httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r484981 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/ldap/util_ldap.c
Date Sat, 09 Dec 2006 14:13:43 GMT
Author: jim
Date: Sat Dec  9 06:13:41 2006
New Revision: 484981

URL: http://svn.apache.org/viewvc?view=rev&rev=484981
Log:
Merge r472633 from trunk:

Better detection and clean up of ldap connection that have been
terminated by the ldap server. PR#40878

Submitted by: Rob Baily <rbaily servicebench com>
Reviewed by: bnicholes


Submitted by: bnicholes
Reviewed by: jim

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/ldap/util_ldap.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=diff&rev=484981&r1=484980&r2=484981
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sat Dec  9 06:13:41 2006
@@ -1,6 +1,10 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.4
 
+  *) Better detection and clean up of ldap connection that has been
+     terminated by the ldap server.  PR 40878.
+     [Rob Baily <rbaily servicebench com>]
+
   *) mod_mem_cache: Convert mod_mem_cache to use APR memory pool functions
      by creating a root pool for object persistence across requests. This
      also eliminates the need for custom serialization code.

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?view=diff&rev=484981&r1=484980&r2=484981
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sat Dec  9 06:13:41 2006
@@ -89,13 +89,6 @@
      Cumulative patch: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/database/mod_dbd.c?r1=466641&r2=420983&pathrev=466641
      +1: minfrin, niq, wrowe
 
-   * mod_ldap: Better detection and clean up of ldap connection
-     that have been terminated by the ldap server.
-     http://svn.apache.org/viewvc?view=rev&revision=472633
-     +1: bnicholes, jim, wrowe
-     wrowe adds; keeping the old idents for backporting would have
-                 made this alot easier for review - mind \x09's please.
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
 
     * mpm_winnt: Fix return values from wait_for_many_objects.

Modified: httpd/httpd/branches/2.2.x/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ldap/util_ldap.c?view=diff&rev=484981&r1=484980&r2=484981
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ldap/util_ldap.c Sat Dec  9 06:13:41 2006
@@ -198,18 +198,10 @@
     return APR_SUCCESS;
 }
 
-
-/*
- * Connect to the LDAP server and binds. Does not connect if already
- * connected (i.e. ldc->ldap is non-NULL.) Does not bind if already bound.
- *
- * Returns LDAP_SUCCESS on success; and an error code on failure
- */
-static int uldap_connection_open(request_rec *r,
-                                 util_ldap_connection_t *ldc)
+static int uldap_connection_init(request_rec *r,
+                                          util_ldap_connection_t *ldc )
 {
     int rc = 0;
-    int failures = 0;
     int version  = LDAP_VERSION3;
     apr_ldap_err_t *result = NULL;
     struct timeval timeOut = {10,0};    /* 10 second connection timeout */
@@ -217,126 +209,141 @@
         (util_ldap_state_t *)ap_get_module_config(r->server->module_config,
         &ldap_module);
 
-    /* sanity check for NULL */
-    if (!ldc) {
-        return -1;
-    }
+    /* Since the host will include a port if the default port is not used,
+     * always specify the default ports for the port parameter.  This will
+     * allow a host string that contains multiple hosts the ability to mix
+     * some hosts with ports and some without. All hosts which do not
+     * specify a port will use the default port.
+     */
+    apr_ldap_init(ldc->pool, &(ldc->ldap),
+                  ldc->host,
+                  APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT,
+                  APR_LDAP_NONE,
+                  &(result));
 
-    /* If the connection is already bound, return
-    */
-    if (ldc->bound)
-    {
-        ldc->reason = "LDAP: connection open successful (already bound)";
-        return LDAP_SUCCESS;
+
+    if (result != NULL && result->rc) {
+        ldc->reason = result->reason;
     }
 
-    /* create the ldap session handle
-    */
     if (NULL == ldc->ldap)
     {
-        /* Since the host will include a port if the default port is not used,
-         * always specify the default ports for the port parameter.  This will
-         * allow a host string that contains multiple hosts the ability to mix
-         * some hosts with ports and some without. All hosts which do not
-         * specify a port will use the default port.
-         */
-        apr_ldap_init(ldc->pool, &(ldc->ldap),
-                      ldc->host,
-                      APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT,
-                      APR_LDAP_NONE,
-                      &(result));
-
-
-        if (result != NULL && result->rc) {
-            ldc->reason = result->reason;
+        ldc->bound = 0;
+        if (NULL == ldc->reason) {
+            ldc->reason = "LDAP: ldap initialization failed";
         }
-
-        if (NULL == ldc->ldap)
-        {
-            ldc->bound = 0;
-            if (NULL == ldc->reason) {
-                ldc->reason = "LDAP: ldap initialization failed";
-            }
-            else {
-                ldc->reason = result->reason;
-            }
-            return(result->rc);
+        else {
+            ldc->reason = result->reason;
         }
+        return(result->rc);
+    }
 
-        /* always default to LDAP V3 */
-        ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+    /* always default to LDAP V3 */
+    ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
 
-        /* set client certificates */
-        if (!apr_is_empty_array(ldc->client_certs)) {
-            apr_ldap_set_option(ldc->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
-                                ldc->client_certs, &(result));
-            if (LDAP_SUCCESS != result->rc) {
-                ldap_unbind_s(ldc->ldap);
-                ldc->ldap = NULL;
-                ldc->bound = 0;
-                ldc->reason = result->reason;
-                return(result->rc);
-            }
+    /* set client certificates */
+    if (!apr_is_empty_array(ldc->client_certs)) {
+        apr_ldap_set_option(ldc->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
+                            ldc->client_certs, &(result));
+        if (LDAP_SUCCESS != result->rc) {
+            uldap_connection_unbind( ldc );
+            ldc->reason = result->reason;
+            return(result->rc);
         }
+    }
 
-        /* switch on SSL/TLS */
-        if (APR_LDAP_NONE != ldc->secure) {
-            apr_ldap_set_option(ldc->pool, ldc->ldap,
-                                APR_LDAP_OPT_TLS, &ldc->secure, &(result));
-            if (LDAP_SUCCESS != result->rc) {
-                ldap_unbind_s(ldc->ldap);
-                ldc->ldap = NULL;
-                ldc->bound = 0;
-                ldc->reason = result->reason;
-                return(result->rc);
-            }
+    /* switch on SSL/TLS */
+    if (APR_LDAP_NONE != ldc->secure) {
+        apr_ldap_set_option(ldc->pool, ldc->ldap,
+                            APR_LDAP_OPT_TLS, &ldc->secure, &(result));
+        if (LDAP_SUCCESS != result->rc) {
+            uldap_connection_unbind( ldc );
+            ldc->reason = result->reason;
+            return(result->rc);
         }
+    }
 
-        /* Set the alias dereferencing option */
-        ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
+    /* Set the alias dereferencing option */
+    ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
 
 /*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */
 #ifdef APR_LDAP_OPT_VERIFY_CERT
-        apr_ldap_set_option(ldc->pool, ldc->ldap,
-                            APR_LDAP_OPT_VERIFY_CERT, &(st->verify_svr_cert), &(result));
+    apr_ldap_set_option(ldc->pool, ldc->ldap,
+                        APR_LDAP_OPT_VERIFY_CERT, &(st->verify_svr_cert), &(result));
 #else
 #if defined(LDAPSSL_VERIFY_SERVER)
-        if (st->verify_svr_cert) {
-            result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_SERVER);
-        }
-        else {
-            result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE);
-        }
+    if (st->verify_svr_cert) {
+        result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_SERVER);
+    }
+    else {
+        result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE);
+    }
 #elif defined(LDAP_OPT_X_TLS_REQUIRE_CERT)
-                /* This is not a per-connection setting so just pass NULL for the
-                   Ldap connection handle */
-        if (st->verify_svr_cert) {
-                        int i = LDAP_OPT_X_TLS_DEMAND;
-                        result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
&i);
-        }
-        else {
-                        int i = LDAP_OPT_X_TLS_NEVER;
-                        result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
&i);
-        }
+    /* This is not a per-connection setting so just pass NULL for the
+       Ldap connection handle */
+    if (st->verify_svr_cert) {
+        int i = LDAP_OPT_X_TLS_DEMAND;
+        result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+    }
+    else {
+        int i = LDAP_OPT_X_TLS_NEVER;
+        result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i);
+    }
 #endif
 #endif
 
 #ifdef LDAP_OPT_NETWORK_TIMEOUT
-        if (st->connectionTimeout > 0) {
-            timeOut.tv_sec = st->connectionTimeout;
-        }
+    if (st->connectionTimeout > 0) {
+        timeOut.tv_sec = st->connectionTimeout;
+    }
 
-        if (st->connectionTimeout >= 0) {
-            rc = apr_ldap_set_option(ldc->pool, ldc->ldap, LDAP_OPT_NETWORK_TIMEOUT,
-                                     (void *)&timeOut, &(result));
-            if (APR_SUCCESS != rc) {
-                ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-                                 "LDAP: Could not set the connection timeout");
-            }
+    if (st->connectionTimeout >= 0) {
+        rc = apr_ldap_set_option(ldc->pool, ldc->ldap, LDAP_OPT_NETWORK_TIMEOUT,
+                                 (void *)&timeOut, &(result));
+        if (APR_SUCCESS != rc) {
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                             "LDAP: Could not set the connection timeout");
         }
+    }
 #endif
 
+    return(rc);
+}
+
+/*
+ * Connect to the LDAP server and binds. Does not connect if already
+ * connected (i.e. ldc->ldap is non-NULL.) Does not bind if already bound.
+ *
+ * Returns LDAP_SUCCESS on success; and an error code on failure
+ */
+static int uldap_connection_open(request_rec *r,
+                                 util_ldap_connection_t *ldc)
+{
+    int rc = 0;
+    int failures = 0;
+
+    /* sanity check for NULL */
+    if (!ldc) {
+        return -1;
+    }
 
+    /* If the connection is already bound, return
+    */
+    if (ldc->bound)
+    {
+        ldc->reason = "LDAP: connection open successful (already bound)";
+        return LDAP_SUCCESS;
+    }
+
+    /* create the ldap session handle
+    */
+    if (NULL == ldc->ldap)
+    {
+       rc = uldap_connection_init( r, ldc );
+       if (LDAP_SUCCESS != rc)
+       {
+           return rc;
+       }
     }
 
 
@@ -355,16 +362,22 @@
                                 (char *)ldc->bindpw);
         if (LDAP_SERVER_DOWN != rc) {
             break;
-        }
+        } else if (failures == 5) {
+           /* attempt to init the connection once again */
+           uldap_connection_unbind( ldc );
+           rc = uldap_connection_init( r, ldc );
+           if (LDAP_SUCCESS != rc)
+           {
+               break;
+           }
+       }
     }
 
     /* free the handle if there was an error
     */
     if (LDAP_SUCCESS != rc)
     {
-        ldap_unbind_s(ldc->ldap);
-        ldc->ldap = NULL;
-        ldc->bound = 0;
+       uldap_connection_unbind(ldc);
         ldc->reason = "LDAP: ldap_simple_bind_s() failed";
     }
     else {



Mime
View raw message