Avoid including libds/common/roles.h in public loadparm.h header.

[obnox/samba/samba-obnox.git] / source4 / ldap_server / ldap_server.c

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 755eb441f40be162787b54312d90dc0e98bd8f2a..3afbcdbf2012bfe5e7f88a404eb67a16534437f5 100644 (file)
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -46,6 +46,7 @@
 #include "../lib/tsocket/tsocket.h"
 #include "../lib/util/tevent_ntstatus.h"
 #include "../libcli/util/tstream.h"
+#include "libds/common/roles.h"
 
 static void ldapsrv_terminate_connection_done(struct tevent_req *subreq);
 
@@ -99,10 +100,9 @@ static void ldapsrv_terminate_connection_done(struct tevent_req *subreq)
        struct ldapsrv_connection *conn =
                tevent_req_callback_data(subreq,
                struct ldapsrv_connection);
-       int ret;
        int sys_errno;
 
-       ret = tstream_disconnect_recv(subreq, &sys_errno);
+       tstream_disconnect_recv(subreq, &sys_errno);
        TALLOC_FREE(subreq);
 
        if (conn->sockets.active == conn->sockets.raw) {
@@ -218,9 +218,8 @@ static int ldapsrv_load_limits(struct ldapsrv_connection *conn)
                int policy_value, s;
 
                s = sscanf((const char *)el->values[i].data, "%255[^=]=%d", policy_name, &policy_value);
-               if (ret != 2 || policy_value == 0)
+               if (s != 2 || policy_value == 0)
                        continue;
-
                if (strcasecmp("InitRecvTimeout", policy_name) == 0) {
                        conn->limits.initial_timeout = policy_value;
                        continue;
@@ -334,6 +333,8 @@ static void ldapsrv_accept(struct stream_connection *c,
 
        conn->session_info = session_info;
 
+       conn->sockets.active = conn->sockets.raw;
+
        if (!NT_STATUS_IS_OK(ldapsrv_backend_Init(conn))) {
                ldapsrv_terminate_connection(conn, "backend Init failed");
                return;
@@ -345,8 +346,6 @@ static void ldapsrv_accept(struct stream_connection *c,
        /* register the server */       
        irpc_add_name(c->msg_ctx, "ldap_server");
 
-       conn->sockets.active = conn->sockets.raw;
-
        if (port != 636 && port != 3269) {
                ldapsrv_call_read_next(conn);
                return;
@@ -708,7 +707,7 @@ static struct tevent_req *ldapsrv_process_call_send(TALLOC_CTX *mem_ctx,
        ok = tevent_queue_add(call_queue, ev, req,
                              ldapsrv_process_call_trigger, NULL);
        if (!ok) {
-               tevent_req_nomem(NULL, req);
+               tevent_req_oom(req);
                return tevent_req_post(req, ev);
        }
 
@@ -907,7 +906,7 @@ static void ldapsrv_task_init(struct task_server *task)
                task_server_terminate(task, "ldap_server: no LDAP server required in member server configuration", 
                                      false);
                return;
-       case ROLE_DOMAIN_CONTROLLER:
+       case ROLE_ACTIVE_DIRECTORY_DC:
                /* Yes, we want an LDAP server */
                break;
        }
@@ -936,9 +935,10 @@ static void ldapsrv_task_init(struct task_server *task)
                                           lpcfg_tls_cafile(ldap_service, task->lp_ctx),
                                           lpcfg_tls_crlfile(ldap_service, task->lp_ctx),
                                           lpcfg_tls_dhpfile(ldap_service, task->lp_ctx),
+                                          lpcfg_tls_priority(task->lp_ctx),
                                           &ldap_service->tls_params);
        if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0,("ldapsrv failed tstream_tls_patams_server - %s\n",
+               DEBUG(0,("ldapsrv failed tstream_tls_params_server - %s\n",
                         nt_errstr(status)));
                goto failed;
        }
@@ -951,7 +951,7 @@ static void ldapsrv_task_init(struct task_server *task)
                int num_interfaces;
                int i;
 
-               load_interface_list(task, lpcfg_interfaces(task->lp_ctx), &ifaces);
+               load_interface_list(task, task->lp_ctx, &ifaces);
                num_interfaces = iface_list_count(ifaces);
 
                /* We have been given an interfaces line, and been 
@@ -964,18 +964,24 @@ static void ldapsrv_task_init(struct task_server *task)
                        if (!NT_STATUS_IS_OK(status)) goto failed;
                }
        } else {
-               const char **wcard;
+               char **wcard;
                int i;
-               wcard = iface_list_wildcard(task, task->lp_ctx);
+               int num_binds = 0;
+               wcard = iface_list_wildcard(task);
                if (wcard == NULL) {
                        DEBUG(0,("No wildcard addresses available\n"));
                        goto failed;
                }
                for (i=0; wcard[i]; i++) {
                        status = add_socket(task, task->lp_ctx, model_ops, wcard[i], ldap_service);
-                       if (!NT_STATUS_IS_OK(status)) goto failed;
+                       if (NT_STATUS_IS_OK(status)) {
+                               num_binds++;
+                       }
                }
                talloc_free(wcard);
+               if (num_binds == 0) {
+                       goto failed;
+               }
        }
 
        ldapi_path = lpcfg_private_path(ldap_service, task->lp_ctx, "ldapi");
@@ -1003,7 +1009,7 @@ static void ldapsrv_task_init(struct task_server *task)
         * Make sure the directory for the privileged ldapi socket exists, and
         * is of the correct permissions
         */
-       if (!directory_create_or_exist(priv_dir, geteuid(), 0750)) {
+       if (!directory_create_or_exist(priv_dir, 0750)) {
                task_server_terminate(task, "Cannot create ldap "
                                      "privileged ldapi directory", true);
                return;
@@ -1026,6 +1032,9 @@ static void ldapsrv_task_init(struct task_server *task)
        }
 
 #endif
+
+       /* register the server */
+       irpc_add_name(task->msg_ctx, "ldap_server");
        return;
 
 failed: