|
 |
dc8c34 |
From 0c17d8289c98e67728ed058659adf0aa7154d8e7 Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
dc8c34 |
Date: Wed, 31 Jul 2013 19:19:34 -0400
|
|
|
dc8c34 |
Subject: [PATCH 222/225] Ticket 47426 - move compute_idletimeout out of
|
|
|
dc8c34 |
handle_pr_read_ready
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Description: Instead of calculating the idletimeout everytime new data is received,
|
|
|
dc8c34 |
set the anonymous reslimit idletimeout and handle in the connection struct when the
|
|
|
dc8c34 |
connection first comes in. Then update idletimeout after each bind.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
I removed compute_idletimeout() because bind_credentials_set_nolock()
|
|
|
dc8c34 |
basically does the same thing, so it was just extended to update
|
|
|
dc8c34 |
the idletimeout.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://fedorahosted.org/389/ticket/47426
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Reviewed by: richm(Thanks!)
|
|
|
dc8c34 |
(cherry picked from commit ed83a783887b0f9c54781bac64c7b26f0402640a)
|
|
|
dc8c34 |
(cherry picked from commit d4f9c40d6d7f36b31e81c2326036a65229fe470f)
|
|
|
dc8c34 |
(cherry picked from commit ed408d89c0bf6d5ebbe7c4ab44f47bdafd6f0765)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/slapd/connection.c | 21 +++++++++++++++++++++
|
|
|
dc8c34 |
ldap/servers/slapd/daemon.c | 25 +++++++++++++++----------
|
|
|
dc8c34 |
ldap/servers/slapd/pblock.c | 12 ++++++++++++
|
|
|
dc8c34 |
ldap/servers/slapd/slap.h | 4 +++-
|
|
|
dc8c34 |
4 files changed, 51 insertions(+), 11 deletions(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
|
|
|
dc8c34 |
index 914a2d3..7aea493 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/connection.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/connection.c
|
|
|
dc8c34 |
@@ -2210,6 +2210,27 @@ connection_threadmain()
|
|
|
dc8c34 |
in connection_activity when the conn is added to the
|
|
|
dc8c34 |
work queue, setup_pr_read_pds won't add the connection prfd
|
|
|
dc8c34 |
to the poll list */
|
|
|
dc8c34 |
+ if(pb->pb_conn && pb->pb_conn->c_opscompleted == 0){
|
|
|
dc8c34 |
+ /*
|
|
|
dc8c34 |
+ * We have a new connection, set the anonymous reslimit idletimeout
|
|
|
dc8c34 |
+ * if applicable.
|
|
|
dc8c34 |
+ */
|
|
|
dc8c34 |
+ char *anon_dn = config_get_anon_limits_dn();
|
|
|
dc8c34 |
+ int idletimeout;
|
|
|
dc8c34 |
+ /* If an anonymous limits dn is set, use it to set the limits. */
|
|
|
dc8c34 |
+ if (anon_dn && (strlen(anon_dn) > 0)) {
|
|
|
dc8c34 |
+ Slapi_DN *anon_sdn = slapi_sdn_new_normdn_byref( anon_dn );
|
|
|
dc8c34 |
+ reslimit_update_from_dn( pb->pb_conn, anon_sdn );
|
|
|
dc8c34 |
+ slapi_sdn_free( &anon_sdn );
|
|
|
dc8c34 |
+ if (slapi_reslimit_get_integer_limit(pb->pb_conn, pb->pb_conn->c_idletimeout_handle,
|
|
|
dc8c34 |
+ &idletimeout)
|
|
|
dc8c34 |
+ == SLAPI_RESLIMIT_STATUS_SUCCESS)
|
|
|
dc8c34 |
+ {
|
|
|
dc8c34 |
+ pb->pb_conn->c_idletimeout = idletimeout;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
+ slapi_ch_free_string( &anon_dn );
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
if (connection_call_io_layer_callbacks(pb->pb_conn)) {
|
|
|
dc8c34 |
LDAPDebug0Args( LDAP_DEBUG_ANY, "Error: could not add/remove IO layers from connection\n" );
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
|
|
|
dc8c34 |
index 18c0988..ebd3e0f 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/daemon.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/daemon.c
|
|
|
dc8c34 |
@@ -1779,7 +1779,6 @@ daemon_register_reslimits( void )
|
|
|
dc8c34 |
&idletimeout_reslimit_handle ));
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
|
|
|
dc8c34 |
-
|
|
|
dc8c34 |
/*
|
|
|
dc8c34 |
* Compute the idle timeout for the connection.
|
|
|
dc8c34 |
*
|
|
|
dc8c34 |
@@ -1871,9 +1870,8 @@ handle_read_ready(Connection_Table *ct, fd_set *readfds)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
/* idle timeout */
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
- else if (( idletimeout = compute_idletimeout(
|
|
|
dc8c34 |
- slapdFrontendConfig, c )) > 0 &&
|
|
|
dc8c34 |
- (curtime - c->c_idlesince) >= idletimeout &&
|
|
|
dc8c34 |
+ else if (( c->c_idletimeout > 0 &&
|
|
|
dc8c34 |
+ (curtime - c->c_idlesince) >= c->c_idletimeout &&
|
|
|
dc8c34 |
NULL == c->c_ops )
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
disconnect_server_nomutex( c, c->c_connid, -1,
|
|
|
dc8c34 |
@@ -1895,6 +1893,7 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
|
|
|
dc8c34 |
time_t curtime = current_time();
|
|
|
dc8c34 |
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
|
|
|
dc8c34 |
int idletimeout;
|
|
|
dc8c34 |
+ int maxthreads = config_get_maxthreadsperconn();
|
|
|
dc8c34 |
#if defined( XP_WIN32 )
|
|
|
dc8c34 |
int i;
|
|
|
dc8c34 |
#endif
|
|
|
dc8c34 |
@@ -1957,10 +1956,9 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
|
|
|
dc8c34 |
/* This is where the work happens ! */
|
|
|
dc8c34 |
connection_activity( c );
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
- else if (( idletimeout = compute_idletimeout( slapdFrontendConfig,
|
|
|
dc8c34 |
- c )) > 0 &&
|
|
|
dc8c34 |
+ else if (( c->c_ideltimeout > 0 &&
|
|
|
dc8c34 |
c->c_prfd == ct->fd[i].fd &&
|
|
|
dc8c34 |
- (curtime - c->c_idlesince) >= idletimeout &&
|
|
|
dc8c34 |
+ (curtime - c->c_idlesince) >= c->c_ideltimeout &&
|
|
|
dc8c34 |
NULL == c->c_ops )
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
/* idle timeout */
|
|
|
dc8c34 |
@@ -2031,9 +2029,8 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
|
|
|
dc8c34 |
SLAPD_DISCONNECT_POLL, EPIPE );
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
- else if (( idletimeout = compute_idletimeout(
|
|
|
dc8c34 |
- slapdFrontendConfig, c )) > 0 &&
|
|
|
dc8c34 |
- (curtime - c->c_idlesince) >= idletimeout &&
|
|
|
dc8c34 |
+ else if (c->c_idletimeout > 0 &&
|
|
|
dc8c34 |
+ (curtime - c->c_idlesince) >= c->c_idletimeout &&
|
|
|
dc8c34 |
NULL == c->c_ops )
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
/* idle timeout */
|
|
|
dc8c34 |
@@ -2601,6 +2598,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
|
|
|
dc8c34 |
/* struct sockaddr_in from;*/
|
|
|
dc8c34 |
PRNetAddr from;
|
|
|
dc8c34 |
PRFileDesc *pr_clonefd = NULL;
|
|
|
dc8c34 |
+ slapdFrontendConfig_t *fecfg = getFrontendConfig();
|
|
|
dc8c34 |
|
|
|
dc8c34 |
memset(&from, 0, sizeof(from)); /* reset to nulls so we can see what was set */
|
|
|
dc8c34 |
if ( (ns = accept_and_configure( tcps, pr_acceptfd, &from,
|
|
|
dc8c34 |
@@ -2617,6 +2615,13 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
PR_Lock( conn->c_mutex );
|
|
|
dc8c34 |
|
|
|
dc8c34 |
+ /*
|
|
|
dc8c34 |
+ * Set the default idletimeout and the handle. We'll update c_idletimeout
|
|
|
dc8c34 |
+ * after each bind so we can correctly set the resource limit.
|
|
|
dc8c34 |
+ */
|
|
|
dc8c34 |
+ conn->c_idletimeout = fecfg->idletimeout;
|
|
|
dc8c34 |
+ conn->c_idletimeout_handle = idletimeout_reslimit_handle;
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
#if defined( XP_WIN32 )
|
|
|
dc8c34 |
if( !secure )
|
|
|
dc8c34 |
ber_sockbuf_set_option(conn->c_sb,LBER_SOCKBUF_OPT_DESC,&ns);
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
|
|
|
dc8c34 |
index 1d1db1e..9b59e7b 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/pblock.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/pblock.c
|
|
|
dc8c34 |
@@ -3641,6 +3641,9 @@ void
|
|
|
dc8c34 |
bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,
|
|
|
dc8c34 |
char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry )
|
|
|
dc8c34 |
{
|
|
|
dc8c34 |
+ slapdFrontendConfig_t *fecfg = getFrontendConfig();
|
|
|
dc8c34 |
+ int idletimeout = 0;
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
/* clear credentials */
|
|
|
dc8c34 |
bind_credentials_clear( conn, PR_FALSE /* conn is already locked */,
|
|
|
dc8c34 |
( extauthtype != NULL ) /* clear external creds. if requested */ );
|
|
|
dc8c34 |
@@ -3684,8 +3687,17 @@ bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,
|
|
|
dc8c34 |
|
|
|
dc8c34 |
slapi_ch_free_string( &anon_dn );
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
+ if (slapi_reslimit_get_integer_limit(conn, conn->c_idletimeout_handle,
|
|
|
dc8c34 |
+ &idletimeout)
|
|
|
dc8c34 |
+ != SLAPI_RESLIMIT_STATUS_SUCCESS)
|
|
|
dc8c34 |
+ {
|
|
|
dc8c34 |
+ conn->c_idletimeout = fecfg->idletimeout;
|
|
|
dc8c34 |
+ } else {
|
|
|
dc8c34 |
+ conn->c_idletimeout = idletimeout;
|
|
|
dc8c34 |
+ }
|
|
|
dc8c34 |
} else {
|
|
|
dc8c34 |
/* For root dn clear about the resource limits */
|
|
|
dc8c34 |
reslimit_update_from_entry( conn, NULL );
|
|
|
dc8c34 |
+ conn->c_idletimeout = 0;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
|
|
|
dc8c34 |
index 047c945..ca30d2a 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/slap.h
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/slap.h
|
|
|
dc8c34 |
@@ -1406,7 +1406,7 @@ typedef struct conn {
|
|
|
dc8c34 |
char *c_authtype; /* auth method used to bind c_dn */
|
|
|
dc8c34 |
char *c_external_dn; /* client DN of this SSL session */
|
|
|
dc8c34 |
char *c_external_authtype; /* used for c_external_dn */
|
|
|
dc8c34 |
- PRNetAddr *cin_addr; /* address of client on this conn */
|
|
|
dc8c34 |
+ PRNetAddr *cin_addr; /* address of client on this conn */
|
|
|
dc8c34 |
PRNetAddr *cin_destaddr; /* address client connected to */
|
|
|
dc8c34 |
struct berval **c_domain; /* DNS names of client */
|
|
|
dc8c34 |
Operation *c_ops; /* list of pending operations */
|
|
|
dc8c34 |
@@ -1421,6 +1421,8 @@ typedef struct conn {
|
|
|
dc8c34 |
PRLock *c_mutex; /* protect each conn structure */
|
|
|
dc8c34 |
PRLock *c_pdumutex; /* only write one pdu at a time */
|
|
|
dc8c34 |
time_t c_idlesince; /* last time of activity on conn */
|
|
|
dc8c34 |
+ int c_idletimeout; /* local copy of idletimeout */
|
|
|
dc8c34 |
+ int c_idletimeout_handle; /* the resource limits handle */
|
|
|
dc8c34 |
Conn_private *c_private; /* data which is not shared outside*/
|
|
|
dc8c34 |
/* connection.c */
|
|
|
dc8c34 |
int c_flags; /* Misc flags used only for SSL */
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
1.8.1.4
|
|
|
dc8c34 |
|