PSARC/2006/391 Solaris libldap & libsldap private interfaces

6384642 libldap/SSL negotiation uses synchronous I/O preventing timeouts on congested server
6384642 libldap/SSL negotiation uses synchronous I/O preventing timeouts on congested server (OSR# 2893)

5 files changed, 53 insertions, 12 deletions

diff --git a/usr/src/lib/libldap5/include/ldap/ldappr.h b/usr/src/lib/libldap5/include/ldap/ldappr.h
index 99a981504e..3033f8714d 100644
--- a/usr/src/lib/libldap5/include/ldap/ldappr.h
+++ b/usr/src/lib/libldap5/include/ldap/ldappr.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -72,7 +72,6 @@ LDAP * LDAP_CALL prldap_init( const char *defhost, int defport, int shared );
 int LDAP_CALL prldap_install_routines( LDAP *ld, int shared );
 
 
-#ifndef _SOLARIS_SDK    /* Not used, left in to stay in sync with iplanet */
 /*
  * Function: prldap_set_session_option().
  *
@@ -121,7 +120,6 @@ int LDAP_CALL prldap_get_session_option( LDAP *ld, void *sessionarg,
  *    LDAP_X_IO_TIMEOUT_NO_WAIT
  */
 #define PRLDAP_OPT_IO_MAX_TIMEOUT		1
-#endif	/* !_SOLARIS_SDK */
 
 
 /**
diff --git a/usr/src/lib/libldap5/sources/ldap/prldap/ldappr-public.c b/usr/src/lib/libldap5/sources/ldap/prldap/ldappr-public.c
index ad36e53e04..6f8765adbb 100644
--- a/usr/src/lib/libldap5/sources/ldap/prldap/ldappr-public.c
+++ b/usr/src/lib/libldap5/sources/ldap/prldap/ldappr-public.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2002 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -94,7 +94,6 @@ prldap_install_routines( LDAP *ld, int shared )
 }
 
 
-#ifndef _SOLARIS_SDK	/* Not used, left in to stay in sync with iplanet */
 /*
  * Function: prldap_set_session_option().
  * 
@@ -177,7 +176,6 @@ int LDAP_CALL prldap_get_session_option( LDAP *ld, void *sessionarg,
 
     return( rc );
 }
-#endif	/* !_SOLARIS_SDK */
 
 
 /*
diff --git a/usr/src/lib/libldap5/spec/ldap.spec b/usr/src/lib/libldap5/spec/ldap.spec
index bea036a154..387d97e53a 100644
--- a/usr/src/lib/libldap5/spec/ldap.spec
+++ b/usr/src/lib/libldap5/spec/ldap.spec
@@ -1,7 +1,26 @@
 #
-# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
 # ident	"%Z%%M%	%I%	%E% SMI"
 #
 # lib/libldap5/spec/ldap.spec
@@ -1536,3 +1555,17 @@ include		<lber.h>, <ldap.h>
 declaration	int ldap_str2charray( char *str, char *brkstr )
 version		SUNWprivate_1.1
 end
+
+function        prldap_set_session_option 
+include         <lber.h>, <ldap.h> 
+declaration     int prldap_set_session_option( LDAP *ld, void *sessionarg, \
+                         int option, ... ) 
+version         SUNWprivate_1.1 
+end  
+
+function        prldap_get_session_option 
+include         <lber.h>, <ldap.h> 
+declaration     int prldap_get_session_option( LDAP *ld, void *sessionarg, \
+			int option, ... ) 
+version         SUNWprivate_1.1 
+end 
diff --git a/usr/src/lib/libsldap/Makefile.com b/usr/src/lib/libsldap/Makefile.com
index 9bada3d53d..8a5c871ed8 100644
--- a/usr/src/lib/libsldap/Makefile.com
+++ b/usr/src/lib/libsldap/Makefile.com
@@ -2,9 +2,8 @@
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License").  You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -50,7 +49,7 @@ SPECMAPFILE =	$(MAPDIR)/mapfile
 
 CFLAGS +=	$(CCVERBOSE)
 LOCFLAGS +=	-D_REENTRANT -DSUNW_OPTIONS -DTHREAD_SUNOS5_LWP
-CPPFLAGS +=	-I../common -I$(SRC)/lib/libldap5/include/ldap $(LOCFLAGS)
+CPPFLAGS +=	-I../common -I$(SRC)/lib/libldap5/include/ldap -I/usr/include/mps $(LOCFLAGS)
 LINTFLAGS +=	-erroff=E_BAD_PTR_CAST_ALIGN
 LINTFLAGS64 +=	-erroff=E_BAD_PTR_CAST_ALIGN
 
diff --git a/usr/src/lib/libsldap/common/ns_connect.c b/usr/src/lib/libsldap/common/ns_connect.c
index bbe2dead54..ccf75a9963 100644
--- a/usr/src/lib/libsldap/common/ns_connect.c
+++ b/usr/src/lib/libsldap/common/ns_connect.c
@@ -41,6 +41,7 @@
 #include "ns_sldap.h"
 #include "ns_internal.h"
 #include "ns_cache_door.h"
+#include "ldappr.h"
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <procfs.h>
@@ -1247,6 +1248,18 @@ openConnection(LDAP **ldp, const char *serverAddr, const ns_cred_t *auth,
 #ifdef DEBUG
 		(void) fprintf(stderr, "+++TLS transport\n");
 #endif /* DEBUG */
+
+		if (prldap_set_session_option(NULL, NULL,
+		    PRLDAP_OPT_IO_MAX_TIMEOUT,
+		    timeoutMilliSec) != LDAP_SUCCESS) {
+			(void) snprintf(errstr, sizeof (errstr),
+				gettext("openConnection: failed to initialize "
+				"TLS security"));
+			MKERROR(LOG_WARNING, *errorp, LDAP_CONNECT_ERROR,
+				strdup(errstr), NULL);
+			return (NS_LDAP_INTERNAL);
+		}
+
 		hostcertpath = auth->hostcertpath;
 		if (hostcertpath == NULL) {
 			alloc_hcp = __s_get_hostcertpath();