}
/* Turn a normal socket into a potentially GENSEC wrapped socket */
+/* CAREFUL: this function will steal 'current_socket' */
NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
struct socket_context *current_socket,
struct event_context *ev,
void (*recv_handler)(void *, uint16_t),
struct socket_context *new_sock;
NTSTATUS nt_status;
- nt_status = socket_create_with_ops(current_socket, &gensec_socket_ops, &new_sock,
+ nt_status = socket_create_with_ops(mem_ctx, &gensec_socket_ops, &new_sock,
SOCKET_TYPE_STREAM, current_socket->flags | SOCKET_FLAG_ENCRYPT);
if (!NT_STATUS_IS_OK(nt_status)) {
*new_socket = NULL;
gensec_socket = talloc(new_sock, struct gensec_socket);
if (gensec_socket == NULL) {
*new_socket = NULL;
+ talloc_free(new_sock);
return NT_STATUS_NO_MEMORY;
}
new_sock->private_data = gensec_socket;
gensec_socket->socket = current_socket;
- if (talloc_reference(gensec_socket, current_socket) == NULL) {
- *new_socket = NULL;
- return NT_STATUS_NO_MEMORY;
- }
-
/* Nothing to do here, if we are not actually wrapping on this socket */
if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL) &&
!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
gensec_socket->wrap = false;
+ talloc_steal(gensec_socket, current_socket);
*new_socket = new_sock;
return NT_STATUS_OK;
}
gensec_socket->packet = packet_init(gensec_socket);
if (gensec_socket->packet == NULL) {
*new_socket = NULL;
+ talloc_free(new_sock);
return NT_STATUS_NO_MEMORY;
}
/* TODO: full-request that knows about maximum packet size */
+ talloc_steal(gensec_socket, current_socket);
*new_socket = new_sock;
return NT_STATUS_OK;
}
{
struct ldap_request *req;
+ talloc_free(conn->sock); /* this will also free event.fde */
+ talloc_free(conn->packet);
+ conn->sock = NULL;
+ conn->event.fde = NULL;
+ conn->packet = NULL;
+
/* return an error for any pending request ... */
while (conn->pending) {
req = conn->pending;
req->async.fn(req);
}
}
-
- talloc_free(conn->sock); /* this will also free event.fde */
- talloc_free(conn->packet);
- conn->sock = NULL;
- conn->event.fde = NULL;
- conn->packet = NULL;
}
static void ldap_reconnect(struct ldap_connection *conn);
talloc_steal(conn, conn->sock);
if (conn->ldaps) {
struct socket_context *tls_socket;
+ struct socket_context *tmp_socket;
char *cafile = private_path(conn->sock, conn->lp_ctx, lp_tls_cafile(conn->lp_ctx));
if (!cafile || !*cafile) {
talloc_free(conn->sock);
return;
}
- talloc_unlink(conn, conn->sock);
- conn->sock = tls_socket;
- talloc_steal(conn, conn->sock);
+
+ /* the original socket, must become a child of the tls socket */
+ tmp_socket = conn->sock;
+ conn->sock = talloc_steal(conn, tls_socket);
+ talloc_steal(conn->sock, tmp_socket);
}
conn->packet = packet_init(conn);