From: Ondřej Kuzník <okuznik@symas.com>
Date: Thu, 22 Apr 2021 12:35:17 +0000 (+0100)
Subject: ITS#9600 Support closing connections on request
X-Git-Tag: OPENLDAP_REL_ENG_2_6_0~90
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e78ecead09433fce357670842d096c0f470527a4;p=thirdparty%2Fopenldap.git

ITS#9600 Support closing connections on request
---

diff --git a/doc/man/man8/lloadd.8 b/doc/man/man8/lloadd.8
index af112b8d39..3b48a8b4cb 100644
--- a/doc/man/man8/lloadd.8
+++ b/doc/man/man8/lloadd.8
@@ -263,6 +263,35 @@ client traffic does not propagate to the
 .B lloadd
 backend servers in any way.
 
+.SH CN=MONITOR INTERFACE
+As part of
+.BR lloadd 's
+.B cn=monitor
+interface it is possible to close a client connection it manages by writing to
+the corresponding entry,
+.B replacing
+the
+.B olmConnectionState
+attribute with the value
+.BR closing .
+This is subject to ACLs configured on the monitor database. The server will
+send a
+.B Notice of Disconnection
+to the client, refuse any new operations and once all pending operations have
+finished, close the connection.
+
+For example, to close connection number 42:
+
+.LP
+.nf
+.ft tt
+    dn: cn=connection 42,cn=incoming connections,cn=load balancer,cn=backends,cn=monitor
+    changetype: modify
+    replace: olmConnectionState
+    olmConnectionState: closing
+.ft
+.fi
+
 .SH EXAMPLES
 To start
 .I lloadd
diff --git a/servers/lloadd/monitor.c b/servers/lloadd/monitor.c
index a7304f1917..ac486f5aa1 100644
--- a/servers/lloadd/monitor.c
+++ b/servers/lloadd/monitor.c
@@ -531,6 +531,31 @@ done:
     return rc;
 }
 
+static int
+lload_monitor_conn_modify( Operation *op, SlapReply *rs, Entry *e, void *priv )
+{
+    Modifications *m;
+    LloadConnection *c = priv;
+
+    for ( m = op->orm_modlist; m; m = m->sml_next ) {
+        struct berval closing = BER_BVC("closing");
+        int gentle = 1;
+
+        if ( m->sml_flags & SLAP_MOD_INTERNAL ) continue;
+
+        if ( m->sml_desc != ad_olmConnectionState ||
+                m->sml_op != LDAP_MOD_REPLACE || m->sml_numvals != 1 ||
+                ber_bvcmp( &m->sml_nvalues[0], &closing ) ) {
+            return LDAP_OTHER;
+        }
+
+        if ( lload_connection_close( c, &gentle ) ) {
+            return LDAP_OTHER;
+        }
+    }
+    return SLAP_CB_CONTINUE;
+}
+
 /*
  * Monitor cache is locked, the connection cannot be unlinked and freed under us.
  * That also means we need to unlock and finish as soon as possible.
@@ -701,6 +726,7 @@ lload_monitor_conn_entry_create( LloadConnection *c, monitor_subsys_t *ms )
 
     cb = ch_calloc( sizeof(monitor_callback_t), 1 );
     cb->mc_update = lload_monitor_conn_update;
+    cb->mc_modify = lload_monitor_conn_modify;
     cb->mc_private = c;
 
     attr_merge_one( e, ad_olmConnectionType, &value, NULL );
diff --git a/tests/data/slapd-lload.conf b/tests/data/slapd-lload.conf
index 50543f8fe3..244556e3ca 100644
--- a/tests/data/slapd-lload.conf
+++ b/tests/data/slapd-lload.conf
@@ -38,4 +38,6 @@ database config
 include		@TESTDIR@/configpw.conf
 
 database	monitor
-access to * by * read
+access to *
+	by users write
+	by * read