Commit 5347d336 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

better handling of critical conditions

parent 2d9b6798
......@@ -371,12 +371,6 @@ retry:;
rc = ldap_result( msc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
switch ( rc ) {
case 0:
#if 0
Debug( LDAP_DEBUG_ANY,
"%s meta_back_bind_op_result[%d]: ldap_result=0 nretries=%d.\n",
op->o_log_prefix, candidate, nretries );
#endif
if ( nretries != META_RETRY_NEVER
|| ( timeout && slap_get_time() <= stoptime ) )
{
......@@ -564,7 +558,6 @@ meta_back_single_dobind(
metatarget_t *mt = mi->mi_targets[ candidate ];
metaconn_t *mc = *mcp;
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
int rc;
static struct berval cred = BER_BVC( "" );
int msgid;
......@@ -579,19 +572,18 @@ meta_back_single_dobind(
( mt->mt_idassert_flags & LDAP_BACK_AUTH_OVERRIDE ) ) )
{
(void)meta_back_proxy_authz_bind( mc, candidate, op, rs, sendok );
rc = rs->sr_err;
goto done;
}
/* FIXME: should we check if at least some of the op->o_ctrls
* can/should be passed? */
rs->sr_err = ldap_sasl_bind( msc->msc_ld, "", LDAP_SASL_SIMPLE, &cred,
} else {
/* FIXME: should we check if at least some of the op->o_ctrls
* can/should be passed? */
rs->sr_err = ldap_sasl_bind( msc->msc_ld,
"", LDAP_SASL_SIMPLE, &cred,
NULL, NULL, &msgid );
rc = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
rs->sr_err = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
}
done:;
rs->sr_err = rc;
if ( rc != LDAP_SUCCESS ) {
if ( rs->sr_err != LDAP_SUCCESS ) {
if ( dolock ) {
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
}
......@@ -604,17 +596,13 @@ done:;
if ( dolock ) {
ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
}
if ( META_BACK_ONERR_STOP( mi ) && ( sendok & LDAP_BACK_SENDERR ) ) {
send_ldap_result( op, rs );
}
}
if ( META_BACK_TGT_QUARANTINE( mt ) ) {
meta_back_quarantine( op, rs, candidate );
}
return rc;
return rs->sr_err;
}
/*
......
......@@ -643,7 +643,8 @@ meta_back_retry(
metaconn_t *mc = *mcp;
metasingleconn_t *msc = &mc->mc_conns[ candidate ];
int rc = LDAP_UNAVAILABLE,
binding;
binding,
quarantine = 1;
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
......@@ -686,6 +687,7 @@ meta_back_retry(
}
if ( rc == LDAP_SUCCESS ) {
quarantine = 0;
rc = meta_back_single_dobind( op, rs, mcp, candidate,
sendok, mt->mt_nretries, 0 );
......@@ -775,7 +777,7 @@ meta_back_retry(
}
}
if ( META_BACK_TGT_QUARANTINE( mt ) ) {
if ( quarantine && META_BACK_TGT_QUARANTINE( mt ) ) {
meta_back_quarantine( op, rs, candidate );
}
......@@ -1450,9 +1452,9 @@ retry_lock2:;
int lerr = meta_back_init_one_conn( op, rs, mc, i,
LDAP_BACK_CONN_ISPRIV( &mc_curr ),
LDAP_BACK_DONTSEND, !new_conn );
candidates[ i ].sr_err = lerr;
if ( lerr == LDAP_SUCCESS ) {
META_CANDIDATE_SET( &candidates[ i ] );
candidates[ i ].sr_err = LDAP_SUCCESS;
ncandidates++;
Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d]\n",
......@@ -1460,7 +1462,6 @@ retry_lock2:;
} else if ( lerr == LDAP_UNAVAILABLE && !META_BACK_ONERR_STOP( mi ) ) {
META_CANDIDATE_SET( &candidates[ i ] );
candidates[ i ].sr_err = LDAP_UNAVAILABLE;
Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d] %s\n",
op->o_log_prefix, i,
......@@ -1477,7 +1478,6 @@ retry_lock2:;
( void )meta_clear_one_candidate( op, mc, i );
}
/* leave the target candidate, but record the error for later use */
candidates[ i ].sr_err = lerr;
err = lerr;
if ( lerr == LDAP_UNAVAILABLE && mt->mt_isquarantined != LDAP_BACK_FQ_NO ) {
......
......@@ -52,6 +52,7 @@ meta_send_entry(
LDAPMessage *e );
typedef enum meta_search_candidate_t {
META_SEARCH_UNDEFINED = -2,
META_SEARCH_ERR = -1,
META_SEARCH_NOT_CANDIDATE,
META_SEARCH_CANDIDATE,
......@@ -272,18 +273,16 @@ other:;
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
meta_clear_one_candidate( op, mc, candidate );
candidates[ candidate ].sr_err = rc;
if ( META_BACK_ONERR_STOP( mi ) ) {
LDAP_BACK_CONN_TAINTED_SET( mc );
meta_back_release_conn_lock( op, mc, 0 );
*mcp = NULL;
rs->sr_err = rc;
retcode = META_SEARCH_ERR;
} else {
if ( META_BACK_ONERR_REPORT( mi ) ) {
candidates[ candidate ].sr_err = rc;
}
retcode = META_SEARCH_NOT_CANDIDATE;
}
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
......@@ -326,16 +325,14 @@ meta_search_dobind_result(
ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
LDAP_BACK_CONN_BINDING_CLEAR( msc );
if ( rc != LDAP_SUCCESS ) {
meta_clear_one_candidate( op, mc, candidate );
candidates[ candidate ].sr_err = rc;
if ( META_BACK_ONERR_STOP( mi ) ) {
LDAP_BACK_CONN_TAINTED_SET( mc );
meta_clear_one_candidate( op, mc, candidate );
meta_back_release_conn_lock( op, mc, 0 );
*mcp = NULL;
retcode = META_SEARCH_ERR;
rs->sr_err = rc;
} else if ( META_BACK_ONERR_REPORT( mi ) ) {
candidates[ candidate ].sr_err = rc;
}
} else {
......@@ -388,12 +385,10 @@ meta_back_search_start(
"%s: meta_back_search_start candidate=%d ld=NULL%s.\n",
op->o_log_prefix, candidate,
META_BACK_ONERR_STOP( mi ) ? "" : " (ignored)" );
candidates[ candidate ].sr_err = LDAP_OTHER;
if ( META_BACK_ONERR_STOP( mi ) ) {
return META_SEARCH_ERR;
}
if ( META_BACK_ONERR_REPORT( mi ) ) {
candidates[ candidate ].sr_err = LDAP_OTHER;
}
candidates[ candidate ].sr_msgid = META_MSGID_IGNORE;
return META_SEARCH_NOT_CANDIDATE;
}
......@@ -696,6 +691,10 @@ getconn:;
op->o_private = savepriv;
rc = -1;
goto finish;
default:
assert( 0 );
break;
}
}
......@@ -819,6 +818,7 @@ getconn:;
}
for ( i = 0; i < mi->mi_ntargets; i++ ) {
meta_search_candidate_t retcode = META_SEARCH_UNDEFINED;
metasingleconn_t *msc = &mc->mc_conns[ i ];
LDAPMessage *res = NULL, *msg;
......@@ -829,8 +829,6 @@ getconn:;
/* if target still needs bind, retry */
if ( candidates[ i ].sr_msgid == META_MSGID_NEED_BIND ) {
meta_search_candidate_t retcode;
/* initiate dobind */
retcode = meta_search_dobind_init( op, rs, &mc, i, candidates );
......@@ -846,6 +844,7 @@ getconn:;
break;
case META_SEARCH_ERR:
candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
......@@ -853,9 +852,6 @@ getconn:;
op->o_private = savepriv;
goto finish;
}
if ( META_BACK_ONERR_REPORT( mi ) ) {
candidates[ i ].sr_err = rs->sr_err;
}
/* fallthru */
case META_SEARCH_NOT_CANDIDATE:
......@@ -877,6 +873,7 @@ getconn:;
break;
case META_SEARCH_ERR:
candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
......@@ -884,9 +881,6 @@ getconn:;
op->o_private = savepriv;
goto finish;
}
if ( META_BACK_ONERR_REPORT( mi ) ) {
candidates[ i ].sr_err = rs->sr_err;
}
/* fallthru */
case META_SEARCH_NOT_CANDIDATE:
......@@ -961,15 +955,14 @@ really_bad:;
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
switch ( meta_back_search_start( op, rs, &dc, &mc, i, candidates ) )
{
case META_SEARCH_CANDIDATE:
/* get back into business... */
continue;
/* means that failed but onerr == continue */
case META_SEARCH_NOT_CANDIDATE:
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
assert( ncandidates > 0 );
--ncandidates;
candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
......@@ -977,13 +970,15 @@ really_bad:;
op->o_private = savepriv;
goto finish;
}
if ( META_BACK_ONERR_REPORT( mi ) ) {
candidates[ i ].sr_err = rs->sr_err;
}
break;
/* fall thru */
case META_SEARCH_CANDIDATE:
/* get back into business... */
continue;
case META_SEARCH_BINDING:
case META_SEARCH_NEED_BIND:
case META_SEARCH_UNDEFINED:
assert( 0 );
default:
......@@ -994,6 +989,7 @@ really_bad:;
}
}
candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
......@@ -1001,9 +997,6 @@ really_bad:;
op->o_private = savepriv;
goto finish;
}
if ( META_BACK_ONERR_REPORT( mi ) ) {
candidates[ i ].sr_err = rs->sr_err;
}
}
/*
......@@ -1270,6 +1263,7 @@ really_bad:;
* the target enforced a limit lower
* than what requested by the proxy;
* ignore it */
candidates[ i ].sr_err = rs->sr_err;
if ( rs->sr_nentries == op->ors_slimit
|| META_BACK_ONERR_STOP( mi ) )
{
......@@ -1281,12 +1275,10 @@ really_bad:;
res = NULL;
goto finish;
}
if ( META_BACK_ONERR_REPORT( mi ) ) {
candidates[ i ].sr_err = rs->sr_err;
}
break;
default:
candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
......@@ -1296,9 +1288,6 @@ really_bad:;
res = NULL;
goto finish;
}
if ( META_BACK_ONERR_REPORT( mi ) ) {
candidates[ i ].sr_err = rs->sr_err;
}
break;
}
......@@ -1310,6 +1299,7 @@ really_bad:;
* the outer cycle finishes
*/
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
assert( ncandidates > 0 );
--ncandidates;
} else if ( rc == LDAP_RES_BIND ) {
......@@ -1329,8 +1319,10 @@ really_bad:;
case META_SEARCH_NOT_CANDIDATE:
case META_SEARCH_ERR:
candidates[ i ].sr_msgid = META_MSGID_IGNORE;
assert( ncandidates > 0 );
--ncandidates;
candidates[ i ].sr_err = rs->sr_err;
if ( META_BACK_ONERR_STOP( mi ) ) {
savepriv = op->o_private;
op->o_private = (void *)i;
......@@ -1340,10 +1332,7 @@ really_bad:;
res = NULL;
goto finish;
}
if ( META_BACK_ONERR_REPORT( mi ) ) {
candidates[ i ].sr_err = rs->sr_err;
}
break;
goto free_message;
default:
assert( 0 );
......@@ -1358,6 +1347,7 @@ really_bad:;
}
}
free_message:;
ldap_msgfree( res );
res = NULL;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment