/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright 1998-2020 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
#include "portable.h"
#include
#include
#include
#include
#include
#include "lutil.h"
#include "slap.h"
static int
forward_response( Operation *op, BerElement *ber )
{
Connection *c = op->o_client;
BerElement *output;
BerValue response, controls = BER_BVNULL;
ber_tag_t tag, response_tag;
ber_len_t len;
response_tag = ber_skip_element( ber, &response );
tag = ber_peek_tag( ber, &len );
if ( tag == LDAP_TAG_CONTROLS ) {
ber_skip_element( ber, &controls );
}
Debug( LDAP_DEBUG_CONNS, "forward_response: "
"%s to client connid=%lu request msgid=%d\n",
slap_msgtype2str( response_tag ), op->o_client_connid,
op->o_client_msgid );
ldap_pvt_thread_mutex_lock( &c->c_io_mutex );
output = c->c_pendingber;
if ( output == NULL && (output = ber_alloc()) == NULL ) {
ber_free( ber, 1 );
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
return -1;
}
c->c_pendingber = output;
ber_printf( output, "t{titOtO}", LDAP_TAG_MESSAGE,
LDAP_TAG_MSGID, op->o_client_msgid,
response_tag, &response,
LDAP_TAG_CONTROLS, BER_BV_OPTIONAL( &controls ) );
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
ber_free( ber, 1 );
client_write_cb( -1, 0, c );
return 0;
}
static int
forward_final_response( Operation *op, BerElement *ber )
{
int rc;
Debug( LDAP_DEBUG_CONNS, "forward_final_response: "
"connid=%lu msgid=%d finishing up with a request for "
"client connid=%lu\n",
op->o_upstream_connid, op->o_upstream_msgid, op->o_client_connid );
rc = forward_response( op, ber );
CONNECTION_LOCK_DECREF(op->o_upstream);
operation_destroy_from_upstream( op );
CONNECTION_UNLOCK_INCREF(op->o_upstream);
return rc;
}
static int
handle_bind_response( Operation *op, BerElement *ber )
{
Connection *c = op->o_client;
BerElement *copy;
ber_int_t msgid, result;
ber_tag_t tag;
int rc = 0;
copy = ber_dup( ber );
if ( !copy ) {
rc = -1;
goto done;
}
tag = ber_scanf( copy, "{i{e" /* "}}" */, &msgid, &result );
ber_free( copy, 0 );
if ( tag == LBER_ERROR ) {
rc = -1;
goto done;
}
Debug( LDAP_DEBUG_CONNS, "handle_bind_response: "
"received response for bind request by client connid=%lu, "
"result=%d\n",
op->o_client_connid, result );
CONNECTION_LOCK(c);
switch ( result ) {
case LDAP_SASL_BIND_IN_PROGRESS:
break;
case LDAP_SUCCESS:
default: {
c->c_state = SLAP_C_READY;
c->c_type = SLAP_C_OPEN;
if ( result != LDAP_SUCCESS ) {
ber_memfree( c->c_auth.bv_val );
BER_BVZERO( &c->c_auth );
} else if ( !ber_bvstrcasecmp( &c->c_auth, &lloadd_identity ) ) {
c->c_type = SLAP_C_PRIVILEGED;
}
if ( !BER_BVISNULL( &c->c_sasl_bind_mech ) ) {
ber_memfree( c->c_sasl_bind_mech.bv_val );
BER_BVZERO( &c->c_sasl_bind_mech );
}
break;
}
}
done:
if ( rc ) {
operation_destroy_from_client( op );
CONNECTION_UNLOCK(c);
ber_free( ber, 1 );
return rc;
}
CONNECTION_UNLOCK(c);
return forward_final_response( op, ber );
}
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
static int
handle_vc_bind_response( Operation *op, BerElement *ber )
{
Connection *c = op->o_client;
BerElement *output;
BerValue matched, diagmsg, creds = BER_BVNULL, controls = BER_BVNULL;
ber_int_t result;
ber_tag_t tag;
ber_len_t len;
int rc = 0;
tag = ber_scanf( ber, "{emm" /* "}" */,
&result, &matched, &diagmsg );
if ( tag == LBER_ERROR ) {
rc = -1;
goto done;
}
tag = ber_peek_tag( ber, &len );
if ( result == LDAP_PROTOCOL_ERROR ) {
Connection *upstream = op->o_upstream;
Backend *b;
CONNECTION_LOCK(upstream);
b = (Backend *)upstream->c_private;
Debug( LDAP_DEBUG_ANY, "handle_vc_bind_response: "
"VC extended operation not supported on backend %s\n",
b->b_uri.bv_val );
CONNECTION_UNLOCK(upstream);
}
CONNECTION_LOCK(c);
Debug( LDAP_DEBUG_CONNS, "handle_vc_bind_response: "
"received response for bind request by client connid=%lu, "
"result=%d\n",
c->c_connid, result );
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ) {
if ( !BER_BVISNULL( &c->c_vc_cookie ) ) {
ber_memfree( c->c_vc_cookie.bv_val );
}
tag = ber_scanf( ber, "o", &c->c_vc_cookie );
if ( tag == LBER_ERROR ) {
rc = -1;
CONNECTION_UNLOCK_INCREF(c);
goto done;
}
tag = ber_peek_tag( ber, &len );
}
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS ) {
tag = ber_scanf( ber, "m", &creds );
if ( tag == LBER_ERROR ) {
rc = -1;
CONNECTION_UNLOCK_INCREF(c);
goto done;
}
tag = ber_peek_tag( ber, &len );
}
if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ) {
tag = ber_scanf( ber, "m", &controls );
if ( tag == LBER_ERROR ) {
rc = -1;
CONNECTION_UNLOCK_INCREF(c);
goto done;
}
}
switch ( result ) {
case LDAP_SASL_BIND_IN_PROGRESS:
break;
case LDAP_SUCCESS:
default: {
c->c_state = SLAP_C_READY;
c->c_type = SLAP_C_OPEN;
if ( result != LDAP_SUCCESS ) {
ber_memfree( c->c_auth.bv_val );
BER_BVZERO( &c->c_auth );
} else if ( !ber_bvstrcasecmp( &c->c_auth, &lloadd_identity ) ) {
c->c_type = SLAP_C_PRIVILEGED;
}
if ( !BER_BVISNULL( &c->c_vc_cookie ) ) {
ber_memfree( c->c_vc_cookie.bv_val );
BER_BVZERO( &c->c_vc_cookie );
}
if ( !BER_BVISNULL( &c->c_sasl_bind_mech ) ) {
ber_memfree( c->c_sasl_bind_mech.bv_val );
BER_BVZERO( &c->c_sasl_bind_mech );
}
break;
}
}
CONNECTION_UNLOCK_INCREF(c);
ldap_pvt_thread_mutex_lock( &c->c_io_mutex );
output = c->c_pendingber;
if ( output == NULL && (output = ber_alloc()) == NULL ) {
rc = -1;
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
goto done;
}
c->c_pendingber = output;
rc = ber_printf( output, "t{tit{eOOtO}tO}", LDAP_TAG_MESSAGE,
LDAP_TAG_MSGID, op->o_client_msgid, LDAP_RES_BIND,
result, &matched, &diagmsg,
LDAP_TAG_SASL_RES_CREDS, BER_BV_OPTIONAL( &creds ),
LDAP_TAG_CONTROLS, BER_BV_OPTIONAL( &controls ) );
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
if ( rc >= 0 ) {
client_write_cb( -1, 0, c );
rc = 0;
}
done:
CONNECTION_LOCK_DECREF(c);
operation_destroy_from_client( op );
CLIENT_UNLOCK_OR_DESTROY(c);
ber_free( ber, 1 );
return rc;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
static int
handle_unsolicited( Connection *c, BerElement *ber )
{
c->c_state = SLAP_C_CLOSING;
Debug( LDAP_DEBUG_CONNS, "handle_unsolicited: "
"teardown for upstream connection connid=%lu\n",
c->c_connid );
UPSTREAM_DESTROY(c);
ber_free( ber, 1 );
return -1;
}
/*
* Pull c->c_currentber from the connection and try to look up the operation on
* the upstream.
*
* If it's a notice of disconnection, we won't find it and need to tear down
* the connection and tell the clients, if we can't find the operation, ignore
* the message (either client already disconnected/abandoned it or the upstream
* is pulling our leg).
*
* Some responses need special handling:
* - Bind response
* - VC response where the client requested a Bind (both need to update the
* client's bind status)
* - search entries/referrals and intermediate responses (will not trigger
* operation to be removed)
*
* If the worker pool is overloaded, we might be called directly from
* upstream_read_cb, at that point, the connection hasn't been muted.
*
* TODO: when the client already has data pending on write, we should mute the
* upstream.
* - should record the BerElement on the Op and the Op on the client
*
* The following hold on entering any of the handlers:
* - op->o_upstream_refcnt > 0
* - op->o_upstream->c_refcnt > 0
* - op->o_client->c_refcnt > 0
*/
static int
handle_one_response( Connection *c )
{
BerElement *ber;
Operation *op = NULL, needle = { .o_upstream_connid = c->c_connid };
OperationHandler handler = NULL;
ber_tag_t tag;
ber_len_t len;
int rc = LDAP_SUCCESS;
ber = c->c_currentber;
c->c_currentber = NULL;
tag = ber_get_int( ber, &needle.o_upstream_msgid );
if ( tag != LDAP_TAG_MSGID ) {
rc = -1;
ber_free( ber, 1 );
goto fail;
}
if ( needle.o_upstream_msgid == 0 ) {
return handle_unsolicited( c, ber );
} else if ( !( op = tavl_find(
c->c_ops, &needle, operation_upstream_cmp ) ) ) {
/* Already abandoned, do nothing */
ber_free( ber, 1 );
return rc;
/*
} else if ( op->o_response_pending ) {
c->c_pendingop = op;
event_del( c->c_read_event );
*/
} else {
/*
op->o_response_pending = ber;
*/
tag = ber_peek_tag( ber, &len );
switch ( tag ) {
case LDAP_RES_SEARCH_ENTRY:
case LDAP_RES_SEARCH_REFERENCE:
case LDAP_RES_INTERMEDIATE:
handler = forward_response;
break;
case LDAP_RES_BIND:
handler = handle_bind_response;
break;
case LDAP_RES_EXTENDED:
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
if ( op->o_tag == LDAP_REQ_BIND ) {
handler = handle_vc_bind_response;
}
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
break;
}
if ( !handler ) {
handler = forward_final_response;
}
}
if ( op ) {
Debug( LDAP_DEBUG_TRACE, "handle_one_response: "
"upstream connid=%lu, processing response for "
"client connid=%lu, msgid=%d\n",
c->c_connid, op->o_client_connid, op->o_client_msgid );
} else {
tag = ber_peek_tag( ber, &len );
Debug( LDAP_DEBUG_STATS2, "handle_one_response: "
"upstream connid=%lu, %s, msgid=%d not for a pending "
"operation\n",
c->c_connid, slap_msgtype2str( tag ), needle.o_upstream_msgid );
}
if ( handler ) {
Connection *client;
op->o_upstream_refcnt++;
CONNECTION_UNLOCK_INCREF(c);
ldap_pvt_thread_mutex_lock( &operation_mutex );
client = op->o_client;
if ( client ) {
CONNECTION_LOCK(client);
CONNECTION_UNLOCK_INCREF(client);
}
ldap_pvt_thread_mutex_unlock( &operation_mutex );
if ( client ) {
rc = handler( op, ber );
CONNECTION_LOCK_DECREF(client);
CLIENT_UNLOCK_OR_DESTROY(client);
} else {
ber_free( ber, 1 );
}
CONNECTION_LOCK_DECREF(c);
op->o_upstream_refcnt--;
if ( !client || !op->o_upstream_live ) {
operation_destroy_from_upstream( op );
}
} else {
ber_free( ber, 1 );
}
fail:
if ( rc ) {
Debug( LDAP_DEBUG_STATS, "handle_one_response: "
"error on processing a response (%s) on upstream connection "
"connid=%ld, tag=%lx\n",
slap_msgtype2str( tag ), c->c_connid, tag );
UPSTREAM_DESTROY(c);
}
/* We leave the connection locked */
return rc;
}
/*
* We start off with the upstream muted and c_currentber holding the response
* we received.
*
* We run handle_one_response on each response, stopping once we hit an error,
* have to wait on reading or process slap_conn_max_pdus_per_cycle responses so
* as to maintain fairness and not hog the worker thread forever.
*
* If we've run out of responses from the upstream or hit the budget, we unmute
* the connection and run handle_one_response, it might return an 'error' when
* the client is blocked on writing, it's that client's job to wake us again.
*/
static void *
handle_responses( void *ctx, void *arg )
{
Connection *c = arg;
int responses_handled = 0;
CONNECTION_LOCK_DECREF(c);
for ( ; responses_handled < slap_conn_max_pdus_per_cycle;
responses_handled++ ) {
BerElement *ber;
ber_tag_t tag;
ber_len_t len;
/* handle_one_response may unlock the connection in the process, we
* need to expect that might be our responsibility to destroy it */
if ( handle_one_response( c ) ) {
/* Error, connection is unlocked and might already have been
* destroyed */
return NULL;
}
/* Otherwise, handle_one_response leaves the connection locked */
if ( (ber = ber_alloc()) == NULL ) {
Debug( LDAP_DEBUG_ANY, "handle_responses: "
"ber_alloc failed\n" );
UPSTREAM_DESTROY(c);
return NULL;
}
c->c_currentber = ber;
tag = ber_get_next( c->c_sb, &len, ber );
if ( tag != LDAP_TAG_MESSAGE ) {
int err = sock_errno();
if ( err != EWOULDBLOCK && err != EAGAIN ) {
char ebuf[128];
Debug( LDAP_DEBUG_ANY, "handle_responses: "
"ber_get_next on fd %d failed errno=%d (%s)\n",
c->c_fd, err,
sock_errstr( err, ebuf, sizeof(ebuf) ) );
c->c_currentber = NULL;
ber_free( ber, 1 );
UPSTREAM_DESTROY(c);
return NULL;
}
break;
}
}
event_add( c->c_read_event, NULL );
Debug( LDAP_DEBUG_CONNS, "handle_responses: "
"re-enabled read event on connid=%lu\n",
c->c_connid );
UPSTREAM_UNLOCK_OR_DESTROY(c);
return NULL;
}
/*
* Initial read on the upstream connection, if we get an LDAP PDU, submit the
* processing of this and successive ones to the work queue.
*
* If we can't submit it to the queue (overload), process this one and return
* to the event loop immediately after.
*/
void
upstream_read_cb( evutil_socket_t s, short what, void *arg )
{
Connection *c = arg;
BerElement *ber;
ber_tag_t tag;
ber_len_t len;
CONNECTION_LOCK(c);
if ( !c->c_live ) {
event_del( c->c_read_event );
Debug( LDAP_DEBUG_CONNS, "upstream_read_cb: "
"suspended read event on a dead connid=%lu\n",
c->c_connid );
CONNECTION_UNLOCK(c);
return;
}
Debug( LDAP_DEBUG_CONNS, "upstream_read_cb: "
"connection connid=%lu ready to read\n",
c->c_connid );
ber = c->c_currentber;
if ( ber == NULL && (ber = ber_alloc()) == NULL ) {
Debug( LDAP_DEBUG_ANY, "upstream_read_cb: "
"ber_alloc failed\n" );
UPSTREAM_DESTROY(c);
return;
}
c->c_currentber = ber;
tag = ber_get_next( c->c_sb, &len, ber );
if ( tag != LDAP_TAG_MESSAGE ) {
int err = sock_errno();
if ( err != EWOULDBLOCK && err != EAGAIN ) {
if ( err ) {
char ebuf[128];
Debug( LDAP_DEBUG_ANY, "upstream_read_cb: "
"ber_get_next on fd %d failed errno=%d (%s)\n",
c->c_fd, err,
sock_errstr( err, ebuf, sizeof(ebuf) ) );
}
c->c_currentber = NULL;
ber_free( ber, 1 );
event_del( c->c_read_event );
Debug( LDAP_DEBUG_CONNS, "upstream_read_cb: "
"suspended read event on dying connid=%lu\n",
c->c_connid );
UPSTREAM_DESTROY(c);
return;
}
event_add( c->c_read_event, NULL );
Debug( LDAP_DEBUG_CONNS, "upstream_read_cb: "
"re-enabled read event on connid=%lu\n",
c->c_connid );
CONNECTION_UNLOCK(c);
return;
}
if ( !slap_conn_max_pdus_per_cycle ||
ldap_pvt_thread_pool_submit(
&connection_pool, handle_responses, c ) ) {
/* If we're overloaded or configured as such, process one and resume in
* the next cycle.
*
* handle_one_response re-locks the mutex in the
* process, need to test it's still alive */
if ( handle_one_response( c ) == LDAP_SUCCESS ) {
UPSTREAM_UNLOCK_OR_DESTROY(c);
}
return;
}
/* We have scheduled a call to handle_responses which takes care of
* handling further requests, just make sure the connection sticks around
* for that */
event_del( c->c_read_event );
CONNECTION_UNLOCK_INCREF(c);
return;
}
int
upstream_finish( Connection *c )
{
struct event_base *base;
struct event *event;
evutil_socket_t s = c->c_fd;
Debug( LDAP_DEBUG_CONNS, "upstream_finish: "
"connection connid=%lu is ready for use\n",
c->c_connid );
base = slap_get_base( s );
event = event_new( base, s, EV_READ|EV_PERSIST, upstream_read_cb, c );
if ( !event ) {
Debug( LDAP_DEBUG_ANY, "upstream_finish: "
"Read event could not be allocated\n" );
return -1;
}
event_add( event, NULL );
if ( c->c_read_event ) {
event_del( c->c_read_event );
event_free( c->c_read_event );
}
c->c_read_event = event;
c->c_state = SLAP_C_READY;
return 0;
}
void
upstream_bind_cb( evutil_socket_t s, short what, void *arg )
{
Connection *c = arg;
BerElement *ber;
BerValue matcheddn, message;
ber_tag_t tag;
ber_len_t len;
ber_int_t msgid, result;
CONNECTION_LOCK(c);
Debug( LDAP_DEBUG_CONNS, "upstream_bind_cb: "
"connection connid=%lu ready to read\n",
c->c_connid );
ber = c->c_currentber;
if ( ber == NULL && (ber = ber_alloc()) == NULL ) {
Debug( LDAP_DEBUG_ANY, "upstream_bind_cb: "
"ber_alloc failed\n" );
CONNECTION_UNLOCK(c);
return;
}
c->c_currentber = ber;
tag = ber_get_next( c->c_sb, &len, ber );
if ( tag != LDAP_TAG_MESSAGE ) {
int err = sock_errno();
if ( err != EWOULDBLOCK && err != EAGAIN ) {
char ebuf[128];
Debug( LDAP_DEBUG_ANY, "upstream_bind_cb: "
"ber_get_next on fd %d failed errno=%d (%s)\n",
c->c_fd, err, sock_errstr( err, ebuf, sizeof(ebuf) ) );
c->c_currentber = NULL;
goto fail;
}
CONNECTION_UNLOCK(c);
return;
}
c->c_currentber = NULL;
if ( ber_scanf( ber, "it", &msgid, &tag ) == LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "upstream_bind_cb: "
"protocol violation from server\n" );
goto fail;
}
if ( msgid != ( c->c_next_msgid - 1 ) || tag != LDAP_RES_BIND ) {
Debug( LDAP_DEBUG_ANY, "upstream_bind_cb: "
"unexpected %s from server, msgid=%d\n",
slap_msgtype2str( tag ), msgid );
goto fail;
}
if ( ber_scanf( ber, "{emm" /* "}" */, &result, &matcheddn, &message ) ==
LBER_ERROR ) {
Debug( LDAP_DEBUG_ANY, "upstream_bind_cb: "
"response does not conform with a bind response\n" );
goto fail;
}
switch ( result ) {
case LDAP_SUCCESS:
if ( upstream_finish( c ) ) {
goto fail;
}
break;
#ifdef HAVE_CYRUS_SASL
case LDAP_SASL_BIND_IN_PROGRESS:
/* TODO: fallthrough until we implement SASL */
#endif /* HAVE_CYRUS_SASL */
default:
Debug( LDAP_DEBUG_ANY, "upstream_bind_cb: "
"upstream bind failed, rc=%d, message='%s'\n",
result, message.bv_val );
goto fail;
}
CONNECTION_UNLOCK(c);
ber_free( ber, 1 );
return;
fail:
event_del( c->c_read_event );
Debug( LDAP_DEBUG_CONNS, "upstream_bind_cb: "
"suspended read event on dying connid=%lu\n",
c->c_connid );
ber_free( ber, 1 );
UPSTREAM_DESTROY(c);
}
void
upstream_write_cb( evutil_socket_t s, short what, void *arg )
{
Connection *c = arg;
CONNECTION_LOCK(c);
if ( !c->c_live ) {
CONNECTION_UNLOCK(c);
return;
}
CONNECTION_UNLOCK_INCREF(c);
/* Before we acquire any locks */
event_del( c->c_write_event );
ldap_pvt_thread_mutex_lock( &c->c_io_mutex );
Debug( LDAP_DEBUG_CONNS, "upstream_write_cb: "
"have something to write to upstream connid=%lu\n",
c->c_connid );
/* We might have been beaten to flushing the data by another thread */
if ( c->c_pendingber && ber_flush( c->c_sb, c->c_pendingber, 1 ) ) {
int err = sock_errno();
if ( err != EWOULDBLOCK && err != EAGAIN ) {
char ebuf[128];
Debug( LDAP_DEBUG_ANY, "upstream_write_cb: "
"ber_flush on fd %d failed errno=%d (%s)\n",
c->c_fd, err, sock_errstr( err, ebuf, sizeof(ebuf) ) );
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
UPSTREAM_LOCK_DESTROY(c);
return;
}
event_add( c->c_write_event, NULL );
} else {
c->c_pendingber = NULL;
}
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
CONNECTION_LOCK_DECREF(c);
UPSTREAM_UNLOCK_OR_DESTROY(c);
}
void *
upstream_bind( void *ctx, void *arg )
{
Connection *c = arg;
Backend *b;
BerElement *ber = ber_alloc();
struct event_base *base;
struct event *event;
ber_int_t msgid;
evutil_socket_t s;
assert( ber );
CONNECTION_LOCK(c);
b = c->c_private;
s = c->c_fd;
base = slap_get_base( s );
event = event_new( base, s, EV_READ|EV_PERSIST, upstream_bind_cb, c );
if ( !event ) {
Debug( LDAP_DEBUG_ANY, "upstream_bind: "
"Read event could not be allocated\n" );
UPSTREAM_DESTROY(c);
return NULL;
}
event_add( event, NULL );
if ( c->c_read_event ) {
event_del( c->c_read_event );
event_free( c->c_read_event );
}
c->c_read_event = event;
msgid = c->c_next_msgid++;
CONNECTION_UNLOCK_INCREF(c);
ldap_pvt_thread_mutex_lock( &b->b_mutex );
if ( bindconf.sb_method == LDAP_AUTH_SIMPLE ) {
/* simple bind */
ber_printf( ber, "{it{iOtON}}",
msgid, LDAP_REQ_BIND, LDAP_VERSION3,
&bindconf.sb_binddn, LDAP_AUTH_SIMPLE,
&bindconf.sb_cred );
#ifdef HAVE_CYRUS_SASL
} else {
BerValue cred = BER_BVNULL;
ber_printf( ber, "{it{iOt{OON}N}}",
msgid, LDAP_REQ_BIND, LDAP_VERSION3,
&bindconf.sb_binddn, LDAP_AUTH_SASL,
&bindconf.sb_saslmech, BER_BV_OPTIONAL( &cred ) );
#endif /* HAVE_CYRUS_SASL */
}
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
ldap_pvt_thread_mutex_lock( &c->c_io_mutex );
c->c_pendingber = ber;
ldap_pvt_thread_mutex_unlock( &c->c_io_mutex );
upstream_write_cb( -1, 0, c );
CONNECTION_LOCK_DECREF(c);
UPSTREAM_UNLOCK_OR_DESTROY(c);
return NULL;
}
/*
* We must already hold b->b_mutex when called.
*/
Connection *
upstream_init( ber_socket_t s, Backend *b )
{
Connection *c;
struct event_base *base = slap_get_base( s );
struct event *event;
int flags, is_bindconn = 0;
assert( b != NULL );
flags = (b->b_tls == LLOAD_LDAPS) ? CONN_IS_TLS : 0;
c = connection_init( s, b->b_host, flags );
c->c_private = b;
{
ber_len_t max = sockbuf_max_incoming_upstream;
ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_MAX_INCOMING, &max );
}
event = event_new( base, s, EV_WRITE, upstream_write_cb, c );
if ( !event ) {
Debug( LDAP_DEBUG_ANY, "upstream_init: "
"Write event could not be allocated\n" );
goto fail;
}
/* We only register the write event when we have data pending */
c->c_write_event = event;
/* Unless we are configured to use the VC exop, consider allocating the
* connection into the bind conn pool. Start off by allocating one for
* general use, then one for binds, then we start filling up the general
* connection pool, finally the bind pool */
if (
#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
!(lload_features & LLOAD_FEATURE_VC) &&
#endif /* LDAP_API_FEATURE_VERIFY_CREDENTIALS */
b->b_active && b->b_numbindconns ) {
if ( !b->b_bindavail ) {
is_bindconn = 1;
} else if ( b->b_active >= b->b_numconns &&
b->b_bindavail < b->b_numbindconns ) {
is_bindconn = 1;
}
}
if ( is_bindconn || bindconf.sb_method == LDAP_AUTH_NONE ) {
if ( upstream_finish( c ) ) {
goto fail;
}
} else {
ldap_pvt_thread_pool_submit( &connection_pool, upstream_bind, c );
}
if ( is_bindconn ) {
LDAP_CIRCLEQ_INSERT_HEAD( &b->b_bindconns, c, c_next );
c->c_type = SLAP_C_BIND;
b->b_bindavail++;
} else {
LDAP_CIRCLEQ_INSERT_HEAD( &b->b_conns, c, c_next );
b->b_active++;
}
CONNECTION_UNLOCK(c);
return c;
fail:
if ( c->c_write_event ) {
event_del( c->c_write_event );
event_free( c->c_write_event );
}
if ( c->c_read_event ) {
event_del( c->c_read_event );
event_free( c->c_read_event );
}
UPSTREAM_DESTROY(c);
return NULL;
}
void
upstream_destroy( Connection *c )
{
Backend *b = c->c_private;
struct event *read_event, *write_event;
TAvlnode *root;
long freed, executing;
Debug( LDAP_DEBUG_CONNS, "upstream_destroy: "
"freeing connection connid=%lu\n",
c->c_connid );
c->c_state = SLAP_C_INVALID;
root = c->c_ops;
c->c_ops = NULL;
executing = c->c_n_ops_executing;
c->c_n_ops_executing = 0;
read_event = c->c_read_event;
write_event = c->c_write_event;
CONNECTION_UNLOCK_INCREF(c);
freed = tavl_free( root, (AVL_FREE)operation_lost_upstream );
assert( freed == executing );
/*
* Avoid a deadlock:
* event_del will block if the event is currently executing its callback,
* that callback might be waiting to lock c->c_mutex
*/
if ( read_event ) {
event_del( read_event );
}
if ( write_event ) {
event_del( write_event );
}
ldap_pvt_thread_mutex_lock( &b->b_mutex );
if ( c->c_type == SLAP_C_BIND ) {
LDAP_CIRCLEQ_REMOVE( &b->b_bindconns, c, c_next );
b->b_bindavail--;
} else {
LDAP_CIRCLEQ_REMOVE( &b->b_conns, c, c_next );
b->b_active--;
}
b->b_n_ops_executing -= executing;
ldap_pvt_thread_mutex_unlock( &b->b_mutex );
backend_retry( b );
CONNECTION_LOCK_DECREF(c);
if ( c->c_read_event ) {
event_free( c->c_read_event );
c->c_read_event = NULL;
}
if ( c->c_write_event ) {
event_free( c->c_write_event );
c->c_write_event = NULL;
}
/*
* If we attempted to destroy any operations, we might have lent a new
* refcnt token for a thread that raced us to that, let them call us again
* later
*/
assert( c->c_refcnt >= 0 );
if ( c->c_refcnt ) {
c->c_state = SLAP_C_CLOSING;
Debug( LDAP_DEBUG_CONNS, "upstream_destroy: "
"connid=%lu aborting with refcnt=%d\n",
c->c_connid, c->c_refcnt );
CONNECTION_UNLOCK(c);
return;
}
connection_destroy( c );
}