Blame SOURCES/httpd-2.4.6-r1610396.patch

008793
Index: modules/ldap/util_ldap.c
008793
===================================================================
008793
--- a/modules/ldap/util_ldap.c	(revision 1610395)
008793
+++ b/modules/ldap/util_ldap.c	(revision 1610396)
008793
@@ -157,10 +157,12 @@
008793
       */
008793
      if (!ldc->keep) {
008793
          uldap_connection_unbind(ldc);
008793
+         ldc->r = NULL;
008793
      }
008793
      else {
008793
          /* mark our connection as available for reuse */
008793
          ldc->freed = apr_time_now();
008793
+         ldc->r = NULL;
008793
 #if APR_HAS_THREADS
008793
          apr_thread_mutex_unlock(ldc->lock);
008793
 #endif
008793
@@ -179,6 +181,9 @@
008793
 
008793
     if (ldc) {
008793
         if (ldc->ldap) {
008793
+            if (ldc->r) { 
008793
+                ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp unbind", ldc); 
008793
+            }
008793
             ldap_unbind_s(ldc->ldap);
008793
             ldc->ldap = NULL;
008793
         }
008793
@@ -319,6 +324,8 @@
008793
         return(result->rc);
008793
     }
008793
 
008793
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, "LDC %pp init", ldc);
008793
+
008793
     if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
008793
         /* Now that we have an ldap struct, add it to the referral list for rebinds. */
008793
         rc = apr_ldap_rebind_add(ldc->rebind_pool, ldc->ldap, ldc->binddn, ldc->bindpw);
008793
@@ -516,6 +523,10 @@
008793
         ldc->reason = "LDAP: ldap_simple_bind() parse result failed";
008793
         return uldap_ld_errno(ldc);
008793
     }
008793
+    else { 
008793
+        ldc->last_backend_conn = ldc->r->request_time;
008793
+        ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp bind", ldc);
008793
+    }
008793
     return rc;
008793
 }
008793
 
008793
@@ -540,7 +551,7 @@
008793
 
008793
     /* If the connection is already bound, return
008793
     */
008793
-    if (ldc->bound)
008793
+    if (ldc->bound && !ldc->must_rebind)
008793
     {
008793
         ldc->reason = "LDAP: connection open successful (already bound)";
008793
         return LDAP_SUCCESS;
008793
@@ -621,6 +632,7 @@
008793
     }
008793
     else {
008793
         ldc->bound = 1;
008793
+        ldc->must_rebind = 0;
008793
         ldc->reason = "LDAP: connection open successful";
008793
     }
008793
 
008793
@@ -718,13 +730,17 @@
008793
             && !compare_client_certs(dc->client_certs, l->client_certs))
008793
         {
008793
             if (st->connection_pool_ttl > 0) {
008793
-                if (l->bound && (now - l->freed) > st->connection_pool_ttl) {
008793
+                if (l->bound && (now - l->last_backend_conn) > st->connection_pool_ttl) {
008793
                     ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
008793
                                   "Removing LDAP connection last used %" APR_TIME_T_FMT " seconds ago",
008793
-                                  (now - l->freed) / APR_USEC_PER_SEC);
008793
+                                  (now - l->last_backend_conn) / APR_USEC_PER_SEC);
008793
+                    l->r = r;
008793
                     uldap_connection_unbind(l);
008793
                     /* Go ahead (by falling through) and use it, so we don't create more just to unbind some other old ones */
008793
                 }
008793
+                ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, 
008793
+                              "Reuse %s LDC %pp", 
008793
+                              l->bound ? "bound" : "unbound", l);
008793
             }
008793
             break;
008793
         }
008793
@@ -751,12 +767,25 @@
008793
                 (l->deref == deref) && (l->secure == secureflag) &&
008793
                 !compare_client_certs(dc->client_certs, l->client_certs))
008793
             {
008793
+                if (st->connection_pool_ttl > 0) {
008793
+                    if (l->bound && (now - l->last_backend_conn) > st->connection_pool_ttl) {
008793
+                        ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
008793
+                                "Removing LDAP connection last used %" APR_TIME_T_FMT " seconds ago",
008793
+                                (now - l->last_backend_conn) / APR_USEC_PER_SEC);
008793
+                        l->r = r;
008793
+                        uldap_connection_unbind(l);
008793
+                        /* Go ahead (by falling through) and use it, so we don't create more just to unbind some other old ones */
008793
+                    }
008793
+                    ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, 
008793
+                                  "Reuse %s LDC %pp (will rebind)", 
008793
+                                   l->bound ? "bound" : "unbound", l);
008793
+                }
008793
+
008793
                 /* the bind credentials have changed */
008793
-                /* no check for connection_pool_ttl, since we are unbinding any way */
008793
-                uldap_connection_unbind(l);
008793
-
008793
+                l->must_rebind = 1;
008793
                 util_ldap_strdup((char**)&(l->binddn), binddn);
008793
                 util_ldap_strdup((char**)&(l->bindpw), bindpw);
008793
+
008793
                 break;
008793
             }
008793
 #if APR_HAS_THREADS
008793
@@ -846,6 +875,7 @@
008793
 #if APR_HAS_THREADS
008793
     apr_thread_mutex_unlock(st->mutex);
008793
 #endif
008793
+    l->r = r;
008793
     return l;
008793
 }
008793
 
008793
@@ -965,6 +995,7 @@
008793
         return result;
008793
     }
008793
 
008793
+    ldc->last_backend_conn = r->request_time;
008793
     entry = ldap_first_entry(ldc->ldap, res);
008793
     searchdn = ldap_get_dn(ldc->ldap, entry);
008793
 
008793
@@ -1116,6 +1147,7 @@
008793
         goto start_over;
008793
     }
008793
 
008793
+    ldc->last_backend_conn = r->request_time;
008793
     ldc->reason = "Comparison complete";
008793
     if ((LDAP_COMPARE_TRUE == result) ||
008793
         (LDAP_COMPARE_FALSE == result) ||
008793
@@ -1241,6 +1273,7 @@
008793
         return res;
008793
     }
008793
 
008793
+    ldc->last_backend_conn = r->request_time;
008793
     entry = ldap_first_entry(ldc->ldap, sga_res);
008793
 
008793
     /*
008793
@@ -1723,6 +1756,7 @@
008793
      * We should have found exactly one entry; to find a different
008793
      * number is an error.
008793
      */
008793
+    ldc->last_backend_conn = r->request_time;
008793
     count = ldap_count_entries(ldc->ldap, res);
008793
     if (count != 1)
008793
     {
008793
@@ -1788,10 +1822,10 @@
008793
         /*
008793
          * We have just bound the connection to a different user and password
008793
          * combination, which might be reused unintentionally next time this
008793
-         * connection is used from the connection pool. To ensure no confusion,
008793
-         * we mark the connection as unbound.
008793
+         * connection is used from the connection pool.
008793
          */
008793
-        ldc->bound = 0;
008793
+        ldc->must_rebind = 0;
008793
+        ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, "LDC %pp used for authn, must be rebound", ldc);
008793
     }
008793
 
008793
     /*
008793
@@ -1983,6 +2017,7 @@
008793
      * We should have found exactly one entry; to find a different
008793
      * number is an error.
008793
      */
008793
+    ldc->last_backend_conn = r->request_time;
008793
     count = ldap_count_entries(ldc->ldap, res);
008793
     if (count != 1)
008793
     {
008793
Index: include/util_ldap.h
008793
===================================================================
008793
--- a/include/util_ldap.h	(revision 1610395)
008793
+++ b/include/util_ldap.h	(revision 1610396)
008793
@@ -133,6 +133,9 @@
008793
     int ReferralHopLimit;               /* # of referral hops to follow (default = AP_LDAP_DEFAULT_HOPLIMIT) */
008793
     apr_time_t freed;                   /* the time this conn was placed back in the pool */
008793
     apr_pool_t *rebind_pool;            /* frequently cleared pool for rebind data */
008793
+    int must_rebind;                    /* The connection was last bound with other then binddn/bindpw */
008793
+    request_rec *r;                     /* request_rec used to find this util_ldap_connection_t */
008793
+    apr_time_t last_backend_conn;       /* the approximate time of the last backend LDAP requst */
008793
 } util_ldap_connection_t;
008793
 
008793
 typedef struct util_ldap_config_t {