[389-commits] Branch '389-ds-base-1.3.1' - 2 commits - ldap/servers
Noriko Hosoi
nhosoi at fedoraproject.org
Thu Jun 12 22:35:38 UTC 2014
ldap/servers/slapd/connection.c | 21 +++++++++++++++++++++
ldap/servers/slapd/daemon.c | 25 +++++++++++++++----------
ldap/servers/slapd/pblock.c | 12 ++++++++++++
ldap/servers/slapd/slap.h | 4 +++-
4 files changed, 51 insertions(+), 11 deletions(-)
New commits:
commit 89b78da25aa79101d6b43529a7486c64feb5eda6
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Thu Aug 1 15:05:16 2013 -0400
Ticket47426 - Coverity issue with last commit(move compute_idletimeout out of handle_pr_read_ready)
I had added a NULL check trying to avoid a coverity error, but pb->pb_conn can not be
NULL when it gets to this code. Removed NULL check.
https://fedorahosted.org/389/ticket/47426
Reviewed by: ?
(cherry picked from commit a4daf1a0a65f796878b40b8ebc572082a1101f3b)
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index 31b2a2c..9dc9d65 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -2239,7 +2239,7 @@ connection_threadmain()
in connection_activity when the conn is added to the
work queue, setup_pr_read_pds won't add the connection prfd
to the poll list */
- if(pb->pb_conn && pb->pb_conn->c_opscompleted == 0){
+ if(pb->pb_conn->c_opscompleted == 0){
/*
* We have a new connection, set the anonymous reslimit idletimeout
* if applicable.
commit d4f9c40d6d7f36b31e81c2326036a65229fe470f
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Wed Jul 31 19:19:34 2013 -0400
Ticket 47426 - move compute_idletimeout out of handle_pr_read_ready
Description: Instead of calculating the idletimeout everytime new data is received,
set the anonymous reslimit idletimeout and handle in the connection struct when the
connection first comes in. Then update idletimeout after each bind.
I removed compute_idletimeout() because bind_credentials_set_nolock()
basically does the same thing, so it was just extended to update
the idletimeout.
https://fedorahosted.org/389/ticket/47426
Reviewed by: richm(Thanks!)
(cherry picked from commit ed83a783887b0f9c54781bac64c7b26f0402640a)
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index 02c86c5..31b2a2c 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -2239,6 +2239,27 @@ connection_threadmain()
in connection_activity when the conn is added to the
work queue, setup_pr_read_pds won't add the connection prfd
to the poll list */
+ if(pb->pb_conn && pb->pb_conn->c_opscompleted == 0){
+ /*
+ * We have a new connection, set the anonymous reslimit idletimeout
+ * if applicable.
+ */
+ char *anon_dn = config_get_anon_limits_dn();
+ int idletimeout;
+ /* If an anonymous limits dn is set, use it to set the limits. */
+ if (anon_dn && (strlen(anon_dn) > 0)) {
+ Slapi_DN *anon_sdn = slapi_sdn_new_normdn_byref( anon_dn );
+ reslimit_update_from_dn( pb->pb_conn, anon_sdn );
+ slapi_sdn_free( &anon_sdn );
+ if (slapi_reslimit_get_integer_limit(pb->pb_conn, pb->pb_conn->c_idletimeout_handle,
+ &idletimeout)
+ == SLAPI_RESLIMIT_STATUS_SUCCESS)
+ {
+ pb->pb_conn->c_idletimeout = idletimeout;
+ }
+ }
+ slapi_ch_free_string( &anon_dn );
+ }
if (connection_call_io_layer_callbacks(pb->pb_conn)) {
LDAPDebug0Args( LDAP_DEBUG_ANY, "Error: could not add/remove IO layers from connection\n" );
}
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index dddbd5f..0ac3211 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -1782,7 +1782,6 @@ daemon_register_reslimits( void )
&idletimeout_reslimit_handle ));
}
-
/*
* Compute the idle timeout for the connection.
*
@@ -1877,9 +1876,8 @@ handle_read_ready(Connection_Table *ct, fd_set *readfds)
/* idle timeout */
}
- else if (( idletimeout = compute_idletimeout(
- slapdFrontendConfig, c )) > 0 &&
- (curtime - c->c_idlesince) >= idletimeout &&
+ else if (( c->c_idletimeout > 0 &&
+ (curtime - c->c_idlesince) >= c->c_idletimeout &&
NULL == c->c_ops )
{
disconnect_server_nomutex( c, c->c_connid, -1,
@@ -1901,6 +1899,7 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
time_t curtime = current_time();
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
int idletimeout;
+ int maxthreads = config_get_maxthreadsperconn();
#if defined( XP_WIN32 )
int i;
#endif
@@ -1963,10 +1962,9 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
/* This is where the work happens ! */
connection_activity( c );
}
- else if (( idletimeout = compute_idletimeout( slapdFrontendConfig,
- c )) > 0 &&
+ else if (( c->c_ideltimeout > 0 &&
c->c_prfd == ct->fd[i].fd &&
- (curtime - c->c_idlesince) >= idletimeout &&
+ (curtime - c->c_idlesince) >= c->c_ideltimeout &&
NULL == c->c_ops )
{
/* idle timeout */
@@ -2037,9 +2035,8 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
SLAPD_DISCONNECT_POLL, EPIPE );
}
}
- else if (( idletimeout = compute_idletimeout(
- slapdFrontendConfig, c )) > 0 &&
- (curtime - c->c_idlesince) >= idletimeout &&
+ else if (c->c_idletimeout > 0 &&
+ (curtime - c->c_idlesince) >= c->c_idletimeout &&
NULL == c->c_ops )
{
/* idle timeout */
@@ -2609,6 +2606,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
PRNetAddr from;
PRFileDesc *pr_clonefd = NULL;
ber_len_t maxbersize;
+ slapdFrontendConfig_t *fecfg = getFrontendConfig();
memset(&from, 0, sizeof(from)); /* reset to nulls so we can see what was set */
if ( (ns = accept_and_configure( tcps, pr_acceptfd, &from,
@@ -2625,6 +2623,13 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
}
PR_Lock( conn->c_mutex );
+ /*
+ * Set the default idletimeout and the handle. We'll update c_idletimeout
+ * after each bind so we can correctly set the resource limit.
+ */
+ conn->c_idletimeout = fecfg->idletimeout;
+ conn->c_idletimeout_handle = idletimeout_reslimit_handle;
+
#if defined( XP_WIN32 )
if( !secure )
ber_sockbuf_set_option(conn->c_sb,LBER_SOCKBUF_OPT_DESC,&ns);
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 8d8c66f..9e6ade7 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -3650,6 +3650,9 @@ void
bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,
char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry )
{
+ slapdFrontendConfig_t *fecfg = getFrontendConfig();
+ int idletimeout = 0;
+
/* clear credentials */
bind_credentials_clear( conn, PR_FALSE /* conn is already locked */,
( extauthtype != NULL ) /* clear external creds. if requested */ );
@@ -3693,8 +3696,17 @@ bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,
slapi_ch_free_string( &anon_dn );
}
+ if (slapi_reslimit_get_integer_limit(conn, conn->c_idletimeout_handle,
+ &idletimeout)
+ != SLAPI_RESLIMIT_STATUS_SUCCESS)
+ {
+ conn->c_idletimeout = fecfg->idletimeout;
+ } else {
+ conn->c_idletimeout = idletimeout;
+ }
} else {
/* For root dn clear about the resource limits */
reslimit_update_from_entry( conn, NULL );
+ conn->c_idletimeout = 0;
}
}
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index e9b11f1..87f0039 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -1435,7 +1435,7 @@ typedef struct conn {
char *c_authtype; /* auth method used to bind c_dn */
char *c_external_dn; /* client DN of this SSL session */
char *c_external_authtype; /* used for c_external_dn */
- PRNetAddr *cin_addr; /* address of client on this conn */
+ PRNetAddr *cin_addr; /* address of client on this conn */
PRNetAddr *cin_destaddr; /* address client connected to */
struct berval **c_domain; /* DNS names of client */
Operation *c_ops; /* list of pending operations */
@@ -1450,6 +1450,8 @@ typedef struct conn {
PRLock *c_mutex; /* protect each conn structure */
PRLock *c_pdumutex; /* only write one pdu at a time */
time_t c_idlesince; /* last time of activity on conn */
+ int c_idletimeout; /* local copy of idletimeout */
+ int c_idletimeout_handle; /* the resource limits handle */
Conn_private *c_private; /* data which is not shared outside*/
/* connection.c */
int c_flags; /* Misc flags used only for SSL */
More information about the 389-commits
mailing list