summaryrefslogtreecommitdiffstats
path: root/servers/slapd/connection.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:35:32 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:35:32 +0000
commit5ea77a75dd2d2158401331879f3c8f47940a732c (patch)
treed89dc06e9f4850a900f161e25f84e922c4f86cc8 /servers/slapd/connection.c
parentInitial commit. (diff)
downloadopenldap-upstream/2.5.13+dfsg.tar.xz
openldap-upstream/2.5.13+dfsg.zip
Adding upstream version 2.5.13+dfsg.upstream/2.5.13+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--servers/slapd/connection.c2117
1 files changed, 2117 insertions, 0 deletions
diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
new file mode 100644
index 0000000..b8ea92a
--- /dev/null
+++ b/servers/slapd/connection.c
@@ -0,0 +1,2117 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include <ac/socket.h>
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include "lutil.h"
+#include "slap.h"
+
+#ifdef LDAP_CONNECTIONLESS
+#include "../../libraries/liblber/lber-int.h" /* ber_int_sb_read() */
+#endif
+
+#ifdef LDAP_SLAPI
+#include "slapi/slapi.h"
+#endif
+
+static Connection *connections = NULL;
+
+static ldap_pvt_thread_mutex_t conn_nextid_mutex;
+static unsigned long conn_nextid = SLAPD_SYNC_SYNCCONN_OFFSET;
+
+static const char conn_lost_str[] = "connection lost";
+
+const char *
+connection_state2str( int state )
+{
+ switch( state ) {
+ case SLAP_C_INVALID: return "!";
+ case SLAP_C_INACTIVE: return "|";
+ case SLAP_C_CLOSING: return "C";
+ case SLAP_C_ACTIVE: return "";
+ case SLAP_C_BINDING: return "B";
+ case SLAP_C_CLIENT: return "L";
+ }
+
+ return "?";
+}
+
+static Connection* connection_get( ber_socket_t s );
+
+typedef struct conn_readinfo {
+ Operation *op;
+ ldap_pvt_thread_start_t *func;
+ void *arg;
+ void *ctx;
+ int nullop;
+} conn_readinfo;
+
+static int connection_input( Connection *c, conn_readinfo *cri );
+static void connection_close( Connection *c );
+
+static int connection_op_activate( Operation *op );
+static void connection_op_queue( Operation *op );
+static int connection_resched( Connection *conn );
+static void connection_abandon( Connection *conn );
+static void connection_destroy( Connection *c );
+
+static ldap_pvt_thread_start_t connection_operation;
+
+/*
+ * Initialize connection management infrastructure.
+ */
+int connections_init(void)
+{
+ int i;
+
+ assert( connections == NULL );
+
+ if( connections != NULL) {
+ Debug( LDAP_DEBUG_ANY, "connections_init: already initialized.\n" );
+ return -1;
+ }
+
+ /* should check return of every call */
+ ldap_pvt_thread_mutex_init( &conn_nextid_mutex );
+
+ connections = (Connection *) ch_calloc( dtblsize, sizeof(Connection) );
+
+ if( connections == NULL ) {
+ Debug( LDAP_DEBUG_ANY, "connections_init: "
+ "allocation (%d*%ld) of connection array failed\n",
+ dtblsize, (long) sizeof(Connection) );
+ return -1;
+ }
+
+ for (i=0; i<dtblsize; i++) {
+ connections[i].c_conn_idx = i;
+ ldap_pvt_thread_mutex_init( &connections[i].c_mutex );
+ ldap_pvt_thread_mutex_init( &connections[i].c_write1_mutex );
+ ldap_pvt_thread_cond_init( &connections[i].c_write1_cv );
+ }
+
+
+ /*
+ * per entry initialization of the Connection array initialization
+ * will be done by connection_init()
+ */
+
+ return 0;
+}
+
+/*
+ * Destroy connection management infrastructure.
+ */
+
+int connections_destroy(void)
+{
+ ber_socket_t i;
+
+ /* should check return of every call */
+
+ if( connections == NULL) {
+ Debug( LDAP_DEBUG_ANY, "connections_destroy: nothing to destroy.\n" );
+ return -1;
+ }
+
+ for ( i = 0; i < dtblsize; i++ ) {
+ ldap_pvt_thread_mutex_destroy( &connections[i].c_mutex );
+ ldap_pvt_thread_mutex_destroy( &connections[i].c_write1_mutex );
+ ldap_pvt_thread_cond_destroy( &connections[i].c_write1_cv );
+ if( connections[i].c_sb ) {
+ ber_sockbuf_free( connections[i].c_sb );
+#ifdef LDAP_SLAPI
+ if ( slapi_plugins_used ) {
+ slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION,
+ &connections[i] );
+ }
+#endif
+ }
+ }
+
+ free( connections );
+ connections = NULL;
+
+ ldap_pvt_thread_mutex_destroy( &conn_nextid_mutex );
+ return 0;
+}
+
+/*
+ * shutdown all connections
+ */
+int connections_shutdown(void)
+{
+ ber_socket_t i;
+
+ for ( i = 0; i < dtblsize; i++ ) {
+ ldap_pvt_thread_mutex_lock( &connections[i].c_mutex );
+ if( connections[i].c_conn_state > SLAP_C_INVALID ) {
+
+ /* give persistent clients a chance to cleanup */
+ if( connections[i].c_conn_state == SLAP_C_CLIENT ) {
+ ldap_pvt_thread_pool_submit( &connection_pool,
+ connections[i].c_clientfunc, connections[i].c_clientarg );
+ } else {
+ /* c_mutex is locked */
+ connection_closing( &connections[i], "slapd shutdown" );
+ connection_close( &connections[i] );
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &connections[i].c_mutex );
+ }
+
+ return 0;
+}
+
+/*
+ * Timeout idle connections.
+ */
+int connections_timeout_idle(time_t now)
+{
+ int i = 0;
+ ber_socket_t connindex;
+ Connection* c;
+
+ for( c = connection_first( &connindex );
+ c != NULL;
+ c = connection_next( c, &connindex ) )
+ {
+ /* Don't timeout a slow-running request or a persistent
+ * outbound connection.
+ */
+ if( c->c_n_ops_executing || c->c_n_ops_async
+ || c->c_conn_state == SLAP_C_CLIENT ) {
+ continue;
+ }
+
+ if( global_idletimeout &&
+ difftime( c->c_activitytime+global_idletimeout, now) < 0 ) {
+ /* close it */
+ connection_closing( c, "idletimeout" );
+ connection_close( c );
+ i++;
+ continue;
+ }
+ }
+ connection_done( c );
+
+ return i;
+}
+
+/* Drop all client connections */
+void connections_drop()
+{
+ Connection* c;
+ ber_socket_t connindex;
+
+ for( c = connection_first( &connindex );
+ c != NULL;
+ c = connection_next( c, &connindex ) )
+ {
+ /* Don't close a slow-running request or a persistent
+ * outbound connection.
+ */
+ if( c->c_n_ops_executing || c->c_n_ops_async
+ || c->c_conn_state == SLAP_C_CLIENT ) {
+ continue;
+ }
+ connection_closing( c, "dropping" );
+ connection_close( c );
+ }
+ connection_done( c );
+}
+
+static Connection* connection_get( ber_socket_t s )
+{
+ Connection *c;
+
+ Debug( LDAP_DEBUG_ARGS,
+ "connection_get(%ld)\n",
+ (long) s );
+
+ assert( connections != NULL );
+
+ if(s == AC_SOCKET_INVALID) return NULL;
+
+ assert( s < dtblsize );
+ c = &connections[s];
+
+ if( c != NULL ) {
+ ldap_pvt_thread_mutex_lock( &c->c_mutex );
+
+ if( c->c_conn_state == SLAP_C_INVALID ) {
+ /* connection must have been closed due to resched */
+
+ Debug( LDAP_DEBUG_CONNS,
+ "connection_get(%d): connection not used\n",
+ s );
+ assert( c->c_sd == AC_SOCKET_INVALID );
+
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+ return NULL;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_get(%d): got connid=%lu\n",
+ s, c->c_connid );
+
+ c->c_n_get++;
+
+ assert( c->c_conn_state != SLAP_C_INVALID );
+ assert( c->c_sd != AC_SOCKET_INVALID );
+
+ c->c_activitytime = slap_get_time();
+ }
+
+ return c;
+}
+
+static void connection_return( Connection *c )
+{
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+}
+
+Connection * connection_init(
+ ber_socket_t s,
+ Listener *listener,
+ const char* dnsname,
+ const char* peername,
+ int flags,
+ slap_ssf_t ssf,
+ struct berval *authid
+ LDAP_PF_LOCAL_SENDMSG_ARG(struct berval *peerbv))
+{
+ unsigned long id;
+ Connection *c;
+ ber_socket_t sfd = SLAP_FD2SOCK(s);
+
+ assert( connections != NULL );
+
+ assert( listener != NULL );
+ assert( dnsname != NULL );
+ assert( peername != NULL );
+
+#ifndef HAVE_TLS
+ assert( !( flags & CONN_IS_TLS ));
+#endif
+
+ if( s == AC_SOCKET_INVALID ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_init: init of socket %ld invalid.\n", (long)s );
+ return NULL;
+ }
+
+ assert( s >= 0 );
+ assert( s < dtblsize );
+ c = &connections[s];
+
+ ldap_pvt_thread_mutex_lock( &c->c_mutex );
+
+ if( !c->c_sb ) {
+ c->c_send_ldap_result = slap_send_ldap_result;
+ c->c_send_search_entry = slap_send_search_entry;
+ c->c_send_search_reference = slap_send_search_reference;
+ c->c_send_ldap_extended = slap_send_ldap_extended;
+ c->c_send_ldap_intermediate = slap_send_ldap_intermediate;
+
+ BER_BVZERO( &c->c_authmech );
+ BER_BVZERO( &c->c_dn );
+ BER_BVZERO( &c->c_ndn );
+
+ c->c_listener = NULL;
+ BER_BVZERO( &c->c_peer_domain );
+ BER_BVZERO( &c->c_peer_name );
+
+ LDAP_STAILQ_INIT(&c->c_ops);
+ LDAP_STAILQ_INIT(&c->c_pending_ops);
+
+ c->c_txn = CONN_TXN_INACTIVE;
+ c->c_txn_backend = NULL;
+ LDAP_STAILQ_INIT(&c->c_txn_ops);
+
+ BER_BVZERO( &c->c_sasl_bind_mech );
+ c->c_sasl_done = 0;
+ c->c_sasl_authctx = NULL;
+ c->c_sasl_sockctx = NULL;
+ c->c_sasl_extra = NULL;
+ c->c_sasl_bindop = NULL;
+ c->c_sasl_cbind = NULL;
+
+ c->c_sb = ber_sockbuf_alloc( );
+
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
+ c->c_currentber = NULL;
+
+#ifdef LDAP_SLAPI
+ if ( slapi_plugins_used ) {
+ slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, c );
+ }
+#endif
+ }
+
+ assert( BER_BVISNULL( &c->c_authmech ) );
+ assert( BER_BVISNULL( &c->c_dn ) );
+ assert( BER_BVISNULL( &c->c_ndn ) );
+ assert( c->c_listener == NULL );
+ assert( BER_BVISNULL( &c->c_peer_domain ) );
+ assert( BER_BVISNULL( &c->c_peer_name ) );
+ assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
+ assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) );
+ assert( c->c_txn == CONN_TXN_INACTIVE );
+ assert( c->c_txn_backend == NULL );
+ assert( LDAP_STAILQ_EMPTY(&c->c_txn_ops) );
+ assert( BER_BVISNULL( &c->c_sasl_bind_mech ) );
+ assert( c->c_sasl_done == 0 );
+ assert( c->c_sasl_authctx == NULL );
+ assert( c->c_sasl_sockctx == NULL );
+ assert( c->c_sasl_extra == NULL );
+ assert( c->c_sasl_bindop == NULL );
+ assert( c->c_sasl_cbind == NULL );
+ assert( c->c_currentber == NULL );
+ assert( c->c_writewaiter == 0);
+ assert( c->c_writers == 0);
+
+ c->c_listener = listener;
+ c->c_sd = s;
+
+ if ( flags & CONN_IS_CLIENT ) {
+ c->c_connid = 0;
+ c->c_conn_state = SLAP_C_CLIENT;
+ c->c_close_reason = "?"; /* should never be needed */
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_FD, &sfd );
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+
+ return c;
+ }
+
+ ber_str2bv( dnsname, 0, 1, &c->c_peer_domain );
+ ber_str2bv( peername, 0, 1, &c->c_peer_name );
+
+ c->c_n_ops_received = 0;
+ c->c_n_ops_executing = 0;
+ c->c_n_ops_pending = 0;
+ c->c_n_ops_completed = 0;
+ c->c_n_ops_async = 0;
+
+ c->c_n_get = 0;
+ c->c_n_read = 0;
+ c->c_n_write = 0;
+
+ /* set to zero until bind, implies LDAP_VERSION3 */
+ c->c_protocol = 0;
+
+ c->c_activitytime = c->c_starttime = slap_get_time();
+
+#ifdef LDAP_CONNECTIONLESS
+ c->c_is_udp = 0;
+ if( flags & CONN_IS_UDP ) {
+ c->c_is_udp = 1;
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void*)"udp_" );
+#endif
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_udp,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)&sfd );
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_readahead,
+ LBER_SBIOD_LEVEL_PROVIDER, NULL );
+ } else
+#endif /* LDAP_CONNECTIONLESS */
+#ifdef LDAP_PF_LOCAL
+ if ( flags & CONN_IS_IPC ) {
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void*)"ipc_" );
+#endif
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_fd,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)&sfd );
+#ifdef LDAP_PF_LOCAL_SENDMSG
+ if ( !BER_BVISEMPTY( peerbv ))
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_UNGET_BUF, peerbv );
+#endif
+ } else
+#endif /* LDAP_PF_LOCAL */
+ {
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
+ LBER_SBIOD_LEVEL_PROVIDER, (void*)"tcp_" );
+#endif
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_tcp,
+ LBER_SBIOD_LEVEL_PROVIDER, (void *)&sfd );
+ }
+
+#ifdef LDAP_DEBUG
+ ber_sockbuf_add_io( c->c_sb, &ber_sockbuf_io_debug,
+ INT_MAX, (void*)"ldap_" );
+#endif
+
+ if( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_NONBLOCK,
+ c /* non-NULL */ ) < 0 )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_init(%d, %s): set nonblocking failed\n",
+ s, c->c_peer_name.bv_val );
+
+ c->c_listener = NULL;
+ if(c->c_peer_domain.bv_val != NULL) {
+ free(c->c_peer_domain.bv_val);
+ }
+ BER_BVZERO( &c->c_peer_domain );
+ if(c->c_peer_name.bv_val != NULL) {
+ free(c->c_peer_name.bv_val);
+ }
+ BER_BVZERO( &c->c_peer_name );
+
+ ber_sockbuf_free( c->c_sb );
+ c->c_sb = ber_sockbuf_alloc( );
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
+ c->c_sd = AC_SOCKET_INVALID;
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+
+ return NULL;
+ }
+
+ ldap_pvt_thread_mutex_lock( &conn_nextid_mutex );
+ id = c->c_connid = conn_nextid++;
+ ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex );
+
+ c->c_conn_state = SLAP_C_INACTIVE;
+ c->c_close_reason = "?"; /* should never be needed */
+
+ c->c_ssf = c->c_transport_ssf = ssf;
+ c->c_tls_ssf = c->c_sasl_ssf = 0;
+
+#ifdef HAVE_TLS
+ if ( flags & CONN_IS_TLS ) {
+ c->c_is_tls = 1;
+ c->c_needs_tls_accept = 1;
+ } else {
+ c->c_is_tls = 0;
+ c->c_needs_tls_accept = 0;
+ }
+#endif
+
+ slap_sasl_open( c, 0 );
+ slap_sasl_external( c, ssf, authid );
+
+ slapd_add_internal( s, 1 );
+
+ backend_connection_init(c);
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+
+ if ( !(flags & CONN_IS_UDP ))
+ Debug( LDAP_DEBUG_STATS,
+ "conn=%ld fd=%ld ACCEPT from %s (%s)\n",
+ id, (long) s, peername, listener->sl_name.bv_val );
+
+ return c;
+}
+
+void connection2anonymous( Connection *c )
+{
+ assert( connections != NULL );
+ assert( c != NULL );
+
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
+ if ( !BER_BVISNULL( &c->c_authmech ) ) {
+ ch_free(c->c_authmech.bv_val);
+ }
+ BER_BVZERO( &c->c_authmech );
+
+ if ( !BER_BVISNULL( &c->c_dn ) ) {
+ ch_free(c->c_dn.bv_val);
+ }
+ BER_BVZERO( &c->c_dn );
+
+ if ( !BER_BVISNULL( &c->c_ndn ) ) {
+ ch_free(c->c_ndn.bv_val);
+ }
+ BER_BVZERO( &c->c_ndn );
+
+ if ( !BER_BVISNULL( &c->c_sasl_authz_dn ) ) {
+ ber_memfree_x( c->c_sasl_authz_dn.bv_val, NULL );
+ }
+ BER_BVZERO( &c->c_sasl_authz_dn );
+
+ c->c_authz_backend = NULL;
+}
+
+static void
+connection_destroy( Connection *c )
+{
+ unsigned long connid;
+ const char *close_reason;
+ Sockbuf *sb;
+ ber_socket_t sd;
+
+ assert( connections != NULL );
+ assert( c != NULL );
+ assert( c->c_conn_state != SLAP_C_INVALID );
+ assert( LDAP_STAILQ_EMPTY(&c->c_ops) );
+ assert( LDAP_STAILQ_EMPTY(&c->c_pending_ops) );
+ assert( c->c_txn == CONN_TXN_INACTIVE );
+ assert( c->c_txn_backend == NULL );
+ assert( LDAP_STAILQ_EMPTY(&c->c_txn_ops) );
+ assert( c->c_writewaiter == 0);
+ assert( c->c_writers == 0);
+
+ /* only for stats (print -1 as "%lu" may give unexpected results ;) */
+ connid = c->c_connid;
+ close_reason = c->c_close_reason;
+
+ backend_connection_destroy(c);
+
+ c->c_protocol = 0;
+ c->c_connid = -1;
+
+ c->c_activitytime = c->c_starttime = 0;
+
+ connection2anonymous( c );
+ c->c_listener = NULL;
+
+ if(c->c_peer_domain.bv_val != NULL) {
+ free(c->c_peer_domain.bv_val);
+ }
+ BER_BVZERO( &c->c_peer_domain );
+ if(c->c_peer_name.bv_val != NULL) {
+ free(c->c_peer_name.bv_val);
+ }
+ BER_BVZERO( &c->c_peer_name );
+
+ c->c_sasl_bind_in_progress = 0;
+ if(c->c_sasl_bind_mech.bv_val != NULL) {
+ free(c->c_sasl_bind_mech.bv_val);
+ }
+ BER_BVZERO( &c->c_sasl_bind_mech );
+
+ slap_sasl_close( c );
+
+ if ( c->c_currentber != NULL ) {
+ ber_free( c->c_currentber, 1 );
+ c->c_currentber = NULL;
+ }
+
+
+#ifdef LDAP_SLAPI
+ /* call destructors, then constructors; avoids unnecessary allocation */
+ if ( slapi_plugins_used ) {
+ slapi_int_clear_object_extensions( SLAPI_X_EXT_CONNECTION, c );
+ }
+#endif
+
+ sd = c->c_sd;
+ c->c_sd = AC_SOCKET_INVALID;
+ c->c_close_reason = "?"; /* should never be needed */
+
+ sb = c->c_sb;
+ c->c_sb = ber_sockbuf_alloc( );
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+ c->c_conn_state = SLAP_C_INVALID;
+
+ /* c must be fully reset by this point; when we call slapd_remove
+ * it may get immediately reused by a new connection.
+ */
+ if ( sd != AC_SOCKET_INVALID ) {
+ slapd_remove( sd, sb, 1, 0, 0 );
+
+ if ( close_reason == NULL ) {
+ Debug( LDAP_DEBUG_STATS, "conn=%lu fd=%ld closed\n",
+ connid, (long) sd );
+ } else {
+ Debug( LDAP_DEBUG_STATS, "conn=%lu fd=%ld closed (%s)\n",
+ connid, (long) sd, close_reason );
+ }
+ }
+}
+
+int connection_is_active( ber_socket_t s )
+{
+ Connection *c;
+
+ assert( s < dtblsize );
+ c = &connections[s];
+ return c->c_conn_state == SLAP_C_CLOSING ||
+ c->c_conn_state == SLAP_C_BINDING ||
+ c->c_conn_state == SLAP_C_ACTIVE ;
+}
+
+int connection_valid( Connection *c )
+{
+ /* c_mutex must be locked by caller */
+
+ assert( c != NULL );
+
+ return c->c_conn_state >= SLAP_C_ACTIVE &&
+ c->c_conn_state <= SLAP_C_CLIENT;
+}
+
+static void connection_abandon( Connection *c )
+{
+ /* c_mutex must be locked by caller */
+
+ Operation *o, *next, op = {0};
+ Opheader ohdr = {0};
+
+ op.o_hdr = &ohdr;
+ op.o_conn = c;
+ op.o_connid = c->c_connid;
+ op.o_tag = LDAP_REQ_ABANDON;
+
+ for ( o = LDAP_STAILQ_FIRST( &c->c_ops ); o; o=next ) {
+ SlapReply rs = {REP_RESULT};
+
+ next = LDAP_STAILQ_NEXT( o, o_next );
+ /* don't abandon an op twice */
+ if ( o->o_abandon )
+ continue;
+ op.orn_msgid = o->o_msgid;
+ o->o_abandon = 1;
+ op.o_bd = frontendDB;
+ frontendDB->be_abandon( &op, &rs );
+ }
+
+ /* remove operations in pending transaction */
+ while ( (o = LDAP_STAILQ_FIRST( &c->c_txn_ops )) != NULL) {
+ LDAP_STAILQ_REMOVE_HEAD( &c->c_txn_ops, o_next );
+ LDAP_STAILQ_NEXT(o, o_next) = NULL;
+ slap_op_free( o, NULL );
+ }
+
+ /* clear transaction */
+ c->c_txn_backend = NULL;
+ c->c_txn = CONN_TXN_INACTIVE;
+
+ /* remove pending operations */
+ while ( (o = LDAP_STAILQ_FIRST( &c->c_pending_ops )) != NULL) {
+ LDAP_STAILQ_REMOVE_HEAD( &c->c_pending_ops, o_next );
+ LDAP_STAILQ_NEXT(o, o_next) = NULL;
+ slap_op_free( o, NULL );
+ }
+ c->c_n_ops_pending = 0;
+}
+
+static void
+connection_wake_writers( Connection *c )
+{
+ /* wake write blocked operations */
+ ldap_pvt_thread_mutex_lock( &c->c_write1_mutex );
+ if ( c->c_writers > 0 ) {
+ c->c_writers = -c->c_writers;
+ ldap_pvt_thread_cond_broadcast( &c->c_write1_cv );
+ ldap_pvt_thread_mutex_unlock( &c->c_write1_mutex );
+ if ( c->c_writewaiter ) {
+ slapd_shutsock( c->c_sd );
+ }
+ ldap_pvt_thread_mutex_lock( &c->c_write1_mutex );
+ while ( c->c_writers ) {
+ ldap_pvt_thread_cond_wait( &c->c_write1_cv, &c->c_write1_mutex );
+ }
+ ldap_pvt_thread_mutex_unlock( &c->c_write1_mutex );
+ } else {
+ ldap_pvt_thread_mutex_unlock( &c->c_write1_mutex );
+ slapd_clr_write( c->c_sd, 1 );
+ }
+}
+
+void connection_closing( Connection *c, const char *why )
+{
+ assert( connections != NULL );
+ assert( c != NULL );
+
+ if( c->c_conn_state == SLAP_C_INVALID )
+ return;
+
+ /* c_mutex must be locked by caller */
+
+ if( c->c_conn_state != SLAP_C_CLOSING ) {
+ Debug( LDAP_DEBUG_CONNS,
+ "connection_closing: readying conn=%lu sd=%d for close\n",
+ c->c_connid, c->c_sd );
+ /* update state to closing */
+ c->c_conn_state = SLAP_C_CLOSING;
+ c->c_close_reason = why;
+
+ /* don't listen on this port anymore */
+ slapd_clr_read( c->c_sd, 0 );
+
+ /* abandon active operations */
+ connection_abandon( c );
+
+ /* wake write blocked operations */
+ connection_wake_writers( c );
+
+ } else if( why == NULL && c->c_close_reason == conn_lost_str ) {
+ /* Client closed connection after doing Unbind. */
+ c->c_close_reason = NULL;
+ }
+}
+
+static void
+connection_close( Connection *c )
+{
+ assert( connections != NULL );
+ assert( c != NULL );
+
+ if ( c->c_conn_state != SLAP_C_CLOSING )
+ return;
+
+ /* NOTE: c_mutex should be locked by caller */
+
+ if ( !LDAP_STAILQ_EMPTY(&c->c_ops) ||
+ !LDAP_STAILQ_EMPTY(&c->c_pending_ops) )
+ {
+ Debug( LDAP_DEBUG_CONNS,
+ "connection_close: deferring conn=%lu sd=%d\n",
+ c->c_connid, c->c_sd );
+ return;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "connection_close: conn=%lu sd=%d\n",
+ c->c_connid, c->c_sd );
+
+ connection_destroy( c );
+}
+
+unsigned long connections_nextid(void)
+{
+ unsigned long id;
+ assert( connections != NULL );
+
+ ldap_pvt_thread_mutex_lock( &conn_nextid_mutex );
+
+ id = conn_nextid;
+
+ ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex );
+
+ return id;
+}
+
+/*
+ * Loop through the connections:
+ *
+ * for (c = connection_first(&i); c; c = connection_next(c, &i)) ...;
+ * connection_done(c);
+ *
+ * 'i' is the cursor, initialized by connection_first().
+ * 'c_mutex' is locked in the returned connection. The functions must
+ * be passed the previous return value so they can unlock it again.
+ */
+
+Connection* connection_first( ber_socket_t *index )
+{
+ assert( connections != NULL );
+ assert( index != NULL );
+
+ for( *index = 0; *index < dtblsize; (*index)++) {
+ if( connections[*index].c_sb ) {
+ break;
+ }
+ }
+
+ return connection_next(NULL, index);
+}
+
+/* Next connection in loop, see connection_first() */
+Connection* connection_next( Connection *c, ber_socket_t *index )
+{
+ assert( connections != NULL );
+ assert( index != NULL );
+ assert( *index <= dtblsize );
+
+ if( c != NULL ) ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+
+ c = NULL;
+
+ for(; *index < dtblsize; (*index)++) {
+ if( connections[*index].c_sb ) {
+ c = &connections[*index];
+ ldap_pvt_thread_mutex_lock( &c->c_mutex );
+ if ( c->c_conn_state == SLAP_C_INVALID ) {
+ ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+ c = NULL;
+ continue;
+ }
+ (*index)++;
+ break;
+ }
+ }
+
+ return c;
+}
+
+/* End connection loop, see connection_first() */
+void connection_done( Connection *c )
+{
+ assert( connections != NULL );
+
+ if( c != NULL ) ldap_pvt_thread_mutex_unlock( &c->c_mutex );
+}
+
+/*
+ * connection_activity - handle the request operation op on connection
+ * conn. This routine figures out what kind of operation it is and
+ * calls the appropriate stub to handle it.
+ */
+
+/* FIXME: returns 0 in case of failure */
+#define INCR_OP_INITIATED(index) \
+ do { \
+ ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex ); \
+ ldap_pvt_mp_add_ulong(op->o_counters->sc_ops_initiated_[(index)], 1); \
+ ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex ); \
+ } while (0)
+#define INCR_OP_COMPLETED(index) \
+ do { \
+ ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex ); \
+ ldap_pvt_mp_add_ulong(op->o_counters->sc_ops_completed, 1); \
+ ldap_pvt_mp_add_ulong(op->o_counters->sc_ops_completed_[(index)], 1); \
+ ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex ); \
+ } while (0)
+
+/*
+ * NOTE: keep in sync with enum in slapd.h
+ */
+static BI_op_func *opfun[] = {
+ do_bind,
+ do_unbind,
+ do_search,
+ do_compare,
+ do_modify,
+ do_modrdn,
+ do_add,
+ do_delete,
+ do_abandon,
+ do_extended,
+ NULL
+};
+
+/* Counters are per-thread, not per-connection.
+ */
+static void
+conn_counter_destroy( void *key, void *data )
+{
+ slap_counters_t **prev, *sc;
+
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_mutex );
+ for ( prev = &slap_counters.sc_next, sc = slap_counters.sc_next; sc;
+ prev = &sc->sc_next, sc = sc->sc_next ) {
+ if ( sc == data ) {
+ int i;
+
+ *prev = sc->sc_next;
+ /* Copy data to main counter */
+ ldap_pvt_mp_add( slap_counters.sc_bytes, sc->sc_bytes );
+ ldap_pvt_mp_add( slap_counters.sc_pdu, sc->sc_pdu );
+ ldap_pvt_mp_add( slap_counters.sc_entries, sc->sc_entries );
+ ldap_pvt_mp_add( slap_counters.sc_refs, sc->sc_refs );
+ ldap_pvt_mp_add( slap_counters.sc_ops_initiated, sc->sc_ops_initiated );
+ ldap_pvt_mp_add( slap_counters.sc_ops_completed, sc->sc_ops_completed );
+ for ( i = 0; i < SLAP_OP_LAST; i++ ) {
+ ldap_pvt_mp_add( slap_counters.sc_ops_initiated_[ i ], sc->sc_ops_initiated_[ i ] );
+ ldap_pvt_mp_add( slap_counters.sc_ops_initiated_[ i ], sc->sc_ops_completed_[ i ] );
+ }
+ slap_counters_destroy( sc );
+ ber_memfree_x( data, NULL );
+ break;
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_mutex );
+}
+
+void
+operation_counter_init( Operation *op, void *ctx )
+{
+ slap_counters_t *sc;
+ void *vsc = NULL;
+
+ if ( ldap_pvt_thread_pool_getkey(
+ ctx, (void *)operation_counter_init, &vsc, NULL ) || !vsc ) {
+ vsc = ch_malloc( sizeof( slap_counters_t ));
+ sc = vsc;
+ slap_counters_init( sc );
+ ldap_pvt_thread_pool_setkey( ctx, (void*)operation_counter_init, vsc,
+ conn_counter_destroy, NULL, NULL );
+
+ ldap_pvt_thread_mutex_lock( &slap_counters.sc_mutex );
+ sc->sc_next = slap_counters.sc_next;
+ slap_counters.sc_next = sc;
+ ldap_pvt_thread_mutex_unlock( &slap_counters.sc_mutex );
+ }
+ op->o_counters = vsc;
+}
+
+void
+connection_op_finish( Operation *op )
+{
+ Connection *conn = op->o_conn;
+ void *memctx_null = NULL;
+ slap_op_t opidx = slap_req2op( op->o_tag );
+ assert( opidx != SLAP_OP_LAST );
+
+ INCR_OP_COMPLETED( opidx );
+
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+
+ if ( op->o_tag == LDAP_REQ_BIND && conn->c_conn_state == SLAP_C_BINDING )
+ conn->c_conn_state = SLAP_C_ACTIVE;
+
+ ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx_null );
+
+ LDAP_STAILQ_REMOVE( &conn->c_ops, op, Operation, o_next);
+ LDAP_STAILQ_NEXT(op, o_next) = NULL;
+ conn->c_n_ops_async--;
+ conn->c_n_ops_completed++;
+ connection_resched( conn );
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+}
+
+static void *
+connection_operation( void *ctx, void *arg_v )
+{
+ int rc = LDAP_OTHER, cancel;
+ Operation *op = arg_v;
+ SlapReply rs = {REP_RESULT};
+ ber_tag_t tag = op->o_tag;
+ slap_op_t opidx = SLAP_OP_LAST;
+ Connection *conn = op->o_conn;
+ void *memctx = NULL;
+ void *memctx_null = NULL;
+ ber_len_t memsiz;
+
+ gettimeofday( &op->o_qtime, NULL );
+ op->o_qtime.tv_usec -= op->o_tusec;
+ if ( op->o_qtime.tv_usec < 0 ) {
+ op->o_qtime.tv_usec += 1000000;
+ op->o_qtime.tv_sec--;
+ }
+ op->o_qtime.tv_sec -= op->o_time;
+ operation_counter_init( op, ctx );
+ ldap_pvt_thread_mutex_lock( &op->o_counters->sc_mutex );
+ /* FIXME: returns 0 in case of failure */
+ ldap_pvt_mp_add_ulong(op->o_counters->sc_ops_initiated, 1);
+ ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex );
+
+ op->o_threadctx = ctx;
+ op->o_tid = ldap_pvt_thread_pool_tid( ctx );
+
+ switch ( tag ) {
+ case LDAP_REQ_BIND:
+ case LDAP_REQ_UNBIND:
+ case LDAP_REQ_ADD:
+ case LDAP_REQ_DELETE:
+ case LDAP_REQ_MODDN:
+ case LDAP_REQ_MODIFY:
+ case LDAP_REQ_COMPARE:
+ case LDAP_REQ_SEARCH:
+ case LDAP_REQ_ABANDON:
+ case LDAP_REQ_EXTENDED:
+ break;
+ default:
+ Debug( LDAP_DEBUG_ANY, "connection_operation: "
+ "conn %lu unknown LDAP request 0x%lx\n",
+ conn->c_connid, tag );
+ op->o_tag = LBER_ERROR;
+ rs.sr_err = LDAP_PROTOCOL_ERROR;
+ rs.sr_text = "unknown LDAP request";
+ send_ldap_disconnect( op, &rs );
+ rc = SLAPD_DISCONNECT;
+ goto operations_error;
+ }
+
+ if( conn->c_sasl_bind_in_progress && tag != LDAP_REQ_BIND ) {
+ Debug( LDAP_DEBUG_ANY, "connection_operation: "
+ "error: SASL bind in progress (tag=%ld).\n",
+ (long) tag );
+ send_ldap_error( op, &rs, LDAP_OPERATIONS_ERROR,
+ "SASL bind in progress" );
+ rc = LDAP_OPERATIONS_ERROR;
+ goto operations_error;
+ }
+
+ if (( conn->c_txn == CONN_TXN_SPECIFY ) && (
+ ( tag == LDAP_REQ_ADD ) ||
+ ( tag == LDAP_REQ_DELETE ) ||
+ ( tag == LDAP_REQ_MODIFY ) ||
+ ( tag == LDAP_REQ_MODRDN )))
+ {
+ /* Disable SLAB allocator for all update operations
+ issued inside of a transaction */
+ op->o_tmpmemctx = NULL;
+ op->o_tmpmfuncs = &ch_mfuncs;
+ } else {
+ /* We can use Thread-Local storage for most mallocs. We can
+ * also use TL for ber parsing, but not on Add or Modify.
+ */
+#if 0
+ memsiz = ber_len( op->o_ber ) * 64;
+ if ( SLAP_SLAB_SIZE > memsiz ) memsiz = SLAP_SLAB_SIZE;
+#endif
+ memsiz = SLAP_SLAB_SIZE;
+
+ memctx = slap_sl_mem_create( memsiz, SLAP_SLAB_STACK, ctx, 1 );
+ op->o_tmpmemctx = memctx;
+ op->o_tmpmfuncs = &slap_sl_mfuncs;
+ if ( tag != LDAP_REQ_ADD && tag != LDAP_REQ_MODIFY ) {
+ /* Note - the ber and its buffer are already allocated from
+ * regular memory; this only affects subsequent mallocs that
+ * ber_scanf may invoke.
+ */
+ ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx );
+ }
+ }
+
+ opidx = slap_req2op( tag );
+ assert( opidx != SLAP_OP_LAST );
+ INCR_OP_INITIATED( opidx );
+ rc = (*(opfun[opidx]))( op, &rs );
+
+operations_error:
+ if ( rc == SLAPD_DISCONNECT ) {
+ tag = LBER_ERROR;
+
+ } else if ( rc == SLAPD_ASYNCOP ) {
+ /* someone has claimed ownership of the op
+ * to complete it later. Don't do anything
+ * else with it now. Detach memctx too.
+ */
+ slap_sl_mem_setctx( ctx, NULL );
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+ conn->c_n_ops_executing--;
+ conn->c_n_ops_async++;
+ connection_resched( conn );
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ return NULL;
+
+ } else if ( opidx != SLAP_OP_LAST ) {
+ /* increment completed operations count
+ * only if operation was initiated
+ * and rc != SLAPD_DISCONNECT */
+ INCR_OP_COMPLETED( opidx );
+ }
+
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+
+ if ( opidx == SLAP_OP_BIND && conn->c_conn_state == SLAP_C_BINDING )
+ conn->c_conn_state = SLAP_C_ACTIVE;
+
+ cancel = op->o_cancel;
+ if ( cancel != SLAP_CANCEL_NONE && cancel != SLAP_CANCEL_DONE ) {
+ if ( cancel == SLAP_CANCEL_REQ ) {
+ op->o_cancel = rc == SLAPD_ABANDON
+ ? SLAP_CANCEL_ACK : LDAP_TOO_LATE;
+ }
+
+ do {
+ /* Fake a cond_wait with thread_yield, then
+ * verify the result properly mutex-protected.
+ */
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ do {
+ ldap_pvt_thread_yield();
+ } while ( (cancel = op->o_cancel) != SLAP_CANCEL_NONE
+ && cancel != SLAP_CANCEL_DONE );
+ ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+ } while ( (cancel = op->o_cancel) != SLAP_CANCEL_NONE
+ && cancel != SLAP_CANCEL_DONE );
+ }
+
+ ber_set_option( op->o_ber, LBER_OPT_BER_MEMCTX, &memctx_null );
+
+ if ( rc != LDAP_TXN_SPECIFY_OKAY ) {
+ LDAP_STAILQ_REMOVE( &conn->c_ops, op, Operation, o_next);
+ LDAP_STAILQ_NEXT(op, o_next) = NULL;
+ }
+ conn->c_n_ops_executing--;
+ conn->c_n_ops_completed++;
+
+ switch( tag ) {
+ case LBER_ERROR:
+ case LDAP_REQ_UNBIND:
+ /* c_mutex is locked */
+ connection_closing( conn,
+ tag == LDAP_REQ_UNBIND ? NULL : "operations error" );
+ break;
+ }
+
+ connection_resched( conn );
+ ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ if ( rc != LDAP_TXN_SPECIFY_OKAY ) {
+ slap_op_free( op, ctx );
+ }
+ return NULL;
+}
+
+static const Listener dummy_list = { BER_BVC(""), BER_BVC("") };
+
+Connection *connection_client_setup(
+ ber_socket_t s,
+ ldap_pvt_thread_start_t *func,
+ void *arg )
+{
+ Connection *c;
+ ber_socket_t sfd = SLAP_SOCKNEW( s );
+
+ c = connection_init( sfd, (Listener *)&dummy_list, "", "",
+ CONN_IS_CLIENT, 0, NULL
+ LDAP_PF_LOCAL_SENDMSG_ARG(NULL));
+ if ( c ) {
+ c->c_clientfunc = func;
+ c->c_clientarg = arg;
+
+ slapd_add_internal( sfd, 0 );
+ }
+ return c;
+}
+
+void connection_client_enable(
+ Connection *c )
+{
+ slapd_set_read( c->c_sd, 1 );
+}
+
+void connection_client_stop(
+ Connection *c )
+{
+ Sockbuf *sb;
+ ber_socket_t s = c->c_sd;
+
+ /* get (locked) connection */
+ c = connection_get( s );
+
+ assert( c->c_conn_state == SLAP_C_CLIENT );
+
+ c->c_listener = NULL;
+ c->c_sd = AC_SOCKET_INVALID;
+ c->c_close_reason = "?"; /* should never be needed */
+ sb = c->c_sb;
+ c->c_sb = ber_sockbuf_alloc( );
+ {
+ ber_len_t max = sockbuf_max_incoming;
+ ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+ c->c_conn_state = SLAP_C_INVALID;
+ slapd_remove( s, sb, 0, 1, 0 );
+
+ connection_return( c );
+}
+
+static int connection_read( ber_socket_t s, conn_readinfo *cri );
+
+static void* connection_read_thread( void* ctx, void* argv )
+{
+ int rc ;
+ conn_readinfo cri = { NULL, NULL, NULL, NULL, 0 };
+ ber_socket_t s = (long)argv;
+
+ /*
+ * read incoming LDAP requests. If there is more than one,
+ * the first one is returned with new_op
+ */
+ cri.ctx = ctx;
+ if( ( rc = connection_read( s, &cri ) ) < 0 ) {
+ Debug( LDAP_DEBUG_CONNS, "connection_read(%d) error\n", s );
+ return (void*)(long)rc;
+ }
+
+ /* execute a single queued request in the same thread */
+ if( cri.op && !cri.nullop ) {
+ rc = (long)connection_operation( ctx, cri.op );
+ } else if ( cri.func ) {
+ rc = (long)cri.func( ctx, cri.arg );
+ }
+
+ return (void*)(long)rc;
+}
+
+int connection_read_activate( ber_socket_t s )
+{
+ int rc;
+
+ /*
+ * suspend reading on this file descriptor until a connection processing
+ * thread reads data on it. Otherwise the listener thread will repeatedly
+ * submit the same event on it to the pool.
+ */
+ rc = slapd_clr_read( s, 0 );
+ if ( rc )
+ return rc;
+
+ rc = ldap_pvt_thread_pool_submit( &connection_pool,
+ connection_read_thread, (void *)(long)s );
+
+ if( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_read_activate(%d): submit failed (%d)\n",
+ s, rc );
+ }
+
+ return rc;
+}
+
+static int
+connection_read( ber_socket_t s, conn_readinfo *cri )
+{
+ int rc = 0;
+ Connection *c;
+
+ assert( connections != NULL );
+
+ /* get (locked) connection */
+ c = connection_get( s );
+
+ if( c == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_read(%ld): no connection!\n",
+ (long) s );
+
+ return -1;
+ }
+
+ c->c_n_read++;
+
+ if( c->c_conn_state == SLAP_C_CLOSING ) {
+ Debug( LDAP_DEBUG_CONNS,
+ "connection_read(%d): closing, ignoring input for id=%lu\n",
+ s, c->c_connid );
+ connection_return( c );
+ return 0;
+ }
+
+ if ( c->c_conn_state == SLAP_C_CLIENT ) {
+ cri->func = c->c_clientfunc;
+ cri->arg = c->c_clientarg;
+ /* read should already be cleared */
+ connection_return( c );
+ return 0;
+ }
+
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): checking for input on id=%lu\n",
+ s, c->c_connid );
+
+#ifdef HAVE_TLS
+ if ( c->c_is_tls && c->c_needs_tls_accept ) {
+ rc = ldap_pvt_tls_accept( c->c_sb, slap_tls_ctx );
+ if ( rc < 0 ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): TLS accept failure "
+ "error=%d id=%lu, closing\n",
+ s, rc, c->c_connid );
+
+ c->c_needs_tls_accept = 0;
+ /* c_mutex is locked */
+ connection_closing( c, "TLS negotiation failure" );
+ connection_close( c );
+ connection_return( c );
+ return 0;
+
+ } else if ( rc == 0 ) {
+ void *ssl;
+ struct berval authid = BER_BVNULL;
+ char msgbuf[32];
+
+ c->c_needs_tls_accept = 0;
+
+ /* we need to let SASL know */
+ ssl = ldap_pvt_tls_sb_ctx( c->c_sb );
+
+ c->c_tls_ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
+ if( c->c_tls_ssf > c->c_ssf ) {
+ c->c_ssf = c->c_tls_ssf;
+ }
+
+ rc = dnX509peerNormalize( ssl, &authid );
+ if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE, "connection_read(%d): "
+ "unable to get TLS client DN, error=%d id=%lu\n",
+ s, rc, c->c_connid );
+ }
+ sprintf(msgbuf, "tls_ssf=%u ssf=%u", c->c_tls_ssf, c->c_ssf);
+ Debug( LDAP_DEBUG_STATS,
+ "conn=%lu fd=%d TLS established %s tls_proto=%s tls_cipher=%s\n",
+ c->c_connid, (int) s,
+ msgbuf, ldap_pvt_tls_get_version( ssl ), ldap_pvt_tls_get_cipher( ssl ));
+ slap_sasl_external( c, c->c_tls_ssf, &authid );
+ if ( authid.bv_val ) free( authid.bv_val );
+
+ slap_sasl_cbinding( c, ssl );
+
+ } else if ( rc == 1 && ber_sockbuf_ctrl( c->c_sb,
+ LBER_SB_OPT_NEEDS_WRITE, NULL )) { /* need to retry */
+ slapd_set_write( s, 1 );
+ connection_return( c );
+ return 0;
+ }
+
+ /* if success and data is ready, fall thru to data input loop */
+ if( !ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DATA_READY, NULL ) )
+ {
+ slapd_set_read( s, 1 );
+ connection_return( c );
+ return 0;
+ }
+ }
+#endif
+
+#ifdef HAVE_CYRUS_SASL
+ if ( c->c_sasl_layers ) {
+ /* If previous layer is not removed yet, give up for now */
+ if ( !c->c_sasl_sockctx ) {
+ slapd_set_read( s, 1 );
+ connection_return( c );
+ return 0;
+ }
+
+ c->c_sasl_layers = 0;
+
+ rc = ldap_pvt_sasl_install( c->c_sb, c->c_sasl_sockctx );
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_read(%d): SASL install error "
+ "error=%d id=%lu, closing\n",
+ s, rc, c->c_connid );
+
+ /* c_mutex is locked */
+ connection_closing( c, "SASL layer install failure" );
+ connection_close( c );
+ connection_return( c );
+ return 0;
+ }
+ }
+#endif
+
+#define CONNECTION_INPUT_LOOP 1
+/* #define DATA_READY_LOOP 1 */
+
+ do {
+ /* How do we do this without getting into a busy loop ? */
+ rc = connection_input( c, cri );
+ }
+#ifdef DATA_READY_LOOP
+ while( !rc && ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_DATA_READY, NULL ));
+#elif defined CONNECTION_INPUT_LOOP
+ while(!rc);
+#else
+ while(0);
+#endif
+
+ if( rc < 0 ) {
+ Debug( LDAP_DEBUG_CONNS,
+ "connection_read(%d): input error=%d id=%lu, closing.\n",
+ s, rc, c->c_connid );
+
+ /* c_mutex is locked */
+ connection_closing( c, conn_lost_str );
+ connection_close( c );
+ connection_return( c );
+ return 0;
+ }
+
+ if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL ) ) {
+ slapd_set_write( s, 0 );
+ }
+
+ slapd_set_read( s, 1 );
+ connection_return( c );
+
+ return 0;
+}
+
+static int
+connection_input( Connection *conn , conn_readinfo *cri )
+{
+ Operation *op;
+ ber_tag_t tag;
+ ber_len_t len;
+ ber_int_t msgid;
+ BerElement *ber;
+ int rc;
+#ifdef LDAP_CONNECTIONLESS
+ Sockaddr peeraddr;
+ char *cdn = NULL;
+#endif
+ char *defer = NULL;
+ void *ctx;
+
+ if ( conn->c_currentber == NULL &&
+ ( conn->c_currentber = ber_alloc()) == NULL )
+ {
+ Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n" );
+ return -1;
+ }
+
+ sock_errset(0);
+
+#ifdef LDAP_CONNECTIONLESS
+ if ( conn->c_is_udp ) {
+#if defined(LDAP_PF_INET6)
+ char peername[sizeof("IP=[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535")];
+ char addr[INET6_ADDRSTRLEN];
+#else
+ char peername[sizeof("IP=255.255.255.255:65336")];
+ char addr[INET_ADDRSTRLEN];
+#endif
+ const char *peeraddr_string = NULL;
+
+ len = ber_int_sb_read(conn->c_sb, &peeraddr, sizeof(Sockaddr));
+ if (len != sizeof(Sockaddr)) return 1;
+
+#if defined(LDAP_PF_INET6)
+ if (peeraddr.sa_addr.sa_family == AF_INET6) {
+ if ( IN6_IS_ADDR_V4MAPPED(&peeraddr.sa_in6_addr.sin6_addr) ) {
+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
+ peeraddr_string = inet_ntop( AF_INET,
+ ((struct in_addr *)&peeraddr.sa_in6_addr.sin6_addr.s6_addr[12]),
+ addr, sizeof(addr) );
+#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
+ peeraddr_string = inet_ntoa( *((struct in_addr *)
+ &peeraddr.sa_in6_addr.sin6_addr.s6_addr[12]) );
+#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
+ if ( !peeraddr_string ) peeraddr_string = SLAP_STRING_UNKNOWN;
+ sprintf( peername, "IP=%s:%d", peeraddr_string,
+ (unsigned) ntohs( peeraddr.sa_in6_addr.sin6_port ) );
+ } else {
+ peeraddr_string = inet_ntop( AF_INET6,
+ &peeraddr.sa_in6_addr.sin6_addr,
+ addr, sizeof addr );
+ if ( !peeraddr_string ) peeraddr_string = SLAP_STRING_UNKNOWN;
+ sprintf( peername, "IP=[%s]:%d", peeraddr_string,
+ (unsigned) ntohs( peeraddr.sa_in6_addr.sin6_port ) );
+ }
+ } else
+#endif
+#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
+ {
+ peeraddr_string = inet_ntop( AF_INET, &peeraddr.sa_in_addr.sin_addr,
+ addr, sizeof(addr) );
+#else /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
+ peeraddr_string = inet_ntoa( peeraddr.sa_in_addr.sin_addr );
+#endif /* ! HAVE_GETADDRINFO || ! HAVE_INET_NTOP */
+ sprintf( peername, "IP=%s:%d",
+ peeraddr_string,
+ (unsigned) ntohs( peeraddr.sa_in_addr.sin_port ) );
+ }
+ Debug( LDAP_DEBUG_STATS,
+ "conn=%lu UDP request from %s (%s) accepted.\n",
+ conn->c_connid, peername, conn->c_sock_name.bv_val );
+ }
+#endif
+
+ tag = ber_get_next( conn->c_sb, &len, conn->c_currentber );
+ if ( tag != LDAP_TAG_MESSAGE ) {
+ int err = sock_errno();
+
+ if ( err != EWOULDBLOCK && err != EAGAIN ) {
+ char ebuf[128];
+ /* log, close and send error */
+ Debug( LDAP_DEBUG_TRACE,
+ "ber_get_next on fd %d failed errno=%d (%s)\n",
+ conn->c_sd, err, sock_errstr(err, ebuf, sizeof(ebuf)) );
+ ber_free( conn->c_currentber, 1 );
+ conn->c_currentber = NULL;
+
+ return -2;
+ }
+ return 1;
+ }
+
+ ber = conn->c_currentber;
+ conn->c_currentber = NULL;
+
+ if ( (tag = ber_get_int( ber, &msgid )) != LDAP_TAG_MSGID ) {
+ /* log, close and send error */
+ Debug( LDAP_DEBUG_ANY, "ber_get_int returns 0x%lx\n", tag );
+ ber_free( ber, 1 );
+ return -1;
+ }
+
+ if ( (tag = ber_peek_tag( ber, &len )) == LBER_ERROR ) {
+ /* log, close and send error */
+ Debug( LDAP_DEBUG_ANY, "ber_peek_tag returns 0x%lx\n", tag );
+ ber_free( ber, 1 );
+
+ return -1;
+ }
+
+#ifdef LDAP_CONNECTIONLESS
+ if( conn->c_is_udp ) {
+ if( tag == LBER_OCTETSTRING ) {
+ if ( (tag = ber_get_stringa( ber, &cdn )) != LBER_ERROR )
+ tag = ber_peek_tag( ber, &len );
+ }
+ if( tag != LDAP_REQ_ABANDON && tag != LDAP_REQ_SEARCH ) {
+ Debug( LDAP_DEBUG_ANY, "invalid req for UDP 0x%lx\n", tag );
+ ber_free( ber, 1 );
+ return 0;
+ }
+ }
+#endif
+
+ if(tag == LDAP_REQ_BIND) {
+ /* immediately abandon all existing operations upon BIND */
+ connection_abandon( conn );
+ }
+
+ ctx = cri->ctx;
+ op = slap_op_alloc( ber, msgid, tag, conn->c_n_ops_received++, ctx );
+
+ Debug( LDAP_DEBUG_TRACE, "op tag 0x%lx, time %ld\n", tag,
+ (long) op->o_time );
+
+ op->o_conn = conn;
+ /* clear state if the connection is being reused from inactive */
+ if ( conn->c_conn_state == SLAP_C_INACTIVE ) {
+ memset( &conn->c_pagedresults_state, 0,
+ sizeof( conn->c_pagedresults_state ) );
+ }
+
+ op->o_res_ber = NULL;
+
+#ifdef LDAP_CONNECTIONLESS
+ if (conn->c_is_udp) {
+ if ( cdn ) {
+ ber_str2bv( cdn, 0, 1, &op->o_dn );
+ op->o_protocol = LDAP_VERSION2;
+ }
+ op->o_res_ber = ber_alloc_t( LBER_USE_DER );
+ if (op->o_res_ber == NULL) return 1;
+
+ rc = ber_write( op->o_res_ber, (char *)&peeraddr,
+ sizeof(struct sockaddr), 0 );
+
+ if (rc != sizeof(struct sockaddr)) {
+ Debug( LDAP_DEBUG_ANY, "ber_write failed\n" );
+ return 1;
+ }
+
+ if (op->o_protocol == LDAP_VERSION2) {
+ rc = ber_printf(op->o_res_ber, "{is{" /*}}*/, op->o_msgid, "");
+ if (rc == -1) {
+ Debug( LDAP_DEBUG_ANY, "ber_write failed\n" );
+ return rc;
+ }
+ }
+ }
+#endif /* LDAP_CONNECTIONLESS */
+
+ rc = 0;
+
+ /* Don't process requests when the conn is in the middle of a
+ * Bind, or if it's closing. Also, don't let any single conn
+ * use up all the available threads, and don't execute if we're
+ * currently blocked on output. And don't execute if there are
+ * already pending ops, let them go first. Abandon operations
+ * get exceptions to some, but not all, cases.
+ */
+ switch( tag ){
+ default:
+ /* Abandon and Unbind are exempt from these checks */
+ if (conn->c_conn_state == SLAP_C_CLOSING) {
+ defer = "closing";
+ break;
+ } else if (conn->c_writewaiter) {
+ defer = "awaiting write";
+ break;
+ } else if (conn->c_n_ops_pending) {
+ defer = "pending operations";
+ break;
+ }
+ /* FALLTHRU */
+ case LDAP_REQ_ABANDON:
+ /* Unbind is exempt from these checks */
+ if (conn->c_n_ops_executing >= connection_pool_max/2) {
+ defer = "too many executing";
+ break;
+ } else if (conn->c_conn_state == SLAP_C_BINDING) {
+ defer = "binding";
+ break;
+ }
+ /* FALLTHRU */
+ case LDAP_REQ_UNBIND:
+ break;
+ }
+
+ if( defer ) {
+ int max = conn->c_dn.bv_len
+ ? slap_conn_max_pending_auth
+ : slap_conn_max_pending;
+
+ Debug( LDAP_DEBUG_ANY,
+ "connection_input: conn=%lu deferring operation: %s\n",
+ conn->c_connid, defer );
+ conn->c_n_ops_pending++;
+ LDAP_STAILQ_INSERT_TAIL( &conn->c_pending_ops, op, o_next );
+ rc = ( conn->c_n_ops_pending > max ) ? -1 : 0;
+
+ } else {
+ conn->c_n_ops_executing++;
+
+ /*
+ * The first op will be processed in the same thread context,
+ * as long as there is only one op total.
+ * Subsequent ops will be submitted to the pool by
+ * calling connection_op_activate()
+ */
+ if ( cri->op == NULL ) {
+ /* the first incoming request */
+ connection_op_queue( op );
+ cri->op = op;
+ } else {
+ if ( !cri->nullop ) {
+ cri->nullop = 1;
+ rc = ldap_pvt_thread_pool_submit( &connection_pool,
+ connection_operation, (void *) cri->op );
+ }
+ connection_op_activate( op );
+ }
+ }
+
+ return rc;
+}
+
+static int
+connection_resched( Connection *conn )
+{
+ Operation *op;
+
+ if( conn->c_writewaiter )
+ return 0;
+
+ if( conn->c_conn_state == SLAP_C_CLOSING ) {
+ Debug( LDAP_DEBUG_CONNS, "connection_resched: "
+ "attempting closing conn=%lu sd=%d\n",
+ conn->c_connid, conn->c_sd );
+ connection_close( conn );
+ return 0;
+ }
+
+ if( conn->c_conn_state != SLAP_C_ACTIVE ) {
+ /* other states need different handling */
+ return 0;
+ }
+
+ while ((op = LDAP_STAILQ_FIRST( &conn->c_pending_ops )) != NULL) {
+ if ( conn->c_n_ops_executing > connection_pool_max/2 ) break;
+
+ LDAP_STAILQ_REMOVE_HEAD( &conn->c_pending_ops, o_next );
+ LDAP_STAILQ_NEXT(op, o_next) = NULL;
+
+ /* pending operations should not be marked for abandonment */
+ assert(!op->o_abandon);
+
+ conn->c_n_ops_pending--;
+ conn->c_n_ops_executing++;
+
+ connection_op_activate( op );
+
+ if ( conn->c_conn_state == SLAP_C_BINDING ) break;
+ }
+ return 0;
+}
+
+static void
+connection_init_log_prefix( Operation *op )
+{
+ if ( op->o_connid == (unsigned long)(-1) ) {
+ snprintf( op->o_log_prefix, sizeof( op->o_log_prefix ),
+ "conn=-1 op=%lu", op->o_opid );
+
+ } else {
+ snprintf( op->o_log_prefix, sizeof( op->o_log_prefix ),
+ "conn=%lu op=%lu", op->o_connid, op->o_opid );
+ }
+}
+
+static int connection_bind_cleanup_cb( Operation *op, SlapReply *rs )
+{
+ op->o_conn->c_sasl_bindop = NULL;
+
+ ch_free( op->o_callback );
+ op->o_callback = NULL;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static int connection_bind_cb( Operation *op, SlapReply *rs )
+{
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+ op->o_conn->c_sasl_bind_in_progress =
+ ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS );
+
+ /* Moved here from bind.c due to ITS#4158 */
+ op->o_conn->c_sasl_bindop = NULL;
+ if ( op->orb_method == LDAP_AUTH_SASL ) {
+ if( rs->sr_err == LDAP_SUCCESS ) {
+ ber_dupbv(&op->o_conn->c_dn, &op->orb_edn);
+ if( !BER_BVISEMPTY( &op->orb_edn ) ) {
+ /* edn is always normalized already */
+ ber_dupbv( &op->o_conn->c_ndn, &op->o_conn->c_dn );
+ }
+ op->o_tmpfree( op->orb_edn.bv_val, op->o_tmpmemctx );
+ BER_BVZERO( &op->orb_edn );
+ op->o_conn->c_authmech = op->o_conn->c_sasl_bind_mech;
+ BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
+
+ op->o_conn->c_sasl_ssf = op->orb_ssf;
+ if( op->orb_ssf > op->o_conn->c_ssf ) {
+ op->o_conn->c_ssf = op->orb_ssf;
+ }
+
+ if( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
+ ber_len_t max = sockbuf_max_incoming_auth;
+ ber_sockbuf_ctrl( op->o_conn->c_sb,
+ LBER_SB_OPT_SET_MAX_INCOMING, &max );
+ }
+
+ /* log authorization identity */
+ Debug( LDAP_DEBUG_STATS,
+ "%s BIND dn=\"%s\" mech=%s bind_ssf=%d ssf=%d\n",
+ op->o_log_prefix,
+ BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val,
+ op->o_conn->c_authmech.bv_val,
+ op->orb_ssf, op->o_conn->c_ssf );
+
+ Debug( LDAP_DEBUG_TRACE,
+ "do_bind: SASL/%s bind: dn=\"%s\" bind_ssf=%d\n",
+ op->o_conn->c_authmech.bv_val,
+ BER_BVISNULL( &op->o_conn->c_dn ) ? "<empty>" : op->o_conn->c_dn.bv_val,
+ op->orb_ssf );
+
+ } else if ( rs->sr_err != LDAP_SASL_BIND_IN_PROGRESS ) {
+ if ( !BER_BVISNULL( &op->o_conn->c_sasl_bind_mech ) ) {
+ free( op->o_conn->c_sasl_bind_mech.bv_val );
+ BER_BVZERO( &op->o_conn->c_sasl_bind_mech );
+ }
+ }
+ }
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+
+ ch_free( op->o_callback );
+ op->o_callback = NULL;
+
+ return SLAP_CB_CONTINUE;
+}
+
+static void connection_op_queue( Operation *op )
+{
+ ber_tag_t tag = op->o_tag;
+
+ if (tag == LDAP_REQ_BIND) {
+ slap_callback *sc = ch_calloc( 1, sizeof( slap_callback ));
+ sc->sc_response = connection_bind_cb;
+ sc->sc_cleanup = connection_bind_cleanup_cb;
+ sc->sc_next = op->o_callback;
+ op->o_callback = sc;
+ op->o_conn->c_conn_state = SLAP_C_BINDING;
+ }
+
+ if (!op->o_dn.bv_len) {
+ op->o_authz = op->o_conn->c_authz;
+ if ( BER_BVISNULL( &op->o_conn->c_sasl_authz_dn )) {
+ ber_dupbv( &op->o_dn, &op->o_conn->c_dn );
+ ber_dupbv( &op->o_ndn, &op->o_conn->c_ndn );
+ } else {
+ ber_dupbv( &op->o_dn, &op->o_conn->c_sasl_authz_dn );
+ ber_dupbv( &op->o_ndn, &op->o_conn->c_sasl_authz_dn );
+ }
+ }
+
+ op->o_authtype = op->o_conn->c_authtype;
+ ber_dupbv( &op->o_authmech, &op->o_conn->c_authmech );
+
+ if (!op->o_protocol) {
+ op->o_protocol = op->o_conn->c_protocol
+ ? op->o_conn->c_protocol : LDAP_VERSION3;
+ }
+
+ if (op->o_conn->c_conn_state == SLAP_C_INACTIVE &&
+ op->o_protocol > LDAP_VERSION2)
+ {
+ op->o_conn->c_conn_state = SLAP_C_ACTIVE;
+ }
+
+ op->o_connid = op->o_conn->c_connid;
+ connection_init_log_prefix( op );
+
+ LDAP_STAILQ_INSERT_TAIL( &op->o_conn->c_ops, op, o_next );
+}
+
+static int connection_op_activate( Operation *op )
+{
+ int rc;
+
+ connection_op_queue( op );
+
+ rc = ldap_pvt_thread_pool_submit( &connection_pool,
+ connection_operation, (void *) op );
+
+ if ( rc != 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_op_activate: submit failed (%d) for conn=%lu\n",
+ rc, op->o_connid );
+ /* should move op to pending list */
+ }
+
+ return rc;
+}
+
+int connection_write(ber_socket_t s)
+{
+ Connection *c;
+ Operation *op;
+ int wantwrite;
+
+ assert( connections != NULL );
+
+ c = connection_get( s );
+ if( c == NULL ) {
+ Debug( LDAP_DEBUG_ANY,
+ "connection_write(%ld): no connection!\n",
+ (long)s );
+ return -1;
+ }
+
+ slapd_clr_write( s, 0 );
+
+#ifdef HAVE_TLS
+ if ( c->c_is_tls && c->c_needs_tls_accept ) {
+ connection_return( c );
+ connection_read_activate( s );
+ return 0;
+ }
+#endif
+
+ c->c_n_write++;
+
+ Debug( LDAP_DEBUG_TRACE,
+ "connection_write(%d): waking output for id=%lu\n",
+ s, c->c_connid );
+
+ wantwrite = ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_WRITE, NULL );
+ if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL )) {
+ /* don't wakeup twice */
+ slapd_set_read( s, !wantwrite );
+ }
+ if ( wantwrite ) {
+ slapd_set_write( s, 1 );
+ }
+
+ /* If there are ops pending because of a writewaiter,
+ * start one up.
+ */
+ while ((op = LDAP_STAILQ_FIRST( &c->c_pending_ops )) != NULL) {
+ if ( !c->c_writewaiter ) break;
+ if ( c->c_n_ops_executing > connection_pool_max/2 ) break;
+
+ LDAP_STAILQ_REMOVE_HEAD( &c->c_pending_ops, o_next );
+ LDAP_STAILQ_NEXT(op, o_next) = NULL;
+
+ /* pending operations should not be marked for abandonment */
+ assert(!op->o_abandon);
+
+ c->c_n_ops_pending--;
+ c->c_n_ops_executing++;
+
+ connection_op_activate( op );
+
+ break;
+ }
+
+ connection_return( c );
+ return 0;
+}
+
+void connection_write_resume( Connection *c )
+{
+ Operation *op;
+
+ ldap_pvt_thread_mutex_lock( &c->c_mutex );
+ /* If there are ops pending because of a writewaiter,
+ * start one up.
+ */
+ while ((op = LDAP_STAILQ_FIRST( &c->c_pending_ops )) != NULL) {
+ if ( c->c_n_ops_executing > connection_pool_max/2 ) break;
+
+ LDAP_STAILQ_REMOVE_HEAD( &c->c_pending_ops, o_next );
+ LDAP_STAILQ_NEXT(op, o_next) = NULL;
+
+ /* pending operations should not be marked for abandonment */
+ assert(!op->o_abandon);
+
+ c->c_n_ops_pending--;
+ c->c_n_ops_executing++;
+
+ connection_op_activate( op );
+
+ break;
+ }
+
+ connection_return( c );
+}
+
+#ifdef LDAP_SLAPI
+typedef struct conn_fake_extblock {
+ void *eb_conn;
+ void *eb_op;
+} conn_fake_extblock;
+
+static void
+connection_fake_destroy(
+ void *key,
+ void *data )
+{
+ Connection conn = {0};
+ Operation op = {0};
+ Opheader ohdr = {0};
+
+ conn_fake_extblock *eb = data;
+
+ op.o_hdr = &ohdr;
+ op.o_hdr->oh_extensions = eb->eb_op;
+ conn.c_extensions = eb->eb_conn;
+ op.o_conn = &conn;
+ conn.c_connid = -1;
+ op.o_connid = -1;
+
+ ber_memfree_x( eb, NULL );
+ slapi_int_free_object_extensions( SLAPI_X_EXT_OPERATION, &op );
+ slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION, &conn );
+}
+#endif
+
+void
+connection_fake_init(
+ Connection *conn,
+ OperationBuffer *opbuf,
+ void *ctx )
+{
+ connection_fake_init2( conn, opbuf, ctx, 1 );
+}
+
+void
+operation_fake_init(
+ Connection *conn,
+ Operation *op,
+ void *ctx,
+ int newmem )
+{
+ /* set memory context */
+ op->o_tmpmemctx = slap_sl_mem_create(SLAP_SLAB_SIZE, SLAP_SLAB_STACK, ctx,
+ newmem );
+ op->o_tmpmfuncs = &slap_sl_mfuncs;
+ op->o_threadctx = ctx;
+ op->o_tid = ldap_pvt_thread_pool_tid( ctx );
+
+ op->o_counters = &slap_counters;
+ op->o_conn = conn;
+ op->o_connid = op->o_conn->c_connid;
+ connection_init_log_prefix( op );
+}
+
+
+void
+connection_fake_init2(
+ Connection *conn,
+ OperationBuffer *opbuf,
+ void *ctx,
+ int newmem )
+{
+ Operation *op = (Operation *) opbuf;
+
+ conn->c_connid = -1;
+ conn->c_conn_idx = -1;
+ conn->c_send_ldap_result = slap_send_ldap_result;
+ conn->c_send_search_entry = slap_send_search_entry;
+ conn->c_send_search_reference = slap_send_search_reference;
+ conn->c_send_ldap_extended = slap_send_ldap_extended;
+ conn->c_send_ldap_intermediate = slap_send_ldap_intermediate;
+ conn->c_listener = (Listener *)&dummy_list;
+ conn->c_peer_domain = slap_empty_bv;
+ conn->c_peer_name = slap_empty_bv;
+
+ memset( opbuf, 0, sizeof( *opbuf ));
+ op->o_hdr = &opbuf->ob_hdr;
+ op->o_controls = opbuf->ob_controls;
+
+ operation_fake_init( conn, op, ctx, newmem );
+
+#ifdef LDAP_SLAPI
+ if ( slapi_plugins_used ) {
+ conn_fake_extblock *eb;
+ void *ebx = NULL;
+
+ /* Use thread keys to make sure these eventually get cleaned up */
+ if ( ldap_pvt_thread_pool_getkey( ctx, (void *)connection_fake_init,
+ &ebx, NULL )) {
+ eb = ch_malloc( sizeof( *eb ));
+ slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, conn );
+ slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
+ eb->eb_conn = conn->c_extensions;
+ eb->eb_op = op->o_hdr->oh_extensions;
+ ldap_pvt_thread_pool_setkey( ctx, (void *)connection_fake_init,
+ eb, connection_fake_destroy, NULL, NULL );
+ } else {
+ eb = ebx;
+ conn->c_extensions = eb->eb_conn;
+ op->o_hdr->oh_extensions = eb->eb_op;
+ }
+ }
+#endif /* LDAP_SLAPI */
+
+ slap_op_time( &op->o_time, &op->o_tincr );
+}
+
+void
+connection_assign_nextid( Connection *conn )
+{
+ ldap_pvt_thread_mutex_lock( &conn_nextid_mutex );
+ conn->c_connid = conn_nextid++;
+ ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex );
+}