diff options
| author | Arno Töll <arno@debian.org> | 2014-07-20 06:23:00 -1100 |
|---|---|---|
| committer | Arno Töll <arno@debian.org> | 2014-07-20 06:23:00 -1100 |
| commit | cb35beef2a938b80c9e4b5d6a408eca437aa74db (patch) | |
| tree | 87ae6e0d2b3a8ce318fe8ab559494808a451035e /modules/ldap | |
| parent | 2a463b3cd73c32ee9dcd508248d0194923f435f4 (diff) | |
| download | apache2-cb35beef2a938b80c9e4b5d6a408eca437aa74db.tar.gz | |
Imported Upstream version 2.4.10
Diffstat (limited to 'modules/ldap')
| -rw-r--r-- | modules/ldap/util_ldap.c | 53 |
1 files changed, 44 insertions, 9 deletions
diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c index bf37567a..0cc51c40 100644 --- a/modules/ldap/util_ldap.c +++ b/modules/ldap/util_ldap.c @@ -157,10 +157,12 @@ static void uldap_connection_close(util_ldap_connection_t *ldc) */ if (!ldc->keep) { uldap_connection_unbind(ldc); + ldc->r = NULL; } else { /* mark our connection as available for reuse */ ldc->freed = apr_time_now(); + ldc->r = NULL; #if APR_HAS_THREADS apr_thread_mutex_unlock(ldc->lock); #endif @@ -179,6 +181,9 @@ static apr_status_t uldap_connection_unbind(void *param) if (ldc) { if (ldc->ldap) { + if (ldc->r) { + ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp unbind", ldc); + } ldap_unbind_s(ldc->ldap); ldc->ldap = NULL; } @@ -319,6 +324,8 @@ static int uldap_connection_init(request_rec *r, return(result->rc); } + ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, "LDC %pp init", ldc); + if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) { /* Now that we have an ldap struct, add it to the referral list for rebinds. */ rc = apr_ldap_rebind_add(ldc->rebind_pool, ldc->ldap, ldc->binddn, ldc->bindpw); @@ -516,6 +523,10 @@ static int uldap_simple_bind(util_ldap_connection_t *ldc, char *binddn, ldc->reason = "LDAP: ldap_simple_bind() parse result failed"; return uldap_ld_errno(ldc); } + else { + ldc->last_backend_conn = ldc->r->request_time; + ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp bind", ldc); + } return rc; } @@ -540,7 +551,7 @@ static int uldap_connection_open(request_rec *r, /* If the connection is already bound, return */ - if (ldc->bound) + if (ldc->bound && !ldc->must_rebind) { ldc->reason = "LDAP: connection open successful (already bound)"; return LDAP_SUCCESS; @@ -621,6 +632,7 @@ static int uldap_connection_open(request_rec *r, } else { ldc->bound = 1; + ldc->must_rebind = 0; ldc->reason = "LDAP: connection open successful"; } @@ -718,13 +730,17 @@ static util_ldap_connection_t * && !compare_client_certs(dc->client_certs, l->client_certs)) { if (st->connection_pool_ttl > 0) { - if (l->bound && (now - l->freed) > st->connection_pool_ttl) { + if (l->bound && (now - l->last_backend_conn) > st->connection_pool_ttl) { ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Removing LDAP connection last used %" APR_TIME_T_FMT " seconds ago", - (now - l->freed) / APR_USEC_PER_SEC); + (now - l->last_backend_conn) / APR_USEC_PER_SEC); + l->r = r; uldap_connection_unbind(l); /* Go ahead (by falling through) and use it, so we don't create more just to unbind some other old ones */ } + ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, + "Reuse %s LDC %pp", + l->bound ? "bound" : "unbound", l); } break; } @@ -751,12 +767,25 @@ static util_ldap_connection_t * (l->deref == deref) && (l->secure == secureflag) && !compare_client_certs(dc->client_certs, l->client_certs)) { - /* the bind credentials have changed */ - /* no check for connection_pool_ttl, since we are unbinding any way */ - uldap_connection_unbind(l); + if (st->connection_pool_ttl > 0) { + if (l->bound && (now - l->last_backend_conn) > st->connection_pool_ttl) { + ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, + "Removing LDAP connection last used %" APR_TIME_T_FMT " seconds ago", + (now - l->last_backend_conn) / APR_USEC_PER_SEC); + l->r = r; + uldap_connection_unbind(l); + /* Go ahead (by falling through) and use it, so we don't create more just to unbind some other old ones */ + } + ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, + "Reuse %s LDC %pp (will rebind)", + l->bound ? "bound" : "unbound", l); + } + /* the bind credentials have changed */ + l->must_rebind = 1; util_ldap_strdup((char**)&(l->binddn), binddn); util_ldap_strdup((char**)&(l->bindpw), bindpw); + break; } #if APR_HAS_THREADS @@ -846,6 +875,7 @@ static util_ldap_connection_t * #if APR_HAS_THREADS apr_thread_mutex_unlock(st->mutex); #endif + l->r = r; return l; } @@ -965,6 +995,7 @@ start_over: return result; } + ldc->last_backend_conn = r->request_time; entry = ldap_first_entry(ldc->ldap, res); searchdn = ldap_get_dn(ldc->ldap, entry); @@ -1116,6 +1147,7 @@ start_over: goto start_over; } + ldc->last_backend_conn = r->request_time; ldc->reason = "Comparison complete"; if ((LDAP_COMPARE_TRUE == result) || (LDAP_COMPARE_FALSE == result) || @@ -1241,6 +1273,7 @@ start_over: return res; } + ldc->last_backend_conn = r->request_time; entry = ldap_first_entry(ldc->ldap, sga_res); /* @@ -1723,6 +1756,7 @@ start_over: * We should have found exactly one entry; to find a different * number is an error. */ + ldc->last_backend_conn = r->request_time; count = ldap_count_entries(ldc->ldap, res); if (count != 1) { @@ -1788,10 +1822,10 @@ start_over: /* * We have just bound the connection to a different user and password * combination, which might be reused unintentionally next time this - * connection is used from the connection pool. To ensure no confusion, - * we mark the connection as unbound. + * connection is used from the connection pool. */ - ldc->bound = 0; + ldc->must_rebind = 0; + ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, "LDC %pp used for authn, must be rebound", ldc); } /* @@ -1983,6 +2017,7 @@ start_over: * We should have found exactly one entry; to find a different * number is an error. */ + ldc->last_backend_conn = r->request_time; count = ldap_count_entries(ldc->ldap, res); if (count != 1) { |