ldap/servers/slapd/log.c | 2 -
ldap/servers/slapd/modify.c | 1
ldap/servers/slapd/passwd_extop.c | 1
ldap/servers/slapd/pblock.c | 7 ++--
ldap/servers/slapd/pw.c | 47 ++++++++--------------------
ldap/servers/slapd/pw_mgmt.c | 6 ---
ldap/servers/slapd/pw_retry.c | 3 -
ldap/servers/slapd/result.c | 1
ldap/servers/slapd/slap.h | 63 +++++++++++++++++++-------------------
9 files changed, 51 insertions(+), 80 deletions(-)
New commits:
commit 8639c035050484bd5a8f31bb70874d593cd1585e
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Mon Oct 22 16:17:42 2012 -0400
Ticket 147 - Internal Password Policy usage very inefficient
Bug Description: When updating a userpassword, the passwordPolicy struct is allocated
& freed 5 to 7 times.
Fix Description: Store the passwordPolicy struct in the pblock, and when we try and
create a new policy struct,
return the one in the pblock.
https://fedorahosted.org/389/ticket/147
Reviewed by: richm(Thanks!)
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index e622485..ecfdb19 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -2581,7 +2581,7 @@ log__delete_rotated_logs()
log_convert_time (logp->l_ctime, tbuf, 1);
PR_snprintf (buffer, sizeof(buffer), "%s.%s", loginfo.log_access_file,
tbuf);
- LDAPDebug(LDAP_DEBUG_ANY,"Deleted Rotated Log: %s\n",buffer,0,0); /* MARK
*/
+ LDAPDebug(LDAP_DEBUG_ANY,"Deleted Rotated Log: %s\n",buffer,0,0);
if (PR_Delete(buffer) != PR_SUCCESS) {
logp = logp->l_next;
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index da742da..424badb 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -1256,7 +1256,6 @@ static int op_shared_allow_pw_change (Slapi_PBlock *pb, LDAPMod
*mod, char **old
done:
slapi_entry_free( e );
slapi_sdn_done (&sdn);
- delete_passwdPolicy(&pwpolicy);
slapi_ch_free_string(&proxydn);
slapi_ch_free_string(&proxystr);
return rc;
diff --git a/ldap/servers/slapd/passwd_extop.c b/ldap/servers/slapd/passwd_extop.c
index 3c050d6..b103a14 100644
--- a/ldap/servers/slapd/passwd_extop.c
+++ b/ldap/servers/slapd/passwd_extop.c
@@ -869,7 +869,6 @@ free_and_return:
slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, NULL );
slapi_ch_free_string(&authmethod);
- delete_passwdPolicy(&pwpolicy);
slapi_entry_free(referrals);
if ( targetEntry != NULL ){
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 9895d49..d7a726d 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -111,10 +111,11 @@ pblock_done( Slapi_PBlock *pb )
{
if(pb->pb_op!=NULL)
{
- operation_free(&pb->pb_op,pb->pb_conn);
+ operation_free(&pb->pb_op,pb->pb_conn);
}
- slapi_ch_free((void**)&(pb->pb_vattr_context));
- slapi_ch_free((void**)&(pb->pb_result_text));
+ delete_passwdPolicy(&pb->pwdpolicy);
+ slapi_ch_free((void**)&(pb->pb_vattr_context));
+ slapi_ch_free((void**)&(pb->pb_result_text));
}
void
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 04ad2ce..9135a52 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -200,7 +200,6 @@ char* slapi_encode_ext (Slapi_PBlock *pb, const Slapi_DN *sdn, char
*value, char
{
pwpolicy = new_passwdPolicy(pb, (char*)slapi_sdn_get_ndn(sdn) );
pws_enc = pwpolicy->pw_storagescheme->pws_enc;
- delete_passwdPolicy(&pwpolicy);
if (pws_enc == NULL)
{
@@ -357,8 +356,6 @@ pw_encodevals_ext( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value
**vals )
if (pwpolicy->pw_storagescheme) {
pws_enc = pwpolicy->pw_storagescheme->pws_enc;
}
-
- delete_passwdPolicy(&pwpolicy);
}
/* Password scheme encryption function was not found */
@@ -678,7 +675,6 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw) {
slapi_ch_free((void**)&prev_exp_date_str);
pw_apply_mods(sdn, &smods);
slapi_mods_done(&smods);
- delete_passwdPolicy(&pwpolicy);
return 0;
}
@@ -695,12 +691,9 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw) {
} else {
pw_apply_mods(sdn, &smods);
slapi_mods_done(&smods);
- delete_passwdPolicy(&pwpolicy);
return 0;
}
- delete_passwdPolicy(&pwpolicy);
-
timestr = format_genTime ( pw_exp_date );
slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "passwordExpirationTime",
timestr);
slapi_ch_free((void **)×tr);
@@ -735,7 +728,6 @@ check_pw_minage ( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval
**vals)
/* retrieve the entry */
e = get_entry ( pb, dn );
if ( e == NULL ) {
- delete_passwdPolicy(&pwpolicy);
return ( -1 );
}
/* get passwordAllowChangeTime attribute */
@@ -763,14 +755,12 @@ check_pw_minage ( Slapi_PBlock *pb, const Slapi_DN *sdn, struct
berval **vals)
"within password minimum age", 0, NULL );
slapi_entry_free( e );
slapi_ch_free((void **) &cur_time_str );
- delete_passwdPolicy(&pwpolicy);
return ( 1 );
}
slapi_ch_free((void **) &cur_time_str );
}
slapi_entry_free( e );
}
- delete_passwdPolicy(&pwpolicy);
return ( 0 );
}
@@ -847,12 +837,10 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn,
Slapi_Value **vals,
LDAP_PWPOLICY_INVALIDPWDSYNTAX );
}
pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, errormsg, 0, NULL );
- delete_passwdPolicy(&pwpolicy);
return( 1 );
} else {
/* We want to skip syntax checking since this is a pre-hashed
* password from replication or the root DN. */
- delete_passwdPolicy(&pwpolicy);
return( 0 );
}
}
@@ -869,7 +857,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn,
Slapi_Value **vals,
LDAP_PWPOLICY_PWDTOOSHORT );
}
pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, errormsg, 0, NULL );
- delete_passwdPolicy(&pwpolicy);
return ( 1 );
}
@@ -984,7 +971,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn,
Slapi_Value **vals,
LDAP_PWPOLICY_INVALIDPWDSYNTAX );
}
pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, errormsg, 0, NULL );
- delete_passwdPolicy(&pwpolicy);
return ( 1 );
}
}
@@ -995,7 +981,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn,
Slapi_Value **vals,
/* retrieve the entry */
e = get_entry ( pb, dn );
if ( e == NULL ) {
- delete_passwdPolicy(&pwpolicy);
return ( -1 );
}
@@ -1015,7 +1000,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn,
Slapi_Value **vals,
LDAP_CONSTRAINT_VIOLATION, NULL,
"password in history", 0, NULL );
slapi_entry_free( e );
- delete_passwdPolicy(&pwpolicy);
return ( 1 );
}
}
@@ -1033,7 +1017,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn,
Slapi_Value **vals,
LDAP_CONSTRAINT_VIOLATION ,NULL,
"password in history", 0, NULL);
slapi_entry_free( e );
- delete_passwdPolicy(&pwpolicy);
return ( 1 );
}
} else
@@ -1044,7 +1027,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn,
Slapi_Value **vals,
LDAP_CONSTRAINT_VIOLATION ,NULL,
"password in history", 0, NULL);
slapi_entry_free( e );
- delete_passwdPolicy(&pwpolicy);
return ( 1 );
}
}
@@ -1073,13 +1055,10 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn,
Slapi_Value **vals,
slapi_entry_free( e );
}
- delete_passwdPolicy(&pwpolicy);
return 1;
}
}
- delete_passwdPolicy(&pwpolicy);
-
if ( mod_op ) {
/* free e only when called by modify operation */
slapi_entry_free( e );
@@ -1110,7 +1089,6 @@ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char
*old_pw )
/* retrieve the entry */
e = get_entry ( pb, dn );
if ( e == NULL ) {
- delete_passwdPolicy(&pwpolicy);
return ( 1 );
}
@@ -1176,7 +1154,6 @@ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char
*old_pw )
slapi_ch_free((void **) &str );
slapi_ch_free((void **) &history_str );
slapi_entry_free( e );
- delete_passwdPolicy(&pwpolicy);
return 0;
}
@@ -1415,8 +1392,6 @@ add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e
)
slapi_entry_attr_merge( e, "passwordallowchangetime", bvals );
slapi_ch_free((void **) &bv.bv_val );
}
-
- delete_passwdPolicy(&pwpolicy);
}
static int
@@ -1551,6 +1526,11 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
slapdFrontendConfig_t *slapdFrontendConfig;
int optype = -1;
+ /* If we already allocated a pw policy, return it */
+ if(pb && pb->pwdpolicy){
+ return pb->pwdpolicy;
+ }
+
slapdFrontendConfig = getFrontendConfig();
pwdpolicy = (passwdPolicy *)slapi_ch_calloc(1, sizeof(passwdPolicy));
@@ -1838,6 +1818,9 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
if (pw_entry) {
slapi_entry_free(pw_entry);
}
+ if(pb){
+ pb->pwdpolicy = pwdpolicy;
+ }
return pwdpolicy;
} else if ( e ) {
slapi_entry_free( e );
@@ -1845,15 +1828,18 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
}
done:
- /* If we are here, that means we need to load the passwdPolicy
+ /*
+ * If we are here, that means we need to load the passwdPolicy
* structure from slapdFrontendconfig
*/
-
*pwdpolicy = slapdFrontendConfig->pw_policy;
pwdscheme = (struct pw_scheme *)slapi_ch_calloc(1, sizeof(struct pw_scheme));
*pwdscheme = *slapdFrontendConfig->pw_storagescheme;
pwdscheme->pws_name = strdup( slapdFrontendConfig->pw_storagescheme->pws_name
);
pwdpolicy->pw_storagescheme = pwdscheme;
+ if(pb){
+ pb->pwdpolicy = pwdpolicy;
+ }
return pwdpolicy;
@@ -2194,14 +2180,9 @@ slapi_check_account_lock ( Slapi_PBlock *pb, Slapi_Entry *
bind_target_entry, in
notlocked:
/* account is not locked. */
- if(check_password_policy)
- delete_passwdPolicy(&pwpolicy);
- return ( 0 );
+ return (0);
locked:
- if(check_password_policy)
- delete_passwdPolicy(&pwpolicy);
return (1);
-
}
/* The idea here is that these functions could allow us to have password
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index c0055fc..05ecae1 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -107,7 +107,6 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int
pwresponse_req )
pw_apply_mods(sdn, &smods);
}
slapi_mods_done(&smods);
- delete_passwdPolicy(&pwpolicy);
return ( 0 );
}
@@ -152,7 +151,6 @@ skip:
}
pw_apply_mods(sdn, &smods);
slapi_mods_done(&smods);
- delete_passwdPolicy(&pwpolicy);
return ( 0 );
}
@@ -191,7 +189,6 @@ skip:
if (pb->pb_conn->c_needpw == 1) {
slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);
}
- delete_passwdPolicy(&pwpolicy);
return ( 0 );
}
@@ -218,7 +215,6 @@ skip:
/* Apply current modifications */
pw_apply_mods(sdn, &smods);
slapi_mods_done(&smods);
- delete_passwdPolicy(&pwpolicy);
return (-1);
}
slapi_ch_free((void **) &cur_time_str );
@@ -279,7 +275,6 @@ skip:
if (pb->pb_conn->c_needpw == 1) {
slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);
}
- delete_passwdPolicy(&pwpolicy);
return (2);
}
@@ -289,7 +284,6 @@ skip:
if (pb->pb_conn->c_needpw == 1) {
slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);
}
- delete_passwdPolicy(&pwpolicy);
/* passes checking, return 0 */
return( 0 );
}
diff --git a/ldap/servers/slapd/pw_retry.c b/ldap/servers/slapd/pw_retry.c
index 68a6bd9..0082d0f 100644
--- a/ldap/servers/slapd/pw_retry.c
+++ b/ldap/servers/slapd/pw_retry.c
@@ -136,7 +136,6 @@ int set_retry_cnt_and_time ( Slapi_PBlock *pb, int count, time_t
cur_time ) {
slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
dn = slapi_sdn_get_dn(sdn);
pwpolicy = new_passwdPolicy(pb, dn);
-
slapi_mods_init(&smods, 0);
reset_time = time_plus_sec ( cur_time,
@@ -150,7 +149,6 @@ int set_retry_cnt_and_time ( Slapi_PBlock *pb, int count, time_t
cur_time ) {
pw_apply_mods(sdn, &smods);
slapi_mods_done(&smods);
- delete_passwdPolicy(&pwpolicy);
return rc;
}
@@ -190,7 +188,6 @@ int set_retry_cnt_mods(Slapi_PBlock *pb, Slapi_Mods *smods, int
count)
rc = LDAP_CONSTRAINT_VIOLATION;
}
}
- delete_passwdPolicy(&pwpolicy);
return rc;
}
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
index 09d6b90..e124d0b 100644
--- a/ldap/servers/slapd/result.c
+++ b/ldap/servers/slapd/result.c
@@ -555,7 +555,6 @@ log_and_return:
log_result( pb, operation, err, tag, nentries );
}
- delete_passwdPolicy (&pwpolicy);
LDAPDebug( LDAP_DEBUG_TRACE, "<= send_ldap_result\n", 0, 0, 0 );
}
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 33607cb..5ac1819 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -1514,6 +1514,37 @@ struct slapi_task {
} slapi_task;
/* End of interface to support online tasks **********************************/
+typedef struct passwordpolicyarray {
+ int pw_change; /* 1 - indicates that users are allowed to change the pwd */
+ int pw_must_change; /* 1 - indicates that users must change pwd upon reset */
+ int pw_syntax;
+ int pw_minlength;
+ int pw_mindigits;
+ int pw_minalphas;
+ int pw_minuppers;
+ int pw_minlowers;
+ int pw_minspecials;
+ int pw_min8bit;
+ int pw_maxrepeats;
+ int pw_mincategories;
+ int pw_mintokenlength;
+ int pw_exp;
+ long pw_maxage;
+ long pw_minage;
+ long pw_warning;
+ int pw_history;
+ int pw_inhistory;
+ int pw_lockout;
+ int pw_maxfailure;
+ int pw_unlock;
+ long pw_lockduration;
+ long pw_resetfailurecount;
+ int pw_gracelimit;
+ int pw_is_legacy;
+ int pw_track_update_time;
+ struct pw_scheme *pw_storagescheme;
+} passwdPolicy;
+
typedef struct slapi_pblock {
/* common */
Slapi_Backend *pb_backend;
@@ -1666,6 +1697,7 @@ typedef struct slapi_pblock {
int pb_syntax_filter_normalized; /* the syntax filter types/values are already
normalized */
void *pb_syntax_filter_data; /* extra data to pass to a syntax plugin function */
int pb_paged_results_index; /* stash SLAPI_PAGED_RESULTS_INDEX */
+ passwdPolicy *pwdpolicy;
} slapi_pblock;
/* index if substrlens */
@@ -2033,37 +2065,6 @@ typedef struct _slapdEntryPoints {
#define MAX_ALLOWED_TIME_IN_SECS 2147483647
-typedef struct passwordpolicyarray {
- int pw_change; /* 1 - indicates that users are allowed to change the pwd */
- int pw_must_change; /* 1 - indicates that users must change pwd upon reset */
- int pw_syntax;
- int pw_minlength;
- int pw_mindigits;
- int pw_minalphas;
- int pw_minuppers;
- int pw_minlowers;
- int pw_minspecials;
- int pw_min8bit;
- int pw_maxrepeats;
- int pw_mincategories;
- int pw_mintokenlength;
- int pw_exp;
- long pw_maxage;
- long pw_minage;
- long pw_warning;
- int pw_history;
- int pw_inhistory;
- int pw_lockout;
- int pw_maxfailure;
- int pw_unlock;
- long pw_lockduration;
- long pw_resetfailurecount;
- int pw_gracelimit;
- int pw_is_legacy;
- int pw_track_update_time;
- struct pw_scheme *pw_storagescheme;
-} passwdPolicy;
-
typedef struct _slapdFrontendConfig {
Slapi_RWLock *cfg_rwlock; /* read/write lock to serialize access */
struct pw_scheme *rootpwstoragescheme;