mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
23,402 Commits 38 Branches 307 Tags 74 MiB
dfd8515e8e
Commit Graph

12665 Commits

Author SHA1 Message Date
Ondřej Kuzník
a7f8f58a63 expose task functions for invalidation 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
bf9f99dd88 Split backend destruction from resetting it 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
7f22bac4ac Introduce a new connection status - gentle shutdown 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ca646cd02d Fix operation counts 
Trying to abandon an operation does not automatically make it completed,
it might have failed already but we're just racing to reach the client
to record that.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
bea9bfb33d Move op counting to operation_init 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
0011684760 Cleanup sasl_bind_mech resets 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
9bd90a741c Fix a race on bind response processing. 
During response processing, an upstream connection could be marked ready
after a different bind had already been allocated to it, thus allowing
two binds to be in progress on the same connection.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
485a169758 Implement pause handlers 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
db5966f60d More meaningful connection type reporting 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
22818e8583 Module shutdown 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
dab9054794 Rework monitor startup 
Takes care of dealing with monitor not present/not configured and fix a
monitor startup issue.
 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
678fa100f7 Convert the load balancer into a backend 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
7771606984 Use slapd's config.h 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
2d33032504 Lload cn=monitor initial implementation 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
7a69017f6f Resolve authzid after a successful auth 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c957bb9199 Add SASL documentation on SASL handling 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
205db0bf94 Reset pin on simple bind 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
cbc0ec04c0 Fix pinned operation forwarding 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
2ba833680f Operation abandon related fixes 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
5c1245de06 Manage c_sasl_bind_mech on upstream 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c52328f63d Clear c_auth on every bind request 
For a new bind request, this is obvious, for SASL bind requests, we do
not know the final identity until we have finished handling it, make
sure it stays empty until then.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
72ca711271 Do not compare c_auth when NULL 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ee893ae147 Handle EXTERNAL mechanism 
Will only try to extract the TLS client certificate name if used during
the last handshake.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
003a35c62f SASL bind support 
Introduces pinned operations. When SASL bind finishes, we might still
have to maintain a link between the client an an upstream for future
bind operations if we got a SASL Bind in Progress result code. We zero
out the msgids and remember a server-unique identifer on the client and
the relevant operation that lets us retrieve that link again. This
operation is reclaimed just like anything else when connections drop.

Hopefully, this should work for LDAP TXN and VC Exop support with SASL
later as well since it allows for many-to-many links to exist.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
21a22d1bf1 Refactor request parsing and sending. 
We have to do most of out processing before we send the request over to
the upstream. If we don't, we might be too late and the response might
have arrived already.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ddd1acc327 Passing the client directly will allow clearing it from op 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
1fd7249f8e RFC4511 says Binds do not abandon, send a "reset" bind instead 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
66f06f3fa9 Initial extension to upstream selection 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c91d61cf19 Do not copy files from slapd, just link them 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
37cd5f21d5 Enable compilation of the load balancer as a module 
To compile the balancer as a slapd module, pass --enable-balancer=mod to ./configure
Use --enable-balancer(=yes) to compile as standalone server.
 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
8bc7650a7c Clean ups and renames to coexist with slapd 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ea83627929 request_abandon RFC4511 conformance 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
5cbd30ded9 Log timed out connections more clearly 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c386d527ca Protect currently impossible branch 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
aecc62c08e Introduce operation timeout machinery 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
8ba44630ef Factor out abandon message preparation 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
1790018488 Record operation activity times 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
a0ec50b33d Upstream queues ordered by c_connid 
In preparation for operation timeout events.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
0cfd4fca4d Make timeouts common and redo connection read timeouts 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
b4d7e8af8d We should just be able to call backend_retry 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
f87127dfa2 Set up TLS context for backends 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
1b46f86627 Client TLS support 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
a0cd41ecd2 Upstream TLS support 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
063981a06d Respond to timeout events properly 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ccf75c96c4 Update write timeout to timeval 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
5ee4b67673 Move bind handling to bind.c 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
abab7e46ad Move client related functions to client.c 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
f27517af95 Rename bind handlers 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
b801ca17cb Rename macros and symbols to lloadd 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
11f474385a Exop support 
At the moment, no exops are processed internally, all are passed on
unchanged.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
7cd531c069 Improve spec conformance, logging 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c60ef73984 Rework upstream conn setup 2020-11-17 17:58:13 +00:00
Ondřej Kuzník
0b3531066d Refactor operation_send_reject 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
d22db36cea lload_libevent_init can fail and wants to log 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8d93e0baa0 Unify connection locking and I/O 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cfeb4d82a3 Set binding state after we have dropped all ops 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
5fcef01d62 Switch from a global mutex 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
96b7619afc Do not unlock client unless we are destroying it 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
362d550328 Do not crash when closing both client and upstream 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
532fc1bf98 Shorten time operation_mutex is locked 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e03c9e6fb4 Stop processing if we freed the client 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
f7cf34e69c Reset connection state on abandon 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6140cdf6f8 Handle a client connection disconnected from op 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
d4225924bc CLOSING is another potential state we could be in 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
0ad91e0546 Do not back off until we get a failure 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cda8411c48 Close up the race 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
31074213f7 TENTATIVE: communicate more for op destroy race 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
622b87d5e8 Make ready only when still alive 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
16010e5e16 More logging improvements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7b7f9724c4 Avoid a deadlock with client 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7b413f9ed4 Update docs and defaults 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7046444327 Do not read on the last iteration. 
When the pdu processing limit is hit, we still attempt to read another
PDU. If we succeed, the ber_get_next call in the read callback will
abort since a full PDU is already present.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
65def94380 More logging improvements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1740f36bfc Fix emfile handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
30e538e836 Realign logging levels. 
Stats now logs all operations, stats2 additionally intermediate messages
(search entries).
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1dd0e5131a Only one bind at a time 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
33a993553d Unblock the client when we can't find an upstream 
If we can't find an upstream, we keep the client around, so it needs to
be unblocked.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
95df8a1ec8 Adjust backend operation counting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
baf1feab82 Handle asynchronous connect properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
46fe014378 Make sure operation stays alive when we process it 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
0ff462b619 Fix issues in bind response handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
545198c70d Simplify abandon processing 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
88390159a1 On connection shutdown, free op from the correct side 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
37cff37305 Manage connection refcnt better 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
af7ce80c85 Remember and clear bind status correctly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
05f2ac2583 Unify logging output 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
873d6fa3e1 Handle backend unsolicited response properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
961b600a42 Rework proxyauthz handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6ee21f1181 Split bind configuration from backends 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
0e7792e8f3 Borrow liblber code to get abandon processing to work 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7eeb5bb801 Forward controls correctly in the face of proxyauth 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
5b1ad43178 Handle upstream connection shutdown properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
c228bd1160 Be consistent with bind responses on no upstream 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
a8a0fe26b0 Documentation updates 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
495dfa69a2 Split client/upstream PDU size limits 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
3fa8a0cdf2 Rename listener-threads to reflect the option 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1082486874 Only enable verifycredentials if libldap does 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1dfeca3539 Another attempt at operation/connection destroy interaction. 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
26f721510a Improve logging 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
3f5dee0b79 Keep a list of active clients for shutdown purposes. 
Potentially for timeout detection purposes in the future.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e0b8bd5fc9 Free all pending operations on shutdown 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cf05722b6c Lookup operations by saved connid. 
We reset the connection pointer on a destruction attempt, avoid the
spurious asserts.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
f4afc06920 Tweak connection error logging. 
Do not log when receiving the last bytes on a connection. Log failed
writes.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
d020897f5b Initialise listeners after all workers have been 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
37a474b508 Fix error handling wrt. its callers 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
ee288cfc2d Fix refcounting for all code paths 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
53015aa4cb Round robin for backends. 
Several threads calling backend_select might reset current_backend to a
different place, there are two options to deal with that:
- just let the last rotation win (the current approach)
- detect whether first == current_backend and only replace then

Not sure which one is more useful, going with the simpler.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e65cd38787 Round-robin for upstream connections 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
58a880bc7b Convert backend and upstream management to use CIRCLEQ. 
This alone doesn't make the server do a round robin.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
643194e79e Revert connection/operation mutex order. 
There was still a race where the connection could be freed as the
operation was still being used.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9ebe5acb62 Clean up events properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8eb7f3fbca Stop the read callback on a dead connection. 
The connection might be ready to read (close) but if we can't destroy it
yet, we don't want the callback to trigger all the time or process new
data.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6899d0123d Do not bother to write to a dying connection 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
77f2c57132 Reset c_*ber after freeing and check c_pendingber race 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
07b5744c2a Retain a reference around for handle_responses 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
c5584fd32a Do not leak responses to abandoned ops 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7a29fabd09 Destroy the unbind operation when acted upon 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9d66c26be5 Operation reference counting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
ea7e40b8e7 Shutdown handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
837a6068e0 Rework client_read_cb along the lines of upstream 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
028f28690f On a failed bind, stop the callback from firing again 
Not a problem but causes a slew of calls to upstream_bind_cb that will
all fail in the same way.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cddc96322d Do not clear c_pendingber on short write 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
fba4bed6e2 connection reference counting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
c0d254a4ce Do not leak BerElements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6c8b2acce0 Do not leak addrinfos 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8f5bae921e Pending operation tracking and limiting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e5fcf17506 Save connection ids on operation for logging purposes 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
54cd3a27f0 Reject operations when binding 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
50f5c4bea7 Report initial bind errors to client 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
2e2c86664a There might be errors before we save the operation in c_ops 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
b6b3f35aac Fix proxyauthz handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8b1703d2a7 Implement backend retry timeouts 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
463bcdd2c4 Update backend progress tracking 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
dc5e2538ec Configuration part for retry timeouts 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
673513a017 Maintain the configured amount of connections per backend 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
798e215ea6 Add connection number config 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
94ee62a4f4 Switch bindkey to use Backend instead of bindconf 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
59291ba4de Proxyauthz support 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9309bc9402 Make features global 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
639c5912f5 Client authentication 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e5f68bcf7c Option for response handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
4ad8ecd45e Logging improvements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
f37e7757b1 Response handling, exploit optional bervals 2020-11-17 17:55:45 +00:00
Ondřej Kuzník
2fbc8ca473 Rename backend mutex 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
3d1ea4693e Authenticate the upstream connection if configured 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
5bdb4e1570 Update maximum number or parameters for backend 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
fd5b9cdb91 This is a proxy now 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
93fe1d2bab Operation parsing 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
b49932d637 Connection write support 2020-11-17 17:42:43 +00:00
Ondřej Kuzník
79f7e79f15 Set up connections in the worker threads 2020-11-17 17:15:40 +00:00