mod_ldap: log and abort locking errors.

related to PR60296 investigation

RMM corruption is really nasty, so abort on locking failures.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831165 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index ebb68e8472ff4657f006dffb8eced9cdea8021c9..92a0625ca921b97f807ac42857842f8262a22a3a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_ldap: Abort on LDAP locking errors. [Eric Covener]
+
   *) mod_ssl: Support loading private keys from an OpenSSL engine using a
      PKCS#11 URI.  [Anderson Sasaki <ansasaki redhat.com>, Joe Orton]
 

diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number
index 5f25bb8e36e452a4acc1257c52cdb1473f61fd4a..4e271c9d62f51323e347acff1834a250752efed4 100644 (file)
--- a/docs/log-message-tags/next-number
+++ b/docs/log-message-tags/next-number
@@ -1 +1 @@
-10134
+10136

diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index 375e7ae464efc4e367d01f4a79270ff8b5c884c4..c896babb84ba3b2913cfdee41b9fc2daa3604ac5 100644 (file)
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -75,15 +75,29 @@ module AP_MODULE_DECLARE_DATA ldap_module;
 static const char *ldap_cache_mutex_type = "ldap-cache";
 static apr_status_t uldap_connection_unbind(void *param);
 
-#define LDAP_CACHE_LOCK() do {                                  \
-    if (st->util_ldap_cache_lock)                               \
-        apr_global_mutex_lock(st->util_ldap_cache_lock);        \
-} while (0)
 
-#define LDAP_CACHE_UNLOCK() do {                                \
-    if (st->util_ldap_cache_lock)                               \
-        apr_global_mutex_unlock(st->util_ldap_cache_lock);      \
-} while (0)
+static APR_INLINE apr_status_t ldap_cache_lock(util_ldap_state_t* st, request_rec *r) { 
+    apr_status_t rv = APR_SUCCESS;
+    if (st->util_ldap_cache_lock) { 
+        apr_status_t rv = apr_global_mutex_lock(st->util_ldap_cache_lock);
+        if (rv != APR_SUCCESS) { 
+            ap_log_rerror(APLOG_MARK, APLOG_CRIT, rv, r, APLOGNO(10134) "LDAP cache lock failed");
+            ap_assert(0);
+        }
+    }
+    return rv; 
+}
+static APR_INLINE ldap_cache_unlock(util_ldap_state_t* st, request_rec *r) { 
+    apr_status_t rv = APR_SUCCESS;
+    if (st->util_ldap_cache_lock) { 
+        apr_status_t rv = apr_global_mutex_unlock(st->util_ldap_cache_lock);
+        if (rv != APR_SUCCESS) { 
+            ap_log_rerror(APLOG_MARK, APLOG_CRIT, rv, r, APLOGNO(10135) "LDAP cache lock failed");
+            ap_assert(0);
+        }
+    }
+    return rv; 
+}
 
 static void util_ldap_strdup (char **str, const char *newstr)
 {
@@ -911,14 +925,14 @@ static int uldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc,
                                                  &ldap_module);
 
     /* get cache entry (or create one) */
-    LDAP_CACHE_LOCK();
+    ldap_cache_lock(st, r);
 
     curnode.url = url;
     curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode);
     if (curl == NULL) {
         curl = util_ald_create_caches(st, url);
     }
-    LDAP_CACHE_UNLOCK();
+    ldap_cache_unlock(st, r);
 
     /* a simple compare? */
     if (!compare_dn_on_server) {
@@ -935,7 +949,7 @@ static int uldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc,
 
     if (curl) {
         /* no - it's a server side compare */
-        LDAP_CACHE_LOCK();
+        ldap_cache_lock(st, r);
 
         /* is it in the compare cache? */
         newnode.reqdn = (char *)reqdn;
@@ -943,13 +957,13 @@ static int uldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc,
         if (node != NULL) {
             /* If it's in the cache, it's good */
             /* unlock this read lock */
-            LDAP_CACHE_UNLOCK();
+            ldap_cache_unlock(st, r);
             ldc->reason = "DN Comparison TRUE (cached)";
             return LDAP_COMPARE_TRUE;
         }
 
         /* unlock this read lock */
-        LDAP_CACHE_UNLOCK();
+        ldap_cache_unlock(st, r);
     }
 
 start_over:
@@ -1011,7 +1025,7 @@ start_over:
     else {
         if (curl) {
             /* compare successful - add to the compare cache */
-            LDAP_CACHE_LOCK();
+            ldap_cache_lock(st, r);
             newnode.reqdn = (char *)reqdn;
             newnode.dn = (char *)dn;
 
@@ -1022,7 +1036,7 @@ start_over:
             {
                 util_ald_cache_insert(curl->dn_compare_cache, &newnode);
             }
-            LDAP_CACHE_UNLOCK();
+            ldap_cache_unlock(st, r);
         }
         ldc->reason = "DN Comparison TRUE (checked on server)";
         result = LDAP_COMPARE_TRUE;
@@ -1057,17 +1071,17 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,
                                                  &ldap_module);
 
     /* get cache entry (or create one) */
-    LDAP_CACHE_LOCK();
+    ldap_cache_lock(st, r);
     curnode.url = url;
     curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode);
     if (curl == NULL) {
         curl = util_ald_create_caches(st, url);
     }
-    LDAP_CACHE_UNLOCK();
+    ldap_cache_unlock(st, r);
 
     if (curl) {
         /* make a comparison to the cache */
-        LDAP_CACHE_LOCK();
+        ldap_cache_lock(st, r);
         curtime = apr_time_now();
 
         the_compare_node.dn = (char *)dn;
@@ -1106,7 +1120,7 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,
                 /* record the result code to return with the reason... */
                 result = compare_nodep->result;
                 /* and unlock this read lock */
-                LDAP_CACHE_UNLOCK();
+                ldap_cache_unlock(st, r);
 
                 ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, 
                               "ldap_compare_s(%pp, %s, %s, %s) = %s (cached)", 
@@ -1115,7 +1129,7 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,
             }
         }
         /* unlock this read lock */
-        LDAP_CACHE_UNLOCK();
+        ldap_cache_unlock(st, r);
     }
 
 start_over:
@@ -1163,7 +1177,7 @@ start_over:
         (LDAP_NO_SUCH_ATTRIBUTE == result)) {
         if (curl) {
             /* compare completed; caching result */
-            LDAP_CACHE_LOCK();
+            ldap_cache_lock(st, r);
             the_compare_node.lastcompare = curtime;
             the_compare_node.result = result;
             the_compare_node.sgl_processed = 0;
@@ -1192,7 +1206,7 @@ start_over:
                 compare_nodep->lastcompare = curtime;
                 compare_nodep->result = result;
             }
-            LDAP_CACHE_UNLOCK();
+            ldap_cache_unlock(st, r);
         }
 
         if (LDAP_COMPARE_TRUE == result) {
@@ -1457,14 +1471,14 @@ static int uldap_cache_check_subgroups(request_rec *r,
      * 2. Find previously created cache entry and check if there is already a
      *    subgrouplist.
      */
-    LDAP_CACHE_LOCK();
+    ldap_cache_lock(st, r);
     curnode.url = url;
     curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode);
-    LDAP_CACHE_UNLOCK();
+    ldap_cache_unlock(st, r);
 
     if (curl && curl->compare_cache) {
         /* make a comparison to the cache */
-        LDAP_CACHE_LOCK();
+        ldap_cache_lock(st, r);
 
         the_compare_node.dn = (char *)dn;
         the_compare_node.attrib = (char *)"objectClass";
@@ -1506,7 +1520,7 @@ static int uldap_cache_check_subgroups(request_rec *r,
                 }
             }
         }
-        LDAP_CACHE_UNLOCK();
+        ldap_cache_unlock(st, r);
     }
 
     if (!tmp_local_sgl && !sgl_cached_empty) {
@@ -1525,7 +1539,7 @@ static int uldap_cache_check_subgroups(request_rec *r,
         /*
          * Find the generic group cache entry and add the sgl we just retrieved.
          */
-        LDAP_CACHE_LOCK();
+        ldap_cache_lock(st, r);
 
         the_compare_node.dn = (char *)dn;
         the_compare_node.attrib = (char *)"objectClass";
@@ -1590,7 +1604,7 @@ static int uldap_cache_check_subgroups(request_rec *r,
                 }
             }
         }
-        LDAP_CACHE_UNLOCK();
+        ldap_cache_unlock(st, r);
       }
     }
 
@@ -1668,17 +1682,17 @@ static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,
         &ldap_module);
 
     /* Get the cache node for this url */
-    LDAP_CACHE_LOCK();
+    ldap_cache_lock(st, r);
     curnode.url = url;
     curl = (util_url_node_t *)util_ald_cache_fetch(st->util_ldap_cache,
                                                    &curnode);
     if (curl == NULL) {
         curl = util_ald_create_caches(st, url);
     }
-    LDAP_CACHE_UNLOCK();
+    ldap_cache_unlock(st, r);
 
     if (curl) {
-        LDAP_CACHE_LOCK();
+        ldap_cache_lock(st, r);
         the_search_node.username = filter;
         search_nodep = util_ald_cache_fetch(curl->search_cache,
                                             &the_search_node);
@@ -1710,13 +1724,13 @@ static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,
                         (*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]);
                     }
                 }
-                LDAP_CACHE_UNLOCK();
+                ldap_cache_unlock(st, r);
                 ldc->reason = "Authentication successful (cached)";
                 return LDAP_SUCCESS;
             }
         }
         /* unlock this read lock */
-        LDAP_CACHE_UNLOCK();
+        ldap_cache_unlock(st, r);
     }
 
     /*
@@ -1875,7 +1889,7 @@ start_over:
      * Add the new username to the search cache.
      */
     if (curl) {
-        LDAP_CACHE_LOCK();
+        ldap_cache_lock(st, r);
         the_search_node.username = filter;
         the_search_node.dn = *binddn;
         the_search_node.bindpw = bindpw;
@@ -1906,7 +1920,7 @@ start_over:
             /* Cache entry is valid, update lastbind */
             search_nodep->lastbind = the_search_node.lastbind;
         }
-        LDAP_CACHE_UNLOCK();
+        ldap_cache_unlock(st, r);
     }
     ldap_msgfree(res);
 
@@ -1944,17 +1958,17 @@ static int uldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc,
         &ldap_module);
 
     /* Get the cache node for this url */
-    LDAP_CACHE_LOCK();
+    ldap_cache_lock(st, r);
     curnode.url = url;
     curl = (util_url_node_t *)util_ald_cache_fetch(st->util_ldap_cache,
                                                    &curnode);
     if (curl == NULL) {
         curl = util_ald_create_caches(st, url);
     }
-    LDAP_CACHE_UNLOCK();
+    ldap_cache_unlock(st, r);
 
     if (curl) {
-        LDAP_CACHE_LOCK();
+        ldap_cache_lock(st, r);
         the_search_node.username = filter;
         search_nodep = util_ald_cache_fetch(curl->search_cache,
                                             &the_search_node);
@@ -1980,13 +1994,13 @@ static int uldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc,
                         (*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]);
                     }
                 }
-                LDAP_CACHE_UNLOCK();
+                ldap_cache_unlock(st, r);
                 ldc->reason = "Search successful (cached)";
                 return LDAP_SUCCESS;
             }
         }
         /* unlock this read lock */
-        LDAP_CACHE_UNLOCK();
+        ldap_cache_unlock(st, r);
     }
 
     /*
@@ -2084,7 +2098,7 @@ start_over:
      * Add the new username to the search cache.
      */
     if (curl) {
-        LDAP_CACHE_LOCK();
+        ldap_cache_lock(st, r);
         the_search_node.username = filter;
         the_search_node.dn = *binddn;
         the_search_node.bindpw = NULL;
@@ -2113,7 +2127,7 @@ start_over:
             /* Cache entry is valid, update lastbind */
             search_nodep->lastbind = the_search_node.lastbind;
         }
-        LDAP_CACHE_UNLOCK();
+        ldap_cache_unlock(st, r);
     }
 
     ldap_msgfree(res);