www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

mod_ldap: log and abort locking errors.

Browse Source 
related to PR60296 investigation

RMM corruption is really nasty, so abort on locking failures.





git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831165 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Eric Covener
2018-05-08 12:31:02 +00:00
parent 873c8edd0f
commit 6e0a97c995
3 changed files with 59 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,6 +1,8 @@
-*- coding: utf-8 -*- -*- coding: utf-8 -*-
Changes with Apache 2.5.1 Changes with Apache 2.5.1
*) mod_ldap: Abort on LDAP locking errors. [Eric Covener]
*) mod_ssl: Support loading private keys from an OpenSSL engine using a *) mod_ssl: Support loading private keys from an OpenSSL engine using a
PKCS#11 URI. [Anderson Sasaki <ansasaki redhat.com>, Joe Orton] PKCS#11 URI. [Anderson Sasaki <ansasaki redhat.com>, Joe Orton]

2
docs/log-message-tags/next-number
View File

@@ -1 +1 @@
10134 10136

98
modules/ldap/util_ldap.c
View File

@@ -75,15 +75,29 @@ module AP_MODULE_DECLARE_DATA ldap_module;
static const char *ldap_cache_mutex_type = "ldap-cache"; static const char *ldap_cache_mutex_type = "ldap-cache";
static apr_status_t uldap_connection_unbind(void *param); static apr_status_t uldap_connection_unbind(void *param);
#define LDAP_CACHE_LOCK() do { \
if (st->util_ldap_cache_lock) \
apr_global_mutex_lock(st->util_ldap_cache_lock); \
} while (0)
#define LDAP_CACHE_UNLOCK() do { \ static APR_INLINE apr_status_t ldap_cache_lock(util_ldap_state_t* st, request_rec *r) {
if (st->util_ldap_cache_lock) \ apr_status_t rv = APR_SUCCESS;
apr_global_mutex_unlock(st->util_ldap_cache_lock); \ if (st->util_ldap_cache_lock) {
} while (0) apr_status_t rv = apr_global_mutex_lock(st->util_ldap_cache_lock);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_CRIT, rv, r, APLOGNO(10134) "LDAP cache lock failed");
ap_assert(0);
}
}
return rv;
}
static APR_INLINE ldap_cache_unlock(util_ldap_state_t* st, request_rec *r) {
apr_status_t rv = APR_SUCCESS;
if (st->util_ldap_cache_lock) {
apr_status_t rv = apr_global_mutex_unlock(st->util_ldap_cache_lock);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_CRIT, rv, r, APLOGNO(10135) "LDAP cache lock failed");
ap_assert(0);
}
}
return rv;
}
static void util_ldap_strdup (char **str, const char *newstr) static void util_ldap_strdup (char **str, const char *newstr)
{ {
@@ -911,14 +925,14 @@ static int uldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc,
&ldap_module); &ldap_module);
/* get cache entry (or create one) */ /* get cache entry (or create one) */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
curnode.url = url; curnode.url = url;
curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode); curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode);
if (curl == NULL) { if (curl == NULL) {
curl = util_ald_create_caches(st, url); curl = util_ald_create_caches(st, url);
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
/* a simple compare? */ /* a simple compare? */
if (!compare_dn_on_server) { if (!compare_dn_on_server) {
@@ -935,7 +949,7 @@ static int uldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc,
if (curl) { if (curl) {
/* no - it's a server side compare */ /* no - it's a server side compare */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
/* is it in the compare cache? */ /* is it in the compare cache? */
newnode.reqdn = (char *)reqdn; newnode.reqdn = (char *)reqdn;
@@ -943,13 +957,13 @@ static int uldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc,
if (node != NULL) { if (node != NULL) {
/* If it's in the cache, it's good */ /* If it's in the cache, it's good */
/* unlock this read lock */ /* unlock this read lock */
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
ldc->reason = "DN Comparison TRUE (cached)"; ldc->reason = "DN Comparison TRUE (cached)";
return LDAP_COMPARE_TRUE; return LDAP_COMPARE_TRUE;
} }
/* unlock this read lock */ /* unlock this read lock */
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
} }
start_over: start_over:
@@ -1011,7 +1025,7 @@ start_over:
else { else {
if (curl) { if (curl) {
/* compare successful - add to the compare cache */ /* compare successful - add to the compare cache */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
newnode.reqdn = (char *)reqdn; newnode.reqdn = (char *)reqdn;
newnode.dn = (char *)dn; newnode.dn = (char *)dn;
@@ -1022,7 +1036,7 @@ start_over:
{ {
util_ald_cache_insert(curl->dn_compare_cache, &newnode); util_ald_cache_insert(curl->dn_compare_cache, &newnode);
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
} }
ldc->reason = "DN Comparison TRUE (checked on server)"; ldc->reason = "DN Comparison TRUE (checked on server)";
result = LDAP_COMPARE_TRUE; result = LDAP_COMPARE_TRUE;
@@ -1057,17 +1071,17 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,
&ldap_module); &ldap_module);
/* get cache entry (or create one) */ /* get cache entry (or create one) */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
curnode.url = url; curnode.url = url;
curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode); curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode);
if (curl == NULL) { if (curl == NULL) {
curl = util_ald_create_caches(st, url); curl = util_ald_create_caches(st, url);
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
if (curl) { if (curl) {
/* make a comparison to the cache */ /* make a comparison to the cache */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
curtime = apr_time_now(); curtime = apr_time_now();
the_compare_node.dn = (char *)dn; the_compare_node.dn = (char *)dn;
@@ -1106,7 +1120,7 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,
/* record the result code to return with the reason... */ /* record the result code to return with the reason... */
result = compare_nodep->result; result = compare_nodep->result;
/* and unlock this read lock */ /* and unlock this read lock */
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r,
"ldap_compare_s(%pp, %s, %s, %s) = %s (cached)", "ldap_compare_s(%pp, %s, %s, %s) = %s (cached)",
@@ -1115,7 +1129,7 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,
} }
} }
/* unlock this read lock */ /* unlock this read lock */
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
} }
start_over: start_over:
@@ -1163,7 +1177,7 @@ start_over:
(LDAP_NO_SUCH_ATTRIBUTE == result)) { (LDAP_NO_SUCH_ATTRIBUTE == result)) {
if (curl) { if (curl) {
/* compare completed; caching result */ /* compare completed; caching result */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
the_compare_node.lastcompare = curtime; the_compare_node.lastcompare = curtime;
the_compare_node.result = result; the_compare_node.result = result;
the_compare_node.sgl_processed = 0; the_compare_node.sgl_processed = 0;
@@ -1192,7 +1206,7 @@ start_over:
compare_nodep->lastcompare = curtime; compare_nodep->lastcompare = curtime;
compare_nodep->result = result; compare_nodep->result = result;
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
} }
if (LDAP_COMPARE_TRUE == result) { if (LDAP_COMPARE_TRUE == result) {
@@ -1457,14 +1471,14 @@ static int uldap_cache_check_subgroups(request_rec *r,
* 2. Find previously created cache entry and check if there is already a * 2. Find previously created cache entry and check if there is already a
* subgrouplist. * subgrouplist.
*/ */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
curnode.url = url; curnode.url = url;
curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode); curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode);
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
if (curl && curl->compare_cache) { if (curl && curl->compare_cache) {
/* make a comparison to the cache */ /* make a comparison to the cache */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
the_compare_node.dn = (char *)dn; the_compare_node.dn = (char *)dn;
the_compare_node.attrib = (char *)"objectClass"; the_compare_node.attrib = (char *)"objectClass";
@@ -1506,7 +1520,7 @@ static int uldap_cache_check_subgroups(request_rec *r,
} }
} }
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
} }
if (!tmp_local_sgl && !sgl_cached_empty) { if (!tmp_local_sgl && !sgl_cached_empty) {
@@ -1525,7 +1539,7 @@ static int uldap_cache_check_subgroups(request_rec *r,
/* /*
* Find the generic group cache entry and add the sgl we just retrieved. * Find the generic group cache entry and add the sgl we just retrieved.
*/ */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
the_compare_node.dn = (char *)dn; the_compare_node.dn = (char *)dn;
the_compare_node.attrib = (char *)"objectClass"; the_compare_node.attrib = (char *)"objectClass";
@@ -1590,7 +1604,7 @@ static int uldap_cache_check_subgroups(request_rec *r,
} }
} }
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
} }
} }
@@ -1668,17 +1682,17 @@ static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,
&ldap_module); &ldap_module);
/* Get the cache node for this url */ /* Get the cache node for this url */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
curnode.url = url; curnode.url = url;
curl = (util_url_node_t *)util_ald_cache_fetch(st->util_ldap_cache, curl = (util_url_node_t *)util_ald_cache_fetch(st->util_ldap_cache,
&curnode); &curnode);
if (curl == NULL) { if (curl == NULL) {
curl = util_ald_create_caches(st, url); curl = util_ald_create_caches(st, url);
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
if (curl) { if (curl) {
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
the_search_node.username = filter; the_search_node.username = filter;
search_nodep = util_ald_cache_fetch(curl->search_cache, search_nodep = util_ald_cache_fetch(curl->search_cache,
&the_search_node); &the_search_node);
@@ -1710,13 +1724,13 @@ static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,
(*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]); (*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]);
} }
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
ldc->reason = "Authentication successful (cached)"; ldc->reason = "Authentication successful (cached)";
return LDAP_SUCCESS; return LDAP_SUCCESS;
} }
} }
/* unlock this read lock */ /* unlock this read lock */
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
} }
/* /*
@@ -1875,7 +1889,7 @@ start_over:
* Add the new username to the search cache. * Add the new username to the search cache.
*/ */
if (curl) { if (curl) {
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
the_search_node.username = filter; the_search_node.username = filter;
the_search_node.dn = *binddn; the_search_node.dn = *binddn;
the_search_node.bindpw = bindpw; the_search_node.bindpw = bindpw;
@@ -1906,7 +1920,7 @@ start_over:
/* Cache entry is valid, update lastbind */ /* Cache entry is valid, update lastbind */
search_nodep->lastbind = the_search_node.lastbind; search_nodep->lastbind = the_search_node.lastbind;
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
} }
ldap_msgfree(res); ldap_msgfree(res);
@@ -1944,17 +1958,17 @@ static int uldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc,
&ldap_module); &ldap_module);
/* Get the cache node for this url */ /* Get the cache node for this url */
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
curnode.url = url; curnode.url = url;
curl = (util_url_node_t *)util_ald_cache_fetch(st->util_ldap_cache, curl = (util_url_node_t *)util_ald_cache_fetch(st->util_ldap_cache,
&curnode); &curnode);
if (curl == NULL) { if (curl == NULL) {
curl = util_ald_create_caches(st, url); curl = util_ald_create_caches(st, url);
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
if (curl) { if (curl) {
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
the_search_node.username = filter; the_search_node.username = filter;
search_nodep = util_ald_cache_fetch(curl->search_cache, search_nodep = util_ald_cache_fetch(curl->search_cache,
&the_search_node); &the_search_node);
@@ -1980,13 +1994,13 @@ static int uldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc,
(*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]); (*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]);
} }
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
ldc->reason = "Search successful (cached)"; ldc->reason = "Search successful (cached)";
return LDAP_SUCCESS; return LDAP_SUCCESS;
} }
} }
/* unlock this read lock */ /* unlock this read lock */
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
} }
/* /*
@@ -2084,7 +2098,7 @@ start_over:
* Add the new username to the search cache. * Add the new username to the search cache.
*/ */
if (curl) { if (curl) {
LDAP_CACHE_LOCK(); ldap_cache_lock(st, r);
the_search_node.username = filter; the_search_node.username = filter;
the_search_node.dn = *binddn; the_search_node.dn = *binddn;
the_search_node.bindpw = NULL; the_search_node.bindpw = NULL;
@@ -2113,7 +2127,7 @@ start_over:
/* Cache entry is valid, update lastbind */ /* Cache entry is valid, update lastbind */
search_nodep->lastbind = the_search_node.lastbind; search_nodep->lastbind = the_search_node.lastbind;
} }
LDAP_CACHE_UNLOCK(); ldap_cache_unlock(st, r);
} }
ldap_msgfree(res); ldap_msgfree(res);