From 0c17d8289c98e67728ed058659adf0aa7154d8e7 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 31 Jul 2013 19:19:34 -0400
Subject: [PATCH 222/225] Ticket 47426 - move compute_idletimeout out of
 handle_pr_read_ready

Description:  Instead of calculating the idletimeout everytime new data is received,
              set the anonymous reslimit idletimeout and handle in the connection struct when the
              connection first comes in.  Then update idletimeout after each bind.

              I removed compute_idletimeout() because bind_credentials_set_nolock()
              basically does the same thing, so it was just extended to update
              the idletimeout.

https://fedorahosted.org/389/ticket/47426

Reviewed by: richm(Thanks!)
(cherry picked from commit ed83a783887b0f9c54781bac64c7b26f0402640a)
(cherry picked from commit d4f9c40d6d7f36b31e81c2326036a65229fe470f)
(cherry picked from commit ed408d89c0bf6d5ebbe7c4ab44f47bdafd6f0765)
---
 ldap/servers/slapd/connection.c | 21 +++++++++++++++++++++
 ldap/servers/slapd/daemon.c     | 25 +++++++++++++++----------
 ldap/servers/slapd/pblock.c     | 12 ++++++++++++
 ldap/servers/slapd/slap.h       |  4 +++-
 4 files changed, 51 insertions(+), 11 deletions(-)

diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index 914a2d3..7aea493 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -2210,6 +2210,27 @@ connection_threadmain()
 					   in connection_activity when the conn is added to the
 					   work queue, setup_pr_read_pds won't add the connection prfd
 					   to the poll list */
+					if(pb->pb_conn && pb->pb_conn->c_opscompleted == 0){
+						/*
+						 * We have a new connection, set the anonymous reslimit idletimeout
+						 * if applicable.
+						 */
+						char *anon_dn = config_get_anon_limits_dn();
+						int idletimeout;
+						/* If an anonymous limits dn is set, use it to set the limits. */
+						if (anon_dn && (strlen(anon_dn) > 0)) {
+							Slapi_DN *anon_sdn = slapi_sdn_new_normdn_byref( anon_dn );
+							reslimit_update_from_dn( pb->pb_conn, anon_sdn );
+							slapi_sdn_free( &anon_sdn );
+							if (slapi_reslimit_get_integer_limit(pb->pb_conn, pb->pb_conn->c_idletimeout_handle,
+									&idletimeout)
+								== SLAPI_RESLIMIT_STATUS_SUCCESS)
+							{
+								pb->pb_conn->c_idletimeout = idletimeout;
+							}
+						}
+						slapi_ch_free_string( &anon_dn );
+					}
 					if (connection_call_io_layer_callbacks(pb->pb_conn)) {
 						LDAPDebug0Args( LDAP_DEBUG_ANY, "Error: could not add/remove IO layers from connection\n" );
 					}
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index 18c0988..ebd3e0f 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -1779,7 +1779,6 @@ daemon_register_reslimits( void )
 			&idletimeout_reslimit_handle ));
 }
 
-
 /*
  * Compute the idle timeout for the connection.
  *
@@ -1871,9 +1870,8 @@ handle_read_ready(Connection_Table *ct, fd_set *readfds)
 
 					/* idle timeout */
 				}
-				else if (( idletimeout = compute_idletimeout(
-						slapdFrontendConfig, c )) > 0 &&
-						(curtime - c->c_idlesince) >= idletimeout &&
+				else if (( c->c_idletimeout > 0 &&
+						(curtime - c->c_idlesince) >= c->c_idletimeout &&
 						NULL == c->c_ops )
 				{
 					disconnect_server_nomutex( c, c->c_connid, -1,
@@ -1895,6 +1893,7 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
 	time_t curtime = current_time();
 	slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
 	int idletimeout;
+	int maxthreads = config_get_maxthreadsperconn();
 #if defined( XP_WIN32 )
 	int i;
 #endif
@@ -1957,10 +1956,9 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
 				/* This is where the work happens ! */
 				connection_activity( c );
 			}
-			else if (( idletimeout = compute_idletimeout( slapdFrontendConfig,
-					c )) > 0 &&
+			else if (( c->c_ideltimeout > 0 &&
 					c->c_prfd == ct->fd[i].fd &&
-					(curtime - c->c_idlesince) >= idletimeout &&
+					(curtime - c->c_idlesince) >= c->c_ideltimeout &&
 					NULL == c->c_ops )
 			{
 				/* idle timeout */
@@ -2031,9 +2029,8 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
 									   SLAPD_DISCONNECT_POLL, EPIPE );
 					}
 				}
-				else if (( idletimeout = compute_idletimeout(
-						slapdFrontendConfig, c )) > 0 &&
-						(curtime - c->c_idlesince) >= idletimeout &&
+				else if (c->c_idletimeout > 0 &&
+						(curtime - c->c_idlesince) >= c->c_idletimeout &&
 						NULL == c->c_ops )
 				{
 					/* idle timeout */
@@ -2601,6 +2598,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
 	/*	struct sockaddr_in	from;*/
 	PRNetAddr from;
 	PRFileDesc *pr_clonefd = NULL;
+	slapdFrontendConfig_t *fecfg = getFrontendConfig();
 
 	memset(&from, 0, sizeof(from)); /* reset to nulls so we can see what was set */
 	if ( (ns = accept_and_configure( tcps, pr_acceptfd, &from,
@@ -2617,6 +2615,13 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
 	}
 	PR_Lock( conn->c_mutex );
 
+	/*
+	 * Set the default idletimeout and the handle.  We'll update c_idletimeout
+	 * after each bind so we can correctly set the resource limit.
+	 */
+	conn->c_idletimeout = fecfg->idletimeout;
+	conn->c_idletimeout_handle = idletimeout_reslimit_handle;
+
 #if defined( XP_WIN32 )
 	if( !secure )
 		ber_sockbuf_set_option(conn->c_sb,LBER_SOCKBUF_OPT_DESC,&ns);
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 1d1db1e..9b59e7b 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -3641,6 +3641,9 @@ void
 bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,
                 char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry )
 {
+	slapdFrontendConfig_t *fecfg = getFrontendConfig();
+	int idletimeout = 0;
+
 	/* clear credentials */
 	bind_credentials_clear( conn, PR_FALSE /* conn is already locked */,
 		( extauthtype != NULL ) /* clear external creds. if requested */ );
@@ -3684,8 +3687,17 @@ bind_credentials_set_nolock( Connection *conn, char *authtype, char *normdn,
 
 			slapi_ch_free_string( &anon_dn );
 		}
+		if (slapi_reslimit_get_integer_limit(conn, conn->c_idletimeout_handle,
+											 &idletimeout)
+				!= SLAPI_RESLIMIT_STATUS_SUCCESS)
+		{
+			conn->c_idletimeout = fecfg->idletimeout;
+		} else {
+			conn->c_idletimeout = idletimeout;
+		}
 	} else {
 		/* For root dn clear about the resource limits */
 		reslimit_update_from_entry( conn, NULL );
+		conn->c_idletimeout = 0;
 	}
 }
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 047c945..ca30d2a 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -1406,7 +1406,7 @@ typedef struct conn {
 	char		*c_authtype;	/* auth method used to bind c_dn  */
 	char		*c_external_dn;	/* client DN of this SSL session  */
 	char		*c_external_authtype; /* used for c_external_dn   */
-        PRNetAddr	*cin_addr;	/* address of client on this conn */
+	PRNetAddr	*cin_addr;	/* address of client on this conn */
 	PRNetAddr	*cin_destaddr;	/* address client connected to    */
 	struct berval	**c_domain;	/* DNS names of client            */
 	Operation		*c_ops;		/* list of pending operations	  */
@@ -1421,6 +1421,8 @@ typedef struct conn {
 	PRLock			*c_mutex;	/* protect each conn structure    */
 	PRLock			*c_pdumutex;	/* only write one pdu at a time   */
 	time_t			c_idlesince;	/* last time of activity on conn  */
+	int			c_idletimeout;	/* local copy of idletimeout */
+	int			c_idletimeout_handle;	/* the resource limits handle */
 	Conn_private	*c_private;	/* data which is not shared outside*/
 								/* connection.c 		  */
 	int				c_flags;	/* Misc flags used only for SSL   */
-- 
1.8.1.4