ldap_server: Terminate LDAP connections on krb ticket expiry

[bbaumbach/samba-autobuild/.git] / source4 / ldap_server / ldap_backend.c

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index bf724335a250d9b55d8bde85b2858a1a5fa8c4fc..2839082daefd4042fcbc04ac7ca2247a20894cf5 100644 (file)
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -1384,11 +1384,48 @@ static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
        return NT_STATUS_OK;
 }
 
+static NTSTATUS ldapsrv_expired(struct ldapsrv_call *call)
+{
+       struct ldapsrv_reply *reply = NULL;
+       struct ldap_ExtendedResponse *r = NULL;
+
+       DBG_DEBUG("Sending connection expired message\n");
+
+       reply = ldapsrv_init_reply(call, LDAP_TAG_ExtendedResponse);
+       if (reply == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       /*
+        * According to RFC4511 section 4.4.1 this has a msgid of 0
+        */
+       reply->msg->messageid = 0;
+
+       r = &reply->msg->r.ExtendedResponse;
+       r->response.resultcode = LDB_ERR_UNAVAILABLE;
+       r->response.errormessage = "The server has timed out this connection";
+       r->oid = "1.3.6.1.4.1.1466.20036"; /* see rfc4511 section 4.4.1 */
+
+       ldapsrv_queue_reply(call, reply);
+       return NT_STATUS_OK;
+}
+
 NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
 {
        unsigned int i;
        struct ldap_message *msg = call->request;
+       struct ldapsrv_connection *conn = call->conn;
        NTSTATUS status;
+       bool expired;
+
+       expired = timeval_expired(&conn->limits.expire_time);
+       if (expired) {
+               status = ldapsrv_expired(call);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
+               return NT_STATUS_NETWORK_SESSION_EXPIRED;
+       }
 
        /* Check for undecoded critical extensions */
        for (i=0; msg->controls && msg->controls[i]; i++) {