From: Eric Covener Date: Tue, 8 May 2018 12:31:02 +0000 (+0000) Subject: mod_ldap: log and abort locking errors. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6e0a97c995cd78e7f9b36cdf63fac4a84b803669;p=apache mod_ldap: log and abort locking errors. related to PR60296 investigation RMM corruption is really nasty, so abort on locking failures. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831165 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index ebb68e8472..92a0625ca9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_ldap: Abort on LDAP locking errors. [Eric Covener] + *) mod_ssl: Support loading private keys from an OpenSSL engine using a PKCS#11 URI. [Anderson Sasaki , Joe Orton] diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number index 5f25bb8e36..4e271c9d62 100644 --- a/docs/log-message-tags/next-number +++ b/docs/log-message-tags/next-number @@ -1 +1 @@ -10134 +10136 diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c index 375e7ae464..c896babb84 100644 --- a/modules/ldap/util_ldap.c +++ b/modules/ldap/util_ldap.c @@ -75,15 +75,29 @@ module AP_MODULE_DECLARE_DATA ldap_module; static const char *ldap_cache_mutex_type = "ldap-cache"; static apr_status_t uldap_connection_unbind(void *param); -#define LDAP_CACHE_LOCK() do { \ - if (st->util_ldap_cache_lock) \ - apr_global_mutex_lock(st->util_ldap_cache_lock); \ -} while (0) -#define LDAP_CACHE_UNLOCK() do { \ - if (st->util_ldap_cache_lock) \ - apr_global_mutex_unlock(st->util_ldap_cache_lock); \ -} while (0) +static APR_INLINE apr_status_t ldap_cache_lock(util_ldap_state_t* st, request_rec *r) { + apr_status_t rv = APR_SUCCESS; + if (st->util_ldap_cache_lock) { + apr_status_t rv = apr_global_mutex_lock(st->util_ldap_cache_lock); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_CRIT, rv, r, APLOGNO(10134) "LDAP cache lock failed"); + ap_assert(0); + } + } + return rv; +} +static APR_INLINE ldap_cache_unlock(util_ldap_state_t* st, request_rec *r) { + apr_status_t rv = APR_SUCCESS; + if (st->util_ldap_cache_lock) { + apr_status_t rv = apr_global_mutex_unlock(st->util_ldap_cache_lock); + if (rv != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_CRIT, rv, r, APLOGNO(10135) "LDAP cache lock failed"); + ap_assert(0); + } + } + return rv; +} static void util_ldap_strdup (char **str, const char *newstr) { @@ -911,14 +925,14 @@ static int uldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc, &ldap_module); /* get cache entry (or create one) */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); curnode.url = url; curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode); if (curl == NULL) { curl = util_ald_create_caches(st, url); } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); /* a simple compare? */ if (!compare_dn_on_server) { @@ -935,7 +949,7 @@ static int uldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc, if (curl) { /* no - it's a server side compare */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); /* is it in the compare cache? */ newnode.reqdn = (char *)reqdn; @@ -943,13 +957,13 @@ static int uldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc, if (node != NULL) { /* If it's in the cache, it's good */ /* unlock this read lock */ - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); ldc->reason = "DN Comparison TRUE (cached)"; return LDAP_COMPARE_TRUE; } /* unlock this read lock */ - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); } start_over: @@ -1011,7 +1025,7 @@ start_over: else { if (curl) { /* compare successful - add to the compare cache */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); newnode.reqdn = (char *)reqdn; newnode.dn = (char *)dn; @@ -1022,7 +1036,7 @@ start_over: { util_ald_cache_insert(curl->dn_compare_cache, &newnode); } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); } ldc->reason = "DN Comparison TRUE (checked on server)"; result = LDAP_COMPARE_TRUE; @@ -1057,17 +1071,17 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc, &ldap_module); /* get cache entry (or create one) */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); curnode.url = url; curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode); if (curl == NULL) { curl = util_ald_create_caches(st, url); } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); if (curl) { /* make a comparison to the cache */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); curtime = apr_time_now(); the_compare_node.dn = (char *)dn; @@ -1106,7 +1120,7 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc, /* record the result code to return with the reason... */ result = compare_nodep->result; /* and unlock this read lock */ - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, "ldap_compare_s(%pp, %s, %s, %s) = %s (cached)", @@ -1115,7 +1129,7 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc, } } /* unlock this read lock */ - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); } start_over: @@ -1163,7 +1177,7 @@ start_over: (LDAP_NO_SUCH_ATTRIBUTE == result)) { if (curl) { /* compare completed; caching result */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); the_compare_node.lastcompare = curtime; the_compare_node.result = result; the_compare_node.sgl_processed = 0; @@ -1192,7 +1206,7 @@ start_over: compare_nodep->lastcompare = curtime; compare_nodep->result = result; } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); } if (LDAP_COMPARE_TRUE == result) { @@ -1457,14 +1471,14 @@ static int uldap_cache_check_subgroups(request_rec *r, * 2. Find previously created cache entry and check if there is already a * subgrouplist. */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); curnode.url = url; curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode); - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); if (curl && curl->compare_cache) { /* make a comparison to the cache */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); the_compare_node.dn = (char *)dn; the_compare_node.attrib = (char *)"objectClass"; @@ -1506,7 +1520,7 @@ static int uldap_cache_check_subgroups(request_rec *r, } } } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); } if (!tmp_local_sgl && !sgl_cached_empty) { @@ -1525,7 +1539,7 @@ static int uldap_cache_check_subgroups(request_rec *r, /* * Find the generic group cache entry and add the sgl we just retrieved. */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); the_compare_node.dn = (char *)dn; the_compare_node.attrib = (char *)"objectClass"; @@ -1590,7 +1604,7 @@ static int uldap_cache_check_subgroups(request_rec *r, } } } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); } } @@ -1668,17 +1682,17 @@ static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc, &ldap_module); /* Get the cache node for this url */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); curnode.url = url; curl = (util_url_node_t *)util_ald_cache_fetch(st->util_ldap_cache, &curnode); if (curl == NULL) { curl = util_ald_create_caches(st, url); } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); if (curl) { - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); the_search_node.username = filter; search_nodep = util_ald_cache_fetch(curl->search_cache, &the_search_node); @@ -1710,13 +1724,13 @@ static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc, (*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]); } } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); ldc->reason = "Authentication successful (cached)"; return LDAP_SUCCESS; } } /* unlock this read lock */ - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); } /* @@ -1875,7 +1889,7 @@ start_over: * Add the new username to the search cache. */ if (curl) { - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); the_search_node.username = filter; the_search_node.dn = *binddn; the_search_node.bindpw = bindpw; @@ -1906,7 +1920,7 @@ start_over: /* Cache entry is valid, update lastbind */ search_nodep->lastbind = the_search_node.lastbind; } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); } ldap_msgfree(res); @@ -1944,17 +1958,17 @@ static int uldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc, &ldap_module); /* Get the cache node for this url */ - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); curnode.url = url; curl = (util_url_node_t *)util_ald_cache_fetch(st->util_ldap_cache, &curnode); if (curl == NULL) { curl = util_ald_create_caches(st, url); } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); if (curl) { - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); the_search_node.username = filter; search_nodep = util_ald_cache_fetch(curl->search_cache, &the_search_node); @@ -1980,13 +1994,13 @@ static int uldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc, (*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]); } } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); ldc->reason = "Search successful (cached)"; return LDAP_SUCCESS; } } /* unlock this read lock */ - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); } /* @@ -2084,7 +2098,7 @@ start_over: * Add the new username to the search cache. */ if (curl) { - LDAP_CACHE_LOCK(); + ldap_cache_lock(st, r); the_search_node.username = filter; the_search_node.dn = *binddn; the_search_node.bindpw = NULL; @@ -2113,7 +2127,7 @@ start_over: /* Cache entry is valid, update lastbind */ search_nodep->lastbind = the_search_node.lastbind; } - LDAP_CACHE_UNLOCK(); + ldap_cache_unlock(st, r); } ldap_msgfree(res);