From 43c715dfb8a72bd61e8cf2fd43324b7d3b1b5143 Mon Sep 17 00:00:00 2001

From: Rich Megginson <rmeggins@redhat.com>

Date: Fri, 10 May 2013 15:11:13 -0600

Subject: [PATCH 62/99] Ticket #47359 - new ldap connections can block ldaps

 and ldapi connections

https://fedorahosted.org/389/ticket/47359

Reviewed by: lkrispen, nhosoi (Thanks!)

Branch: 389-ds-base-1.2.11

Fix Description: description

In the polling thread, first process all of the new connection requests from

the listening sockets, then process any new operation read requests

The listener_idxs keeps track of the index of the active listeners in the

poll fd array, and keeps a pointer to the listenfd object for that

listener.  This allows us to very quickly scan through the poll fd array

and find the ready listeners.  The work of scanning through the array

and handling the new connection requests has been moved to a new function

handle_listeners().

Platforms tested: RHEL6 x86_64

Flag Day: no

Doc impact: no

(cherry picked from commit 115ab1d9a3f026e8523b91bf62245a25454a3e8a)

(cherry picked from commit 24b751cc724468a7bce5f86848a82e4b03e24a3c)

(cherry picked from commit 5226ed9f2e585dc3d561f9286555efc7e3eea6b6)

(cherry picked from commit e0328aba6ed9254cf537f85927c55cbbb82cae77)

(cherry picked from commit 8a1fd0711e060aca3943ca346005bb43eddf82c4)

---

 ldap/servers/slapd/daemon.c | 115 ++++++++++++++++++++++++--------------------

 1 file changed, 62 insertions(+), 53 deletions(-)

diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c

index 75a83c0..93ebe4a 100644

--- a/ldap/servers/slapd/daemon.c

+++ b/ldap/servers/slapd/daemon.c

@@ -136,6 +136,15 @@ void disk_monitoring_stop();

 #define FDS_SIGNAL_PIPE 0

+typedef struct listener_info {

+	int idx; /* index of this listener in the ct->fd array */

+	PRFileDesc *listenfd; /* the listener fd */

+	int secure;

+	int local;

+} listener_info;

+

+#define SLAPD_POLL_LISTEN_READY(xxflagsxx) (xxflagsxx & PR_POLL_READ)

+

 static int get_configured_connection_table_size();

 #ifdef RESOLVER_NEEDS_LOW_FILE_DESCRIPTORS

 static void get_loopback_by_addr( void );

@@ -149,7 +158,7 @@ static PRFileDesc **createprlistensockets(unsigned short port,

 static const char *netaddr2string(const PRNetAddr *addr, char *addrbuf,

 	size_t addrbuflen);

 static void	set_shutdown (int);

-static void setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps, PRFileDesc **i_unix, PRIntn *num_to_read);

+static void setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps, PRFileDesc **i_unix, PRIntn *num_to_read, listener_info *listener_idxs, int max_listeners);

 #ifdef HPUX10

 static void* catch_signals();

@@ -913,6 +922,30 @@ disk_monitoring_thread(void *nothing)

     }

 }

+static void

+handle_listeners(Connection_Table *ct, listener_info *listener_idxs, int n_listeners)

+{

+	int idx;

+	for (idx = 0; idx < n_listeners; ++idx) {

+		int fdidx = listener_idxs[idx].idx;

+		PRFileDesc *listenfd = listener_idxs[idx].listenfd;

+		int secure = listener_idxs[idx].secure;

+		int local = listener_idxs[idx].local;

+		if (fdidx && listenfd) {

+			if (SLAPD_POLL_LISTEN_READY(ct->fd[fdidx].out_flags)) {

+				/* accept() the new connection, put it on the active list for handle_pr_read_ready */

+				int rc = handle_new_connection(ct, SLAPD_INVALID_SOCKET, listenfd, secure, local);

+				if (rc) {

+					LDAPDebug1Arg(LDAP_DEBUG_CONNS, "Error accepting new connection listenfd=%d\n",

+					              PR_FileDesc2NativeHandle(listenfd));

+					continue;

+				}

+			}

+		}

+	}

+	return;

+}

+

 void slapd_daemon( daemon_ports_t *ports )

 {

 	/* We are passed some ports---one for regular connections, one

@@ -929,7 +962,6 @@ void slapd_daemon( daemon_ports_t *ports )

 	int s_tcps_native = 0;

 	PRFileDesc *s_tcps = NULL; 

 #else

-	PRFileDesc *tcps = 0;

 	PRFileDesc **n_tcps = NULL; 

 	PRFileDesc **s_tcps = NULL; 

 	PRFileDesc **i_unix = NULL;

@@ -940,6 +972,8 @@ void slapd_daemon( daemon_ports_t *ports )

 	PRThread *time_thread_p;

 	int threads;

 	int in_referral_mode = config_check_referral_mode();

+	int n_listeners = 0; /* number of listener sockets */

+	listener_info *listener_idxs = NULL; /* array of indexes of listener sockets in the ct->fd array */

 	int connection_table_size = get_configured_connection_table_size();

 	the_connection_table= connection_table_new(connection_table_size);

@@ -1054,6 +1088,7 @@ void slapd_daemon( daemon_ports_t *ports )

 			netaddr2string(&ports->n_listenaddr, addrbuf, sizeof(addrbuf)),

 			ports->n_port, oserr, slapd_system_strerror( oserr ) );

 		g_set_shutdown( SLAPI_SHUTDOWN_EXIT );

+		n_listeners++;

 	}

 #else

 	if ( n_tcps != NULL ) {

@@ -1071,6 +1106,7 @@ void slapd_daemon( daemon_ports_t *ports )

 					slapd_pr_strerror( prerr ));

 				g_set_shutdown( SLAPI_SHUTDOWN_EXIT );

 			}

+			n_listeners++;

 		}

 	}

 #endif

@@ -1090,6 +1126,7 @@ void slapd_daemon( daemon_ports_t *ports )

 					slapd_pr_strerror( prerr ));

 				g_set_shutdown( SLAPI_SHUTDOWN_EXIT );

 			}

+			n_listeners++;

 		}

 	}

@@ -1108,11 +1145,13 @@ void slapd_daemon( daemon_ports_t *ports )

 					slapd_pr_strerror( prerr ));

 				g_set_shutdown( SLAPI_SHUTDOWN_EXIT );

 			}

+			n_listeners++;

 		}

 	}

 #endif /* ENABLE_LDAPI */

 #endif

+	listener_idxs = (listener_info *)slapi_ch_calloc(n_listeners, sizeof(*listener_idxs));

 	/* Now we write the pid file, indicating that the server is finally and listening for connections */

 	write_pid_file();

@@ -1125,9 +1164,6 @@ void slapd_daemon( daemon_ports_t *ports )

 		int			oserr;

 #endif

 		int select_return = 0;

-		int secure = 0; /* is a new connection an SSL one ? */

-		int local = 0; /* is new connection an ldapi one? */

-		int i;

 #ifndef _WIN32

 		PRErrorCode prerr;

@@ -1139,7 +1175,7 @@ void slapd_daemon( daemon_ports_t *ports )

 		/* This select needs to timeout to give the server a chance to test for shutdown */

 		select_return = select(connection_table_size, &readfds, NULL, 0, &wakeup_timer);

 #else

-		setup_pr_read_pds(the_connection_table,n_tcps,s_tcps,i_unix,&num_poll);

+		setup_pr_read_pds(the_connection_table,n_tcps,s_tcps,i_unix,&num_poll,listener_idxs,n_listeners);

 		select_return = POLL_FN(the_connection_table->fd, num_poll, pr_timeout);

 #endif

 		switch (select_return) {

@@ -1175,52 +1211,8 @@ void slapd_daemon( daemon_ports_t *ports )

 			handle_read_ready(the_connection_table,&readfds);

 			clear_signal(&readfds);

 #else

-			tcps = NULL;

-            /* info for n_tcps is always in fd[n_tcps ~ n_tcpe] */

-			if( NULL != n_tcps ) {

-				for (i = the_connection_table->n_tcps;

-					 i < the_connection_table->n_tcpe; i++) {

-					if (the_connection_table->fd[i].out_flags &

-													SLAPD_POLL_FLAGS ) {

-						/* tcps = n_tcps[i - the_connection_table->n_tcps]; */

-						tcps = the_connection_table->fd[i].fd;

-						break;

-					}

-				}

-			}

-            /* info for s_tcps is always in fd[s_tcps ~ s_tcpe] */

-			if ( NULL == tcps && NULL != s_tcps ) {

-				for (i = the_connection_table->s_tcps;

-					 i < the_connection_table->s_tcpe; i++) {

-					if (the_connection_table->fd[i].out_flags &

-													SLAPD_POLL_FLAGS ) {

-						/* tcps = s_tcps[i - the_connection_table->s_tcps]; */

-						tcps = the_connection_table->fd[i].fd;

-						secure = 1;

-						break;

-					}

-				}

-			}

-#if defined(ENABLE_LDAPI)

-            /* info for i_unix is always in fd[i_unixs ~ i_unixe] */

-			if ( NULL == tcps && NULL != i_unix ) {

-				for (i = the_connection_table->i_unixs;

-					 i < the_connection_table->i_unixe; i++) {

-					if (the_connection_table->fd[i].out_flags &

-													SLAPD_POLL_FLAGS ) {

-						/* tcps = i_unix[i - the_connection_table->i_unixs]; */

-						tcps = the_connection_table->fd[i].fd;

-						local = 1;

-						break;

-					}

-				}

-			}

-#endif /* ENABLE_LDAPI */

-

-			/* If so, then handle a new connection */

-			if ( tcps != NULL ) {

-				handle_new_connection(the_connection_table,SLAPD_INVALID_SOCKET,tcps,secure,local);

-			}

+			/* handle new connections from the listeners */

+			handle_listeners(the_connection_table, listener_idxs, n_listeners);

 			/* handle new data ready */

 			handle_pr_read_ready(the_connection_table, connection_table_size);

 			clear_signal(the_connection_table->fd);

@@ -1548,7 +1540,7 @@ static void setup_read_fds(Connection_Table *ct, fd_set *readfds, int n_tcps, in

 static int first_time_setup_pr_read_pds = 1;

 static int listen_addr_count = 0;

 static void

-setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps, PRFileDesc **i_unix, PRIntn *num_to_read)

+setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps, PRFileDesc **i_unix, PRIntn *num_to_read, listener_info *listener_idxs, int max_listeners)

 {

 	Connection *c= NULL;

 	Connection *next= NULL;

@@ -1558,6 +1550,7 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps

 	PRIntn count = 0;

 	slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();

 	int max_threads_per_conn = config_get_maxthreadsperconn();

+	int n_listeners = 0;

 	accept_new_connections = ((ct->size - g_get_current_conn_count())

 		> slapdFrontendConfig->reservedescriptors);

@@ -1609,6 +1602,9 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps

 				ct->fd[count].fd = *fdesc;

 				ct->fd[count].in_flags = SLAPD_POLL_FLAGS;

 				ct->fd[count].out_flags = 0;

+				listener_idxs[n_listeners].listenfd = *fdesc;

+				listener_idxs[n_listeners].idx = count;

+				n_listeners++;

 				LDAPDebug( LDAP_DEBUG_HOUSE, 

 					"listening for connections on %d\n", socketdesc, 0, 0 );

 			}

@@ -1627,6 +1623,10 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps

 				ct->fd[count].fd = *fdesc;

 				ct->fd[count].in_flags = SLAPD_POLL_FLAGS;

 				ct->fd[count].out_flags = 0;

+				listener_idxs[n_listeners].listenfd = *fdesc;

+				listener_idxs[n_listeners].idx = count;

+				listener_idxs[n_listeners].secure = 1;

+				n_listeners++;

 				LDAPDebug( LDAP_DEBUG_HOUSE, 

 					"listening for SSL connections on %d\n", socketdesc, 0, 0 );

 			}

@@ -1648,6 +1648,10 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps

 				ct->fd[count].fd = *fdesc;

 				ct->fd[count].in_flags = SLAPD_POLL_FLAGS;

 				ct->fd[count].out_flags = 0;

+				listener_idxs[n_listeners].listenfd = *fdesc;

+				listener_idxs[n_listeners].idx = count;

+				listener_idxs[n_listeners].local = 1;

+				n_listeners++;

 				LDAPDebug( LDAP_DEBUG_HOUSE,

 					"listening for LDAPI connections on %d\n", socketdesc, 0, 0 );

 			}

@@ -1661,6 +1665,11 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps

 		first_time_setup_pr_read_pds = 0;

 		listen_addr_count = count;

+

+		if (n_listeners < max_listeners) {

+			listener_idxs[n_listeners].idx = 0;

+			listener_idxs[n_listeners].listenfd = NULL;

+		}

 	}

 	/* count is the number of entries we've place in the fds array.

-- 

1.8.1.4