#define SMBLDAP_IDLE_TIME 150 /* After 2.5 minutes disconnect */
+struct smbldap_state {
+ LDAP *ldap_struct;
+ pid_t pid;
+ time_t last_ping; /* monotonic */
+ /* retrieve-once info */
+ const char *uri;
+
+ /* credentials */
+ bool anonymous;
+ char *bind_dn;
+ char *bind_secret;
+ smbldap_bind_callback_fn bind_callback;
+ void *bind_callback_data;
+
+ bool paged_results;
+
+ unsigned int num_failures;
+
+ time_t last_use; /* monotonic */
+ struct tevent_context *tevent_context;
+ struct tevent_timer *idle_event;
+
+ struct timeval last_rebind; /* monotonic */
+};
+
LDAP *smbldap_get_ldap(struct smbldap_state *state)
{
return state->ldap_struct;
}
+bool smbldap_get_paged_results(struct smbldap_state *state)
+{
+ return state->paged_results;
+}
+
+void smbldap_set_paged_results(struct smbldap_state *state,
+ bool paged_results)
+{
+ state->paged_results = paged_results;
+}
+void smbldap_set_bind_callback(struct smbldap_state *state,
+ smbldap_bind_callback_fn callback,
+ void *callback_data)
+{
+ state->bind_callback = callback;
+ state->bind_callback_data = callback_data;
+}
/*******************************************************************
Search an attribute and return the first value found.
******************************************************************/
struct dom_sid *sid)
{
DATA_BLOB blob;
- bool ret;
+ struct sid_parse_ret ret;
if (!smbldap_talloc_single_blob(talloc_tos(), ld, msg, attrib,
&blob)) {
}
ret = sid_parse(blob.data, blob.length, sid);
TALLOC_FREE(blob.data);
- return ret;
+ return (ret.len != -1);
}
static int ldapmsg_destructor(LDAPMessage **result) {
int smbldap_start_tls(LDAP *ldap_struct, int version)
{
#ifdef LDAP_OPT_X_TLS
- int rc;
+ int rc,tls;
#endif
if (lp_ldap_ssl() != LDAP_SSL_START_TLS) {
}
#ifdef LDAP_OPT_X_TLS
+ /* check if we use ldaps already */
+ ldap_get_option(ldap_struct, LDAP_OPT_X_TLS, &tls);
+ if (tls == LDAP_OPT_X_TLS_HARD) {
+ return LDAP_SUCCESS;
+ }
+
if (version != LDAP_VERSION3) {
DEBUG(0, ("Need LDAPv3 for Start TLS\n"));
return LDAP_OPERATIONS_ERROR;
SAFE_FREE((*ldap_state)->bind_dn);
SAFE_FREE((*ldap_state)->bind_secret);
- (*ldap_state)->bind_callback = NULL;
- (*ldap_state)->bind_callback_data = NULL;
+ smbldap_set_bind_callback(*ldap_state, NULL, NULL);
TALLOC_FREE(*ldap_state);
/* free any previously set credential */
SAFE_FREE(ldap_state->bind_dn);
- ldap_state->bind_callback = NULL;
- ldap_state->bind_callback_data = NULL;
+ smbldap_set_bind_callback(ldap_state, NULL, NULL);
if (ldap_state->bind_secret) {
/* make sure secrets are zeroed out of memory */