int ChaseReferrals; /* [on|off] (default = AP_LDAP_CHASEREFERRALS_ON)*/
int ReferralHopLimit; /* # of referral hops to follow (default = AP_LDAP_DEFAULT_HOPLIMIT) */
+ apr_time_t freed; /* the time this conn was placed back in the pool */
+ apr_pool_t *rebind_pool; /* frequently cleared pool for rebind data */
} util_ldap_connection_t;
typedef struct util_ldap_config_t {
struct timeval *opTimeout;
int debug_level; /* SDK debug level */
-
+ int connectionPoolTTL;
} util_ldap_state_t;
/* Used to store arrays of attribute labels/values. */
*/
APR_DECLARE_OPTIONAL_FN(apr_status_t,uldap_connection_unbind,(void *param));
-/**
- * Cleanup a connection to an LDAP server
- * @param ldc A structure containing the expanded details of the server
- * that was connected.
- * @tip This functions unbinds and closes the connection to the LDAP server
- * @fn apr_status_t util_ldap_connection_cleanup(util_ldap_connection_t *ldc)
- */
-APR_DECLARE_OPTIONAL_FN(apr_status_t,uldap_connection_cleanup,(void *param));
-
/**
* Find a connection in a list of connections
* @param r The request record
module AP_MODULE_DECLARE_DATA ldap_module;
static const char *ldap_cache_mutex_type = "ldap-cache";
+static apr_status_t uldap_connection_unbind(void *param);
#define LDAP_CACHE_LOCK() do { \
if (st->util_ldap_cache_lock) \
apr_global_mutex_unlock(st->util_ldap_cache_lock); \
} while (0)
-static apr_status_t util_ldap_connection_remove (void *param);
-
static void util_ldap_strdup (char **str, const char *newstr)
{
if (*str) {
static void uldap_connection_close(util_ldap_connection_t *ldc)
{
- /*
- * QUESTION:
- *
- * Is it safe leaving bound connections floating around between the
- * different modules? Keeping the user bound is a performance boost,
- * but it is also a potential security problem - maybe.
- *
- * For now we unbind the user when we finish with a connection, but
- * we don't have to...
- */
-
+ /* We leave bound LDAP connections floating around in our pool,
+ * but always check/fix the binddn/bindpw when we take them out
+ * of the pool
+ */
if (!ldc->keep) {
- util_ldap_connection_remove(ldc);
+ uldap_connection_unbind(ldc);
}
else {
/* mark our connection as available for reuse */
ldc->ldap = NULL;
}
ldc->bound = 0;
- }
- return APR_SUCCESS;
-}
-
-
-/*
- * Clean up an LDAP connection by unbinding and unlocking the connection.
- * This cleanup does not remove the util_ldap_connection_t from the
- * per-virtualhost list of connections, does not remove the storage
- * for the util_ldap_connection_t or its data, and is NOT run automatically.
- */
-static apr_status_t uldap_connection_cleanup(void *param)
-{
- util_ldap_connection_t *ldc = param;
-
- if (ldc) {
- /* Release the rebind info for this connection. No more referral rebinds required. */
+ /* forget the rebind info for this conn */
if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
apr_ldap_rebind_remove(ldc->ldap);
+ apr_pool_clear(ldc->rebind_pool);
}
-
- /* unbind and disconnect from the LDAP server */
- uldap_connection_unbind(ldc);
-
- /* free the username and password */
- if (ldc->bindpw) {
- free((void*)ldc->bindpw);
- ldc->bindpw = NULL;
- }
- if (ldc->binddn) {
- free((void*)ldc->binddn);
- ldc->binddn = NULL;
- }
- /* ldc->reason is allocated from r->pool */
- if (ldc->reason) {
- ldc->reason = NULL;
- }
- /* unlock this entry */
- uldap_connection_close(ldc);
-
}
return APR_SUCCESS;
}
+
/*
* util_ldap_connection_remove frees all storage associated with the LDAP
* connection and removes it completely from the per-virtualhost list of
prev = l;
}
- /* Some unfortunate duplication between this method
- * and uldap_connection_cleanup()
- */
if (ldc->bindpw) {
free((void*)ldc->bindpw);
}
if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
/* Now that we have an ldap struct, add it to the referral list for rebinds. */
- rc = apr_ldap_rebind_add(ldc->pool, ldc->ldap, ldc->binddn, ldc->bindpw);
+ rc = apr_ldap_rebind_add(ldc->rebind_pool, ldc->ldap, ldc->binddn, ldc->bindpw);
if (rc != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rc, r->server,
"LDAP: Unable to add rebind cross reference entry. Out of memory?");
!compare_client_certs(dc->client_certs, l->client_certs))
{
/* the bind credentials have changed */
- l->bound = 0;
+ uldap_connection_unbind(l);
+
+ /* forget the rebind info for this conn */
+ if (l->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
+ apr_ldap_rebind_remove(l->ldap);
+ }
+
util_ldap_strdup((char**)&(l->binddn), binddn);
util_ldap_strdup((char**)&(l->bindpw), bindpw);
break;
l->keep = 1;
+ if (l->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
+ if (apr_pool_create(&(l->rebind_pool), l->pool) != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
+ "util_ldap: Failed to create memory pool");
+#if APR_HAS_THREADS
+ apr_thread_mutex_unlock(st->mutex);
+#endif
+ return NULL;
+ }
+ }
+
if (p) {
p->next = l;
}
APR_REGISTER_OPTIONAL_FN(uldap_connection_open);
APR_REGISTER_OPTIONAL_FN(uldap_connection_close);
APR_REGISTER_OPTIONAL_FN(uldap_connection_unbind);
- APR_REGISTER_OPTIONAL_FN(uldap_connection_cleanup);
APR_REGISTER_OPTIONAL_FN(uldap_connection_find);
APR_REGISTER_OPTIONAL_FN(uldap_cache_comparedn);
APR_REGISTER_OPTIONAL_FN(uldap_cache_compare);
projects / apache / commitdiff