This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
static void ldap_match_message(struct ldap_connection *conn, struct ldap_message *msg)
{
struct ldap_request *req;
+ int i;
for (req=conn->pending; req; req=req->next) {
if (req->messageid == msg->messageid) break;
return;
}
+ /* Check for undecoded critical extensions */
+ for (i=0; msg->controls && msg->controls[i]; i++) {
+ if (!msg->controls_decoded[i] &&
+ msg->controls[i]->critical) {
+ req->status = NT_STATUS_LDAP(LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
+ req->state = LDAP_REQUEST_DONE;
+ DLIST_REMOVE(conn->pending, req);
+ if (req->async.fn) {
+ req->async.fn(req);
+ }
+ return;
+ }
+ }
+
/* add to the list of replies received */
talloc_steal(req, msg);
req->replies = talloc_realloc(req, req->replies,
struct ldap_message *msg = talloc(conn, struct ldap_message);
struct asn1_data *asn1 = asn1_init(conn);
- if (msg == NULL) {
+ if (asn1 == NULL || msg == NULL) {
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
if (!asn1_load(asn1, blob)) {
+ talloc_free(msg);
+ talloc_free(asn1);
return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR);
}
parse a ldap URL
*/
static NTSTATUS ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
- char **host, uint16_t *port, BOOL *ldaps)
+ char **host, uint16_t *port, bool *ldaps)
{
int tmp_port = 0;
char protocol[11];
if (strequal(protocol, "ldap")) {
*port = 389;
- *ldaps = False;
+ *ldaps = false;
} else if (strequal(protocol, "ldaps")) {
*port = 636;
- *ldaps = True;
+ *ldaps = true;
} else {
DEBUG(0, ("unrecognised ldap protocol (%s)!\n", protocol));
return NT_STATUS_PROTOCOL_UNREACHABLE;
/* setup a handler for events on this socket */
conn->event.fde = event_add_fd(conn->event.event_ctx, conn->sock,
socket_get_fd(conn->sock),
- EVENT_FD_READ, ldap_io_handler, conn);
+ EVENT_FD_READ | EVENT_FD_AUTOCLOSE, ldap_io_handler, conn);
if (conn->event.fde == NULL) {
composite_error(ctx, NT_STATUS_INTERNAL_ERROR);
return;
}
+ socket_set_flags(conn->sock, SOCKET_FLAG_NOCLOSE);
+
talloc_steal(conn, conn->sock);
if (conn->ldaps) {
struct socket_context *tls_socket = tls_init_client(conn->sock, conn->event.fde);