1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #pragma ident "%Z%%M% %I% %E% SMI"
27
28 #include <string.h>
29 #include <errno.h>
30 #include <syslog.h>
31 #include <procfs.h>
32 #include <unistd.h>
33 #include <fcntl.h>
34 #include <libintl.h>
35 #include <atomic.h>
36 #include <pthread.h>
37 #include <sys/mman.h>
38 #include <time.h>
39 #include "solaris-int.h"
40 #include "ns_connmgmt.h"
41 #include "ns_cache_door.h"
42 #include "ns_internal.h"
43
44 /*
45 * Access (reference, shutdown, or reload) the current connection
46 * management control structure conn_mgmt_t.
47 */
48 #define NS_CONN_MGMT_OP_REF 1
49 #define NS_CONN_MGMT_OP_SHUTDOWN 2
50 #define NS_CONN_MGMT_OP_RELOAD_CONFIG 3
51 #define NS_CONN_MGMT_OP_NEW_CONFIG 4
52 #define NS_CONN_MGMT_OP_LIB_INIT 5
53
54 static ns_conn_mgmt_t *access_conn_mgmt(int);
55 static ns_conn_mgmt_t *release_conn_mgmt(ns_conn_mgmt_t *, boolean_t);
56 static int close_conn_mt(ns_conn_mt_t *, int, ns_ldap_error_t **,
57 ns_conn_user_t *);
58 static int close_conn_mt_when_nouser(ns_conn_mt_t *cm);
59 void shutdown_all_conn_mt(ns_conn_mgmt_t *cmg);
60 static int conn_signal(ns_conn_mt_t *);
61 static int conn_wait(ns_conn_mt_t *, ns_conn_user_t *);
62 static void close_conn_mt_by_procchg(ns_conn_mt_t *cm, int rc, char *errmsg);
63 static ns_conn_mgmt_t *proc_server_change(ns_server_status_change_t *chg,
64 ns_conn_mgmt_t *cmg);
65 static void get_preferred_servers(boolean_t, boolean_t, ns_conn_mgmt_t *);
66 static void start_thread();
67
68 static ns_conn_mgmt_t *ns_connmgmt = NULL;
69 static ns_conn_mgmt_t *ns_connmgmt_parent = NULL;
70 static mutex_t ns_connmgmt_lock = DEFAULTMUTEX;
71 static boolean_t ns_connmgmt_shutting_down = B_FALSE;
72
73 #define NS_CONN_MSG_NO_CONN_MGMT gettext( \
74 "libsldap: unable to allocate the connection management control")
75 #define NS_CONN_MSG_NO_MTC_KEY gettext( \
76 "libsldap: unable to allocate the TSD key for per-thread ldap error")
77 #define NS_CONN_MSG_NO_CMG_KEY gettext( \
78 "libsldap: unable to allocate the TSD key for connection management")
79 #define NS_CONN_MSG_SHUTDOWN gettext("libsldap: library is being unloaded")
80 #define NS_CONN_MSG_RELOADED gettext( \
81 "libsldap: configuration has been reloaded")
82 #define NS_CONN_MSG_SHUTDOWN_RELOADED gettext( \
83 "libsldap: library unloaded or configuration has been reloaded")
84 #define NS_CONN_MSG_BAD_CACHEMGR_DATA gettext( \
85 "libsldap: received incorrect data from ldap_cachemgr")
86 #define NS_CONN_MSG_MEMORY_ERROR gettext( \
87 "libsldap: unable to allocate memory")
88 #define NS_CONN_MSG_NO_PROCCHG_THREAD gettext( \
89 "libsldap: unable to start the server monitor thread (%s)")
90 #define NS_CONN_MSG_DOWN_FROM_CACHEMGR gettext( \
91 "libsldap: server down reported by ldap_cachemgr")
92
93 static int ns_conn_free = 1;
94 #define NS_CONN_UNLOCK_AND_FREE(free, cm, cmg) \
95 { \
96 (void) mutex_unlock(&(cm)->lock); \
97 if (free == 1) \
98 cmg = free_conn_mt((cm), 1); \
99 if (cmg != NULL) \
100 (void) mutex_unlock(&(cmg)->lock); \
101 }
102
103 #define NS_CONN_CHECK_ABORT_AND_LOCK(cmg, cu, errp) \
104 { \
105 char *msg = NULL; \
106 (void) mutex_lock(&(cmg)->lock); \
107 if ((cmg)->shutting_down == B_TRUE) \
108 msg = NS_CONN_MSG_SHUTDOWN; \
109 else if ((cmg)->cfg_reloaded == B_TRUE) \
110 msg = NS_CONN_MSG_RELOADED; \
111 if (msg != NULL) { \
112 (*errp) = __s_api_make_error(NS_LDAP_OP_FAILED, msg); \
113 (void) mutex_unlock(&(cmg)->lock); \
114 return (NS_LDAP_OP_FAILED); \
115 } \
116 }
117
118 /*
119 * TSD keys ns_mtckey and ns_cmgkey are for sharing ldap connections
120 * and their associated connection management structure among
121 * multiple threads. The pointers to the per-thread ldap error
122 * information and the connection management structure are
123 * saved in ns_mtckey and ns_cmgkey.
124 */
125 thread_key_t ns_mtckey = THR_ONCE_KEY;
126 thread_key_t ns_cmgkey = THR_ONCE_KEY;
127
128 /* Per thread LDAP error resides in thread-specific data (ns_mtckey) */
129 struct ldap_error {
130 int le_errno;
131 char *le_matched;
132 char *le_errmsg;
133 };
134
135 /* NULL struct ldap_error */
136 static struct ldap_error ldap_error_NULL = { LDAP_SUCCESS, NULL, NULL};
137
138 /* destructor: free the ldap error data in the thread specific area */
139 static void
140 ns_mtckey_cleanup(void *key) {
141 struct ldap_error *le = (struct ldap_error *)key;
142
143 if (le == NULL)
144 return;
145 if (le->le_matched != NULL) {
146 ldap_memfree(le->le_matched);
147 }
148 if (le->le_errmsg != NULL) {
149 ldap_memfree(le->le_errmsg);
150 }
151 free(le);
152 }
153
154 /* Free/detach the thread specific data structures */
155 static void
156 conn_tsd_free() {
157 void *tsd = NULL;
158 int rc;
159
160 /* free the per-thread ldap error info */
161 rc = thr_getspecific(ns_mtckey, &tsd);
162 if (rc == 0 && tsd != NULL)
163 ns_mtckey_cleanup(tsd);
164 (void) thr_setspecific(ns_mtckey, NULL);
165
166 /* detach the connection management control */
167 (void) thr_setspecific(ns_cmgkey, NULL);
168 }
169
170 /* per-thread callback function for allocating a mutex */
171 static void *
172 ns_mutex_alloc(void)
173 {
174 mutex_t *mutexp = NULL;
175
176 if ((mutexp = malloc(sizeof (mutex_t))) != NULL) {
177 if (mutex_init(mutexp, USYNC_THREAD, NULL) != 0) {
178 free(mutexp);
179 mutexp = NULL;
180 }
181 }
182 return (mutexp);
183 }
184
185 /* per-thread callback function for freeing a mutex */
186 static void
187 ns_mutex_free(void *mutexp)
188 {
189 (void) mutex_destroy((mutex_t *)mutexp);
190 free(mutexp);
191 }
192
193 /*
194 * Function for setting up thread-specific data
195 * where per thread LDAP error and the pointer
196 * to the active connection management control
197 * are stored.
198 */
199 static int
200 conn_tsd_setup(ns_conn_mgmt_t *cmg)
201 {
202 void *tsd;
203 int rc;
204
205 rc = thr_setspecific(ns_cmgkey, cmg);
206 if (rc != 0) /* must be ENOMEM */
207 return (-1);
208
209 /* return success if the ns_mtckey TSD is already set */
210 rc = thr_getspecific(ns_mtckey, &tsd);
211 if (rc == 0 && tsd != NULL)
212 return (0);
213
214 /* allocate and set the ns_mtckey TSD */
215 tsd = (void *) calloc(1, sizeof (struct ldap_error));
216 if (tsd == NULL)
217 return (-1);
218 rc = thr_setspecific(ns_mtckey, tsd);
219 if (rc != 0) { /* must be ENOMEM */
220 free(tsd);
221 return (-1);
222 }
223 return (0);
224 }
225
226 /* Callback function for setting the per thread LDAP error */
227 /*ARGSUSED*/
228 static void
229 set_ld_error(int err, char *matched, char *errmsg, void *dummy)
230 {
231 struct ldap_error *le;
232 int eno;
233
234 if ((eno = thr_getspecific(ns_mtckey, (void **)&le)) != 0) {
235 syslog(LOG_ERR, gettext(
236 "libsldap: set_ld_error: thr_getspecific failed (%s)."),
237 strerror(eno));
238 return;
239 }
240
241 /* play safe, do nothing if TSD pointer is NULL */
242 if (le == NULL) {
243 syslog(LOG_INFO, gettext(
244 "libsldap: set_ld_error: TSD pointer is NULL."));
245 return;
246 }
247
248 le->le_errno = err;
249
250 if (le->le_matched != NULL) {
251 ldap_memfree(le->le_matched);
252 le->le_matched = NULL;
253 }
254 le->le_matched = matched;
255
256 if (le->le_errmsg != NULL) {
257 ldap_memfree(le->le_errmsg);
258 le->le_errmsg = NULL;
259 }
260 le->le_errmsg = errmsg;
261 }
262
263 /* check and allocate the thread-specific data for using a MT connection */
264 static int
265 conn_tsd_check(ns_conn_mgmt_t *cmg)
266 {
267 if (conn_tsd_setup(cmg) != 0)
268 return (NS_LDAP_MEMORY);
269
270 return (NS_LDAP_SUCCESS);
271 }
272
273 /* Callback function for getting the per thread LDAP error */
274 /*ARGSUSED*/
275 static int
276 get_ld_error(char **matched, char **errmsg, void *dummy)
277 {
278 struct ldap_error *le;
279 int eno;
280
281 if ((eno = thr_getspecific(ns_mtckey, (void **)&le)) != 0) {
282 syslog(LOG_ERR, gettext(
283 "libsldap: get_ld_error: thr_getspecific failed (%s)"),
284 strerror(eno));
285 return (eno);
286 }
287
288 /* play safe, return NULL error data, if TSD pointer is NULL */
289 if (le == NULL)
290 le = &ldap_error_NULL;
291
292 if (matched != NULL) {
293 *matched = le->le_matched;
294 }
295 if (errmsg != NULL) {
296 *errmsg = le->le_errmsg;
297 }
298 return (le->le_errno);
299 }
300
301 /* Callback function for setting per thread errno */
302 static void
303 set_errno(int err)
304 {
305 errno = err;
306 }
307
308 /* Callback function for getting per thread errno */
309 static int
310 get_errno(void)
311 {
312 return (errno);
313 }
314
315 /* set up an ldap session 'ld' for sharing among multiple threads */
316 static int
317 setup_mt_conn(LDAP *ld)
318 {
319
320 struct ldap_thread_fns tfns;
321 struct ldap_extra_thread_fns extrafns;
322 int rc;
323
324 /*
325 * Set the function pointers for dealing with mutexes
326 * and error information
327 */
328 (void) memset(&tfns, '\0', sizeof (struct ldap_thread_fns));
329 tfns.ltf_mutex_alloc = (void *(*)(void)) ns_mutex_alloc;
330 tfns.ltf_mutex_free = (void (*)(void *)) ns_mutex_free;
331 tfns.ltf_mutex_lock = (int (*)(void *)) mutex_lock;
332 tfns.ltf_mutex_unlock = (int (*)(void *)) mutex_unlock;
333 tfns.ltf_get_errno = get_errno;
334 tfns.ltf_set_errno = set_errno;
335 tfns.ltf_get_lderrno = get_ld_error;
336 tfns.ltf_set_lderrno = set_ld_error;
337 tfns.ltf_lderrno_arg = NULL;
338
339 /*
340 * Set up the ld to use those function pointers
341 */
342 rc = ldap_set_option(ld, LDAP_OPT_THREAD_FN_PTRS,
343 (void *) &tfns);
344 if (rc < 0) {
345 syslog(LOG_INFO, gettext("libsldap: ldap_set_option "
346 "(LDAP_OPT_THREAD_FN_PTRS)"));
347 return (0);
348 }
349
350 /*
351 * Set the function pointers for working with semaphores
352 */
353 (void) memset(&extrafns, '\0',
354 sizeof (struct ldap_extra_thread_fns));
355 extrafns.ltf_threadid_fn = (void * (*)(void))thr_self;
356 extrafns.ltf_mutex_trylock = NULL;
357 extrafns.ltf_sema_alloc = NULL;
358 extrafns.ltf_sema_free = NULL;
359 extrafns.ltf_sema_wait = NULL;
360 extrafns.ltf_sema_post = NULL;
361
362 /* Set up the ld to use those function pointers */
363 rc = ldap_set_option(ld, LDAP_OPT_EXTRA_THREAD_FN_PTRS,
364 (void *) &extrafns);
365 if (rc < 0) {
366 syslog(LOG_INFO, gettext("libsldap: ldap_set_option "
367 "(LDAP_OPT_EXTRA_THREAD_FN_PTRS)"));
368 return (0);
369 }
370
371 return (1);
372 }
373
374 /* set up an MT connection for sharing among multiple threads */
375 static int
376 setup_mt_ld(LDAP *ld, ns_conn_mgmt_t *cmg)
377 {
378 thread_t t = thr_self();
379
380 /* set up the per-thread data for using the MT connection */
381 if (conn_tsd_setup(cmg) == -1) {
382 syslog(LOG_WARNING,
383 gettext("libsldap: tid= %d: unable to set up TSD\n"), t);
384 return (-1);
385 }
386
387 if (setup_mt_conn(ld) == 0) {
388 /* multiple threads per connection not supported */
389 syslog(LOG_WARNING, gettext("libsldap: tid= %d: multiple "
390 "threads per connection not supported\n"), t);
391 conn_tsd_free();
392 return (-1);
393 }
394 return (0);
395 }
396
397 /*
398 * Check name and UID of process, if it is nscd.
399 *
400 * Input:
401 * pid : PID of checked process
402 * check_uid : check if UID == 0
403 * Output:
404 * B_TRUE : nscd detected
405 * B_FALSE : nscd not confirmed
406 */
407 static boolean_t
408 check_nscd_proc(pid_t pid, boolean_t check_uid)
409 {
410 psinfo_t pinfo;
411 char fname[MAXPATHLEN];
412 ssize_t ret;
413 int fd;
414
415 if (snprintf(fname, MAXPATHLEN, "/proc/%d/psinfo", pid) > 0) {
416 if ((fd = open(fname, O_RDONLY)) >= 0) {
417 ret = read(fd, &pinfo, sizeof (psinfo_t));
418 (void) close(fd);
419 if ((ret == sizeof (psinfo_t)) &&
420 (strcmp(pinfo.pr_fname, "nscd") == 0)) {
421 if (check_uid && (pinfo.pr_uid != 0))
422 return (B_FALSE);
423 return (B_TRUE);
424 }
425 }
426 }
427 return (B_FALSE);
428 }
429
430 /*
431 * Check if this process is peruser nscd.
432 */
433 boolean_t
434 __s_api_peruser_proc(void)
435 {
436 pid_t my_ppid;
437 static mutex_t nscdLock = DEFAULTMUTEX;
438 static pid_t checkedPpid = (pid_t)-1;
439 static boolean_t isPeruserNscd = B_FALSE;
440
441 my_ppid = getppid();
442
443 /*
444 * Already checked before for this process? If yes, return cached
445 * response.
446 */
447 if (my_ppid == checkedPpid) {
448 return (isPeruserNscd);
449 }
450
451 (void) mutex_lock(&nscdLock);
452
453 /* Check once more incase another thread has just complete this. */
454 if (my_ppid == checkedPpid) {
455 (void) mutex_unlock(&nscdLock);
456 return (isPeruserNscd);
457 }
458
459 /* Reinitialize to be sure there is no residue after fork. */
460 isPeruserNscd = B_FALSE;
461
462 /* Am I the nscd process? */
463 if (check_nscd_proc(getpid(), B_FALSE)) {
464 /* Is my parent the nscd process with UID == 0. */
465 isPeruserNscd = check_nscd_proc(my_ppid, B_TRUE);
466 }
467
468 /* Remember for whom isPeruserNscd is. */
469 checkedPpid = my_ppid;
470
471 (void) mutex_unlock(&nscdLock);
472 return (isPeruserNscd);
473 }
474
475 /*
476 * Check if this process is main nscd.
477 */
478 boolean_t
479 __s_api_nscd_proc(void)
480 {
481 pid_t my_pid;
482 static mutex_t nscdLock = DEFAULTMUTEX;
483 static pid_t checkedPid = (pid_t)-1;
484 static boolean_t isMainNscd = B_FALSE;
485
486 /*
487 * Don't bother checking if this process isn't root, this cannot
488 * be main nscd.
489 */
490 if (getuid() != 0)
491 return (B_FALSE);
492
493 my_pid = getpid();
494
495 /*
496 * Already checked before for this process? If yes, return cached
497 * response.
498 */
499 if (my_pid == checkedPid) {
500 return (isMainNscd);
501 }
502
503 (void) mutex_lock(&nscdLock);
504
505 /* Check once more incase another thread has just done this. */
506 if (my_pid == checkedPid) {
507 (void) mutex_unlock(&nscdLock);
508 return (isMainNscd);
509 }
510
511 /*
512 * Am I the nscd process? UID is already checked, not needed from
513 * psinfo.
514 */
515 isMainNscd = check_nscd_proc(my_pid, B_FALSE);
516
517 /* Remember for whom isMainNscd is. */
518 checkedPid = my_pid;
519
520 (void) mutex_unlock(&nscdLock);
521 return (isMainNscd);
522 }
523
524 /*
525 * initialize a connection management control structure conn_mgmt_t
526 */
527 ns_conn_mgmt_t *
528 init_conn_mgmt()
529 {
530 ns_conn_mgmt_t *cmg;
531
532 cmg = (ns_conn_mgmt_t *)calloc(1, sizeof (*cmg));
533 if (cmg == NULL) {
534 syslog(LOG_ERR, NS_CONN_MSG_NO_CONN_MGMT);
535 return (NULL);
536 }
537
538 /* is this process nscd or peruser nscd ? */
539 cmg->is_nscd = __s_api_nscd_proc();
540 cmg->is_peruser_nscd = __s_api_peruser_proc();
541
542 /*
543 * assume the underlying libldap allows multiple threads sharing
544 * the same ldap connection (MT connection)
545 */
546 cmg->ldap_mt = B_TRUE;
547 /* state is inactive until MT connection is required/requested */
548 cmg->state = NS_CONN_MGMT_INACTIVE;
549
550 (void) mutex_init(&cmg->lock, USYNC_THREAD, NULL);
551 (void) mutex_init(&cmg->cfg_lock, USYNC_THREAD, NULL);
552 cmg->pid = getpid();
553
554 /* for nscd or peruser nscd, MT connection is required */
555 if (cmg->is_nscd == B_TRUE || cmg->is_peruser_nscd == B_TRUE)
556 cmg->state = NS_CONN_MGMT_ACTIVE;
557
558 /*
559 * reference (or initialize) the current Native LDAP configuration and
560 * if in nscd process, make it never refreshed
561 */
562 cmg->config = __s_api_get_default_config_global();
563 if (cmg->config == NULL)
564 cmg->config = __s_api_loadrefresh_config_global();
565 if (cmg->config != NULL) {
566 /*
567 * main nscd get config change notice from ldap_cachemgr
568 * so won't times out and refresh the config
569 */
570 if (cmg->is_nscd == B_TRUE)
571 (cmg->config)->paramList[NS_LDAP_EXP_P].ns_tm = 0;
572 cmg->cfg_cookie = cmg->config->config_cookie;
573 }
574
575 return (cmg);
576 }
577
578 static void
579 mark_shutdown_or_reloaded(int op)
580 {
581 ns_conn_mgmt_t *cmg = ns_connmgmt;
582
583 (void) mutex_lock(&cmg->lock);
584 if (op == NS_CONN_MGMT_OP_SHUTDOWN)
585 cmg->shutting_down = B_TRUE;
586 else
587 cmg->cfg_reloaded = B_TRUE;
588 atomic_inc_uint(&cmg->ref_cnt);
589 cmg->state = NS_CONN_MGMT_DETACHED;
590
591 if (op == NS_CONN_MGMT_OP_RELOAD_CONFIG)
592 __s_api_init_config_global(NULL);
593
594 (void) mutex_unlock(&cmg->lock);
595 }
596
597 /*
598 * Return a pointer to the current connection management. If
599 * it has not been created, or is requested to recreate, then
600 * create and return the pointer. It is possible, the current
601 * one is created by the parent before fork, create a new
602 * one too in such a case.
603 */
604 static ns_conn_mgmt_t *
605 get_current_conn_mgmt(int op)
606 {
607 ns_conn_mgmt_t *cmg = ns_connmgmt;
608 static pid_t checked_pid = (pid_t)-1;
609 pid_t mypid;
610
611 mypid = getpid();
612 if (cmg == NULL || checked_pid != mypid) {
613 checked_pid = mypid;
614
615 /*
616 * if current conn_mgmt not created yet or is from parent
617 * or is requested to recreate, create it
618 */
619 if (cmg == NULL || cmg->pid != mypid) {
620 if (cmg != NULL) {
621 /*
622 * We don't want to free the conn_mgmt
623 * allocated by the parent, since
624 * there may be ldap connections
625 * still being used. So leave it
626 * alone but keep it referenced,
627 * so that it will not be flagged
628 * as a piece of leaked memory.
629 */
630 ns_connmgmt_parent = cmg;
631 /*
632 * avoid lint warning; does not
633 * change the conn_mgmt in parent
634 */
635 ns_connmgmt_parent->state =
636 NS_CONN_MGMT_DETACHED;
637 }
638 ns_connmgmt = init_conn_mgmt();
639 cmg = ns_connmgmt;
640 /*
641 * ensure it will not be destroyed until explicitly
642 * shut down or reloaded
643 */
644 if (op == NS_CONN_MGMT_OP_REF)
645 atomic_inc_uint(&cmg->ref_cnt);
646 }
647 }
648
649 return (cmg);
650 }
651
652 static ns_conn_mgmt_t *
653 access_conn_mgmt(int op)
654 {
655 ns_conn_mgmt_t *cmg = NULL;
656 ns_conn_mgmt_t *cmg_prev;
657
658 (void) mutex_lock(&ns_connmgmt_lock);
659
660 /*
661 * connection management is not available when the libsldap is being
662 * unloaded or shut down
663 */
664 if (ns_connmgmt_shutting_down == B_TRUE) {
665 (void) mutex_unlock(&ns_connmgmt_lock);
666 return (NULL);
667 }
668
669 if (op == NS_CONN_MGMT_OP_SHUTDOWN) {
670 ns_connmgmt_shutting_down = B_TRUE;
671 if (ns_connmgmt != NULL) {
672 cmg = ns_connmgmt;
673 mark_shutdown_or_reloaded(op);
674 ns_connmgmt = NULL;
675 }
676 (void) mutex_unlock(&ns_connmgmt_lock);
677 return (cmg);
678 }
679
680 if (op == NS_CONN_MGMT_OP_RELOAD_CONFIG ||
681 op == NS_CONN_MGMT_OP_NEW_CONFIG) {
682 cmg_prev = ns_connmgmt;
683 mark_shutdown_or_reloaded(op);
684 /*
685 * the previous cmg (cmg_prev) will be freed later
686 * when its ref count reaches zero
687 */
688 ns_connmgmt = NULL;
689 }
690
691 cmg = get_current_conn_mgmt(op);
692 if (cmg == NULL) {
693 (void) mutex_unlock(&ns_connmgmt_lock);
694 return (NULL);
695 }
696
697 atomic_inc_uint(&cmg->ref_cnt);
698 if (op == NS_CONN_MGMT_OP_RELOAD_CONFIG ||
699 op == NS_CONN_MGMT_OP_NEW_CONFIG)
700 cmg = cmg_prev;
701 else { /* op is NS_CONN_MGMT_OP_REF or NS_CONN_MGMT_OP_LIB_INIT */
702 if (cmg->config == NULL)
703 cmg->config = __s_api_get_default_config();
704 }
705
706 (void) mutex_unlock(&ns_connmgmt_lock);
707 return (cmg);
708 }
709
710 /*
711 * free a connection management control
712 */
713 static void
714 free_conn_mgmt(ns_conn_mgmt_t *cmg)
715 {
716 union {
717 ldap_data_t s_d;
718 char s_b[1024];
719 } space;
720 ldap_data_t *sptr;
721 int ndata;
722 int adata;
723 int rc;
724 ldap_get_chg_cookie_t cookie;
725
726 if (cmg == NULL)
727 return;
728 cookie = cmg->cfg_cookie;
729
730 __s_api_free2dArray(cmg->pservers);
731 /* destroy the previous config or release the current one */
732 if (cmg->config != NULL) {
733 if (cmg->state == NS_CONN_MGMT_DETACHED)
734 __s_api_destroy_config(cmg->config);
735 else
736 __s_api_release_config(cmg->config);
737 }
738
739 /* stop the server status/config-change monitor thread */
740 if (cmg->procchg_started == B_TRUE) {
741 if (cmg->procchg_tid != thr_self()) {
742 if (cmg->procchg_door_call == B_TRUE) {
743 adata = sizeof (ldap_call_t) + 1;
744 ndata = sizeof (space);
745 space.s_d.ldap_call.ldap_callnumber =
746 GETSTATUSCHANGE;
747 space.s_d.ldap_call.ldap_u.get_change.op =
748 NS_STATUS_CHANGE_OP_STOP;
749 space.s_d.ldap_call.ldap_u.get_change.cookie =
750 cookie;
751 sptr = &space.s_d;
752 rc = __ns_ldap_trydoorcall(&sptr, &ndata,
753 &adata);
754 if (rc != NS_CACHE_SUCCESS)
755 syslog(LOG_INFO,
756 gettext("libsldap: "
757 "free_conn_mgmt():"
758 " stopping door call "
759 " GETSTATUSCHANGE failed "
760 " (rc = %d)"), rc);
761 }
762 (void) pthread_cancel(cmg->procchg_tid);
763 cmg->procchg_started = B_FALSE;
764 }
765 }
766
767 free(cmg);
768 }
769
770 static ns_conn_mgmt_t *
771 release_conn_mgmt(ns_conn_mgmt_t *cmg, boolean_t unlock_cmg)
772 {
773 if (cmg == NULL)
774 return (NULL);
775 if (atomic_dec_uint_nv(&cmg->ref_cnt) == 0) {
776 if (cmg->state == NS_CONN_MGMT_DETACHED) {
777 if (unlock_cmg == B_TRUE)
778 (void) mutex_unlock(&cmg->lock);
779 free_conn_mgmt(cmg);
780 __s_api_free_sessionPool();
781 return (NULL);
782 } else {
783 syslog(LOG_WARNING,
784 gettext("libsldap: connection management "
785 " has a refcount of zero but the state "
786 " is not DETACHED (%d)"), cmg->state);
787 cmg = NULL;
788 }
789 }
790 return (cmg);
791 }
792
793 /*
794 * exposed function for initializing a connection management control structure
795 */
796 ns_conn_mgmt_t *
797 __s_api_conn_mgmt_init()
798 {
799 if (thr_keycreate_once(&ns_mtckey, ns_mtckey_cleanup) != 0) {
800 syslog(LOG_WARNING, NS_CONN_MSG_NO_MTC_KEY);
801 return (NULL);
802 }
803
804 if (thr_keycreate_once(&ns_cmgkey, NULL) != 0) {
805 syslog(LOG_WARNING, NS_CONN_MSG_NO_CMG_KEY);
806 return (NULL);
807 }
808
809 return (access_conn_mgmt(NS_CONN_MGMT_OP_LIB_INIT));
810 }
811
812 /* initialize a connection user */
813 ns_conn_user_t *
814 __s_api_conn_user_init(int type, void *userinfo, boolean_t referral)
815 {
816 ns_conn_user_t *cu;
817 ns_conn_mgmt_t *cmg;
818
819 /* delete the reference to the previously used conn_mgmt */
820 (void) thr_setspecific(ns_cmgkey, NULL);
821
822 cmg = access_conn_mgmt(NS_CONN_MGMT_OP_REF);
823 if (cmg == NULL)
824 return (NULL);
825
826 if (cmg->state != NS_CONN_MGMT_ACTIVE &&
827 cmg->state != NS_CONN_MGMT_INACTIVE) {
828 atomic_dec_uint(&cmg->ref_cnt);
829 return (NULL);
830 }
831
832 cu = (ns_conn_user_t *)calloc(1, sizeof (*cu));
833 if (cu == NULL) {
834 atomic_dec_uint(&cmg->ref_cnt);
835 return (NULL);
836 }
837
838 cu->type = type;
839 cu->state = NS_CONN_USER_ALLOCATED;
840 cu->tid = thr_self();
841 cu->userinfo = userinfo;
842 cu->referral = referral;
843 cu->ns_rc = NS_LDAP_SUCCESS;
844 cu->conn_mgmt = cmg;
845
846 (void) conn_tsd_setup(cmg);
847
848 return (cu);
849 }
850
851 /*
852 * Free the resources used by a connection user.
853 * The caller should ensure this conn_user is
854 * not associated with any conn_mt, i.e.,
855 * not in any conn_mt's linked list of conn_users.
856 * The caller needs to free the userinfo member
857 * as well.
858 */
859 void
860 __s_api_conn_user_free(ns_conn_user_t *cu)
861 {
862 ns_conn_mgmt_t *cmg;
863
864 if (cu == NULL)
865 return;
866
867 cu->state = NS_CONN_USER_FREED;
868 if (cu->ns_error != NULL)
869 (void) __ns_ldap_freeError(&cu->ns_error);
870
871 cmg = cu->conn_mgmt;
872 conn_tsd_free();
873 (void) release_conn_mgmt(cmg, B_FALSE);
874 (void) free(cu);
875 }
876
877 /*
878 * Initialize an MT connection control structure
879 * that will be used to represent an ldap connection
880 * to be shared among multiple threads and to hold
881 * and manage all the conn_users using the ldap
882 * connection.
883 */
884 static ns_conn_mt_t *
885 init_conn_mt(ns_conn_mgmt_t *cmg, ns_ldap_error_t **ep)
886 {
887 ns_conn_mt_t *cm;
888 ns_conn_mgmt_t *cmg_a;
889
890 cm = (ns_conn_mt_t *)calloc(1, sizeof (*cm));
891 if (cm == NULL) {
892 if (ep != NULL)
893 *ep = __s_api_make_error(NS_LDAP_MEMORY, NULL);
894 return (NULL);
895 }
896
897 cmg_a = access_conn_mgmt(NS_CONN_MGMT_OP_REF);
898 if (cmg_a != cmg) {
899 if (cmg_a != NULL) {
900 (void) release_conn_mgmt(cmg_a, B_FALSE);
901 if (ep != NULL)
902 *ep = __s_api_make_error(NS_LDAP_OP_FAILED,
903 NS_CONN_MSG_SHUTDOWN_RELOADED);
904 }
905 return (NULL);
906 }
907
908 (void) mutex_init(&cm->lock, USYNC_THREAD, NULL);
909 cm->state = NS_CONN_MT_CONNECTING;
910 cm->tid = thr_self();
911 cm->pid = getpid();
912 cm->next = NULL;
913 cm->cu_head = NULL;
914 cm->cu_tail = NULL;
915 cm->conn = NULL;
916 cm->conn_mgmt = cmg;
917
918 return (cm);
919 }
920
921 /*
922 * Free an MT connection control structure, assume conn_mgmt is locked.
923 * 'unlock_cmg' is passed to release_conn_mgmt() to indicate the
924 * cmg needs to be unlocked or not.
925 */
926 static ns_conn_mgmt_t *
927 free_conn_mt(ns_conn_mt_t *cm, int unlock_cmg)
928 {
929 ns_conn_mgmt_t *cmg;
930
931 if (cm == NULL)
932 return (NULL);
933 if (cm->ns_error != NULL)
934 (void) __ns_ldap_freeError(&cm->ns_error);
935 if (cm->conn != NULL) {
936 if (cm->conn->ld != NULL)
937 (void) ldap_unbind(cm->conn->ld);
938 __s_api_freeConnection(cm->conn);
939 }
940 cmg = cm->conn_mgmt;
941 free(cm);
942 return (release_conn_mgmt(cmg, unlock_cmg));
943 }
944
945 /* add a connection user to an MT connection */
946 static void
947 add_cu2cm(ns_conn_user_t *cu, ns_conn_mt_t *cm)
948 {
949
950 if (cm->cu_head == NULL) {
951 cm->cu_head = cu;
952 cm->cu_tail = cu;
953 } else {
954 cm->cu_tail->next = cu;
955 cm->cu_tail = cu;
956 }
957 cm->cu_cnt++;
958 }
959
960 /* add an MT connection to the connection management */
961 static void
962 add_cm2cmg(ns_conn_mt_t *cm, ns_conn_mgmt_t *cmg)
963 {
964 /*
965 * add connection opened for WRITE to top of list
966 * for garbage collection purpose. This is to
967 * ensure the connection will be closed after a
968 * certain amount of time (60 seconds).
969 */
970 if (cmg->cm_head == NULL) {
971 cmg->cm_head = cm;
972 cmg->cm_tail = cm;
973 } else {
974 if (cm->opened_for == NS_CONN_USER_WRITE) {
975 cm->next = cmg->cm_head;
976 cmg->cm_head = cm;
977 } else {
978 cmg->cm_tail->next = cm;
979 cmg->cm_tail = cm;
980 }
981 }
982 cmg->cm_cnt++;
983 }
984
985 /* delete a connection user from an MT connection */
986 static void
987 del_cu4cm(ns_conn_user_t *cu, ns_conn_mt_t *cm)
988 {
989 ns_conn_user_t *pu, *u;
990
991 if (cu == NULL || cm->cu_head == NULL || cm->cu_cnt == 0)
992 return;
993
994 /* only one conn_user on list */
995 if (cm->cu_head == cm->cu_tail) {
996 if (cu == cm->cu_head) {
997 cm->cu_head = cm->cu_tail = NULL;
998 cm->cu_cnt = 0;
999 cu->next = NULL;
1000 }
1001 return;
1002 }
1003
1004 /* more than one and cu is the first one */
1005 if (cu == cm->cu_head) {
1006 cm->cu_head = cu->next;
1007 cm->cu_cnt--;
1008 cu->next = NULL;
1009 return;
1010 }
1011
1012 pu = cm->cu_head;
1013 for (u = cm->cu_head->next; u; u = u->next) {
1014 if (cu == u)
1015 break;
1016 pu = u;
1017 }
1018 if (pu != cm->cu_tail) {
1019 pu->next = cu->next;
1020 if (pu->next == NULL)
1021 cm->cu_tail = pu;
1022 cm->cu_cnt--;
1023 cu->next = NULL;
1024 } else {
1025 syslog(LOG_INFO, gettext(
1026 "libsldap: del_cu4cm(): connection user not found"));
1027 }
1028 }
1029
1030 /* delete an MT connection from the connection management control structure */
1031 static void
1032 del_cm4cmg(ns_conn_mt_t *cm, ns_conn_mgmt_t *cmg)
1033 {
1034 ns_conn_mt_t *pm, *m;
1035
1036 if (cm == NULL || cmg->cm_head == NULL || cmg->cm_cnt == 0)
1037 return;
1038
1039 /* only one conn_mt on list */
1040 if (cmg->cm_head == cmg->cm_tail) {
1041 if (cm == cmg->cm_head) {
1042 cmg->cm_head = cmg->cm_tail = NULL;
1043 cmg->cm_cnt = 0;
1044 cm->next = NULL;
1045 }
1046 return;
1047 }
1048
1049 /* more than one and cm is the first one */
1050 if (cm == cmg->cm_head) {
1051 cmg->cm_head = cm->next;
1052 cmg->cm_cnt--;
1053 cm->next = NULL;
1054 return;
1055 }
1056
1057 pm = cmg->cm_head;
1058 for (m = cmg->cm_head->next; m; m = m->next) {
1059 if (cm == m)
1060 break;
1061 pm = m;
1062 }
1063 if (pm != cmg->cm_tail) {
1064 pm->next = cm->next;
1065 if (pm->next == NULL)
1066 cmg->cm_tail = pm;
1067 cmg->cm_cnt--;
1068 cm->next = NULL;
1069 } else {
1070 syslog(LOG_INFO, gettext(
1071 "libsldap: del_cm4cmg(): MT connection not found"));
1072 }
1073 }
1074
1075 /*
1076 * compare to see if the server and credential for authentication match
1077 * those used by an MT connection
1078 */
1079 static boolean_t
1080 is_server_cred_matched(const char *server, const ns_cred_t *cred,
1081 ns_conn_mt_t *cm)
1082 {
1083 Connection *cp = cm->conn;
1084
1085 /* check server first */
1086 if (server != NULL && *server != 0) {
1087 if (strcasecmp(server, cp->serverAddr) != 0)
1088 return (B_FALSE);
1089 }
1090
1091 if (cred == NULL)
1092 return (B_TRUE);
1093
1094 /* then check cred */
1095 return (__s_api_is_auth_matched(cp->auth, cred));
1096 }
1097
1098 /*
1099 * Wait until a pending MT connection becomes available.
1100 * Return 1 if so, 0 if error.
1101 *
1102 * Assume the current conn_mgmt and the input conn_mt
1103 * are locked.
1104 */
1105 static int
1106 wait_for_conn_mt(ns_conn_user_t *cu, ns_conn_mt_t *cm)
1107 {
1108
1109 cu->state = NS_CONN_USER_WAITING;
1110 add_cu2cm(cu, cm);
1111 cu->conn_mt = cm;
1112
1113 (void) mutex_unlock(&cm->lock);
1114 /*
1115 * It could take some time so we don't want to hold
1116 * cm->conn_mgmt across the wait
1117 */
1118 (void) mutex_unlock(&(cm->conn_mgmt)->lock);
1119
1120 (void) mutex_lock(&cm->lock);
1121 /* check one more time see if need to wait */
1122 if (cm->state == NS_CONN_MT_CONNECTING) {
1123 (void) conn_wait(cm, cu);
1124
1125 /* cm->lock is locked again at this point */
1126
1127 cu->state = NS_CONN_USER_WOKEUP;
1128 }
1129
1130 if (cm->state == NS_CONN_MT_CONNECTED)
1131 return (1);
1132 else {
1133 del_cu4cm(cu, cm);
1134 cu->conn_mt = NULL;
1135 cu->bad_mt_conn = B_FALSE;
1136 return (0);
1137 }
1138 }
1139
1140 /*
1141 * Check and see if the input MT connection '*cm' should be closed.
1142 * In two cases, it should be closed. If a preferred server is
1143 * found to be up when ldap_cachemgr is queried and reported back.
1144 * Or when the server being used for the connection is found to
1145 * be down. Return B_FALSE if the connection is not closed (or not marked
1146 * to be closed), otherwise unlock mutex (*cm)->lock and return B_TRUE.
1147 * This function assumes conn_mgmt cmg and conn_mt *cm are locked.
1148 */
1149 static boolean_t
1150 check_and_close_conn(ns_conn_mgmt_t *cmg, ns_conn_mt_t **cm,
1151 ns_conn_user_t *cu) {
1152
1153 int rc;
1154 int j;
1155 int svridx = -1;
1156 int upidx = -1;
1157 int free_cm;
1158 ns_server_info_t sinfo;
1159 ns_ldap_error_t *errorp = NULL;
1160
1161 /*
1162 * check only if preferred servers are defined
1163 */
1164 if (cmg->pservers_loaded == B_FALSE)
1165 get_preferred_servers(B_FALSE, B_FALSE, cmg);
1166 if (cmg->pservers == NULL)
1167 return (B_FALSE);
1168
1169 /*
1170 * ask ldap_cachemgr for the first available server
1171 */
1172 rc = __s_api_requestServer(NS_CACHE_NEW, NULL,
1173 &sinfo, &errorp, NS_CACHE_ADDR_IP);
1174 if (rc != NS_LDAP_SUCCESS || sinfo.server == NULL) {
1175 (void) __ns_ldap_freeError(&errorp);
1176 return (B_FALSE);
1177 }
1178
1179 /*
1180 * Did ldap_cachemgr return a preferred server ?
1181 */
1182 for (j = 0; cmg->pservers[j] != NULL; j++) {
1183 if (strcasecmp(sinfo.server, cmg->pservers[j]) != 0)
1184 continue;
1185 upidx = j;
1186 break;
1187 }
1188
1189 /*
1190 * Is the server being used a preferred one ?
1191 */
1192 for (j = 0; cmg->pservers[j] != NULL; j++) {
1193 if (strcasecmp(cmg->pservers[j], (*cm)->conn->serverAddr) != 0)
1194 continue;
1195 svridx = j;
1196 break;
1197 }
1198
1199 /*
1200 * Need to fall back to a down-but-now-up preferred server ?
1201 * A preferred server falls back to a more preferred one.
1202 * A regular one falls back to any preferred ones. So if
1203 * both are preferred ones and same index, or both
1204 * are not preferred ones, then no need to close the
1205 * connection.
1206 */
1207 if ((upidx == -1 && svridx == -1) ||
1208 (upidx != -1 && svridx != -1 && upidx == svridx)) {
1209 __s_api_free_server_info(&sinfo);
1210 return (B_FALSE);
1211 }
1212
1213 /*
1214 * otherwise, 4 cases, all may need to close the connection:
1215 * For case 1 and 2, both servers are preferred ones:
1216 * 1. ldap_cachemgr returned a better one to use (upidx < svridx)
1217 * 2. the server being used is down (upidx > svridx)
1218 * 3. ldap_cachemgr returned a preferred one, but the server
1219 * being used is not, so need to fall back to the preferred server
1220 * 4. ldap_cachemgr returned a non-preferred one, but the server
1221 * being used is a preferred one, so it must be down (since
1222 * ldap_cachemgr always returns a preferred one when possible).
1223 * For case 1 & 3, close the READ connection when no user uses it.
1224 * For 2 and 4, close the connection with error rc, LDAP_SERVER_DOWN.
1225 */
1226 if (upidx != -1 && (svridx == -1 || upidx < svridx)) { /* case 1 & 3 */
1227 /* fallback does not make sense for WRITE/referred connection */
1228 if ((*cm)->opened_for == NS_CONN_USER_WRITE ||
1229 (*cm)->referral == B_TRUE) {
1230 __s_api_free_server_info(&sinfo);
1231 return (B_FALSE);
1232 }
1233 free_cm = close_conn_mt_when_nouser(*cm);
1234 if (cmg->shutting_down == B_FALSE)
1235 cu->retry = B_TRUE;
1236 } else {
1237 ns_ldap_error_t *ep;
1238 ep = __s_api_make_error(LDAP_SERVER_DOWN,
1239 NS_CONN_MSG_DOWN_FROM_CACHEMGR);
1240 /* cu has not been attached to cm yet, use NULL as cu pointer */
1241 free_cm = close_conn_mt(*cm, LDAP_SERVER_DOWN, &ep, NULL);
1242 if (cmg->shutting_down == B_FALSE)
1243 cu->retry = B_TRUE;
1244 (void) __ns_ldap_freeError(&ep);
1245 }
1246
1247 (void) mutex_unlock(&(*cm)->lock);
1248 if (free_cm == 1) {
1249 (void) free_conn_mt(*cm, 0);
1250 *cm = NULL;
1251 }
1252
1253 __s_api_free_server_info(&sinfo);
1254
1255 return (B_TRUE);
1256 }
1257
1258 /*
1259 * Check to see if a conn_mt matches the connection criteria from
1260 * a conn_user. Return B_TRUE if yes, B_FALSE, otherwise. The input
1261 * conn_mt pointer (*cmt) may be freed and *cmt will be set to NULL
1262 * to indicate so.
1263 * conn_mt *cmt and conn_mgmt cm->conn_mgmt are assumed locked.
1264 * cm->lock is unlocked at exit if rc is B_FALSE.
1265 */
1266 static boolean_t
1267 match_conn_mt(ns_conn_user_t *cu, ns_conn_mt_t **cmt,
1268 ns_conn_mt_state_t st, const char *server,
1269 const ns_cred_t *cred)
1270 {
1271 boolean_t matched = B_FALSE;
1272 boolean_t drop_conn;
1273 int free_cm = 0;
1274 ns_conn_mt_t *cm = *cmt;
1275 ns_conn_mgmt_t *cmg = cm->conn_mgmt;
1276
1277 if (cm->state != st || cm->close_when_nouser == B_TRUE ||
1278 cm->detached == B_TRUE || cm->pid != getpid() ||
1279 cm->referral != cu->referral) {
1280 (void) mutex_unlock(&cm->lock);
1281 return (B_FALSE);
1282 }
1283
1284 /*
1285 * if a conn_mt opened for WRITE is idle
1286 * long enough, then close it. To improve
1287 * the performance of applications, such
1288 * as ldapaddent, a WRITE connection is
1289 * given a short time to live in the
1290 * connection pool, expecting the write
1291 * requests to come in a quick succession.
1292 * To save resource, the connection will
1293 * be closed if idle more than 60 seconds.
1294 */
1295 if (cm->opened_for == NS_CONN_USER_WRITE &&
1296 cu->type != NS_CONN_USER_WRITE && cm->cu_cnt == 0 &&
1297 ((time(NULL) - cm->access_time) > 60)) {
1298 /*
1299 * NS_LDAP_INTERNAL is irrelevant here. There no
1300 * conn_user to consume the rc
1301 */
1302 free_cm = close_conn_mt(cm, NS_LDAP_INTERNAL, NULL, NULL);
1303 (void) mutex_unlock(&cm->lock);
1304 if (free_cm == 1) {
1305 (void) free_conn_mt(cm, 0);
1306 *cmt = NULL;
1307 }
1308 return (B_FALSE);
1309 }
1310
1311 switch (cu->type) {
1312 case NS_CONN_USER_SEARCH:
1313 case NS_CONN_USER_GETENT:
1314 if (cm->opened_for == NS_CONN_USER_SEARCH ||
1315 cm->opened_for == NS_CONN_USER_GETENT)
1316 matched = B_TRUE;
1317 break;
1318
1319 case NS_CONN_USER_WRITE:
1320 if (cm->opened_for == NS_CONN_USER_WRITE)
1321 matched = B_TRUE;
1322 break;
1323
1324 default:
1325 matched = B_FALSE;
1326 break;
1327 }
1328
1329 if (matched == B_TRUE && ((server != NULL || cred != NULL) &&
1330 is_server_cred_matched(server, cred, cm) == B_FALSE))
1331 matched = B_FALSE;
1332
1333 if (matched != B_FALSE) {
1334 /*
1335 * Check and drop the 'connected' connection if
1336 * necessary. Main nscd gets status changes from
1337 * the ldap_cachemgr daemon directly via the
1338 * GETSTATUSCHANGE door call, the standalone
1339 * function works in a no ldap_cachemgr environment,
1340 * so no need to check and drop connections.
1341 */
1342 if (cm->state == NS_CONN_MT_CONNECTED &&
1343 cmg->is_nscd == B_FALSE && !__s_api_isStandalone()) {
1344 drop_conn = check_and_close_conn(cmg, &cm, cu);
1345 if (drop_conn == B_TRUE) {
1346 if (cm == NULL)
1347 *cmt = NULL;
1348 return (B_FALSE);
1349 }
1350 }
1351
1352 /* check if max. users using or waiting for the connection */
1353 if ((cm->state == NS_CONN_MT_CONNECTED &&
1354 cm->cu_max != NS_CONN_MT_USER_NO_MAX &&
1355 cm->cu_cnt >= cm->cu_max) ||
1356 (cm->state == NS_CONN_MT_CONNECTING &&
1357 cm->cu_max != NS_CONN_MT_USER_NO_MAX &&
1358 cm->waiter_cnt >= cm->cu_max - 1))
1359 matched = B_FALSE;
1360 }
1361
1362 if (matched == B_FALSE)
1363 (void) mutex_unlock(&cm->lock);
1364
1365 return (matched);
1366 }
1367
1368 /*
1369 * obtain an MT connection from the connection management for a conn_user
1370 *
1371 * Input:
1372 * server : server name or IP address
1373 * flags : libsldap API flags
1374 * cred : pointer to the user credential
1375 * cu : pointer to the conn_user structure
1376 * Output:
1377 * session : hold pointer to the Connection structure
1378 * errorp : hold pointer to error info (ns_ldap_error_t)
1379 */
1380 int
1381 __s_api_conn_mt_get(const char *server, const int flags, const ns_cred_t *cred,
1382 Connection **session, ns_ldap_error_t **errorp, ns_conn_user_t *cu)
1383 {
1384 int rc;
1385 int i;
1386 ns_conn_mt_t *cn;
1387 ns_conn_mt_state_t st;
1388 ns_conn_mgmt_t *cmg;
1389
1390 if (errorp == NULL || cu == NULL || session == NULL)
1391 return (NS_LDAP_INVALID_PARAM);
1392
1393 *session = NULL;
1394 cmg = cu->conn_mgmt;
1395
1396 /*
1397 * for pam_ldap, always try opening a new connection
1398 */
1399 if (cu->type == NS_CONN_USER_AUTH)
1400 return (NS_LDAP_NOTFOUND);
1401
1402 /* if need a new conn, then don't reuse */
1403 if (flags & NS_LDAP_NEW_CONN)
1404 return (NS_LDAP_NOTFOUND);
1405
1406 if (flags & NS_LDAP_KEEP_CONN)
1407 cu->keep_conn = B_TRUE;
1408
1409 /*
1410 * We want to use MT connection only if keep-connection flag is
1411 * set or if MT was requested (or active)
1412 */
1413 if (!((cmg->state == NS_CONN_MGMT_INACTIVE &&
1414 cu->keep_conn == B_TRUE) || cmg->state == NS_CONN_MGMT_ACTIVE))
1415 return (NS_LDAP_NOTFOUND);
1416
1417 /* MT connection will be used now (if possible/available) */
1418 cu->use_mt_conn = B_TRUE;
1419
1420 NS_CONN_CHECK_ABORT_AND_LOCK(cmg, cu, errorp);
1421
1422 /* first look for a connection already open */
1423 st = NS_CONN_MT_CONNECTED;
1424 cu->state = NS_CONN_USER_FINDING;
1425 for (i = 0; i < 2; i++) {
1426 for (cn = cmg->cm_head; cn; cn = cn->next) {
1427 (void) mutex_lock(&cn->lock);
1428 rc = match_conn_mt(cu, &cn, st, server, cred);
1429 if (rc == B_FALSE && cn != NULL) /* not found */
1430 continue;
1431 if (cn == NULL) { /* not found and cn freed */
1432 /*
1433 * as the conn_mt list could
1434 * be different due to cn's
1435 * deletion, scan the entire
1436 * conn_mt list again
1437 */
1438 st = NS_CONN_MT_CONNECTED;
1439 i = -1;
1440 break;
1441 }
1442
1443 /* return a connected one if found */
1444 if (cn->state == NS_CONN_MT_CONNECTED) {
1445 *session = cn->conn;
1446 add_cu2cm(cu, cn);
1447 cu->conn_mt = cn;
1448 cu->state = NS_CONN_USER_CONNECTED;
1449 (void) mutex_unlock(&cn->lock);
1450 (void) mutex_unlock(&cmg->lock);
1451 return (NS_LDAP_SUCCESS);
1452 }
1453
1454 /*
1455 * if cn is not connecting, or allow only
1456 * one user, skip it
1457 */
1458 if (cn->state != NS_CONN_MT_CONNECTING ||
1459 cn->cu_max == 1) {
1460 (void) mutex_unlock(&cn->lock);
1461 continue;
1462 }
1463
1464 /* wait for the connecting conn_mt */
1465 if (wait_for_conn_mt(cu, cn) != 1) {
1466 /*
1467 * NS_LDAP_NOTFOUND signals that the function
1468 * __s_api_check_libldap_MT_conn_support()
1469 * detected that the lower libldap library
1470 * does not support MT connection, so return
1471 * NS_LDAP_NOTFOUND to let the caller to
1472 * open a non-MT conneciton. Otherwise,
1473 * connect error occurred, return
1474 * NS_CONN_USER_CONNECT_ERROR
1475 */
1476 if (cn->ns_rc != NS_LDAP_NOTFOUND)
1477 cu->state = NS_CONN_USER_CONNECT_ERROR;
1478 else {
1479 cu->state = NS_CONN_USER_FINDING;
1480 cu->use_mt_conn = B_FALSE;
1481 }
1482 (void) mutex_unlock(&cn->lock);
1483
1484 /* cmg->lock unlocked by wait_for_conn_mt() */
1485
1486 return (cn->ns_rc);
1487 }
1488
1489 /* return the newly available conn_mt */
1490 *session = cn->conn;
1491 cu->state = NS_CONN_USER_CONNECTED;
1492 (void) mutex_unlock(&cn->lock);
1493
1494 /* cmg->lock unlocked by wait_for_conn_mt() */
1495
1496 return (NS_LDAP_SUCCESS);
1497 }
1498
1499 /* next, look for a connecting conn_mt */
1500 if (i == 0)
1501 st = NS_CONN_MT_CONNECTING;
1502 }
1503
1504 /* no connection found, start opening one */
1505 cn = init_conn_mt(cmg, errorp);
1506 if (cn == NULL) {
1507 (void) mutex_unlock(&cmg->lock);
1508 return ((*errorp)->status);
1509 }
1510 cu->conn_mt = cn;
1511 cn->opened_for = cu->type;
1512 cn->referral = cu->referral;
1513 if (cmg->ldap_mt == B_TRUE)
1514 cn->cu_max = NS_CONN_MT_USER_MAX;
1515 else
1516 cn->cu_max = 1;
1517 add_cm2cmg(cn, cmg);
1518 (void) mutex_unlock(&cmg->lock);
1519
1520 return (NS_LDAP_NOTFOUND);
1521 }
1522
1523
1524 /*
1525 * add an MT connection to the connection management
1526 *
1527 * Input:
1528 * con : pointer to the Connection info
1529 * cu : pointer to the conn_user structure
1530 * Output:
1531 * ep : hold pointer to error info (ns_ldap_error_t)
1532 */
1533 int
1534 __s_api_conn_mt_add(Connection *con, ns_conn_user_t *cu, ns_ldap_error_t **ep)
1535 {
1536 ns_conn_mgmt_t *cmg = cu->conn_mgmt;
1537 ns_conn_mt_t *cm = cu->conn_mt;
1538
1539 /* if the conn_mgmt is being shut down, return error */
1540 NS_CONN_CHECK_ABORT_AND_LOCK(cmg, cu, ep);
1541
1542 /*
1543 * start the change monitor thread only if it
1544 * hasn't been started and the process is the
1545 * main nscd (not peruser nscd)
1546 */
1547 if (cmg->procchg_started == B_FALSE && cmg->is_nscd == B_TRUE) {
1548 start_thread(cmg);
1549 cmg->procchg_started = B_TRUE;
1550 }
1551 (void) mutex_lock(&cm->lock);
1552 cm->conn = con;
1553 cm->state = NS_CONN_MT_CONNECTED;
1554 cm->pid = getpid();
1555 cm->create_time = time(NULL);
1556 cm->access_time = cm->create_time;
1557 cm->opened_for = cu->type;
1558 add_cu2cm(cu, cm);
1559 cu->conn_mt = cm;
1560 cu->state = NS_CONN_USER_CONNECTED;
1561 if (cmg->ldap_mt == B_TRUE)
1562 cm->cu_max = NS_CONN_MT_USER_MAX;
1563 else
1564 cm->cu_max = 1;
1565
1566 /* wake up the waiters if any */
1567 (void) conn_signal(cm);
1568
1569 (void) mutex_unlock(&cm->lock);
1570 (void) mutex_unlock(&cmg->lock);
1571
1572 return (NS_LDAP_SUCCESS);
1573 }
1574
1575 /*
1576 * return an MT connection to the pool when a conn user is done using it
1577 *
1578 * Input:
1579 * cu : pointer to the conn_user structure
1580 * Output: NONE
1581 */
1582 void
1583 __s_api_conn_mt_return(ns_conn_user_t *cu)
1584 {
1585 ns_conn_mt_t *cm;
1586 ns_conn_mgmt_t *cmg;
1587
1588 if (cu == NULL || cu->use_mt_conn == B_FALSE)
1589 return;
1590 cm = cu->conn_mt;
1591 if (cm == NULL)
1592 return;
1593 cmg = cu->conn_mgmt;
1594
1595 (void) mutex_lock(&cm->lock);
1596 del_cu4cm(cu, cm);
1597 cu->state = NS_CONN_USER_DISCONNECTED;
1598 cu->conn_mt = NULL;
1599 cu->bad_mt_conn = B_FALSE;
1600
1601 /*
1602 * if this MT connection is no longer needed, or not usable, and
1603 * no more conn_user uses it, then close it.
1604 */
1605
1606 if ((cm->close_when_nouser == B_TRUE ||
1607 cm->state != NS_CONN_MT_CONNECTED) && cm->cu_cnt == 0) {
1608 (void) mutex_unlock(&cm->lock);
1609 (void) mutex_lock(&cmg->lock);
1610 (void) mutex_lock(&cm->lock);
1611 del_cm4cmg(cm, cmg);
1612 /* use ns_conn_free (instead of 1) to avoid lint warning */
1613 NS_CONN_UNLOCK_AND_FREE(ns_conn_free, cm, cmg);
1614 } else {
1615 if (cm->state == NS_CONN_MT_CONNECTED && cm->cu_cnt == 0 &&
1616 cm->conn != NULL && cm->conn->ld != NULL) {
1617 struct timeval zerotime;
1618 LDAPMessage *res;
1619
1620 zerotime.tv_sec = zerotime.tv_usec = 0L;
1621 /* clean up remaining results just in case */
1622 while (ldap_result(cm->conn->ld, LDAP_RES_ANY,
1623 LDAP_MSG_ALL, &zerotime, &res) > 0) {
1624 if (res != NULL)
1625 (void) ldap_msgfree(res);
1626 }
1627 }
1628 (void) mutex_unlock(&cm->lock);
1629 }
1630 }
1631
1632 /* save error info (rc and ns_ldap_error_t) in the conn_mt */
1633 static void
1634 err2cm(ns_conn_mt_t *cm, int rc, ns_ldap_error_t **errorp) {
1635 ns_ldap_error_t *ep;
1636
1637 cm->ns_rc = rc;
1638 cm->ns_error = NULL;
1639 if (errorp != NULL && *errorp != NULL) {
1640 ep = __s_api_copy_error(*errorp);
1641 if (ep == NULL)
1642 cm->ns_rc = NS_LDAP_MEMORY;
1643 else
1644 cm->ns_error = ep;
1645 }
1646 }
1647
1648 /* copy error info (rc and ns_ldap_error_t) from conn_mt to conn_user */
1649 static void
1650 err_from_cm(ns_conn_user_t *cu, ns_conn_mt_t *cm) {
1651 ns_ldap_error_t *ep;
1652
1653 cu->ns_rc = cm->ns_rc;
1654 if (cu->ns_error != NULL)
1655 (void) __ns_ldap_freeError(&cu->ns_error);
1656 cu->ns_error = NULL;
1657 if (cm->ns_rc != NS_LDAP_SUCCESS && cm->ns_error != NULL) {
1658 ep = __s_api_copy_error(cm->ns_error);
1659 if (ep == NULL)
1660 cu->ns_rc = NS_LDAP_MEMORY;
1661 else
1662 cu->ns_error = ep;
1663 }
1664 }
1665
1666 /* copy error info (rc and ns_ldap_error_t) from caller to conn_user */
1667 static void
1668 err_from_caller(ns_conn_user_t *cu, int rc, ns_ldap_error_t **errorp) {
1669
1670 cu->ns_rc = rc;
1671 if (errorp != NULL) {
1672 if (cu->ns_error != NULL)
1673 (void) __ns_ldap_freeError(&cu->ns_error);
1674 cu->ns_error = *errorp;
1675 *errorp = NULL;
1676 } else
1677 cu->ns_error = NULL;
1678 }
1679
1680 /*
1681 * remove an MT connection from the connection management when failed to open
1682 *
1683 * Input:
1684 * cu : pointer to the conn_user structure
1685 * rc : error code
1686 * errorp : pointer to pointer to error info (ns_ldap_error_t)
1687 * Output:
1688 * errorp : set to NULL, if none NULL cm, callers do not need to free it
1689 */
1690 void
1691 __s_api_conn_mt_remove(ns_conn_user_t *cu, int rc, ns_ldap_error_t **errorp)
1692 {
1693 ns_conn_mgmt_t *cmg;
1694 ns_conn_mt_t *cm;
1695 int free_cm = 0;
1696
1697 if (cu == NULL || cu->use_mt_conn == B_FALSE)
1698 return;
1699 if ((cm = cu->conn_mt) == NULL)
1700 return;
1701 cmg = cu->conn_mgmt;
1702
1703 (void) mutex_lock(&cmg->lock);
1704 (void) mutex_lock(&cm->lock);
1705 if (cm->state != NS_CONN_MT_CONNECT_ERROR) {
1706 cm->state = NS_CONN_MT_CONNECT_ERROR;
1707 cm->ns_rc = rc;
1708 if (errorp != NULL) {
1709 cm->ns_error = *errorp;
1710 *errorp = NULL;
1711 }
1712 }
1713
1714 /* all the conn_users share the same error rc and ns_ldap_error_t */
1715 err_from_cm(cu, cm);
1716 /* wake up the waiters if any */
1717 (void) conn_signal(cm);
1718
1719 del_cu4cm(cu, cm);
1720 cu->conn_mt = NULL;
1721 cu->bad_mt_conn = B_FALSE;
1722 if (cm->cu_cnt == 0) {
1723 del_cm4cmg(cm, cmg);
1724 free_cm = 1;
1725 }
1726
1727 NS_CONN_UNLOCK_AND_FREE(free_cm, cm, cmg);
1728 }
1729
1730 /*
1731 * check to see if the underlying libldap supports multi-threaded client
1732 * (MT connections)
1733 */
1734 int
1735 __s_api_check_libldap_MT_conn_support(ns_conn_user_t *cu, LDAP *ld,
1736 ns_ldap_error_t **ep)
1737 {
1738 int rc;
1739 ns_conn_mgmt_t *cmg;
1740
1741 /* if no need to check, just return success */
1742 if (cu->conn_mt == NULL || cu->use_mt_conn == B_FALSE)
1743 return (NS_LDAP_SUCCESS);
1744
1745 cmg = cu->conn_mgmt;
1746 rc = setup_mt_ld(ld, cmg);
1747
1748 if (cmg->do_mt_conn == B_FALSE) {
1749 /*
1750 * If the conn_mgmt is being shut down, return error.
1751 * if cmg is usable, cmg->lock will be locked. Otherwise,
1752 * this function will return with rc NS_LDAP_OP_FAILED.
1753 */
1754 NS_CONN_CHECK_ABORT_AND_LOCK(cmg, cu, ep);
1755 if (cmg->do_mt_conn == B_FALSE) {
1756 if (rc < 0)
1757 cmg->ldap_mt = B_FALSE;
1758 else {
1759 cmg->ldap_mt = B_TRUE;
1760 if (cmg->is_nscd == B_TRUE ||
1761 cmg->is_peruser_nscd == B_TRUE) {
1762 cmg->do_mt_conn = B_TRUE;
1763 cmg->state = NS_CONN_MGMT_ACTIVE;
1764 }
1765 }
1766 }
1767 (void) mutex_unlock(&cmg->lock);
1768 }
1769
1770 if (rc < 0)
1771 __s_api_conn_mt_remove(cu, NS_LDAP_NOTFOUND, NULL);
1772 return (NS_LDAP_SUCCESS);
1773 }
1774
1775 /*
1776 * Close an MT connection.
1777 * Assume cm not null and locked, assume conn_mgmt is also locked.
1778 * Return -1 if error, 1 if the cm should be freed, otherwise 0.
1779 */
1780 static int
1781 close_conn_mt(ns_conn_mt_t *cm, int rc, ns_ldap_error_t **errorp,
1782 ns_conn_user_t *cu)
1783 {
1784 ns_conn_mgmt_t *cmg = cm->conn_mgmt;
1785 ns_conn_mt_t *m;
1786 ns_conn_user_t *u;
1787
1788 if ((cm->state != NS_CONN_MT_CONNECTED && cm->state !=
1789 NS_CONN_MT_CLOSING) || cmg->cm_head == NULL || cmg->cm_cnt == 0)
1790 return (-1);
1791
1792 /* if the conn_mt is not in the MT connection pool, nothing to do */
1793 for (m = cmg->cm_head; m; m = m->next) {
1794 if (cm == m)
1795 break;
1796 }
1797 if (m == NULL)
1798 return (-1);
1799
1800 if (cm->state == NS_CONN_MT_CONNECTED) { /* first time in here */
1801 cm->state = NS_CONN_MT_CLOSING;
1802 /*
1803 * If more cu exist to consume the error info, copy
1804 * it to the cm. If the caller calls on behalf of
1805 * a cu, cu won't be NULL. Check to see if there's
1806 * more cu that needs the error info. If caller does
1807 * not have a specific cu attached to it (e.g.,
1808 * shutdown_all_conn_mt()), cu is NULL, check if at
1809 * least one cu exists.
1810 */
1811 if ((cu != NULL && cm->cu_cnt > 1) ||
1812 (cu == NULL && cm->cu_cnt > 0)) {
1813 err2cm(cm, rc, errorp);
1814 /* wake up waiter (conn_user) if any */
1815 (void) conn_signal(cm);
1816 }
1817
1818 /* for each conn_user using the conn_mt, set bad_mt_conn flag */
1819 if (cm->cu_head != NULL) {
1820 for (u = cm->cu_head; u; u = u->next) {
1821 u->bad_mt_conn = B_TRUE;
1822 if (cmg->shutting_down == B_FALSE)
1823 u->retry = B_TRUE;
1824 }
1825 }
1826 }
1827
1828 /* detach the conn_mt if no more conn_user left */
1829 if ((cu != NULL && cm->cu_cnt == 1) ||
1830 (cu == NULL && cm->cu_cnt == 0)) {
1831 del_cm4cmg(cm, cmg);
1832 cm->detached = B_TRUE;
1833 return (1);
1834 }
1835
1836 return (0);
1837 }
1838
1839 /*
1840 * An MT connection becomes bad, close it and free resources.
1841 * This function is called with a ns_conn_user_t representing
1842 * a user of the MT connection.
1843 *
1844 * Input:
1845 * cu : pointer to the conn_user structure
1846 * rc : error code
1847 * errorp : pointer to pointer to error info (ns_ldap_error_t)
1848 * Output:
1849 * errorp : set to NULL (if no error), callers do not need to free it
1850 */
1851 void
1852 __s_api_conn_mt_close(ns_conn_user_t *cu, int rc, ns_ldap_error_t **errorp)
1853 {
1854 ns_conn_mgmt_t *cmg;
1855 ns_conn_mt_t *cm;
1856 int free_cm = 0;
1857
1858 if (cu == NULL || cu->use_mt_conn == B_FALSE)
1859 return;
1860
1861 if (cu->state != NS_CONN_USER_CONNECTED || (cm = cu->conn_mt) == NULL)
1862 return;
1863 cmg = cu->conn_mgmt;
1864
1865 (void) mutex_lock(&cmg->lock);
1866 (void) mutex_lock(&cm->lock);
1867
1868 /* close the MT connection if possible */
1869 free_cm = close_conn_mt(cm, rc, errorp, cu);
1870 if (free_cm == -1) { /* error case */
1871 (void) mutex_unlock(&cm->lock);
1872 (void) mutex_unlock(&cmg->lock);
1873 return;
1874 }
1875
1876 if (rc != NS_LDAP_SUCCESS) { /* error info passed in, use it */
1877 err_from_caller(cu, rc, errorp);
1878 } else { /* error not passed in, use those saved in the conn_mt */
1879 err_from_cm(cu, cm);
1880 }
1881
1882 /* detach the conn_user from the conn_mt */
1883 del_cu4cm(cu, cm);
1884 cu->conn_mt = NULL;
1885 cu->bad_mt_conn = B_FALSE;
1886 if (cmg->shutting_down == B_FALSE)
1887 cu->retry = B_TRUE;
1888 NS_CONN_UNLOCK_AND_FREE(free_cm, cm, cmg);
1889 }
1890
1891 /*
1892 * Close an MT connection when the associated server is known to be
1893 * down. This function is called with a ns_conn_mt_t representing
1894 * the MT connection. That is, the caller is not a conn_user
1895 * thread but rather the procchg thread.
1896 */
1897 static void
1898 close_conn_mt_by_procchg(ns_conn_mt_t *cm, int rc, char *errmsg)
1899 {
1900 ns_conn_mgmt_t *cmg;
1901 int free_cm = 0;
1902 ns_ldap_error_t *ep;
1903
1904 if (cm == NULL)
1905 return;
1906 cmg = cm->conn_mgmt;
1907
1908 ep = (ns_ldap_error_t *)calloc(1, sizeof (*ep));
1909 if (ep != NULL) {
1910 ep->status = rc;
1911 if (errmsg != NULL)
1912 ep->message = strdup(errmsg); /* OK if returns NULL */
1913 }
1914
1915 (void) mutex_lock(&cmg->lock);
1916 (void) mutex_lock(&cm->lock);
1917
1918 /* close the MT connection if possible */
1919 free_cm = close_conn_mt(cm, LDAP_SERVER_DOWN, &ep, NULL);
1920 if (free_cm == -1) { /* error case */
1921 (void) mutex_unlock(&cm->lock);
1922 (void) mutex_unlock(&cmg->lock);
1923 return;
1924 }
1925 (void) __ns_ldap_freeError(&ep);
1926
1927 NS_CONN_UNLOCK_AND_FREE(free_cm, cm, cmg);
1928 }
1929
1930 /*
1931 * Close an MT connection when there is a better server to connect to.
1932 * Mark the connection as to-be-closed-when-no-one-using so that
1933 * any outstanding ldap operations can run to completion.
1934 * Assume that both the conn_mt and conn_mgmt are locked.
1935 * Return 1 if the conn_mt should be freed.
1936 */
1937 static int
1938 close_conn_mt_when_nouser(ns_conn_mt_t *cm)
1939 {
1940 int free_cm = 0;
1941
1942 if (cm->cu_cnt == 0) {
1943 del_cm4cmg(cm, cm->conn_mgmt);
1944 free_cm = 1;
1945 } else {
1946 cm->close_when_nouser = B_TRUE;
1947 }
1948
1949 return (free_cm);
1950 }
1951
1952 /*
1953 * Retrieve the configured preferred server list.
1954 * This function locked the conn_mgmt and does not
1955 * unlock at exit.
1956 */
1957 static void
1958 get_preferred_servers(boolean_t lock, boolean_t reload, ns_conn_mgmt_t *cmg)
1959 {
1960 ns_ldap_error_t *errorp = NULL;
1961 void **pservers = NULL;
1962
1963 if (lock == B_TRUE)
1964 (void) mutex_lock(&cmg->lock);
1965
1966 /* if already done, and no reload, then return */
1967 if (cmg->pservers_loaded == B_TRUE && reload == B_FALSE)
1968 return;
1969
1970 if (cmg->pservers != NULL) {
1971 (void) __ns_ldap_freeParam((void ***)&cmg->pservers);
1972 cmg->pservers = NULL;
1973 }
1974
1975 if (__ns_ldap_getParam(NS_LDAP_SERVER_PREF_P,
1976 &pservers, &errorp) == NS_LDAP_SUCCESS) {
1977 cmg->pservers = (char **)pservers;
1978 cmg->pservers_loaded = B_TRUE;
1979 } else {
1980 (void) __ns_ldap_freeError(&errorp);
1981 (void) __ns_ldap_freeParam(&pservers);
1982 }
1983 }
1984
1985 /*
1986 * This function handles the config or server status change notification
1987 * from the ldap_cachemgr.
1988 */
1989 static ns_conn_mgmt_t *
1990 proc_server_change(ns_server_status_change_t *chg, ns_conn_mgmt_t *cmg)
1991 {
1992 int cnt, i, j, k, n;
1993 boolean_t loop = B_TRUE;
1994 boolean_t cmg_locked = B_FALSE;
1995 char *s;
1996 ns_conn_mt_t *cm;
1997 ns_conn_mgmt_t *ocmg;
1998
1999 /* if config changed, reload the configuration */
2000 if (chg->config_changed == B_TRUE) {
2001 /* reload the conn_mgmt and Native LDAP config */
2002 ocmg = access_conn_mgmt(NS_CONN_MGMT_OP_RELOAD_CONFIG);
2003 shutdown_all_conn_mt(ocmg);
2004 /* release the one obtained from access_conn_mgmt(RELOAD) */
2005 (void) release_conn_mgmt(ocmg, B_FALSE);
2006 /* release the one obtained when ocmg was created */
2007 (void) release_conn_mgmt(ocmg, B_FALSE);
2008 return (ocmg);
2009 }
2010
2011 if ((cnt = chg->num_server) == 0)
2012 return (cmg);
2013
2014 /* handle down servers first */
2015 for (i = 0; i < cnt; i++) {
2016
2017 if (chg->changes[i] != NS_SERVER_DOWN)
2018 continue;
2019 s = chg->servers[i];
2020
2021 /*
2022 * look for a CONNECTED MT connection using
2023 * the same server s, and close it
2024 */
2025 while (loop) {
2026 if (cmg_locked == B_FALSE) {
2027 (void) mutex_lock(&cmg->lock);
2028 cmg_locked = B_TRUE;
2029 }
2030 for (cm = cmg->cm_head; cm; cm = cm->next) {
2031 (void) mutex_lock(&cm->lock);
2032
2033 if (cm->state == NS_CONN_MT_CONNECTED &&
2034 cm->conn != NULL &&
2035 strcasecmp(cm->conn->serverAddr, s) == 0) {
2036 (void) mutex_unlock(&cm->lock);
2037 break;
2038 }
2039
2040 (void) mutex_unlock(&cm->lock);
2041 }
2042 if (cm != NULL) {
2043 (void) mutex_unlock(&cmg->lock);
2044 cmg_locked = B_FALSE;
2045 close_conn_mt_by_procchg(cm, LDAP_SERVER_DOWN,
2046 NS_CONN_MSG_DOWN_FROM_CACHEMGR);
2047 /*
2048 * Process the next cm using server s.
2049 * Start from the head of the cm linked
2050 * list again, as the cm list may change
2051 * after close_conn_mt_by_procchg() is done.
2052 */
2053 continue;
2054 }
2055
2056 /*
2057 * No (more) MT connection using the down server s.
2058 * Process the next server on the list.
2059 */
2060 break;
2061 } /* while loop */
2062 }
2063
2064 /*
2065 * Next handle servers whose status changed to up.
2066 * Get the preferred server list first if not done yet.
2067 * get_preferred_servers() leaves conn_mgmt locked.
2068 */
2069 get_preferred_servers(cmg_locked == B_FALSE ? B_TRUE : B_FALSE,
2070 B_FALSE, cmg);
2071 cmg_locked = B_TRUE;
2072 /*
2073 * if no preferred server configured, we don't switch MT connection
2074 * to a more preferred server (i.e., fallback), so just return
2075 */
2076 if (cmg->pservers == NULL) {
2077 (void) mutex_unlock(&cmg->lock);
2078 return (cmg);
2079 }
2080
2081 /* for each server that is up now */
2082 for (i = 0; i < cnt; i++) {
2083 if (chg->changes[i] != NS_SERVER_UP)
2084 continue;
2085 s = chg->servers[i];
2086
2087 /*
2088 * look for a CONNECTED MT connection which uses
2089 * a server less preferred than s, and treat it
2090 * as 'fallback needed' by calling
2091 * close_conn_mt_when_nouser()
2092 */
2093 k = -1;
2094 loop = B_TRUE;
2095 while (loop) {
2096 if (cmg_locked == B_FALSE) {
2097 (void) mutex_lock(&cmg->lock);
2098 cmg_locked = B_TRUE;
2099 }
2100
2101 /* Is s a preferred server ? */
2102 if (k == -1) {
2103 for (j = 0; cmg->pservers[j] != NULL; j++) {
2104 if (strcasecmp(cmg->pservers[j],
2105 s) == 0) {
2106 k = j;
2107 break;
2108 }
2109 }
2110 }
2111 /* skip s if not a preferred server */
2112 if (k == -1) {
2113 break;
2114 }
2115
2116 /* check each MT connection */
2117 for (cm = cmg->cm_head; cm; cm = cm->next) {
2118 (void) mutex_lock(&cm->lock);
2119 /*
2120 * Find an MT connection that is connected and
2121 * not marked, but leave WRITE or REFERRAL
2122 * connections alone, since fallback does not
2123 * make sense for them.
2124 */
2125 if (cm->state == NS_CONN_MT_CONNECTED &&
2126 cm->close_when_nouser == B_FALSE &&
2127 cm->conn != NULL && cm->opened_for !=
2128 NS_CONN_USER_WRITE &&
2129 cm->referral == B_FALSE) {
2130 n = -1;
2131 /*
2132 * j < k ??? should we close
2133 * an active MT that is using s ?
2134 * ie could s went down and up
2135 * again, but cm is bound prior to
2136 * the down ? Play safe here,
2137 * and check j <= k.
2138 */
2139 for (j = 0; j <= k; j++) {
2140 if (strcasecmp(
2141 cm->conn->serverAddr,
2142 cmg->pservers[j]) == 0) {
2143 n = j;
2144 break;
2145 }
2146 }
2147 /*
2148 * s is preferred, if its location
2149 * in the preferred server list is
2150 * ahead of that of the server
2151 * used by the cm (i.e., no match
2152 * found before s)
2153 */
2154 if (n == -1) { /* s is preferred */
2155 int fr = 0;
2156 fr = close_conn_mt_when_nouser(
2157 cm);
2158 NS_CONN_UNLOCK_AND_FREE(fr,
2159 cm, cmg);
2160 cmg_locked = B_FALSE;
2161 /*
2162 * break, not continue,
2163 * because we need to
2164 * check the entire cm
2165 * list again. The call
2166 * above may change the
2167 * cm list.
2168 */
2169 break;
2170 }
2171 }
2172 (void) mutex_unlock(&cm->lock);
2173 }
2174 /* if no (more) cm using s, check next server */
2175 if (cm == NULL)
2176 loop = B_FALSE;
2177 } /* while loop */
2178 }
2179 if (cmg_locked == B_TRUE)
2180 (void) mutex_unlock(&cmg->lock);
2181 return (cmg);
2182 }
2183
2184 /* Shut down all MT connection managed by the connection management */
2185 void
2186 shutdown_all_conn_mt(ns_conn_mgmt_t *cmg)
2187 {
2188 ns_ldap_error_t *ep;
2189 ns_conn_mt_t *cm;
2190 int free_cm = 0;
2191 boolean_t done = B_FALSE;
2192
2193 ep = (ns_ldap_error_t *)calloc(1, sizeof (*ep));
2194 if (ep != NULL) { /* if NULL, not a problem */
2195 /* OK if returns NULL */
2196 ep->message = strdup(NS_CONN_MSG_SHUTDOWN_RELOADED);
2197 }
2198
2199 (void) mutex_lock(&cmg->lock);
2200 while (cmg->cm_head != NULL && done == B_FALSE) {
2201 for (cm = cmg->cm_head; cm; cm = cm->next) {
2202 (void) mutex_lock(&cm->lock);
2203 if (cm->next == NULL)
2204 done = B_TRUE;
2205 /* shut down each conn_mt, ignore errors */
2206 free_cm = close_conn_mt(cm, LDAP_OTHER, &ep, NULL);
2207 (void) mutex_unlock(&cm->lock);
2208 if (free_cm == 1) {
2209 (void) free_conn_mt(cm, 0);
2210 /*
2211 * conn_mt may change, so start from
2212 * top of list again
2213 */
2214 break;
2215 }
2216 }
2217 }
2218 (void) mutex_unlock(&cmg->lock);
2219 (void) __ns_ldap_freeError(&ep);
2220 }
2221
2222 /* free all the resources used by the connection management */
2223 void
2224 __s_api_shutdown_conn_mgmt()
2225 {
2226 ns_conn_mgmt_t *cmg;
2227
2228 cmg = access_conn_mgmt(NS_CONN_MGMT_OP_SHUTDOWN);
2229 if (cmg == NULL) /* already being SHUT done */
2230 return;
2231
2232 (void) shutdown_all_conn_mt(cmg);
2233 (void) release_conn_mgmt(cmg, B_FALSE);
2234
2235 /* then destroy the conn_mgmt */
2236 (void) release_conn_mgmt(cmg, B_FALSE);
2237 }
2238
2239
2240 /*
2241 * Reinitialize the libsldap connection management after
2242 * a new native LDAP configuration is received.
2243 */
2244 void
2245 __s_api_reinit_conn_mgmt_new_config(ns_config_t *new_cfg)
2246 {
2247 ns_conn_mgmt_t *cmg;
2248 ns_conn_mgmt_t *ocmg;
2249
2250 cmg = access_conn_mgmt(NS_CONN_MGMT_OP_REF);
2251 if (cmg == NULL)
2252 return;
2253 if (cmg->config == new_cfg || cmg->state == NS_CONN_MGMT_DETACHED) {
2254 (void) release_conn_mgmt(cmg, B_FALSE);
2255 return;
2256 }
2257
2258 /* reload the conn_mgmt and native LDAP config */
2259 ocmg = access_conn_mgmt(NS_CONN_MGMT_OP_NEW_CONFIG);
2260 if (ocmg == cmg)
2261 shutdown_all_conn_mt(ocmg);
2262 /* release the one obtained from access_conn_mgmt(RELOAD) */
2263 (void) release_conn_mgmt(ocmg, B_FALSE);
2264 /* release the one obtained when ocmg was created */
2265 (void) release_conn_mgmt(ocmg, B_FALSE);
2266 /* release the one obtained when this function is entered */
2267 (void) release_conn_mgmt(cmg, B_FALSE);
2268 }
2269
2270 /*
2271 * Prepare to retry ldap search operation if needed.
2272 * Return 1 if retry is needed, otherwise 0.
2273 * If first time in, return 1. If not, return 1 if:
2274 * - not a NS_CONN_USER_GETENT conn_user AND
2275 * - have not retried 3 times yet AND
2276 * - previous search failed AND
2277 * - the retry flag is set in the ns_conn_user_t or config was reloaded
2278 */
2279 int
2280 __s_api_setup_retry_search(ns_conn_user_t **conn_user,
2281 ns_conn_user_type_t type, int *try_cnt, int *rc,
2282 ns_ldap_error_t **errorp)
2283 {
2284 boolean_t retry;
2285 ns_conn_user_t *cu = *conn_user;
2286 ns_conn_mgmt_t *cmg;
2287
2288 if (*try_cnt > 0 && cu != NULL) {
2289 /*
2290 * if called from firstEntry(), keep conn_mt for
2291 * the subsequent getnext requests
2292 */
2293 if (cu->type == NS_CONN_USER_GETENT && *rc == NS_LDAP_SUCCESS)
2294 return (0);
2295 cmg = cu->conn_mgmt;
2296 retry = cu->retry;
2297 if (cu->conn_mt != NULL)
2298 __s_api_conn_mt_return(cu);
2299 if (cmg != NULL && cmg->cfg_reloaded == B_TRUE)
2300 retry = B_TRUE;
2301 __s_api_conn_user_free(cu);
2302 *conn_user = NULL;
2303
2304 if (*rc == NS_LDAP_SUCCESS || retry != B_TRUE)
2305 return (0);
2306 }
2307
2308 *try_cnt = *try_cnt + 1;
2309 if (*try_cnt > NS_LIST_TRY_MAX)
2310 return (0);
2311
2312 *conn_user = __s_api_conn_user_init(type, NULL, B_FALSE);
2313 if (*conn_user == NULL) {
2314 if (*try_cnt == 1) { /* first call before any retry */
2315 *rc = NS_LDAP_MEMORY;
2316 *errorp = NULL;
2317 }
2318 /* for 1+ try, use previous rc and errorp */
2319 return (0);
2320 }
2321
2322 /* free ldap_error_t from previous search */
2323 if (*try_cnt > 1 && rc != NS_LDAP_SUCCESS && *errorp != NULL)
2324 (void) __ns_ldap_freeError(errorp);
2325
2326 return (1);
2327 }
2328
2329 /* prepare to get the next entry for an enumeration */
2330 int
2331 __s_api_setup_getnext(ns_conn_user_t *cu, int *ns_err,
2332 ns_ldap_error_t **errorp)
2333 {
2334 int rc;
2335 ns_conn_mgmt_t *cmg;
2336
2337 /*
2338 * if using an MT connection, ensure the thread-specific data are set,
2339 * but if the MT connection is no longer good, return the error saved.
2340 */
2341 if (cu->conn_mt != NULL && (cmg = cu->conn_mgmt) != NULL) {
2342
2343 if (cu->bad_mt_conn == B_TRUE) {
2344 __s_api_conn_mt_close(cu, 0, NULL);
2345 *ns_err = cu->ns_rc;
2346 *errorp = cu->ns_error;
2347 cu->ns_error = NULL;
2348 return (*ns_err);
2349 }
2350
2351 rc = conn_tsd_check(cmg);
2352 if (rc != NS_LDAP_SUCCESS) {
2353 *errorp = NULL;
2354 return (rc);
2355 }
2356 }
2357
2358 return (NS_LDAP_SUCCESS);
2359 }
2360
2361 /* wait for an MT connection to become available */
2362 static int
2363 conn_wait(ns_conn_mt_t *conn_mt, ns_conn_user_t *conn_user)
2364 {
2365 ns_conn_waiter_t mywait;
2366 ns_conn_waiter_t *head = &conn_mt->waiter;
2367
2368 (void) cond_init(&(mywait.waitcv), USYNC_THREAD, 0);
2369 mywait.key = conn_user;
2370 mywait.signaled = 0;
2371 mywait.next = head->next;
2372 mywait.prev = head;
2373 if (mywait.next)
2374 mywait.next->prev = &mywait;
2375 head->next = &mywait;
2376 atomic_inc_uint(&conn_mt->waiter_cnt);
2377
2378 while (!mywait.signaled)
2379 (void) cond_wait(&(mywait.waitcv), &conn_mt->lock);
2380 if (mywait.prev)
2381 mywait.prev->next = mywait.next;
2382 if (mywait.next)
2383 mywait.next->prev = mywait.prev;
2384 return (0);
2385 }
2386
2387 /* signal that an MT connection is now available */
2388 static int
2389 conn_signal(ns_conn_mt_t *conn_mt)
2390 {
2391 int c = 0;
2392 ns_conn_waiter_t *head = &conn_mt->waiter;
2393 ns_conn_waiter_t *tmp = head->next;
2394
2395 while (tmp) {
2396 (void) cond_signal(&(tmp->waitcv));
2397 tmp->signaled = 1;
2398 atomic_dec_uint(&conn_mt->waiter_cnt);
2399 c++;
2400 tmp = tmp->next;
2401 }
2402
2403 return (c);
2404 }
2405
2406 /*
2407 * wait and process the server status and/or config change notification
2408 * from ldap_cachemgr
2409 */
2410 static void *
2411 get_server_change(void *arg)
2412 {
2413 union {
2414 ldap_data_t s_d;
2415 char s_b[DOORBUFFERSIZE];
2416 } space;
2417 ldap_data_t *sptr = &space.s_d;
2418 int ndata;
2419 int adata;
2420 char *ptr;
2421 int ds_cnt;
2422 int door_rc;
2423 int which;
2424 int retry = 0;
2425 boolean_t loop = B_TRUE;
2426 char *c, *oc;
2427 int dslen = strlen(DOORLINESEP);
2428 char dsep = DOORLINESEP_CHR;
2429 char chg_data[DOORBUFFERSIZE];
2430 char **servers = NULL;
2431 boolean_t getchg_not_supported = B_FALSE;
2432 ns_conn_mgmt_t *ocmg = (ns_conn_mgmt_t *)arg;
2433 ns_conn_mgmt_t *cmg;
2434 ns_server_status_t *status = NULL;
2435 ns_server_status_change_t chg = { 0 };
2436 ldap_get_change_out_t *get_chg;
2437 ldap_get_chg_cookie_t cookie;
2438 ldap_get_chg_cookie_t new_cookie;
2439
2440 cmg = access_conn_mgmt(NS_CONN_MGMT_OP_REF);
2441 if (cmg != ocmg)
2442 thr_exit(NULL);
2443 /* cmg is locked before called */
2444 cmg->procchg_tid = thr_self();
2445
2446 /* make sure the thread specific data are set */
2447 (void) conn_tsd_setup(cmg);
2448 cookie = cmg->cfg_cookie;
2449
2450 while (loop) {
2451
2452 if (chg.servers != NULL)
2453 free(chg.servers);
2454 if (chg.changes != NULL)
2455 free(chg.changes);
2456 if (sptr != &space.s_d)
2457 (void) munmap((char *)sptr, sizeof (space));
2458
2459 /*
2460 * If the attached conn_mgmt has been deleted,
2461 * then exit. The new conn_mgmt will starts it
2462 * own monitor thread later. If libsldap is being
2463 * unloaded or configuration reloaded, OR
2464 * ldap_cachemgr rejected the GETSTATUSCHANGE door
2465 * call, then exit as well.
2466 */
2467 if (cmg == NULL || cmg->state == NS_CONN_MGMT_DETACHED ||
2468 getchg_not_supported == B_TRUE) {
2469
2470 if (cmg != NULL) {
2471 cmg->procchg_started = B_FALSE;
2472 (void) release_conn_mgmt(cmg, B_FALSE);
2473 }
2474
2475 conn_tsd_free();
2476 thr_exit(NULL);
2477 }
2478
2479 (void) memset(space.s_b, 0, DOORBUFFERSIZE);
2480 (void) memset(&chg, 0, sizeof (chg));
2481 adata = sizeof (ldap_call_t) + 1;
2482 ndata = sizeof (space);
2483 space.s_d.ldap_call.ldap_callnumber = GETSTATUSCHANGE;
2484 space.s_d.ldap_call.ldap_u.get_change.op =
2485 NS_STATUS_CHANGE_OP_START;
2486 space.s_d.ldap_call.ldap_u.get_change.cookie = cookie;
2487 sptr = &space.s_d;
2488 door_rc = __ns_ldap_trydoorcall_getfd();
2489 cmg->procchg_door_call = B_TRUE;
2490 if (release_conn_mgmt(cmg, B_FALSE) == NULL) {
2491 conn_tsd_free();
2492 thr_exit(NULL);
2493 }
2494
2495 if (door_rc == NS_CACHE_SUCCESS)
2496 door_rc = __ns_ldap_trydoorcall_send(&sptr, &ndata,
2497 &adata);
2498
2499 /*
2500 * Check and see if the conn_mgmt is still current.
2501 * If not, no need to continue.
2502 */
2503 cmg = access_conn_mgmt(NS_CONN_MGMT_OP_REF);
2504 if (cmg != NULL)
2505 cmg->procchg_door_call = B_FALSE;
2506 if (cmg != ocmg) {
2507 if (cmg != NULL) {
2508 cmg->procchg_started = B_FALSE;
2509 (void) release_conn_mgmt(cmg, B_FALSE);
2510 }
2511 conn_tsd_free();
2512 thr_exit(NULL);
2513 }
2514
2515 if (door_rc != NS_CACHE_SUCCESS) {
2516 if (door_rc == NS_CACHE_NOSERVER) {
2517 if (retry++ > 10)
2518 getchg_not_supported = B_TRUE;
2519 else {
2520 /*
2521 * ldap_cachemgr may be down, give
2522 * it time to restart
2523 */
2524 (void) sleep(2);
2525 }
2526 } else if (door_rc == NS_CACHE_NOTFOUND)
2527 getchg_not_supported = B_TRUE;
2528 continue;
2529 } else
2530 retry = 0;
2531
2532 /* copy info from door call return structure */
2533 get_chg = &sptr->ldap_ret.ldap_u.changes;
2534 ptr = get_chg->data;
2535 /* configuration change ? */
2536 if (get_chg->type == NS_STATUS_CHANGE_TYPE_CONFIG) {
2537 chg.config_changed = B_TRUE;
2538 cmg = proc_server_change(&chg, cmg);
2539 continue;
2540 }
2541
2542 /* server status changes ? */
2543 if (get_chg->type == NS_STATUS_CHANGE_TYPE_SERVER) {
2544 /*
2545 * first check cookies, if don't match, config
2546 * has changed
2547 */
2548 new_cookie = get_chg->cookie;
2549 if (new_cookie.mgr_pid != cookie.mgr_pid ||
2550 new_cookie.seq_num != cookie.seq_num) {
2551 chg.config_changed = B_TRUE;
2552 cmg = proc_server_change(&chg, cmg);
2553 continue;
2554 }
2555
2556 (void) strlcpy(chg_data, ptr, sizeof (chg_data));
2557 chg.num_server = get_chg->server_count;
2558
2559 servers = (char **)calloc(chg.num_server,
2560 sizeof (char *));
2561 if (servers == NULL) {
2562 syslog(LOG_INFO, NS_CONN_MSG_MEMORY_ERROR);
2563 continue;
2564 }
2565 status = (ns_server_status_t *)calloc(chg.num_server,
2566 sizeof (int));
2567 if (status == NULL) {
2568 syslog(LOG_INFO, NS_CONN_MSG_MEMORY_ERROR);
2569 free(servers);
2570 continue;
2571 }
2572 ds_cnt = 0;
2573 which = 0;
2574 oc = ptr;
2575 for (c = ptr; which != 2; c++) {
2576 /* look for DOORLINESEP or end of string */
2577 if (*c != dsep && *c != '\0')
2578 continue;
2579 if (*c == dsep) { /* DOORLINESEP */
2580 *c = '\0'; /* current value */
2581 c += dslen; /* skip to next value */
2582 }
2583 if (which == 0) { /* get server info */
2584 servers[ds_cnt] = oc;
2585 oc = c;
2586 which = 1; /* get status next */
2587 continue;
2588 }
2589 /* which == 1, get up/down status */
2590 if (strcmp(NS_SERVER_CHANGE_UP, oc) == 0) {
2591 status[ds_cnt] = NS_SERVER_UP;
2592 } else if (strcmp(NS_SERVER_CHANGE_DOWN,
2593 oc) == 0)
2594 status[ds_cnt] = NS_SERVER_DOWN;
2595 else {
2596 syslog(LOG_INFO,
2597 NS_CONN_MSG_BAD_CACHEMGR_DATA);
2598 continue;
2599 }
2600 oc = c;
2601 ds_cnt++;
2602 if (*c == '\0')
2603 which = 2; /* exit the loop */
2604 else
2605 which = 0; /* get server info next */
2606 }
2607 chg.servers = servers;
2608 chg.changes = status;
2609 cmg = proc_server_change(&chg, cmg);
2610 continue;
2611 }
2612 }
2613
2614 return (NULL);
2615 }
2616
2617 /* start the thread handling the change notification from ldap_cachemgr */
2618 static void
2619 start_thread(ns_conn_mgmt_t *cmg) {
2620
2621 int errnum;
2622
2623 /*
2624 * start a thread to get and process config and server status changes
2625 */
2626 if (thr_create(NULL, NULL, get_server_change,
2627 (void *)cmg, THR_DETACHED, NULL) != 0) {
2628 errnum = errno;
2629 syslog(LOG_WARNING, NS_CONN_MSG_NO_PROCCHG_THREAD,
2630 strerror(errnum));
2631 }
2632 }