You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2018/05/08 12:31:02 UTC
svn commit: r1831165 - in /httpd/httpd/trunk: CHANGES
docs/log-message-tags/next-number modules/ldap/util_ldap.c
Author: covener
Date: Tue May 8 12:31:02 2018
New Revision: 1831165
URL: http://svn.apache.org/viewvc?rev=1831165&view=rev
Log:
mod_ldap: log and abort locking errors.
related to PR60296 investigation
RMM corruption is really nasty, so abort on locking failures.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/docs/log-message-tags/next-number
httpd/httpd/trunk/modules/ldap/util_ldap.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1831165&r1=1831164&r2=1831165&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue May 8 12:31:02 2018
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_ldap: Abort on LDAP locking errors. [Eric Covener]
+
*) mod_ssl: Support loading private keys from an OpenSSL engine using a
PKCS#11 URI. [Anderson Sasaki <ansasaki redhat.com>, Joe Orton]
Modified: httpd/httpd/trunk/docs/log-message-tags/next-number
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/log-message-tags/next-number?rev=1831165&r1=1831164&r2=1831165&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/log-message-tags/next-number (original)
+++ httpd/httpd/trunk/docs/log-message-tags/next-number Tue May 8 12:31:02 2018
@@ -1 +1 @@
-10134
+10136
Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap.c?rev=1831165&r1=1831164&r2=1831165&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Tue May 8 12:31:02 2018
@@ -75,15 +75,29 @@ module AP_MODULE_DECLARE_DATA ldap_modul
static const char *ldap_cache_mutex_type = "ldap-cache";
static apr_status_t uldap_connection_unbind(void *param);
-#define LDAP_CACHE_LOCK() do { \
- if (st->util_ldap_cache_lock) \
- apr_global_mutex_lock(st->util_ldap_cache_lock); \
-} while (0)
-
-#define LDAP_CACHE_UNLOCK() do { \
- if (st->util_ldap_cache_lock) \
- apr_global_mutex_unlock(st->util_ldap_cache_lock); \
-} while (0)
+
+static APR_INLINE apr_status_t ldap_cache_lock(util_ldap_state_t* st, request_rec *r) {
+ apr_status_t rv = APR_SUCCESS;
+ if (st->util_ldap_cache_lock) {
+ apr_status_t rv = apr_global_mutex_lock(st->util_ldap_cache_lock);
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, rv, r, APLOGNO(10134) "LDAP cache lock failed");
+ ap_assert(0);
+ }
+ }
+ return rv;
+}
+static APR_INLINE ldap_cache_unlock(util_ldap_state_t* st, request_rec *r) {
+ apr_status_t rv = APR_SUCCESS;
+ if (st->util_ldap_cache_lock) {
+ apr_status_t rv = apr_global_mutex_unlock(st->util_ldap_cache_lock);
+ if (rv != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_CRIT, rv, r, APLOGNO(10135) "LDAP cache lock failed");
+ ap_assert(0);
+ }
+ }
+ return rv;
+}
static void util_ldap_strdup (char **str, const char *newstr)
{
@@ -911,14 +925,14 @@ static int uldap_cache_comparedn(request
&ldap_module);
/* get cache entry (or create one) */
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
curnode.url = url;
curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode);
if (curl == NULL) {
curl = util_ald_create_caches(st, url);
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
/* a simple compare? */
if (!compare_dn_on_server) {
@@ -935,7 +949,7 @@ static int uldap_cache_comparedn(request
if (curl) {
/* no - it's a server side compare */
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
/* is it in the compare cache? */
newnode.reqdn = (char *)reqdn;
@@ -943,13 +957,13 @@ static int uldap_cache_comparedn(request
if (node != NULL) {
/* If it's in the cache, it's good */
/* unlock this read lock */
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
ldc->reason = "DN Comparison TRUE (cached)";
return LDAP_COMPARE_TRUE;
}
/* unlock this read lock */
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
}
start_over:
@@ -1011,7 +1025,7 @@ start_over:
else {
if (curl) {
/* compare successful - add to the compare cache */
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
newnode.reqdn = (char *)reqdn;
newnode.dn = (char *)dn;
@@ -1022,7 +1036,7 @@ start_over:
{
util_ald_cache_insert(curl->dn_compare_cache, &newnode);
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
}
ldc->reason = "DN Comparison TRUE (checked on server)";
result = LDAP_COMPARE_TRUE;
@@ -1057,17 +1071,17 @@ static int uldap_cache_compare(request_r
&ldap_module);
/* get cache entry (or create one) */
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
curnode.url = url;
curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode);
if (curl == NULL) {
curl = util_ald_create_caches(st, url);
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
if (curl) {
/* make a comparison to the cache */
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
curtime = apr_time_now();
the_compare_node.dn = (char *)dn;
@@ -1106,7 +1120,7 @@ static int uldap_cache_compare(request_r
/* record the result code to return with the reason... */
result = compare_nodep->result;
/* and unlock this read lock */
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r,
"ldap_compare_s(%pp, %s, %s, %s) = %s (cached)",
@@ -1115,7 +1129,7 @@ static int uldap_cache_compare(request_r
}
}
/* unlock this read lock */
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
}
start_over:
@@ -1163,7 +1177,7 @@ start_over:
(LDAP_NO_SUCH_ATTRIBUTE == result)) {
if (curl) {
/* compare completed; caching result */
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
the_compare_node.lastcompare = curtime;
the_compare_node.result = result;
the_compare_node.sgl_processed = 0;
@@ -1192,7 +1206,7 @@ start_over:
compare_nodep->lastcompare = curtime;
compare_nodep->result = result;
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
}
if (LDAP_COMPARE_TRUE == result) {
@@ -1457,14 +1471,14 @@ static int uldap_cache_check_subgroups(r
* 2. Find previously created cache entry and check if there is already a
* subgrouplist.
*/
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
curnode.url = url;
curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode);
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
if (curl && curl->compare_cache) {
/* make a comparison to the cache */
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
the_compare_node.dn = (char *)dn;
the_compare_node.attrib = (char *)"objectClass";
@@ -1506,7 +1520,7 @@ static int uldap_cache_check_subgroups(r
}
}
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
}
if (!tmp_local_sgl && !sgl_cached_empty) {
@@ -1525,7 +1539,7 @@ static int uldap_cache_check_subgroups(r
/*
* Find the generic group cache entry and add the sgl we just retrieved.
*/
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
the_compare_node.dn = (char *)dn;
the_compare_node.attrib = (char *)"objectClass";
@@ -1590,7 +1604,7 @@ static int uldap_cache_check_subgroups(r
}
}
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
}
}
@@ -1668,17 +1682,17 @@ static int uldap_cache_checkuserid(reque
&ldap_module);
/* Get the cache node for this url */
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
curnode.url = url;
curl = (util_url_node_t *)util_ald_cache_fetch(st->util_ldap_cache,
&curnode);
if (curl == NULL) {
curl = util_ald_create_caches(st, url);
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
if (curl) {
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
the_search_node.username = filter;
search_nodep = util_ald_cache_fetch(curl->search_cache,
&the_search_node);
@@ -1710,13 +1724,13 @@ static int uldap_cache_checkuserid(reque
(*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]);
}
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
ldc->reason = "Authentication successful (cached)";
return LDAP_SUCCESS;
}
}
/* unlock this read lock */
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
}
/*
@@ -1875,7 +1889,7 @@ start_over:
* Add the new username to the search cache.
*/
if (curl) {
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
the_search_node.username = filter;
the_search_node.dn = *binddn;
the_search_node.bindpw = bindpw;
@@ -1906,7 +1920,7 @@ start_over:
/* Cache entry is valid, update lastbind */
search_nodep->lastbind = the_search_node.lastbind;
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
}
ldap_msgfree(res);
@@ -1944,17 +1958,17 @@ static int uldap_cache_getuserdn(request
&ldap_module);
/* Get the cache node for this url */
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
curnode.url = url;
curl = (util_url_node_t *)util_ald_cache_fetch(st->util_ldap_cache,
&curnode);
if (curl == NULL) {
curl = util_ald_create_caches(st, url);
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
if (curl) {
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
the_search_node.username = filter;
search_nodep = util_ald_cache_fetch(curl->search_cache,
&the_search_node);
@@ -1980,13 +1994,13 @@ static int uldap_cache_getuserdn(request
(*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]);
}
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
ldc->reason = "Search successful (cached)";
return LDAP_SUCCESS;
}
}
/* unlock this read lock */
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
}
/*
@@ -2084,7 +2098,7 @@ start_over:
* Add the new username to the search cache.
*/
if (curl) {
- LDAP_CACHE_LOCK();
+ ldap_cache_lock(st, r);
the_search_node.username = filter;
the_search_node.dn = *binddn;
the_search_node.bindpw = NULL;
@@ -2113,7 +2127,7 @@ start_over:
/* Cache entry is valid, update lastbind */
search_nodep->lastbind = the_search_node.lastbind;
}
- LDAP_CACHE_UNLOCK();
+ ldap_cache_unlock(st, r);
}
ldap_msgfree(res);