/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 1998-2020 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
#include "portable.h"
#include
#include
#include
#include
#include
#include
#include
#include "lutil.h"
#include "slap.h"
static void
upstream_name_cb( int result, struct evutil_addrinfo *res, void *arg )
{
Backend *b = arg;
ber_socket_t s = AC_SOCKET_INVALID;
int rc;
ldap_pvt_thread_mutex_lock( &b->b_mutex );
if ( result || !res ) {
Debug( LDAP_DEBUG_ANY, "upstream_name_cb: "
"name resolution failed for backend '%s': %s\n",
b->b_bindconf.sb_uri.bv_val, evutil_gai_strerror( result ) );
goto fail;
}
/* TODO: if we get failures, try the other addrinfos */
if ( (s = socket( res->ai_family, SOCK_STREAM, 0 )) ==
AC_SOCKET_INVALID ) {
goto fail;
}
if ( ber_pvt_socket_set_nonblock( s, 1 ) ) {
goto fail;
}
if ( res->ai_family == PF_INET ) {
struct sockaddr_in *ai = (struct sockaddr_in *)res->ai_addr;
ai->sin_port = htons( b->b_port );
rc = connect( s, (struct sockaddr *)ai, res->ai_addrlen );
} else {
struct sockaddr_in6 *ai = (struct sockaddr_in6 *)res->ai_addr;
ai->sin6_port = htons( b->b_port );
rc = connect( s, (struct sockaddr *)ai, res->ai_addrlen );
}
if ( rc && errno != EINPROGRESS && errno != EWOULDBLOCK ) {
Debug( LDAP_DEBUG_ANY, "upstream_name_cb: "
"failed to connect to server '%s'\n",
b->b_bindconf.sb_uri.bv_val );
goto fail;
}
if ( !upstream_init( s, b ) ) {
goto fail;
}
b->b_opening--;
b->b_failed = 0;
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
backend_retry( b );
free( res );
return;
fail:
if ( s != AC_SOCKET_INVALID ) {
evutil_closesocket( s );
}
b->b_opening--;
b->b_failed++;
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
backend_retry( b );
free( res );
}
Connection *
backend_select( Operation *op )
{
Backend *b, *first, *next;
ldap_pvt_thread_mutex_lock( &backend_mutex );
first = b = current_backend;
ldap_pvt_thread_mutex_unlock( &backend_mutex );
if ( !first ) {
return NULL;
}
/* TODO: Two runs, one with trylock, then one actually locked if we don't
* find anything? */
do {
struct ConnSt *head;
Connection *c;
ldap_pvt_thread_mutex_lock( &b->b_mutex );
next = LDAP_CIRCLEQ_LOOP_NEXT( &backend, b, b_next );
if ( b->b_max_pending && b->b_n_ops_executing >= b->b_max_pending ) {
Debug( LDAP_DEBUG_CONNS, "backend_select: "
"backend %s too busy\n",
b->b_bindconf.sb_uri.bv_val );
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
b = next;
continue;
}
if ( op->o_tag == LDAP_REQ_BIND
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
&& !(lload_features & LLOAD_FEATURE_VC)
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
) {
head = &b->b_bindconns;
} else {
head = &b->b_conns;
}
LDAP_CIRCLEQ_FOREACH ( c, head, c_next ) {
ldap_pvt_thread_mutex_lock( &c->c_io_mutex );
CONNECTION_LOCK(c);
if ( c->c_state == SLAP_C_READY && !c->c_pendingber &&
( b->b_max_conn_pending == 0 ||
c->c_n_ops_executing < b->b_max_conn_pending ) ) {
Debug( LDAP_DEBUG_CONNS, "backend_select: "
"selected connection %lu for client %lu msgid=%d\n",
c->c_connid, op->o_client_connid, op->o_client_msgid );
/*
* Round-robin step:
* Rotate the queue to put this connection at the end, same for
* the backend.
*/
LDAP_CIRCLEQ_MAKE_TAIL( head, c, c_next );
ldap_pvt_thread_mutex_lock( &backend_mutex );
current_backend = next;
ldap_pvt_thread_mutex_unlock( &backend_mutex );
b->b_n_ops_executing++;
c->c_n_ops_executing++;
CONNECTION_UNLOCK_INCREF(c);
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
return c;
}
CONNECTION_UNLOCK(c);
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
}
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
b = next;
} while ( b != first );
return NULL;
}
void
backend_retry( Backend *b )
{
int rc, requested;
if ( slapd_shutdown ) {
Debug( LDAP_DEBUG_CONNS, "backend_retry: "
"shutting down\n" );
return;
}
ldap_pvt_thread_mutex_lock( &b->b_mutex );
requested = b->b_numconns;
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( !(lload_features & LLOAD_FEATURE_VC) )
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
{
requested += b->b_numbindconns;
}
if ( b->b_active + b->b_bindavail + b->b_opening < requested ) {
if ( b->b_opening > 0 || b->b_failed > 0 ) {
if ( !event_pending( b->b_retry_event, EV_TIMEOUT, NULL ) ) {
Debug( LDAP_DEBUG_CONNS, "backend_retry: "
"scheduling a retry in %d ms\n",
b->b_retry_timeout );
b->b_opening++;
event_add( b->b_retry_event, &b->b_retry_tv );
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
return;
} else {
Debug( LDAP_DEBUG_CONNS, "backend_retry: "
"retry already scheduled\n" );
}
} else {
Debug( LDAP_DEBUG_CONNS, "backend_retry: "
"scheduling re-connection straight away\n" );
b->b_opening++;
rc = ldap_pvt_thread_pool_submit(
&connection_pool, backend_connect_task, b );
if ( rc ) {
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
backend_connect( -1, 0, b );
return;
}
}
} else {
Debug( LDAP_DEBUG_CONNS, "backend_retry: "
"no more connections needed for this backend\n" );
}
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
}
void
backend_connect( evutil_socket_t s, short what, void *arg )
{
struct evutil_addrinfo hints = {};
Backend *b = arg;
char *hostname;
if ( slapd_shutdown ) {
Debug( LDAP_DEBUG_CONNS, "backend_connect: "
"doing nothing, shutdown in progress\n" );
return;
}
ldap_pvt_thread_mutex_lock( &b->b_mutex );
Debug( LDAP_DEBUG_CONNS, "backend_connect: "
"attempting connection to %s\n",
b->b_host );
#ifdef LDAP_PF_LOCAL
if ( b->b_proto == LDAP_PROTO_IPC ) {
struct sockaddr_un addr;
ber_socket_t s = socket( PF_LOCAL, SOCK_STREAM, 0 );
int rc;
if ( s == AC_SOCKET_INVALID ) {
goto fail;
}
rc = ber_pvt_socket_set_nonblock( s, 1 );
if ( rc ) {
evutil_closesocket( s );
goto fail;
}
if ( strlen( b->b_host ) > ( sizeof(addr.sun_path) - 1 ) ) {
evutil_closesocket( s );
goto fail;
}
memset( &addr, '\0', sizeof(addr) );
addr.sun_family = AF_LOCAL;
strcpy( addr.sun_path, b->b_host );
rc = connect(
s, (struct sockaddr *)&addr, sizeof(struct sockaddr_un) );
if ( rc && errno != EINPROGRESS && errno != EWOULDBLOCK ) {
evutil_closesocket( s );
goto fail;
}
if ( !upstream_init( s, b ) ) {
goto fail;
}
b->b_opening--;
b->b_failed = 0;
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
backend_retry( b );
return;
}
#endif /* LDAP_PF_LOCAL */
hints.ai_family = AF_UNSPEC;
hints.ai_flags = EVUTIL_AI_CANONNAME;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
hostname = b->b_host;
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
evdns_getaddrinfo( dnsbase, hostname, NULL, &hints, upstream_name_cb, b );
return;
fail:
b->b_opening--;
b->b_failed++;
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
backend_retry( b );
}
void *
backend_connect_task( void *ctx, void *arg )
{
backend_connect( -1, 0, arg );
return NULL;
}
void
backends_destroy( void )
{
while ( !LDAP_CIRCLEQ_EMPTY( &backend ) ) {
Backend *b = LDAP_CIRCLEQ_FIRST( &backend );
Debug( LDAP_DEBUG_CONNS, "backends_destroy: "
"destroying backend uri='%s', numconns=%d, numbindconns=%d\n",
b->b_bindconf.sb_uri.bv_val, b->b_numconns, b->b_numbindconns );
while ( !LDAP_CIRCLEQ_EMPTY( &b->b_bindconns ) ) {
Connection *c = LDAP_CIRCLEQ_FIRST( &b->b_bindconns );
TAvlnode *root;
long freed;
CONNECTION_LOCK(c);
Debug( LDAP_DEBUG_CONNS, "backends_destroy: "
"destroying bind connection connid=%lu, pending ops=%ld\n",
c->c_connid, c->c_n_ops_executing );
root = c->c_ops;
c->c_ops = NULL;
CONNECTION_UNLOCK_INCREF(c);
freed = tavl_free( root, (AVL_FREE)operation_lost_upstream );
CONNECTION_LOCK_DECREF(c);
assert( freed == c->c_n_ops_executing );
assert( c->c_live );
UPSTREAM_DESTROY(c);
}
while ( !LDAP_CIRCLEQ_EMPTY( &b->b_conns ) ) {
Connection *c = LDAP_CIRCLEQ_FIRST( &b->b_conns );
TAvlnode *root;
long freed;
CONNECTION_LOCK(c);
Debug( LDAP_DEBUG_CONNS, "backends_destroy: "
"destroying regular connection connid=%lu, pending "
"ops=%ld\n",
c->c_connid, c->c_n_ops_executing );
root = c->c_ops;
c->c_ops = NULL;
CONNECTION_UNLOCK_INCREF(c);
freed = tavl_free( root, (AVL_FREE)operation_lost_upstream );
CONNECTION_LOCK_DECREF(c);
assert( freed == c->c_n_ops_executing );
assert( c->c_live );
UPSTREAM_DESTROY(c);
}
LDAP_CIRCLEQ_REMOVE( &backend, b, b_next );
ldap_pvt_thread_mutex_destroy( &b->b_mutex );
event_del( b->b_retry_event );
event_free( b->b_retry_event );
ch_free( b->b_host );
ch_free( b->b_bindconf.sb_uri.bv_val );
ch_free( b->b_bindconf.sb_binddn.bv_val );
ch_free( b->b_bindconf.sb_cred.bv_val );
ch_free( b->b_bindconf.sb_saslmech.bv_val );
ch_free( b->b_bindconf.sb_secprops );
ch_free( b->b_bindconf.sb_realm.bv_val );
ch_free( b->b_bindconf.sb_authcId.bv_val );
ch_free( b->b_bindconf.sb_authzId.bv_val );
#ifdef HAVE_TLS
ch_free( b->b_bindconf.sb_tls_cert );
ch_free( b->b_bindconf.sb_tls_key );
ch_free( b->b_bindconf.sb_tls_cacert );
ch_free( b->b_bindconf.sb_tls_cacertdir );
ch_free( b->b_bindconf.sb_tls_reqcert );
ch_free( b->b_bindconf.sb_tls_cipher_suite );
ch_free( b->b_bindconf.sb_tls_protocol_min );
#ifdef HAVE_OPENSSL_CRL
ch_free( b->b_bindconf.sb_tls_crlcheck );
#endif
#endif
ch_free( b );
}
}