#include "smbd/process_model.h"
#include "lib/tls/tls.h"
#include "lib/messaging/irpc.h"
-#include "lib/ldb/include/ldb.h"
-#include "lib/ldb/include/ldb_errors.h"
+#include <ldb.h>
+#include <ldb_errors.h>
#include "libcli/ldap/ldap_proto.h"
#include "system/network.h"
#include "lib/socket/netif.h"
conn->limits.endtime = timeval_current_ofs(0, 500);
- DEBUG(2,("ldapsrv_terminate_connection: %s - disconnecting\n",
- reason));
-
tevent_queue_stop(conn->sockets.send_queue);
if (conn->active_call) {
tevent_req_cancel(conn->active_call);
}
basedn = ldb_dn_new(tmp_ctx, conn->ldb, NULL);
- if ( ! ldb_dn_validate(basedn)) {
+ if (basedn == NULL) {
goto failed;
}
for reading from that socket
*/
static void ldapsrv_accept(struct stream_connection *c,
- struct auth_session_info *session_info)
+ struct auth_session_info *session_info,
+ bool is_privileged)
{
struct ldapsrv_service *ldapsrv_service =
talloc_get_type(c->private_data, struct ldapsrv_service);
stream_terminate_connection(c, "ldapsrv_accept: out of memory");
return;
}
+ conn->is_privileged = is_privileged;
conn->sockets.send_queue = tevent_queue_create(conn, "ldapsev send queue");
if (conn->sockets.send_queue == NULL) {
}
port = socket_address->port;
talloc_free(socket_address);
- if (port == 3268) /* Global catalog */ {
+ if (port == 3268 || port == 3269) /* Global catalog */ {
conn->global_catalog = true;
}
}
conn->server_credentials = server_credentials;
- conn->session_info = talloc_move(conn, &session_info);
+ conn->session_info = session_info;
+
+ conn->sockets.active = conn->sockets.raw;
if (!NT_STATUS_IS_OK(ldapsrv_backend_Init(conn))) {
ldapsrv_terminate_connection(conn, "backend Init failed");
/* register the server */
irpc_add_name(c->msg_ctx, "ldap_server");
- conn->sockets.active = conn->sockets.raw;
-
- if (port != 636) {
+ if (port != 636 && port != 3269) {
ldapsrv_call_read_next(conn);
return;
}
ok = tevent_queue_add(call_queue, ev, req,
ldapsrv_process_call_trigger, NULL);
if (!ok) {
- tevent_req_nomem(NULL, req);
+ tevent_req_oom(req);
return tevent_req_post(req, ev);
}
"session info");
return;
}
- ldapsrv_accept(c, session_info);
+ ldapsrv_accept(c, session_info, false);
}
static const struct stream_server_ops ldap_stream_nonpriv_ops = {
"session info");
return;
}
- ldapsrv_accept(c, session_info);
+ ldapsrv_accept(c, session_info, true);
}
static const struct stream_server_ops ldap_stream_priv_ops = {
};
#endif
+
+
/*
add a socket address to the list of events, one event per port
*/
-static NTSTATUS add_socket(struct tevent_context *event_context,
+static NTSTATUS add_socket(struct task_server *task,
struct loadparm_context *lp_ctx,
const struct model_ops *model_ops,
const char *address, struct ldapsrv_service *ldap_service)
NTSTATUS status;
struct ldb_context *ldb;
- status = stream_setup_socket(event_context, lp_ctx,
+ status = stream_setup_socket(task, task->event_ctx, lp_ctx,
model_ops, &ldap_stream_nonpriv_ops,
- "ipv4", address, &port,
+ "ip", address, &port,
lpcfg_socket_options(lp_ctx),
ldap_service);
if (!NT_STATUS_IS_OK(status)) {
if (tstream_tls_params_enabled(ldap_service->tls_params)) {
/* add ldaps server */
port = 636;
- status = stream_setup_socket(event_context, lp_ctx,
+ status = stream_setup_socket(task, task->event_ctx, lp_ctx,
model_ops,
&ldap_stream_nonpriv_ops,
- "ipv4", address, &port,
+ "ip", address, &port,
lpcfg_socket_options(lp_ctx),
ldap_service);
if (!NT_STATUS_IS_OK(status)) {
if (samdb_is_gc(ldb)) {
port = 3268;
- status = stream_setup_socket(event_context, lp_ctx,
+ status = stream_setup_socket(task, task->event_ctx, lp_ctx,
model_ops,
&ldap_stream_nonpriv_ops,
- "ipv4", address, &port,
+ "ip", address, &port,
lpcfg_socket_options(lp_ctx),
ldap_service);
if (!NT_STATUS_IS_OK(status)) {
address, port, nt_errstr(status)));
return status;
}
+ if (tstream_tls_params_enabled(ldap_service->tls_params)) {
+ /* add ldaps server for the global catalog */
+ port = 3269;
+ status = stream_setup_socket(task, task->event_ctx, lp_ctx,
+ model_ops,
+ &ldap_stream_nonpriv_ops,
+ "ip", address, &port,
+ lpcfg_socket_options(lp_ctx),
+ ldap_service);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
+ address, port, nt_errstr(status)));
+ return status;
+ }
+ }
}
- /* And once we are bound, free the tempoary ldb, it will
+ /* And once we are bound, free the temporary ldb, it will
* connect again on each incoming LDAP connection */
talloc_unlink(ldap_service, ldb);
task_server_set_title(task, "task[ldapsrv]");
/* run the ldap server as a single process */
- model_ops = process_model_startup(task->event_ctx, "single");
+ model_ops = process_model_startup("single");
if (!model_ops) goto failed;
ldap_service = talloc_zero(task, struct ldapsrv_service);
lpcfg_tls_dhpfile(ldap_service, task->lp_ctx),
&ldap_service->tls_params);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("ldapsrv failed tstream_tls_patams_server - %s\n",
+ DEBUG(0,("ldapsrv failed tstream_tls_params_server - %s\n",
nt_errstr(status)));
goto failed;
}
int num_interfaces;
int i;
- load_interfaces(task, lpcfg_interfaces(task->lp_ctx), &ifaces);
- num_interfaces = iface_count(ifaces);
+ load_interface_list(task, task->lp_ctx, &ifaces);
+ num_interfaces = iface_list_count(ifaces);
/* We have been given an interfaces line, and been
told to only bind to those interfaces. Create a
socket per interface and bind to only these.
*/
for(i = 0; i < num_interfaces; i++) {
- const char *address = iface_n_ip(ifaces, i);
- status = add_socket(task->event_ctx, task->lp_ctx, model_ops, address, ldap_service);
+ const char *address = iface_list_n_ip(ifaces, i);
+ status = add_socket(task, task->lp_ctx, model_ops, address, ldap_service);
if (!NT_STATUS_IS_OK(status)) goto failed;
}
} else {
- status = add_socket(task->event_ctx, task->lp_ctx, model_ops,
- lpcfg_socket_address(task->lp_ctx), ldap_service);
- if (!NT_STATUS_IS_OK(status)) goto failed;
+ const char **wcard;
+ int i;
+ wcard = iface_list_wildcard(task, task->lp_ctx);
+ if (wcard == NULL) {
+ DEBUG(0,("No wildcard addresses available\n"));
+ goto failed;
+ }
+ for (i=0; wcard[i]; i++) {
+ status = add_socket(task, task->lp_ctx, model_ops, wcard[i], ldap_service);
+ if (!NT_STATUS_IS_OK(status)) goto failed;
+ }
+ talloc_free(wcard);
}
- ldapi_path = private_path(ldap_service, task->lp_ctx, "ldapi");
+ ldapi_path = lpcfg_private_path(ldap_service, task->lp_ctx, "ldapi");
if (!ldapi_path) {
goto failed;
}
- status = stream_setup_socket(task->event_ctx, task->lp_ctx,
+ status = stream_setup_socket(task, task->event_ctx, task->lp_ctx,
model_ops, &ldap_stream_nonpriv_ops,
"unix", ldapi_path, NULL,
lpcfg_socket_options(task->lp_ctx),
}
#ifdef WITH_LDAPI_PRIV_SOCKET
- priv_dir = private_path(ldap_service, task->lp_ctx, "ldap_priv");
+ priv_dir = lpcfg_private_path(ldap_service, task->lp_ctx, "ldap_priv");
if (priv_dir == NULL) {
goto failed;
}
goto failed;
}
- status = stream_setup_socket(task->event_ctx, task->lp_ctx,
+ status = stream_setup_socket(task, task->event_ctx, task->lp_ctx,
model_ops, &ldap_stream_priv_ops,
"unix", ldapi_path, NULL,
lpcfg_socket_options(task->lp_ctx),