#define SMBLDAP_IDLE_TIME 150 /* After 2.5 minutes disconnect */
+struct smbldap_state {
+ LDAP *ldap_struct;
+ pid_t pid;
+ time_t last_ping; /* monotonic */
+ /* retrieve-once info */
+ const char *uri;
+
+ /* credentials */
+ bool anonymous;
+ char *bind_dn;
+ char *bind_secret;
+ smbldap_bind_callback_fn bind_callback;
+ void *bind_callback_data;
+
+ bool paged_results;
+
+ unsigned int num_failures;
+
+ time_t last_use; /* monotonic */
+ struct tevent_context *tevent_context;
+ struct tevent_timer *idle_event;
+
+ struct timeval last_rebind; /* monotonic */
+};
+
LDAP *smbldap_get_ldap(struct smbldap_state *state)
{
return state->ldap_struct;
}
+bool smbldap_get_paged_results(struct smbldap_state *state)
+{
+ return state->paged_results;
+}
+
+void smbldap_set_paged_results(struct smbldap_state *state,
+ bool paged_results)
+{
+ state->paged_results = paged_results;
+}
+void smbldap_set_bind_callback(struct smbldap_state *state,
+ smbldap_bind_callback_fn callback,
+ void *callback_data)
+{
+ state->bind_callback = callback;
+ state->bind_callback_data = callback_data;
+}
/*******************************************************************
Search an attribute and return the first value found.
******************************************************************/
struct dom_sid *sid)
{
DATA_BLOB blob;
- bool ret;
+ ssize_t ret;
if (!smbldap_talloc_single_blob(talloc_tos(), ld, msg, attrib,
&blob)) {
}
ret = sid_parse(blob.data, blob.length, sid);
TALLOC_FREE(blob.data);
- return ret;
+ return (ret != -1);
}
static int ldapmsg_destructor(LDAPMessage **result) {
}
/********************************************************************
- start TLS on an existing LDAP connection
+ start TLS on an existing LDAP connection per config
*******************************************************************/
int smbldap_start_tls(LDAP *ldap_struct, int version)
-{
-#ifdef LDAP_OPT_X_TLS
- int rc;
-#endif
-
+{
if (lp_ldap_ssl() != LDAP_SSL_START_TLS) {
return LDAP_SUCCESS;
}
+ return smbldap_start_tls_start(ldap_struct, version);
+}
+
+/********************************************************************
+ start TLS on an existing LDAP connection unconditionally
+*******************************************************************/
+
+int smbldap_start_tls_start(LDAP *ldap_struct, int version)
+{
#ifdef LDAP_OPT_X_TLS
+ int rc,tls;
+
+ /* check if we use ldaps already */
+ ldap_get_option(ldap_struct, LDAP_OPT_X_TLS, &tls);
+ if (tls == LDAP_OPT_X_TLS_HARD) {
+ return LDAP_SUCCESS;
+ }
+
if (version != LDAP_VERSION3) {
DEBUG(0, ("Need LDAPv3 for Start TLS\n"));
return LDAP_OPERATIONS_ERROR;
const char *filter, const char **search_attr,
LDAPMessage ** result)
{
- return smbldap_search(ldap_state, lp_ldap_suffix(talloc_tos()),
+ return smbldap_search(ldap_state, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE,
filter, search_attr, 0, result);
}
SAFE_FREE((*ldap_state)->bind_dn);
SAFE_FREE((*ldap_state)->bind_secret);
- (*ldap_state)->bind_callback = NULL;
- (*ldap_state)->bind_callback_data = NULL;
+ smbldap_set_bind_callback(*ldap_state, NULL, NULL);
TALLOC_FREE(*ldap_state);
/* free any previously set credential */
SAFE_FREE(ldap_state->bind_dn);
- ldap_state->bind_callback = NULL;
- ldap_state->bind_callback_data = NULL;
+ smbldap_set_bind_callback(ldap_state, NULL, NULL);
if (ldap_state->bind_secret) {
/* make sure secrets are zeroed out of memory */