rc = 0; + } + ldap_pvt_thread_mutex_unlock( &slap_daemon[id].sd_mutex ); + if ( !rc ) + WAKE_LISTENER(id,wake); + return rc; +} + +void +slapd_set_read( ber_socket_t s, int wake ) +{ + int do_wake = 1; + int id = DAEMON_ID(s); + ldap_pvt_thread_mutex_lock( &slap_daemon[id].sd_mutex ); + + if( SLAP_SOCK_IS_ACTIVE( id, s ) && !SLAP_SOCK_IS_READ( id, s )) { + SLAP_SOCK_SET_READ( id, s ); + } else { + do_wake = 0; + } + ldap_pvt_thread_mutex_unlock( &slap_daemon[id].sd_mutex ); + if ( do_wake ) + WAKE_LISTENER(id,wake); +} + +time_t +slapd_get_writetime() +{ + time_t cur; + ldap_pvt_thread_mutex_lock( &slap_daemon[0].sd_mutex ); + cur = chk_writetime; + ldap_pvt_thread_mutex_unlock( &slap_daemon[0].sd_mutex ); + return cur; +} + +void +slapd_clr_writetime( time_t old ) +{ + ldap_pvt_thread_mutex_lock( &slap_daemon[0].sd_mutex ); + if ( chk_writetime == old ) + chk_writetime = 0; + ldap_pvt_thread_mutex_unlock( &slap_daemon[0].sd_mutex ); +} + +static void +slapd_close( ber_socket_t s ) +{ + Debug( LDAP_DEBUG_CONNS, "daemon: closing %ld\n", + (long) s, 0, 0 ); + tcp_close( SLAP_FD2SOCK(s) ); +#ifdef HAVE_WINSOCK + slapd_sockdel( s ); +#endif +} + +static void +slap_free_listener_addresses( struct sockaddr **sal ) +{ + struct sockaddr **sap; + if (sal == NULL) return; + for (sap = sal; *sap != NULL; sap++) ch_free(*sap); + ch_free(sal); +} + +#if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD) +static int +get_url_perms( + char **exts, + mode_t *perms, + int *crit ) +{ + int i; + + assert( exts != NULL ); + assert( perms != NULL ); + assert( crit != NULL ); + + *crit = 0; + for ( i = 0; exts[ i ]; i++ ) { + char *type = exts[ i ]; + int c = 0; + + if ( type[ 0 ] == '!' ) { + c = 1; + type++; + } + + if ( strncasecmp( type, LDAPI_MOD_URLEXT "=", + sizeof(LDAPI_MOD_URLEXT "=") - 1 ) == 0 ) + { + char *value = type + ( sizeof(LDAPI_MOD_URLEXT "=") - 1 ); + mode_t p = 0; + int j; + + switch (strlen(value)) { + case 4: + /* skip leading '0' */ + if ( value[ 0 ] != '0' ) return LDAP_OTHER; + value++; + + case 3: + for ( j = 0; j < 3; j++) { + int v; + + v = value[ j ] - '0'; + + if ( v < 0 || v > 7 ) return LDAP_OTHER; + + p |= v << 3*(2-j); + } + break; + + case 10: + for ( j = 1; j < 10; j++ ) { + static mode_t m[] = { 0, + S_IRUSR, S_IWUSR, S_IXUSR, + S_IRGRP, S_IWGRP, S_IXGRP, + S_IROTH, S_IWOTH, S_IXOTH + }; + static const char c[] = "-rwxrwxrwx"; + + if ( value[ j ] == c[ j ] ) { + p |= m[ j ]; + + } else if ( value[ j ] != '-' ) { + return LDAP_OTHER; + } + } + break; + + default: + return LDAP_OTHER; + } + + *crit = c; + *perms = p; + + return LDAP_SUCCESS; + } + } + + return LDAP_OTHER; +} +#endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */ + +/* port = 0 indicates AF_LOCAL */ +static int +slap_get_listener_addresses( + const char *host, + unsigned short port, + struct sockaddr ***sal ) +{ + struct sockaddr **sap; + +#ifdef LDAP_PF_LOCAL + if ( port == 0 ) { + *sal = ch_malloc(2 * sizeof(void *)); + if (*sal == NULL) return -1; + + sap = *sal; + *sap = ch_malloc(sizeof(struct sockaddr_un)); + if (*sap == NULL) goto errexit; + sap[1] = NULL; + + if ( strlen(host) > + (sizeof(((struct sockaddr_un *)*sap)->sun_path) - 1) ) + { + Debug( LDAP_DEBUG_ANY, + "daemon: domain socket path (%s) too long in URL", + host, 0, 0); + goto errexit; + } + + (void)memset( (void *)*sap, '\0', sizeof(struct sockaddr_un) ); + (*sap)->sa_family = AF_LOCAL; + strcpy( ((struct sockaddr_un *)*sap)->sun_path, host ); + } else +#endif /* LDAP_PF_LOCAL */ + { +#ifdef HAVE_GETADDRINFO + struct addrinfo hints, *res, *sai; + int n, err; + char serv[7]; + + memset( &hints, '\0', sizeof(hints) ); + hints.ai_flags = AI_PASSIVE; + hints.ai_socktype = SOCK_STREAM; + hints.ai_family = slap_inet4or6; + snprintf(serv, sizeof serv, "%d", port); + + if ( (err = getaddrinfo(host, serv, &hints, &res)) ) { + Debug( LDAP_DEBUG_ANY, "daemon: getaddrinfo() failed: %s\n", + AC_GAI_STRERROR(err), 0, 0); + return -1; + } + + sai = res; + for (n=2; (sai = sai->ai_next) != NULL; n++) { + /* EMPTY */ ; + } + *sal = ch_calloc(n, sizeof(void *)); + if (*sal == NULL) return -1; + + sap = *sal; + *sap = NULL; + + for ( sai=res; sai; sai=sai->ai_next ) { + if( sai->ai_addr == NULL ) { + Debug( LDAP_DEBUG_ANY, "slap_get_listener_addresses: " + "getaddrinfo ai_addr is NULL?\n", 0, 0, 0 ); + freeaddrinfo(res); + goto errexit; + } + + switch (sai->ai_family) { +# ifdef LDAP_PF_INET6 + case AF_INET6: + *sap = ch_malloc(sizeof(struct sockaddr_in6)); + if (*sap == NULL) { + freeaddrinfo(res); + goto errexit; + } + *(struct sockaddr_in6 *)*sap = + *((struct sockaddr_in6 *)sai->ai_addr); + break; +# endif /* LDAP_PF_INET6 */ + case AF_INET: + *sap = ch_malloc(sizeof(struct sockaddr_in)); + if (*sap == NULL) { + freeaddrinfo(res); + goto errexit; + } + *(struct sockaddr_in *)*sap = + *((struct sockaddr_in *)sai->ai_addr); + break; + default: + *sap = NULL; + break; + } + + if (*sap != NULL) { + (*sap)->sa_family = sai->ai_family; + sap++; + *sap = NULL; + } + } + + freeaddrinfo(res); + +#else /* ! HAVE_GETADDRINFO */ + int i, n = 1; + struct in_addr in; + struct hostent *he = NULL; + + if ( host == NULL ) { + in.s_addr = htonl(INADDR_ANY); + + } else if ( !inet_aton( host, &in ) ) { + he = gethostbyname( host ); + if( he == NULL ) { + Debug( LDAP_DEBUG_ANY, + "daemon: invalid host %s", host, 0, 0); + return -1; + } + for (n = 0; he->h_addr_list[n]; n++) /* empty */; + } + + *sal = ch_malloc((n+1) * sizeof(void *)); + if (*sal == NULL) return -1; + + sap = *sal; + for ( i = 0; i<n; i++ ) { + sap[i] = ch_malloc(sizeof(struct sockaddr_in)); + if (*sap == NULL) goto errexit; + + (void)memset( (void *)sap[i], '\0', sizeof(struct sockaddr_in) ); + sap[i]->sa_family = AF_INET; + ((struct sockaddr_in *)sap[i])->sin_port = htons(port); + AC_MEMCPY( &((struct sockaddr_in *)sap[i])->sin_addr, + he ? (struct in_addr *)he->h_addr_list[i] : &in, + sizeof(struct in_addr) ); + } + sap[i] = NULL; +#endif /* ! HAVE_GETADDRINFO */ + } + + return 0; + +errexit: + slap_free_listener_addresses(*sal); + return -1; +} + +static int +slap_open_listener( + const char* url, + int *listeners, + int *cur ) +{ + int num, tmp, rc; + Listener l; + Listener *li; + LDAPURLDesc *lud; + unsigned short port; + int err, addrlen = 0; + struct sockaddr **sal = NULL, **psal; + int socktype = SOCK_STREAM; /* default to COTS */ + ber_socket_t s; + +#if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD) + /* + * use safe defaults + */ + int crit = 1; +#endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */ + + rc = ldap_url_parse( url, &lud ); + + if( rc != LDAP_URL_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, + "daemon: listen URL \"%s\" parse error=%d\n", + url, rc, 0 ); + return rc; + } + + l.sl_url.bv_val = NULL; + l.sl_mute = 0; + l.sl_busy = 0; + +#ifndef HAVE_TLS + if( ldap_pvt_url_scheme2tls( lud->lud_scheme ) ) { + Debug( LDAP_DEBUG_ANY, "daemon: TLS not supported (%s)\n", + url, 0, 0 ); + ldap_free_urldesc( lud ); + return -1; + } + + if(! lud->lud_port ) lud->lud_port = LDAP_PORT; + +#else /* HAVE_TLS */ + l.sl_is_tls = ldap_pvt_url_scheme2tls( lud->lud_scheme ); + + if(! lud->lud_port ) { + lud->lud_port = l.sl_is_tls ? LDAPS_PORT : LDAP_PORT; + } +#endif /* HAVE_TLS */ + +#ifdef LDAP_TCP_BUFFER + l.sl_tcp_rmem = 0; + l.sl_tcp_wmem = 0; +#endif /* LDAP_TCP_BUFFER */ + + port = (unsigned short) lud->lud_port; + + tmp = ldap_pvt_url_scheme2proto(lud->lud_scheme); + if ( tmp == LDAP_PROTO_IPC ) { +#ifdef LDAP_PF_LOCAL + if ( lud->lud_host == NULL || lud->lud_host[0] == '\0' ) { + err = slap_get_listener_addresses(LDAPI_SOCK, 0, &sal); + } else { + err = slap_get_listener_addresses(lud->lud_host, 0, &sal); + } +#else /* ! LDAP_PF_LOCAL */ + + Debug( LDAP_DEBUG_ANY, "daemon: URL scheme not supported: %s", + url, 0, 0); + ldap_free_urldesc( lud ); + return -1; +#endif /* ! LDAP_PF_LOCAL */ + } else { + if( lud->lud_host == NULL || lud->lud_host[0] == '\0' + || strcmp(lud->lud_host, "*") == 0 ) + { + err = slap_get_listener_addresses(NULL, port, &sal); + } else { + err = slap_get_listener_addresses(lud->lud_host, port, &sal); + } + } + +#ifdef LDAP_CONNECTIONLESS + l.sl_is_udp = ( tmp == LDAP_PROTO_UDP ); +#endif /* LDAP_CONNECTIONLESS */ + +#if defined(LDAP_PF_LOCAL) || defined(SLAP_X_LISTENER_MOD) + if ( lud->lud_exts ) { + err = get_url_perms( lud->lud_exts, &l.sl_perms, &crit ); + } else { + l.sl_perms = S_IRWXU | S_IRWXO; + } +#endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */ + + ldap_free_urldesc( lud ); + if ( err ) { + slap_free_listener_addresses(sal); + return -1; + } + + /* If we got more than one address returned, we need to make space + * for it in the slap_listeners array. + */ + for ( num=0; sal[num]; num++ ) /* empty */; + if ( num > 1 ) { + *listeners += num-1; + slap_listeners = ch_realloc( slap_listeners, + (*listeners + 1) * sizeof(Listener *) ); + } + + psal = sal; + while ( *sal != NULL ) { + char *af; + switch( (*sal)->sa_family ) { + case AF_INET: + af = "IPv4"; + break; +#ifdef LDAP_PF_INET6 + case AF_INET6: + af = "IPv6"; + break; +#endif /* LDAP_PF_INET6 */ +#ifdef LDAP_PF_LOCAL + case AF_LOCAL: + af = "Local"; + break; +#endif /* LDAP_PF_LOCAL */ + default: + sal++; + continue; + } + +#ifdef LDAP_CONNECTIONLESS + if( l.sl_is_udp ) socktype = SOCK_DGRAM; +#endif /* LDAP_CONNECTIONLESS */ + + s = socket( (*sal)->sa_family, socktype, 0); + if ( s == AC_SOCKET_INVALID ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "daemon: %s socket() failed errno=%d (%s)\n", + af, err, sock_errstr(err) ); + sal++; + continue; + } + l.sl_sd = SLAP_SOCKNEW( s ); + + if ( l.sl_sd >= dtblsize ) { + Debug( LDAP_DEBUG_ANY, + "daemon: listener descriptor %ld is too great %ld\n", + (long) l.sl_sd, (long) dtblsize, 0 ); + tcp_close( s ); + sal++; + continue; + } + +#ifdef LDAP_PF_LOCAL + if ( (*sal)->sa_family == AF_LOCAL ) { + unlink( ((struct sockaddr_un *)*sal)->sun_path ); + } else +#endif /* LDAP_PF_LOCAL */ + { +#ifdef SO_REUSEADDR + /* enable address reuse */ + tmp = 1; + rc = setsockopt( s, SOL_SOCKET, SO_REUSEADDR, + (char *) &tmp, sizeof(tmp) ); + if ( rc == AC_SOCKET_ERROR ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, "slapd(%ld): " + "setsockopt(SO_REUSEADDR) failed errno=%d (%s)\n", + (long) l.sl_sd, err, sock_errstr(err) ); + } +#endif /* SO_REUSEADDR */ + } + + switch( (*sal)->sa_family ) { + case AF_INET: + addrlen = sizeof(struct sockaddr_in); + break; +#ifdef LDAP_PF_INET6 + case AF_INET6: +#ifdef IPV6_V6ONLY + /* Try to use IPv6 sockets for IPv6 only */ + tmp = 1; + rc = setsockopt( s , IPPROTO_IPV6, IPV6_V6ONLY, + (char *) &tmp, sizeof(tmp) ); + if ( rc == AC_SOCKET_ERROR ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, "slapd(%ld): " + "setsockopt(IPV6_V6ONLY) failed errno=%d (%s)\n", + (long) l.sl_sd, err, sock_errstr(err) ); + } +#endif /* IPV6_V6ONLY */ + addrlen = sizeof(struct sockaddr_in6); + break; +#endif /* LDAP_PF_INET6 */ + +#ifdef LDAP_PF_LOCAL + case AF_LOCAL: +#ifdef LOCAL_CREDS + { + int one = 1; + setsockopt( s, 0, LOCAL_CREDS, &one, sizeof( one ) ); + } +#endif /* LOCAL_CREDS */ + + addrlen = sizeof( struct sockaddr_un ); + break; +#endif /* LDAP_PF_LOCAL */ + } + +#ifdef LDAP_PF_LOCAL + /* create socket with all permissions set for those systems + * that honor permissions on sockets (e.g. Linux); typically, + * only write is required. To exploit filesystem permissions, + * place the socket in a directory and use directory's + * permissions. Need write perms to the directory to + * create/unlink the socket; likely need exec perms to access + * the socket (ITS#4709) */ + { + mode_t old_umask = 0; + + if ( (*sal)->sa_family == AF_LOCAL ) { + old_umask = umask( 0 ); + } +#endif /* LDAP_PF_LOCAL */ + rc = bind( s, *sal, addrlen ); +#ifdef LDAP_PF_LOCAL + if ( old_umask != 0 ) { + umask( old_umask ); + } + } +#endif /* LDAP_PF_LOCAL */ + if ( rc ) { + err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "daemon: bind(%ld) failed errno=%d (%s)\n", + (long)l.sl_sd, err, sock_errstr( err ) ); + tcp_close( s ); + sal++; + continue; + } + + switch ( (*sal)->sa_family ) { +#ifdef LDAP_PF_LOCAL + case AF_LOCAL: { + char *path = ((struct sockaddr_un *)*sal)->sun_path; + l.sl_name.bv_len = strlen(path) + STRLENOF("PATH="); + l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len + 1 ); + snprintf( l.sl_name.bv_val, l.sl_name.bv_len + 1, + "PATH=%s", path ); + } break; +#endif /* LDAP_PF_LOCAL */ + + case AF_INET: { + char addr[INET_ADDRSTRLEN]; + const char *s; +#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP ) + s = inet_ntop( AF_INET, &((struct sockaddr_in *)*sal)->sin_addr, + addr, sizeof(addr) ); +#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */ + s = inet_ntoa( ((struct sockaddr_in *) *sal)->sin_addr ); +#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */ + if (!s) s = SLAP_STRING_UNKNOWN; + port = ntohs( ((struct sockaddr_in *)*sal) ->sin_port ); + l.sl_name.bv_val = + ber_memalloc( sizeof("IP=255.255.255.255:65535") ); + snprintf( l.sl_name.bv_val, sizeof("IP=255.255.255.255:65535"), + "IP=%s:%d", s, port ); + l.sl_name.bv_len = strlen( l.sl_name.bv_val ); + } break; + +#ifdef LDAP_PF_INET6 + case AF_INET6: { + char addr[INET6_ADDRSTRLEN]; + const char *s; + s = inet_ntop( AF_INET6, &((struct sockaddr_in6 *)*sal)->sin6_addr, + addr, sizeof addr); + if (!s) s = SLAP_STRING_UNKNOWN; + port = ntohs( ((struct sockaddr_in6 *)*sal)->sin6_port ); + l.sl_name.bv_len = strlen(s) + sizeof("IP=[]:65535"); + l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len ); + snprintf( l.sl_name.bv_val, l.sl_name.bv_len, "IP=[%s]:%d", + s, port ); + l.sl_name.bv_len = strlen( l.sl_name.bv_val ); + } break; +#endif /* LDAP_PF_INET6 */ + + default: + Debug( LDAP_DEBUG_ANY, "daemon: unsupported address family (%d)\n", + (int) (*sal)->sa_family, 0, 0 ); + break; + } + + AC_MEMCPY(&l.sl_sa, *sal, addrlen); + ber_str2bv( url, 0, 1, &l.sl_url); + li = ch_malloc( sizeof( Listener ) ); + *li = l; + slap_listeners[*cur] = li; + (*cur)++; + sal++; + } + + slap_free_listener_addresses(psal); + + if ( l.sl_url.bv_val == NULL ) { + Debug( LDAP_DEBUG_TRACE, + "slap_open_listener: failed on %s\n", url, 0, 0 ); + return -1; + } + + Debug( LDAP_DEBUG_TRACE, "daemon: listener initialized %s\n", + l.sl_url.bv_val, 0, 0 ); + return 0; +} + +static int sockinit(void); +static int sockdestroy(void); + +static int daemon_inited = 0; + +int +slapd_daemon_init( const char *urls ) +{ + int i, j, n, rc; + char **u; + + Debug( LDAP_DEBUG_ARGS, "daemon_init: %s\n", + urls ? urls : "<null>", 0, 0 ); + + for ( i=0; i<SLAPD_MAX_DAEMON_THREADS; i++ ) { + wake_sds[i][0] = AC_SOCKET_INVALID; + wake_sds[i][1] = AC_SOCKET_INVALID; + } + + ldap_pvt_thread_mutex_init( &slap_daemon[0].sd_mutex ); +#ifdef HAVE_TCPD + ldap_pvt_thread_mutex_init( &sd_tcpd_mutex ); +#endif /* TCP Wrappers */ + + daemon_inited = 1; + + if( (rc = sockinit()) != 0 ) return rc; + +#ifdef HAVE_SYSCONF + dtblsize = sysconf( _SC_OPEN_MAX ); +#elif defined(HAVE_GETDTABLESIZE) + dtblsize = getdtablesize(); +#else /* ! HAVE_SYSCONF && ! HAVE_GETDTABLESIZE */ + dtblsize = FD_SETSIZE; +#endif /* ! HAVE_SYSCONF && ! HAVE_GETDTABLESIZE */ + + /* open a pipe (or something equivalent connected to itself). + * we write a byte on this fd whenever we catch a signal. The main + * loop will be select'ing on this socket, and will wake up when + * this byte arrives. + */ + if( (rc = lutil_pair( wake_sds[0] )) < 0 ) { + Debug( LDAP_DEBUG_ANY, + "daemon: lutil_pair() failed rc=%d\n", rc, 0, 0 ); + return rc; + } + ber_pvt_socket_set_nonblock( wake_sds[0][1], 1 ); + + SLAP_SOCK_INIT(0); + + if( urls == NULL ) urls = "ldap:///"; + + u = ldap_str2charray( urls, " " ); + + if( u == NULL || u[0] == NULL ) { + Debug( LDAP_DEBUG_ANY, "daemon_init: no urls (%s) provided.\n", + urls, 0, 0 ); + if ( u ) + ldap_charray_free( u ); + return -1; + } + + for( i=0; u[i] != NULL; i++ ) { + Debug( LDAP_DEBUG_TRACE, "daemon_init: listen on %s\n", + u[i], 0, 0 ); + } + + if( i == 0 ) { + Debug( LDAP_DEBUG_ANY, "daemon_init: no listeners to open (%s)\n", + urls, 0, 0 ); + ldap_charray_free( u ); + return -1; + } + + Debug( LDAP_DEBUG_TRACE, "daemon_init: %d listeners to open...\n", + i, 0, 0 ); + slap_listeners = ch_malloc( (i+1)*sizeof(Listener *) ); + + for(n = 0, j = 0; u[n]; n++ ) { + if ( slap_open_listener( u[n], &i, &j ) ) { + ldap_charray_free( u ); + return -1; + } + } + slap_listeners[j] = NULL; + + Debug( LDAP_DEBUG_TRACE, "daemon_init: %d listeners opened\n", + i, 0, 0 ); + + +#ifdef HAVE_SLP + if( slapd_register_slp ) { + slapd_slp_init( urls ); + slapd_slp_reg(); + } +#endif /* HAVE_SLP */ + + ldap_charray_free( u ); + + return !i; +} + + +int +slapd_daemon_destroy( void ) +{ + connections_destroy(); + if ( daemon_inited ) { + int i; + + for ( i=0; i<slapd_daemon_threads; i++ ) { +#ifdef HAVE_WINSOCK + if ( wake_sds[i][1] != INVALID_SOCKET && + SLAP_FD2SOCK( wake_sds[i][1] ) != SLAP_FD2SOCK( wake_sds[i][0] )) +#endif /* HAVE_WINSOCK */ + tcp_close( SLAP_FD2SOCK(wake_sds[i][1]) ); +#ifdef HAVE_WINSOCK + if ( wake_sds[i][0] != INVALID_SOCKET ) +#endif /* HAVE_WINSOCK */ + tcp_close( SLAP_FD2SOCK(wake_sds[i][0]) ); + ldap_pvt_thread_mutex_destroy( &slap_daemon[i].sd_mutex ); + SLAP_SOCK_DESTROY(i); + } + daemon_inited = 0; +#ifdef HAVE_TCPD + ldap_pvt_thread_mutex_destroy( &sd_tcpd_mutex ); +#endif /* TCP Wrappers */ + } + sockdestroy(); + +#ifdef HAVE_SLP + if( slapd_register_slp ) { + slapd_slp_dereg(); + slapd_slp_deinit(); + } +#endif /* HAVE_SLP */ + + return 0; +} + + +static void +close_listeners( + int remove ) +{ + int l; + + if ( !listening ) + return; + listening = 0; + + for ( l = 0; slap_listeners[l] != NULL; l++ ) { + Listener *lr = slap_listeners[l]; + + if ( lr->sl_sd != AC_SOCKET_INVALID ) { + int s = lr->sl_sd; + lr->sl_sd = AC_SOCKET_INVALID; + if ( remove ) slapd_remove( s, NULL, 0, 0, 0 ); + +#ifdef LDAP_PF_LOCAL + if ( lr->sl_sa.sa_addr.sa_family == AF_LOCAL ) { + unlink( lr->sl_sa.sa_un_addr.sun_path ); + } +#endif /* LDAP_PF_LOCAL */ + + slapd_close( s ); + } + } +} + +static void +destroy_listeners( void ) +{ + Listener *lr, **ll = slap_listeners; + + if ( ll == NULL ) + return; + + while ( (lr = *ll++) != NULL ) { + if ( lr->sl_url.bv_val ) { + ber_memfree( lr->sl_url.bv_val ); + } + + if ( lr->sl_name.bv_val ) { + ber_memfree( lr->sl_name.bv_val ); + } + + free( lr ); + } + + free( slap_listeners ); + slap_listeners = NULL; +} + +static int +slap_listener( + Listener *sl ) +{ + Sockaddr from; + + ber_socket_t s, sfd; + ber_socklen_t len = sizeof(from); + Connection *c; + slap_ssf_t ssf = 0; + struct berval authid = BER_BVNULL; +#ifdef SLAPD_RLOOKUPS + char hbuf[NI_MAXHOST]; +#endif /* SLAPD_RLOOKUPS */ + + char *dnsname = NULL; + const char *peeraddr = NULL; + /* we assume INET6_ADDRSTRLEN > INET_ADDRSTRLEN */ + char addr[INET6_ADDRSTRLEN]; +#ifdef LDAP_PF_LOCAL + char peername[MAXPATHLEN + sizeof("PATH=")]; +#ifdef LDAP_PF_LOCAL_SENDMSG + char peerbuf[8]; + struct berval peerbv = BER_BVNULL; +#endif +#elif defined(LDAP_PF_INET6) + char peername[sizeof("IP=[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535")]; +#else /* ! LDAP_PF_LOCAL && ! LDAP_PF_INET6 */ + char peername[sizeof("IP=255.255.255.255:65336")]; +#endif /* LDAP_PF_LOCAL */ + int cflag; + int tid; + + Debug( LDAP_DEBUG_TRACE, + ">>> slap_listener(%s)\n", + sl->sl_url.bv_val, 0, 0 ); + + peername[0] = '\0'; + +#ifdef LDAP_CONNECTIONLESS + if ( sl->sl_is_udp ) return 1; +#endif /* LDAP_CONNECTIONLESS */ + +# ifdef LDAP_PF_LOCAL + /* FIXME: apparently accept doesn't fill + * the sun_path sun_path member */ + from.sa_un_addr.sun_path[0] = '\0'; +# endif /* LDAP_PF_LOCAL */ + + s = accept( SLAP_FD2SOCK( sl->sl_sd ), (struct sockaddr *) &from, &len ); + + /* Resume the listener FD to allow concurrent-processing of + * additional incoming connections. + */ + sl->sl_busy = 0; + WAKE_LISTENER(DAEMON_ID(sl->sl_sd),1); + + if ( s == AC_SOCKET_INVALID ) { + int err = sock_errno(); + + if( +#ifdef EMFILE + err == EMFILE || +#endif /* EMFILE */ +#ifdef ENFILE + err == ENFILE || +#endif /* ENFILE */ + 0 ) + { + ldap_pvt_thread_mutex_lock( &slap_daemon[0].sd_mutex ); + emfile++; + /* Stop listening until an existing session closes */ + sl->sl_mute = 1; + ldap_pvt_thread_mutex_unlock( &slap_daemon[0].sd_mutex ); + } + + Debug( LDAP_DEBUG_ANY, + "daemon: accept(%ld) failed errno=%d (%s)\n", + (long) sl->sl_sd, err, sock_errstr(err) ); + ldap_pvt_thread_yield(); + return 0; + } + sfd = SLAP_SOCKNEW( s ); + + /* make sure descriptor number isn't too great */ + if ( sfd >= dtblsize ) { + Debug( LDAP_DEBUG_ANY, + "daemon: %ld beyond descriptor table size %ld\n", + (long) sfd, (long) dtblsize, 0 ); + + tcp_close(s); + ldap_pvt_thread_yield(); + return 0; + } + tid = DAEMON_ID(sfd); + +#ifdef LDAP_DEBUG + ldap_pvt_thread_mutex_lock( &slap_daemon[tid].sd_mutex ); + /* newly accepted stream should not be in any of the FD SETS */ + assert( SLAP_SOCK_NOT_ACTIVE( tid, sfd )); + ldap_pvt_thread_mutex_unlock( &slap_daemon[tid].sd_mutex ); +#endif /* LDAP_DEBUG */ + +#if defined( SO_KEEPALIVE ) || defined( TCP_NODELAY ) +#ifdef LDAP_PF_LOCAL + /* for IPv4 and IPv6 sockets only */ + if ( from.sa_addr.sa_family != AF_LOCAL ) +#endif /* LDAP_PF_LOCAL */ + { + int rc; + int tmp; +#ifdef SO_KEEPALIVE + /* enable keep alives */ + tmp = 1; + rc = setsockopt( s, SOL_SOCKET, SO_KEEPALIVE, + (char *) &tmp, sizeof(tmp) ); + if ( rc == AC_SOCKET_ERROR ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "slapd(%ld): setsockopt(SO_KEEPALIVE) failed " + "errno=%d (%s)\n", (long) sfd, err, sock_errstr(err) ); + } +#endif /* SO_KEEPALIVE */ +#ifdef TCP_NODELAY + /* enable no delay */ + tmp = 1; + rc = setsockopt( s, IPPROTO_TCP, TCP_NODELAY, + (char *)&tmp, sizeof(tmp) ); + if ( rc == AC_SOCKET_ERROR ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "slapd(%ld): setsockopt(TCP_NODELAY) failed " + "errno=%d (%s)\n", (long) sfd, err, sock_errstr(err) ); + } +#endif /* TCP_NODELAY */ + } +#endif /* SO_KEEPALIVE || TCP_NODELAY */ + + Debug( LDAP_DEBUG_CONNS, + "daemon: listen=%ld, new connection on %ld\n", + (long) sl->sl_sd, (long) sfd, 0 ); + + cflag = 0; + switch ( from.sa_addr.sa_family ) { +# ifdef LDAP_PF_LOCAL + case AF_LOCAL: + cflag |= CONN_IS_IPC; + + /* FIXME: apparently accept doesn't fill + * the sun_path sun_path member */ + if ( from.sa_un_addr.sun_path[0] == '\0' ) { + AC_MEMCPY( from.sa_un_addr.sun_path, + sl->sl_sa.sa_un_addr.sun_path, + sizeof( from.sa_un_addr.sun_path ) ); + } + + sprintf( peername, "PATH=%s", from.sa_un_addr.sun_path ); + ssf = local_ssf; + { + uid_t uid; + gid_t gid; + +#ifdef LDAP_PF_LOCAL_SENDMSG + peerbv.bv_val = peerbuf; + peerbv.bv_len = sizeof( peerbuf ); +#endif + if( LUTIL_GETPEEREID( s, &uid, &gid, &peerbv ) == 0 ) { + authid.bv_val = ch_malloc( + STRLENOF( "gidNumber=4294967295+uidNumber=4294967295," + "cn=peercred,cn=external,cn=auth" ) + 1 ); + authid.bv_len = sprintf( authid.bv_val, + "gidNumber=%d+uidNumber=%d," + "cn=peercred,cn=external,cn=auth", + (int) gid, (int) uid ); + assert( authid.bv_len <= + STRLENOF( "gidNumber=4294967295+uidNumber=4294967295," + "cn=peercred,cn=external,cn=auth" ) ); + } + } + dnsname = "local"; + break; +#endif /* LDAP_PF_LOCAL */ + +# ifdef LDAP_PF_INET6 + case AF_INET6: + if ( IN6_IS_ADDR_V4MAPPED(&from.sa_in6_addr.sin6_addr) ) { +#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP ) + peeraddr = inet_ntop( AF_INET, + ((struct in_addr *)&from.sa_in6_addr.sin6_addr.s6_addr[12]), + addr, sizeof(addr) ); +#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */ + peeraddr = inet_ntoa( *((struct in_addr *) + &from.sa_in6_addr.sin6_addr.s6_addr[12]) ); +#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */ + if ( !peeraddr ) peeraddr = SLAP_STRING_UNKNOWN; + sprintf( peername, "IP=%s:%d", peeraddr, + (unsigned) ntohs( from.sa_in6_addr.sin6_port ) ); + } else { + peeraddr = inet_ntop( AF_INET6, + &from.sa_in6_addr.sin6_addr, + addr, sizeof addr ); + if ( !peeraddr ) peeraddr = SLAP_STRING_UNKNOWN; + sprintf( peername, "IP=[%s]:%d", peeraddr, + (unsigned) ntohs( from.sa_in6_addr.sin6_port ) ); + } + break; +# endif /* LDAP_PF_INET6 */ + + case AF_INET: { +#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP ) + peeraddr = inet_ntop( AF_INET, &from.sa_in_addr.sin_addr, + addr, sizeof(addr) ); +#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */ + peeraddr = inet_ntoa( from.sa_in_addr.sin_addr ); +#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */ + if ( !peeraddr ) peeraddr = SLAP_STRING_UNKNOWN; + sprintf( peername, "IP=%s:%d", peeraddr, + (unsigned) ntohs( from.sa_in_addr.sin_port ) ); + } break; + + default: + slapd_close(sfd); + return 0; + } + + if ( ( from.sa_addr.sa_family == AF_INET ) +#ifdef LDAP_PF_INET6 + || ( from.sa_addr.sa_family == AF_INET6 ) +#endif /* LDAP_PF_INET6 */ + ) + { + dnsname = NULL; +#ifdef SLAPD_RLOOKUPS + if ( use_reverse_lookup ) { + char *herr; + if (ldap_pvt_get_hname( (const struct sockaddr *)&from, len, hbuf, + sizeof(hbuf), &herr ) == 0) { + ldap_pvt_str2lower( hbuf ); + dnsname = hbuf; + } + } +#endif /* SLAPD_RLOOKUPS */ + +#ifdef HAVE_TCPD + { + int rc; + ldap_pvt_thread_mutex_lock( &sd_tcpd_mutex ); + rc = hosts_ctl("slapd", + dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN, + peeraddr, + SLAP_STRING_UNKNOWN ); + ldap_pvt_thread_mutex_unlock( &sd_tcpd_mutex ); + if ( !rc ) { + /* DENY ACCESS */ + Statslog( LDAP_DEBUG_STATS, + "fd=%ld DENIED from %s (%s)\n", + (long) sfd, + dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN, + peeraddr, 0, 0 ); + slapd_close(sfd); + return 0; + } + } +#endif /* HAVE_TCPD */ + } + +#ifdef HAVE_TLS + if ( sl->sl_is_tls ) cflag |= CONN_IS_TLS; +#endif + c = connection_init(sfd, sl, + dnsname != NULL ? dnsname : SLAP_STRING_UNKNOWN, + peername, cflag, ssf, + authid.bv_val ? &authid : NULL + LDAP_PF_LOCAL_SENDMSG_ARG(&peerbv)); + + if( authid.bv_val ) ch_free(authid.bv_val); + + if( !c ) { + Debug( LDAP_DEBUG_ANY, + "daemon: connection_init(%ld, %s, %s) failed.\n", + (long) sfd, peername, sl->sl_name.bv_val ); + slapd_close(sfd); + } + + return 0; +} + +static void* +slap_listener_thread( + void* ctx, + void* ptr ) +{ + int rc; + Listener *sl = (Listener *)ptr; + + rc = slap_listener( sl ); + + if( rc != LDAP_SUCCESS ) { + Debug( LDAP_DEBUG_ANY, + "slap_listener_thread(%s): failed err=%d", + sl->sl_url.bv_val, rc, 0 ); + } + + return (void*)NULL; +} + +static int +slap_listener_activate( + Listener* sl ) +{ + int rc; + + Debug( LDAP_DEBUG_TRACE, "slap_listener_activate(%d): %s\n", + sl->sl_sd, sl->sl_busy ? "busy" : "", 0 ); + + sl->sl_busy = 1; + + rc = ldap_pvt_thread_pool_submit( &connection_pool, + slap_listener_thread, (void *) sl ); + + if( rc != 0 ) { + Debug( LDAP_DEBUG_ANY, + "slap_listener_activate(%d): submit failed (%d)\n", + sl->sl_sd, rc, 0 ); + } + return rc; +} + +static void * +slapd_daemon_task( + void *ptr ) +{ + int l; + time_t last_idle_check = 0; + int ebadf = 0; + int tid = (ldap_pvt_thread_t *) ptr - listener_tid; + +#define SLAPD_IDLE_CHECK_LIMIT 4 + + slapd_add( wake_sds[tid][0], 0, NULL, tid ); + if ( tid ) + goto loop; + + /* Init stuff done only by thread 0 */ + + last_idle_check = slap_get_time(); + + for ( l = 0; slap_listeners[l] != NULL; l++ ) { + if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ) continue; + +#ifdef LDAP_CONNECTIONLESS + /* Since this is connectionless, the data port is the + * listening port. The listen() and accept() calls + * are unnecessary. + */ + if ( slap_listeners[l]->sl_is_udp ) + continue; +#endif /* LDAP_CONNECTIONLESS */ + + /* FIXME: TCP-only! */ +#ifdef LDAP_TCP_BUFFER + if ( 1 ) { + int origsize, size, realsize, rc; + socklen_t optlen; + char buf[ SLAP_TEXT_BUFLEN ]; + + size = 0; + if ( slap_listeners[l]->sl_tcp_rmem > 0 ) { + size = slap_listeners[l]->sl_tcp_rmem; + } else if ( slapd_tcp_rmem > 0 ) { + size = slapd_tcp_rmem; + } + + if ( size > 0 ) { + optlen = sizeof( origsize ); + rc = getsockopt( SLAP_FD2SOCK( slap_listeners[l]->sl_sd ), + SOL_SOCKET, + SO_RCVBUF, + (void *)&origsize, + &optlen ); + + if ( rc ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "slapd_daemon_task: getsockopt(SO_RCVBUF) failed errno=%d (%s)\n", + err, sock_errstr(err), 0 ); + } + + optlen = sizeof( size ); + rc = setsockopt( SLAP_FD2SOCK( slap_listeners[l]->sl_sd ), + SOL_SOCKET, + SO_RCVBUF, + (const void *)&size, + optlen ); + + if ( rc ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "slapd_daemon_task: setsockopt(SO_RCVBUF) failed errno=%d (%s)\n", + err, sock_errstr(err), 0 ); + } + + optlen = sizeof( realsize ); + rc = getsockopt( SLAP_FD2SOCK( slap_listeners[l]->sl_sd ), + SOL_SOCKET, + SO_RCVBUF, + (void *)&realsize, + &optlen ); + + if ( rc ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "slapd_daemon_task: getsockopt(SO_RCVBUF) failed errno=%d (%s)\n", + err, sock_errstr(err), 0 ); + } + + snprintf( buf, sizeof( buf ), + "url=%s (#%d) RCVBUF original size=%d requested size=%d real size=%d", + slap_listeners[l]->sl_url.bv_val, l, origsize, size, realsize ); + Debug( LDAP_DEBUG_ANY, + "slapd_daemon_task: %s\n", + buf, 0, 0 ); + } + + size = 0; + if ( slap_listeners[l]->sl_tcp_wmem > 0 ) { + size = slap_listeners[l]->sl_tcp_wmem; + } else if ( slapd_tcp_wmem > 0 ) { + size = slapd_tcp_wmem; + } + + if ( size > 0 ) { + optlen = sizeof( origsize ); + rc = getsockopt( SLAP_FD2SOCK( slap_listeners[l]->sl_sd ), + SOL_SOCKET, + SO_SNDBUF, + (void *)&origsize, + &optlen ); + + if ( rc ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "slapd_daemon_task: getsockopt(SO_SNDBUF) failed errno=%d (%s)\n", + err, sock_errstr(err), 0 ); + } + + optlen = sizeof( size ); + rc = setsockopt( SLAP_FD2SOCK( slap_listeners[l]->sl_sd ), + SOL_SOCKET, + SO_SNDBUF, + (const void *)&size, + optlen ); + + if ( rc ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "slapd_daemon_task: setsockopt(SO_SNDBUF) failed errno=%d (%s)", + err, sock_errstr(err), 0 ); + } + + optlen = sizeof( realsize ); + rc = getsockopt( SLAP_FD2SOCK( slap_listeners[l]->sl_sd ), + SOL_SOCKET, + SO_SNDBUF, + (void *)&realsize, + &optlen ); + + if ( rc ) { + int err = sock_errno(); + Debug( LDAP_DEBUG_ANY, + "slapd_daemon_task: getsockopt(SO_SNDBUF) failed errno=%d (%s)\n", + err, sock_errstr(err), 0 ); + } + + snprintf( buf, sizeof( buf ), + "url=%s (#%d) SNDBUF original size=%d requested size=%d real size=%d", + slap_listeners[l]->sl_url.bv_val, l, origsize, size, realsize ); + Debug( LDAP_DEBUG_ANY, + "slapd_daemon_task: %s\n", + buf, 0, 0 ); + } + } +#endif /* LDAP_TCP_BUFFER */ + + if ( listen( SLAP_FD2SOCK( slap_listeners[l]->sl_sd ), SLAPD_LISTEN_BACKLOG ) == -1 ) { + int err = sock_errno(); + +#ifdef LDAP_PF_INET6 + /* If error is EADDRINUSE, we are trying to listen to INADDR_ANY and + * we are already listening to in6addr_any, then we want to ignore + * this and continue. + */ + if ( err == EADDRINUSE ) { + int i; + struct sockaddr_in sa = slap_listeners[l]->sl_sa.sa_in_addr; + struct sockaddr_in6 sa6; + + if ( sa.sin_family == AF_INET && + sa.sin_addr.s_addr == htonl(INADDR_ANY) ) { + for ( i = 0 ; i < l; i++ ) { + sa6 = slap_listeners[i]->sl_sa.sa_in6_addr; + if ( sa6.sin6_family == AF_INET6 && + !memcmp( &sa6.sin6_addr, &in6addr_any, + sizeof(struct in6_addr) ) ) + { + break; + } + } + + if ( i < l ) { + /* We are already listening to in6addr_any */ + Debug( LDAP_DEBUG_CONNS, + "daemon: Attempt to listen to 0.0.0.0 failed, " + "already listening on ::, assuming IPv4 included\n", + 0, 0, 0 ); + slapd_close( slap_listeners[l]->sl_sd ); + slap_listeners[l]->sl_sd = AC_SOCKET_INVALID; + continue; + } + } + } +#endif /* LDAP_PF_INET6 */ + Debug( LDAP_DEBUG_ANY, + "daemon: listen(%s, 5) failed errno=%d (%s)\n", + slap_listeners[l]->sl_url.bv_val, err, + sock_errstr(err) ); + return (void*)-1; + } + + /* make the listening socket non-blocking */ + if ( ber_pvt_socket_set_nonblock( SLAP_FD2SOCK( slap_listeners[l]->sl_sd ), 1 ) < 0 ) { + Debug( LDAP_DEBUG_ANY, "slapd_daemon_task: " + "set nonblocking on a listening socket failed\n", + 0, 0, 0 ); + slapd_shutdown = 2; + return (void*)-1; + } + + slapd_add( slap_listeners[l]->sl_sd, 0, slap_listeners[l], -1 ); + } + +#ifdef HAVE_NT_SERVICE_MANAGER + if ( started_event != NULL ) { + ldap_pvt_thread_cond_signal( &started_event ); + } +#endif /* HAVE_NT_SERVICE_MANAGER */ + +loop: + + /* initialization complete. Here comes the loop. */ + + while ( !slapd_shutdown ) { + ber_socket_t i; + int ns, nwriters; + int at; + ber_socket_t nfds; +#if SLAP_EVENTS_ARE_INDEXED + ber_socket_t nrfds, nwfds; +#endif /* SLAP_EVENTS_ARE_INDEXED */ +#define SLAPD_EBADF_LIMIT 16 + + time_t now; + + SLAP_EVENT_DECL; + + struct timeval tv; + struct timeval *tvp; + + struct timeval cat; + time_t tdelta = 1; + struct re_s* rtask; + + now = slap_get_time(); + + if ( !tid && ( global_idletimeout > 0 || chk_writetime )) { + int check = 0; + /* Set the select timeout. + * Don't just truncate, preserve the fractions of + * seconds to prevent sleeping for zero time. + */ + if ( chk_writetime ) { + tv.tv_sec = global_writetimeout; + tv.tv_usec = 0; + if ( difftime( chk_writetime, now ) < 0 ) + check = 2; + } else { + tv.tv_sec = global_idletimeout / SLAPD_IDLE_CHECK_LIMIT; + tv.tv_usec = global_idletimeout - \ + ( tv.tv_sec * SLAPD_IDLE_CHECK_LIMIT ); + tv.tv_usec *= 1000000 / SLAPD_IDLE_CHECK_LIMIT; + if ( difftime( last_idle_check + + global_idletimeout/SLAPD_IDLE_CHECK_LIMIT, now ) < 0 ) + check = 1; + } + if ( check ) { + connections_timeout_idle( now ); + last_idle_check = now; + } + } else { + tv.tv_sec = 0; + tv.tv_usec = 0; + } + +#ifdef SIGHUP + if ( slapd_gentle_shutdown ) { + ber_socket_t active; + + if ( !tid && slapd_gentle_shutdown == 1 ) { + BackendDB *be; + Debug( LDAP_DEBUG_ANY, "slapd gentle shutdown\n", 0, 0, 0 ); + close_listeners( 1 ); + frontendDB->be_restrictops |= SLAP_RESTRICT_OP_WRITES; + LDAP_STAILQ_FOREACH(be, &backendDB, be_next) { + be->be_restrictops |= SLAP_RESTRICT_OP_WRITES; + } + slapd_gentle_shutdown = 2; + } + + ldap_pvt_thread_mutex_lock( &slap_daemon[tid].sd_mutex ); + active = slap_daemon[tid].sd_nactives; + ldap_pvt_thread_mutex_unlock( &slap_daemon[tid].sd_mutex ); + + if ( active == 0 ) { + if ( !tid ) { + for ( l=1; l<slapd_daemon_threads; l++ ) { + ldap_pvt_thread_mutex_lock( &slap_daemon[l].sd_mutex ); + active += slap_daemon[l].sd_nactives; + ldap_pvt_thread_mutex_unlock( &slap_daemon[l].sd_mutex ); + } + if ( !active ) + slapd_shutdown = 1; + } + if ( !active ) + break; + } + } +#endif /* SIGHUP */ + at = 0; + + ldap_pvt_thread_mutex_lock( &slap_daemon[tid].sd_mutex ); + + nwriters = slap_daemon[tid].sd_nwriters; + + if ( listening ) + for ( l = 0; slap_listeners[l] != NULL; l++ ) { + Listener *lr = slap_listeners[l]; + + if ( lr->sl_sd == AC_SOCKET_INVALID ) continue; + if ( DAEMON_ID( lr->sl_sd ) != tid ) continue; + + if ( lr->sl_mute || lr->sl_busy ) + { + SLAP_SOCK_CLR_READ( tid, lr->sl_sd ); + } else { + SLAP_SOCK_SET_READ( tid, lr->sl_sd ); + } + } + + SLAP_EVENT_INIT(tid); + + nfds = SLAP_EVENT_MAX(tid); + + if (( chk_writetime || global_idletimeout ) && slap_daemon[tid].sd_nactives ) at = 1; + + ldap_pvt_thread_mutex_unlock( &slap_daemon[tid].sd_mutex ); + + if ( at +#if defined(HAVE_YIELDING_SELECT) || defined(NO_THREADS) + && ( tv.tv_sec || tv.tv_usec ) +#endif /* HAVE_YIELDING_SELECT || NO_THREADS */ + ) + { + tvp = &tv; + } else { + tvp = NULL; + } + + /* Only thread 0 handles runqueue */ + if ( !tid ) { + ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); + rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat ); + while ( rtask && cat.tv_sec && cat.tv_sec <= now ) { + if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) { + ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 ); + } else { + ldap_pvt_runqueue_runtask( &slapd_rq, rtask ); + ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 ); + ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); + ldap_pvt_thread_pool_submit( &connection_pool, + rtask->routine, (void *) rtask ); + ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); + } + rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat ); + } + ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); + + if ( rtask && cat.tv_sec ) { + /* NOTE: diff __should__ always be >= 0, + * AFAI understand; however (ITS#4872), + * time_t might be unsigned in some systems, + * while difftime() returns a double */ + double diff = difftime( cat.tv_sec, now ); + if ( diff <= 0 ) { + diff = tdelta; + } + if ( tvp == NULL || diff < tv.tv_sec ) { + tv.tv_sec = diff; + tv.tv_usec = 0; + tvp = &tv; + } + } + } + + for ( l = 0; slap_listeners[l] != NULL; l++ ) { + Listener *lr = slap_listeners[l]; + + if ( lr->sl_sd == AC_SOCKET_INVALID ) { + continue; + } + + if ( lr->sl_mute ) { + Debug( LDAP_DEBUG_CONNS, + "daemon: " SLAP_EVENT_FNAME ": " + "listen=%d muted\n", + lr->sl_sd, 0, 0 ); + continue; + } + + if ( lr->sl_busy ) { + Debug( LDAP_DEBUG_CONNS, + "daemon: " SLAP_EVENT_FNAME ": " + "listen=%d busy\n", + lr->sl_sd, 0, 0 ); + continue; + } + + Debug( LDAP_DEBUG_CONNS, + "daemon: " SLAP_EVENT_FNAME ": " + "listen=%d active_threads=%d tvp=%s\n", + lr->sl_sd, at, tvp == NULL ? "NULL" : "zero" ); + } + + SLAP_EVENT_WAIT( tid, tvp, &ns ); + switch ( ns ) { + case -1: { /* failure - try again */ + int err = sock_errno(); + + if ( err != EINTR ) { + ebadf++; + + /* Don't log unless we got it twice in a row */ + if ( !( ebadf & 1 ) ) { + Debug( LDAP_DEBUG_ANY, + "daemon: " + SLAP_EVENT_FNAME + " failed count %d " + "err (%d): %s\n", + ebadf, err, + sock_errstr( err ) ); + } + if ( ebadf >= SLAPD_EBADF_LIMIT ) { + slapd_shutdown = 2; + } + } + } + continue; + + case 0: /* timeout - let threads run */ + ebadf = 0; +#ifndef HAVE_YIELDING_SELECT + Debug( LDAP_DEBUG_CONNS, "daemon: " SLAP_EVENT_FNAME + "timeout - yielding\n", + 0, 0, 0 ); + + ldap_pvt_thread_yield(); +#endif /* ! HAVE_YIELDING_SELECT */ + continue; + + default: /* something happened - deal with it */ + if ( slapd_shutdown ) continue; + + ebadf = 0; + Debug( LDAP_DEBUG_CONNS, + "daemon: activity on %d descriptor%s\n", + ns, ns != 1 ? "s" : "", 0 ); + /* FALL THRU */ + } + +#if SLAP_EVENTS_ARE_INDEXED + if ( SLAP_EVENT_IS_READ( wake_sds[tid][0] ) ) { + char c[BUFSIZ]; + SLAP_EVENT_CLR_READ( wake_sds[tid][0] ); + waking = 0; + tcp_read( SLAP_FD2SOCK(wake_sds[tid][0]), c, sizeof(c) ); + Debug( LDAP_DEBUG_CONNS, "daemon: waked\n", 0, 0, 0 ); + continue; + } + + /* The event slot equals the descriptor number - this is + * true for Unix select and poll. We treat Windows select + * like this too, even though it's a kludge. + */ + if ( listening ) + for ( l = 0; slap_listeners[l] != NULL; l++ ) { + int rc; + + if ( ns <= 0 ) break; + if ( slap_listeners[l]->sl_sd == AC_SOCKET_INVALID ) continue; +#ifdef LDAP_CONNECTIONLESS + if ( slap_listeners[l]->sl_is_udp ) continue; +#endif /* LDAP_CONNECTIONLESS */ + if ( !SLAP_EVENT_IS_READ( slap_listeners[l]->sl_sd ) ) continue; + + /* clear events */ + SLAP_EVENT_CLR_READ( slap_listeners[l]->sl_sd ); + SLAP_EVENT_CLR_WRITE( slap_listeners[l]->sl_sd ); + ns--; + + rc = slap_listener_activate( slap_listeners[l] ); + } + + /* bypass the following tests if no descriptors left */ + if ( ns <= 0 ) { +#ifndef HAVE_YIELDING_SELECT + ldap_pvt_thread_yield(); +#endif /* HAVE_YIELDING_SELECT */ + continue; + } + + Debug( LDAP_DEBUG_CONNS, "daemon: activity on:", 0, 0, 0 ); + nrfds = 0; + nwfds = 0; + for ( i = 0; i < nfds; i++ ) { + int r, w; + + r = SLAP_EVENT_IS_READ( i ); + /* writefds was not initialized if nwriters was zero */ + w = nwriters ? SLAP_EVENT_IS_WRITE( i ) : 0; + if ( r || w ) { + Debug( LDAP_DEBUG_CONNS, " %d%s%s", i, + r ? "r" : "", w ? "w" : "" ); + if ( r ) { + nrfds++; + ns--; + } + if ( w ) { + nwfds++; + ns--; + } + } + if ( ns <= 0 ) break; + } + Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 ); + + /* loop through the writers */ + for ( i = 0; nwfds > 0; i++ ) { + ber_socket_t wd; + if ( ! SLAP_EVENT_IS_WRITE( i ) ) continue; + wd = i; + + SLAP_EVENT_CLR_WRITE( wd ); + nwfds--; + + Debug( LDAP_DEBUG_CONNS, + "daemon: write active on %d\n", + wd, 0, 0 ); + + /* + * NOTE: it is possible that the connection was closed + * and that the stream is now inactive. + * connection_write() must validate the stream is still + * active. + * + * ITS#4338: if the stream is invalid, there is no need to + * close it here. It has already been closed in connection.c. + */ + if ( connection_write( wd ) < 0 ) { + if ( SLAP_EVENT_IS_READ( wd ) ) { + SLAP_EVENT_CLR_READ( (unsigned) wd ); + nrfds--; + } + } + } + + for ( i = 0; nrfds > 0; i++ ) { + ber_socket_t rd; + if ( ! SLAP_EVENT_IS_READ( i ) ) continue; + rd = i; + SLAP_EVENT_CLR_READ( rd ); + nrfds--; + + Debug ( LDAP_DEBUG_CONNS, + "daemon: read activity on %d\n", rd, 0, 0 ); + /* + * NOTE: it is possible that the connection was closed + * and that the stream is now inactive. + * connection_read() must valid the stream is still + * active. + */ + + connection_read_activate( rd ); + } +#else /* !SLAP_EVENTS_ARE_INDEXED */ + /* FIXME */ + /* The events are returned in an arbitrary list. This is true + * for /dev/poll, epoll and kqueue. In order to prioritize things + * so that we can handle wake_sds first, listeners second, and then + * all other connections last (as we do for select), we would need + * to use multiple event handles and cascade them. + * + * That seems like a bit of hassle. So the wake_sds check has been + * skipped. For epoll and kqueue we can associate arbitrary data with + * an event, so we could use pointers to the listener structure + * instead of just the file descriptor. For /dev/poll we have to + * search the listeners array for a matching descriptor. + * + * We now handle wake events when we see them; they are not given + * higher priority. + */ +#ifdef LDAP_DEBUG + Debug( LDAP_DEBUG_CONNS, "daemon: activity on:", 0, 0, 0 ); + + for ( i = 0; i < ns; i++ ) { + int r, w, fd; + + /* Don't log listener events */ + if ( SLAP_EVENT_IS_LISTENER( tid, i ) +#ifdef LDAP_CONNECTIONLESS + && !( (SLAP_EVENT_LISTENER( tid, i ))->sl_is_udp ) +#endif /* LDAP_CONNECTIONLESS */ + ) + { + continue; + } + + fd = SLAP_EVENT_FD( tid, i ); + /* Don't log internal wake events */ + if ( fd == wake_sds[tid][0] ) continue; + + r = SLAP_EVENT_IS_READ( i ); + w = SLAP_EVENT_IS_WRITE( i ); + if ( r || w ) { + Debug( LDAP_DEBUG_CONNS, " %d%s%s", fd, + r ? "r" : "", w ? "w" : "" ); + } + } + Debug( LDAP_DEBUG_CONNS, "\n", 0, 0, 0 ); +#endif /* LDAP_DEBUG */ + + for ( i = 0; i < ns; i++ ) { + int rc = 1, fd, w = 0, r = 0; + + if ( SLAP_EVENT_IS_LISTENER( tid, i ) ) { + rc = slap_listener_activate( SLAP_EVENT_LISTENER( tid, i ) ); + } + + /* If we found a regular listener, rc is now zero, and we + * can skip the data portion. But if it was a UDP listener + * then rc is still 1, and we want to handle the data. + */ + if ( rc ) { + fd = SLAP_EVENT_FD( tid, i ); + + /* Handle wake events */ + if ( fd == wake_sds[tid][0] ) { + char c[BUFSIZ]; + waking = 0; + tcp_read( SLAP_FD2SOCK(wake_sds[tid][0]), c, sizeof(c) ); + continue; + } + + if ( SLAP_EVENT_IS_WRITE( i ) ) { + Debug( LDAP_DEBUG_CONNS, + "daemon: write active on %d\n", + fd, 0, 0 ); + + SLAP_EVENT_CLR_WRITE( i ); + w = 1; + + /* + * NOTE: it is possible that the connection was closed + * and that the stream is now inactive. + * connection_write() must valid the stream is still + * active. + */ + if ( connection_write( fd ) < 0 ) { + continue; + } + } + /* If event is a read */ + if ( SLAP_EVENT_IS_READ( i )) { + r = 1; + Debug( LDAP_DEBUG_CONNS, + "daemon: read active on %d\n", + fd, 0, 0 ); + + SLAP_EVENT_CLR_READ( i ); + connection_read_activate( fd ); + } else if ( !w ) { +#ifdef HAVE_EPOLL + /* Don't keep reporting the hangup + */ + if ( SLAP_SOCK_IS_ACTIVE( tid, fd )) { + SLAP_EPOLL_SOCK_SET( tid, fd, EPOLLET ); + } +#endif + } + } + } +#endif /* SLAP_EVENTS_ARE_INDEXED */ + +#ifndef HAVE_YIELDING_SELECT + ldap_pvt_thread_yield(); +#endif /* ! HAVE_YIELDING_SELECT */ + } + + /* Only thread 0 handles shutdown */ + if ( tid ) + return NULL; + + if ( slapd_shutdown == 1 ) { + Debug( LDAP_DEBUG_ANY, + "daemon: shutdown requested and initiated.\n", + 0, 0, 0 ); + + } else if ( slapd_shutdown == 2 ) { +#ifdef HAVE_NT_SERVICE_MANAGER + Debug( LDAP_DEBUG_ANY, + "daemon: shutdown initiated by Service Manager.\n", + 0, 0, 0); +#else /* !HAVE_NT_SERVICE_MANAGER */ + Debug( LDAP_DEBUG_ANY, + "daemon: abnormal condition, shutdown initiated.\n", + 0, 0, 0 ); +#endif /* !HAVE_NT_SERVICE_MANAGER */ + } else { + Debug( LDAP_DEBUG_ANY, + "daemon: no active streams, shutdown initiated.\n", + 0, 0, 0 ); + } + + close_listeners( 0 ); + + if ( !slapd_gentle_shutdown ) { + slapd_abrupt_shutdown = 1; + connections_shutdown(); + } + + if ( LogTest( LDAP_DEBUG_ANY )) { + int t = ldap_pvt_thread_pool_backload( &connection_pool ); + Debug( LDAP_DEBUG_ANY, + "slapd shutdown: waiting for %d operations/tasks to finish\n", + t, 0, 0 ); + } + ldap_pvt_thread_pool_destroy( &connection_pool, 1 ); + + return NULL; +} + + +#ifdef LDAP_CONNECTIONLESS +static int +connectionless_init( void ) +{ + int l; + + for ( l = 0; slap_listeners[l] != NULL; l++ ) { + Listener *lr = slap_listeners[l]; + Connection *c; + + if ( !lr->sl_is_udp ) { + continue; + } + + c = connection_init( lr->sl_sd, lr, "", "", + CONN_IS_UDP, (slap_ssf_t) 0, NULL + LDAP_PF_LOCAL_SENDMSG_ARG(NULL)); + + if ( !c ) { + Debug( LDAP_DEBUG_TRACE, + "connectionless_init: failed on %s (%d)\n", + lr->sl_url.bv_val, lr->sl_sd, 0 ); + return -1; + } + lr->sl_is_udp++; + } + + return 0; +} +#endif /* LDAP_CONNECTIONLESS */ + +int +slapd_daemon( void ) +{ + int i, rc; + +#ifdef LDAP_CONNECTIONLESS + connectionless_init(); +#endif /* LDAP_CONNECTIONLESS */ + + if ( slapd_daemon_threads > SLAPD_MAX_DAEMON_THREADS ) + slapd_daemon_threads = SLAPD_MAX_DAEMON_THREADS; + + listener_tid = ch_malloc(slapd_daemon_threads * sizeof(ldap_pvt_thread_t)); + + /* daemon_init only inits element 0 */ + for ( i=1; i<slapd_daemon_threads; i++ ) + { + ldap_pvt_thread_mutex_init( &slap_daemon[i].sd_mutex ); + + if( (rc = lutil_pair( wake_sds[i] )) < 0 ) { + Debug( LDAP_DEBUG_ANY, + "daemon: lutil_pair() failed rc=%d\n", rc, 0, 0 ); + return rc; + } + ber_pvt_socket_set_nonblock( wake_sds[i][1], 1 ); + + SLAP_SOCK_INIT(i); + } + + for ( i=0; i<slapd_daemon_threads; i++ ) + { + /* listener as a separate THREAD */ + rc = ldap_pvt_thread_create( &listener_tid[i], + 0, slapd_daemon_task, &listener_tid[i] ); + + if ( rc != 0 ) { + Debug( LDAP_DEBUG_ANY, + "listener ldap_pvt_thread_create failed (%d)\n", rc, 0, 0 ); + return rc; + } + } + + /* wait for the listener threads to complete */ + for ( i=0; i<slapd_daemon_threads; i++ ) + ldap_pvt_thread_join( listener_tid[i], (void *)NULL ); + + destroy_listeners(); + ch_free( listener_tid ); + listener_tid = NULL; + + return 0; +} + +static int +sockinit( void ) +{ +#if defined( HAVE_WINSOCK2 ) + WORD wVersionRequested; + WSADATA wsaData; + int err; + + wVersionRequested = MAKEWORD( 2, 0 ); + + err = WSAStartup( wVersionRequested, &wsaData ); + if ( err != 0 ) { + /* Tell the user that we couldn't find a usable */ + /* WinSock DLL. */ + return -1; + } + + /* Confirm that the WinSock DLL supports 2.0.*/ + /* Note that if the DLL supports versions greater */ + /* than 2.0 in addition to 2.0, it will still return */ + /* 2.0 in wVersion since that is the version we */ + /* requested. */ + + if ( LOBYTE( wsaData.wVersion ) != 2 || + HIBYTE( wsaData.wVersion ) != 0 ) + { + /* Tell the user that we couldn't find a usable */ + /* WinSock DLL. */ + WSACleanup(); + return -1; + } + + /* The WinSock DLL is acceptable. Proceed. */ +#elif defined( HAVE_WINSOCK ) + WSADATA wsaData; + if ( WSAStartup( 0x0101, &wsaData ) != 0 ) return -1; +#endif /* ! HAVE_WINSOCK2 && ! HAVE_WINSOCK */ + + return 0; +} + +static int +sockdestroy( void ) +{ +#if defined( HAVE_WINSOCK2 ) || defined( HAVE_WINSOCK ) + WSACleanup(); +#endif /* HAVE_WINSOCK2 || HAVE_WINSOCK */ + + return 0; +} + +RETSIGTYPE +slap_sig_shutdown( int sig ) +{ + int save_errno = errno; + int i; + +#if 0 + Debug(LDAP_DEBUG_TRACE, "slap_sig_shutdown: signal %d\n", sig, 0, 0); +#endif + + /* + * If the NT Service Manager is controlling the server, we don't + * want SIGBREAK to kill the server. For some strange reason, + * SIGBREAK is generated when a user logs out. + */ + +#if defined(HAVE_NT_SERVICE_MANAGER) && defined(SIGBREAK) + if (is_NT_Service && sig == SIGBREAK) { + /* empty */; + } else +#endif /* HAVE_NT_SERVICE_MANAGER && SIGBREAK */ +#ifdef SIGHUP + if (sig == SIGHUP && global_gentlehup && slapd_gentle_shutdown == 0) { + slapd_gentle_shutdown = 1; + } else +#endif /* SIGHUP */ + { + slapd_shutdown = 1; + } + + for (i=0; i<slapd_daemon_threads; i++) { + WAKE_LISTENER(i,1); + } + + /* reinstall self */ + (void) SIGNAL_REINSTALL( sig, slap_sig_shutdown ); + + errno = save_errno; +} + +RETSIGTYPE +slap_sig_wake( int sig ) +{ + int save_errno = errno; + + WAKE_LISTENER(0,1); + + /* reinstall self */ + (void) SIGNAL_REINSTALL( sig, slap_sig_wake ); + + errno = save_errno; +} + + +void +slapd_add_internal( ber_socket_t s, int isactive ) +{ + slapd_add( s, isactive, NULL, -1 ); +} + +Listener ** +slapd_get_listeners( void ) +{ + /* Could return array with no listeners if !listening, but current + * callers mostly look at the URLs. E.g. syncrepl uses this to + * identify the server, which means it wants the startup arguments. + */ + return slap_listeners; +} + +/* Reject all incoming requests */ +void +slap_suspend_listeners( void ) +{ + int i; + for (i=0; slap_listeners[i]; i++) { + slap_listeners[i]->sl_mute = 1; + listen( slap_listeners[i]->sl_sd, 0 ); + } +} + +/* Resume after a suspend */ +void +slap_resume_listeners( void ) +{ + int i; + for (i=0; slap_listeners[i]; i++) { + slap_listeners[i]->sl_mute = 0; + listen( slap_listeners[i]->sl_sd, SLAPD_LISTEN_BACKLOG ); + } +} + +void +slap_wake_listener() +{ + WAKE_LISTENER(0,1); +} |