[389-commits] Branch '389-ds-base-1.2.11' - 2 commits - ldap/servers
Noriko Hosoi
nhosoi at fedoraproject.org
Thu Jun 12 22:46:47 UTC 2014
ldap/servers/slapd/connection.c | 21 +++++++++++++++++++++
ldap/servers/slapd/daemon.c | 25 +++++++++++++++----------
ldap/servers/slapd/pblock.c | 12 ++++++++++++
ldap/servers/slapd/slap.h | 4 +++-
4 files changed, 51 insertions(+), 11 deletions(-)
New commits:
commit a184bbb92e59105ca196d793b87541c656081e12
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Thu Aug 1 15:05:16 2013 -0400
Ticket47426 - Coverity issue with last commit(move compute_idletimeout out of handle_pr_read_ready)
I had added a NULL check trying to avoid a coverity error, but pb->pb_conn can not be
NULL when it gets to this code. Removed NULL check.
https://fedorahosted.org/389/ticket/47426
Reviewed by: ?
(cherry picked from commit a4daf1a0a65f796878b40b8ebc572082a1101f3b)
(cherry picked from commit 89b78da25aa79101d6b43529a7486c64feb5eda6)
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index 7aea493..c2ec4a7 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -2210,7 +2210,7 @@ connection_threadmain()
in connection_activity when the conn is added to the
work queue, setup_pr_read_pds won't add the connection prfd
to the poll list */
- if(pb->pb_conn && pb->pb_conn->c_opscompleted == 0){
+ if(pb->pb_conn->c_opscompleted == 0){
/*
* We have a new connection, set the anonymous reslimit idletimeout
* if applicable.
commit ed408d89c0bf6d5ebbe7c4ab44f47bdafd6f0765
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Wed Jul 31 19:19:34 2013 -0400
Ticket 47426 - move compute_idletimeout out of handle_pr_read_ready
Description: Instead of calculating the idletimeout everytime new data is received,
set the anonymous reslimit idletimeout and handle in the connection struct when the
connection first comes in. Then update idletimeout after each bind.
I removed compute_idletimeout() because bind_credentials_set_nolock()
basically does the same thing, so it was just extended to update
the idletimeout.
https://fedorahosted.org/389/ticket/47426
Reviewed by: richm(Thanks!)
(cherry picked from commit ed83a783887b0f9c54781bac64c7b26f0402640a)
(cherry picked from commit d4f9c40d6d7f36b31e81c2326036a65229fe470f)
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index 914a2d3..7aea493 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -2210,6 +2210,27 @@ connection_threadmain()
in connection_activity when the conn is added to the
work queue, setup_pr_read_pds won't add the connection prfd
to the poll list */
+ if(pb->pb_conn && pb->pb_conn->c_opscompleted == 0){
+ /*
+ * We have a new connection, set the anonymous reslimit idletimeout
+ * if applicable.
+ */
+ char *anon_dn = config_get_anon_limits_dn();
+ int idletimeout;
+ /* If an anonymous limits dn is set, use it to set the limits. */
+ if (anon_dn && (strlen(anon_dn) > 0)) {
+ Slapi_DN *anon_sdn = slapi_sdn_new_normdn_byref( anon_dn );
+ reslimit_update_from_dn( pb->pb_conn, anon_sdn );
+ slapi_sdn_free( &anon_sdn );
+ if (slapi_reslimit_get_integer_limit(pb->pb_conn, pb->pb_conn->c_idletimeout_handle,
+ &idletimeout)
+ == SLAPI_RESLIMIT_STATUS_SUCCESS)
+ {
+ pb->pb_conn->c_idletimeout = idletimeout;
+ }
+ }
+ slapi_ch_free_string( &anon_dn );
+ }
if (connection_call_io_layer_callbacks(pb->pb_conn)) {
LDAPDebug0Args( LDAP_DEBUG_ANY, "Error: could not add/remove IO layers from connection\n" );
}
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index 3db8350..9d24829 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -1779,7 +1779,6 @@ daemon_register_reslimits( void )
&idletimeout_reslimit_handle ));
}
-
/*
* Compute the idle timeout for the connection.
*
@@ -1871,9 +1870,8 @@ handle_read_ready(Connection_Table *ct, fd_set *readfds)
/* idle timeout */
}
- else if (( idletimeout = compute_idletimeout(
- slapdFrontendConfig, c )) > 0 &&
- (curtime - c->c_idlesince) >= idletimeout &&
+ else if (( c->c_idletimeout > 0 &&
+ (curtime - c->c_idlesince) >= c->c_idletimeout &&
NULL == c->c_ops )
{
disconnect_server_nomutex( c, c->c_connid, -1,
@@ -1895,6 +1893,7 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
time_t curtime = current_time();
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
int idletimeout;
+ int maxthreads = config_get_maxthreadsperconn();
#if defined( XP_WIN32 )
int i;
#endif
@@ -1957,10 +1956,9 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
/* This is where the work happens ! */
connection_activity( c );
}
- else if (( idletimeout = compute_idletimeout( slapdFrontendConfig,
- c )) > 0 &&
+ else if (( c->c_ideltimeout > 0 &&
c->c_prfd == ct->fd[i].fd &&
- (curtime - c->c_idlesince) >= idletimeout &&
+ (curtime - c->c_idlesince) >= c->c_ideltimeout &&
NULL == c->c_ops )
{
/* idle timeout */
@@ -2031,9 +2029,8 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
SLAPD_DISCONNECT_POLL, EPIPE );
}
}
- else if (( idletimeout = compute_idletimeout(
- slapdFrontendConfig, c )) > 0 &&
- (curtime - c->c_idlesince) >= idletimeout &&
+ else if (c->c_idletimeout > 0 &&
+ (curtime - c->c_idlesince) >= c->c_idletimeout &&
NULL == c->c_ops )
{
/* idle timeout */
@@ -2602,6 +2599,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
/* struct sockaddr_in from;*/
PRNetAddr from;
PRFileDesc *pr_clonefd = NULL;
+ slapdFrontendConfig_t *fecfg = getFrontendConfig();
memset(&from, 0, sizeof(from)); /* reset to nulls so we can see what was set */
if ( (ns = accept_and_configure( tcps, pr_acceptfd, &from,
@@ -2618,6 +2616,13 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
}
PR_Lock( conn->c_mutex );
+ /*
+ * Set the default idletimeout and the handle. We'll update c_idletimeout
+ * after each bind so we can correctly set the resource limit.
+ */
+ conn->c_idletimeout = fecfg->idletimeout;
+ conn->c_idletimeout_handle = idletimeout_reslimit_handle;
+
#if defined( XP_WIN32 )
if( !secure )
ber_sockbuf_set_option(conn->c_sb,LBER_SOCKBUF_OPT_DESC,&ns);
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 20df245..849c20e 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -3647,6 +3647,9 @@ void
bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,
char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry )
{
+ slapdFrontendConfig_t *fecfg = getFrontendConfig();
+ int idletimeout = 0;
+
/* clear credentials */
bind_credentials_clear( conn, PR_FALSE /* conn is already locked */,
( extauthtype != NULL ) /* clear external creds. if requested */ );
@@ -3690,8 +3693,17 @@ bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,
slapi_ch_free_string( &anon_dn );
}
+ if (slapi_reslimit_get_integer_limit(conn, conn->c_idletimeout_handle,
+ &idletimeout)
+ != SLAPI_RESLIMIT_STATUS_SUCCESS)
+ {
+ conn->c_idletimeout = fecfg->idletimeout;
+ } else {
+ conn->c_idletimeout = idletimeout;
+ }
} else {
/* For root dn clear about the resource limits */
reslimit_update_from_entry( conn, NULL );
+ conn->c_idletimeout = 0;
}
}
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 42b6a1e..33cfeb4 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -1406,7 +1406,7 @@ typedef struct conn {
char *c_authtype; /* auth method used to bind c_dn */
char *c_external_dn; /* client DN of this SSL session */
char *c_external_authtype; /* used for c_external_dn */
- PRNetAddr *cin_addr; /* address of client on this conn */
+ PRNetAddr *cin_addr; /* address of client on this conn */
PRNetAddr *cin_destaddr; /* address client connected to */
struct berval **c_domain; /* DNS names of client */
Operation *c_ops; /* list of pending operations */
@@ -1421,6 +1421,8 @@ typedef struct conn {
PRLock *c_mutex; /* protect each conn structure */
PRLock *c_pdumutex; /* only write one pdu at a time */
time_t c_idlesince; /* last time of activity on conn */
+ int c_idletimeout; /* local copy of idletimeout */
+ int c_idletimeout_handle; /* the resource limits handle */
Conn_private *c_private; /* data which is not shared outside*/
/* connection.c */
int c_flags; /* Misc flags used only for SSL */
More information about the 389-commits
mailing list