[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Clarification regarding global ldapoptions structure in ldap

To: sachidananda sahu <sachi059@gmail.com>
Subject: Re: Clarification regarding global ldapoptions structure in ldap
From: Howard Chu <hyc@symas.com>
Date: Wed, 7 Aug 2019 10:25:33 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <CAG2=8_qrUi4DZ88nCiRT4MvgPhM6XgUt2Tt_8ixdztdrkQ+M5w@mail.gmail.com>
References: <CAG2=8_rY6Fw4LkZOCx3obZ25nVL_TXrQkHfqM5RS3SJe=kgecQ@mail.gmail.com> <CAG2=8_pnb6cVKFNZXJxmienp05M5TuE+Cn0BOyv3iPjgqx02UQ@mail.gmail.com> <CAG2=8_oc7z+fi8UR2xCx7ES00xZTcHKuRv0rUh7SmdOKsDSw+g@mail.gmail.com> <4ad6aae8-6d72-77bf-d53b-62fafb9fbc68@symas.com> <CAG2=8_oBTmA8_Z-ZqAWwHFBoA33VYZhVmPQAqx+SpTKX_KWdKQ@mail.gmail.com> <d241590b-c6e2-2e50-134e-abf581b767f9@symas.com> <CAG2=8_oOt8XkK=N8SiXw5uwQ7x6t9L2pkwdX3cbX4goWkQaVMg@mail.gmail.com> <566952ad-20de-8462-ed55-b5810e2718bc@symas.com> <CAG2=8_qrUi4DZ88nCiRT4MvgPhM6XgUt2Tt_8ixdztdrkQ+M5w@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53

sachidananda sahu wrote:
> Hi Howard,
> 
> Some clarification with respect to this statement 
> "The context is per-process state, not per-thread state. No threads should be trying to destroy the context."
> 
> Consider in my process i have two threads, each want to connect to their respective LDAP server. As two LDAP server so two different certificate and two
> different tls context. In that case that process specific global variable will be overwritten, considering concurrent case (One thread is in  ldap_int_tls_start
> as part of allocation and further use and other thread in ldap_unbind_ext--->ldap_ld_free-->ldap_int_tls_destroy(&ld->ld_options );).

Irrelevant. If you're going to read the code, read it more carefully.
> 
> So the concern is two treads connecting to two LDAP server independently  (starting ldo_tls_ctx from same global variable or ldap_unbind_ext where they free the
> ldo_tls_ctx) . The same global variable getting used through two different LDAP server connection, two different ld context. So clarity needed with this
> concurrent scenario, 
> 
> 1. Here we are storing the local context ldo_tls_ctx with after extracting from global option structure ldo_tls_ctx. 
> 
> ldap_int_tls_connect( LDAP *ld, LDAPConn *conn, const char *host )
> {
>  ...
>         Sockbuf *sb = conn->lconn_sb;
>         int     err;
>         tls_session     *ssl = NULL;
> 
>         if ( HAS_TLS( sb )) {
>                 ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
>         } else {
>                 struct ldapoptions *lo;
>                 tls_ctx *ctx;
> 
>                *ctx = ld->ld_options.ldo_tls_ctx;*  -------------------------
>                ssl = alloc_handle( ctx, 0 );
> 
>                 if ( ssl == NULL ) return -1;
> 
> #ifdef LDAP_DEBUG
>                 ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
>                         LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
> #endif
>                 ber_sockbuf_add_io( sb, tls_imp->ti_sbio,
>                         LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
> 
>                 lo = LDAP_INT_GLOBAL_OPT();
>                 if( ctx == NULL ) {
>                         *ctx = lo->ldo_tls_ctx; -------------------- Storing the global context in to ld specific local context. *
>                         ld->ld_options.ldo_tls_ctx = ctx; 
>                         tls_ctx_ref( ctx );

You have ignored this line. ^^

>                 }
> ...
> }
> 
> 2. ldap_ld_free is deleting that ld specific context but inside that the context is same as global option structure ldo_tls_ctx.
> 
> int
> ldap_ld_free(
>         LDAP *ld,
>         int close,
>         LDAPControl **sctrls,
>         LDAPControl **cctrls )
> {
> ...
> #ifdef HAVE_TLS
>       *  ldap_int_tls_destroy( &ld->ld_options );  -----------------  Destroying the tls_ctx inside this function, though it is extracting from ld, but it
> carries the                                                                                                             address of global option ldo_tls_ctx as
> per point 1.*
> #endif
> .....
> }
> 
> 
> void
> *ldap_int_tls_destroy*( struct ldapoptions *lo )
> {
>         if ( lo->ldo_tls_ctx ) {
>                *ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
>                 lo->ldo_tls_ctx = NULL;*
>         }
> ...
> }

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Fwd: Clarification regarding global ldapoptions structure in ldap
  - From: sachidananda sahu <sachi059@gmail.com>
- Re: Clarification regarding global ldapoptions structure in ldap
  - From: sachidananda sahu <sachi059@gmail.com>
- Re: Clarification regarding global ldapoptions structure in ldap
  - From: Howard Chu <hyc@symas.com>
- Re: Clarification regarding global ldapoptions structure in ldap
  - From: sachidananda sahu <sachi059@gmail.com>
- Re: Clarification regarding global ldapoptions structure in ldap
  - From: Howard Chu <hyc@symas.com>
- Re: Clarification regarding global ldapoptions structure in ldap
  - From: sachidananda sahu <sachi059@gmail.com>
- Re: Clarification regarding global ldapoptions structure in ldap
  - From: Howard Chu <hyc@symas.com>
- Re: Clarification regarding global ldapoptions structure in ldap
  - From: sachidananda sahu <sachi059@gmail.com>

Prev by Date: Re: Clarification regarding global ldapoptions structure in ldap
Next by Date: Re: OpenLDAP 2.5 plans and community engagement
Index(es):
- Chronological
- Thread