summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli/ldap')
-rw-r--r--source4/libcli/ldap/ldap_bind.c2
-rw-r--r--source4/libcli/ldap/ldap_client.c39
-rw-r--r--source4/libcli/ldap/ldap_client.h1
3 files changed, 22 insertions, 20 deletions
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index c33d53f775..6714d68b0e 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -223,7 +223,7 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr
/* require Kerberos SIGN/SEAL only if we don't use SSL
* Windows seem not to like double encryption */
- if (conn->tls == NULL || (! tls_enabled(conn->tls))) {
+ if (!tls_enabled(conn->sock)) {
gensec_want_feature(conn->gensec, 0 | GENSEC_FEATURE_SIGN | GENSEC_FEATURE_SEAL);
}
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index 27cab38916..8d815c7103 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -32,6 +32,7 @@
#include "libcli/ldap/ldap_client.h"
#include "libcli/composite/composite.h"
#include "lib/stream/packet.h"
+#include "lib/tls/tls.h"
#include "auth/gensec/gensec.h"
#include "system/time.h"
@@ -85,12 +86,10 @@ static void ldap_connection_dead(struct ldap_connection *conn)
if (req->async.fn) {
req->async.fn(req);
}
- }
+ }
- talloc_free(conn->tls);
-/* talloc_free(conn->sock); this will also free event.fde */
+ talloc_free(conn->sock); /* this will also free event.fde */
talloc_free(conn->packet);
- conn->tls = NULL;
conn->sock = NULL;
conn->event.fde = NULL;
conn->packet = NULL;
@@ -270,7 +269,7 @@ static void ldap_io_handler(struct event_context *ev, struct fd_event *fde,
struct ldap_connection);
if (flags & EVENT_FD_WRITE) {
packet_queue_run(conn->packet);
- if (conn->tls == NULL) return;
+ if (!tls_enabled(conn->sock)) return;
}
if (flags & EVENT_FD_READ) {
packet_recv(conn->packet);
@@ -339,11 +338,6 @@ struct composite_context *ldap_connect_send(struct ldap_connection *conn,
struct composite_context *result, *ctx;
struct ldap_connect_state *state;
- if (conn->reconnect.url == NULL) {
- conn->reconnect.url = talloc_strdup(conn, url);
- if (conn->reconnect.url == NULL) goto failed;
- }
-
result = talloc_zero(NULL, struct composite_context);
if (result == NULL) goto failed;
result->state = COMPOSITE_STATE_IN_PROGRESS;
@@ -357,6 +351,11 @@ struct composite_context *ldap_connect_send(struct ldap_connection *conn,
state->conn = conn;
+ if (conn->reconnect.url == NULL) {
+ conn->reconnect.url = talloc_strdup(conn, url);
+ if (conn->reconnect.url == NULL) goto failed;
+ }
+
state->ctx->status = ldap_parse_basic_url(conn, url, &conn->host,
&conn->port, &conn->ldaps);
if (!NT_STATUS_IS_OK(state->ctx->status)) {
@@ -379,6 +378,7 @@ struct composite_context *ldap_connect_send(struct ldap_connection *conn,
static void ldap_connect_recv_conn(struct composite_context *ctx)
{
+ struct socket_context *initial_socket;
struct ldap_connect_state *state =
talloc_get_type(ctx->async.private_data,
struct ldap_connect_state);
@@ -398,21 +398,24 @@ static void ldap_connect_recv_conn(struct composite_context *ctx)
return;
}
- conn->tls = tls_init_client(conn->sock, conn->event.fde, conn->ldaps);
- if (conn->tls == NULL) {
- talloc_free(conn->sock);
- return;
+ talloc_steal(conn, conn->sock);
+ initial_socket = conn->sock;
+ if (conn->ldaps) {
+ conn->sock = tls_init_client(conn->sock, conn->event.fde);
+ if (conn->sock == NULL) {
+ talloc_free(initial_socket);
+ return;
+ }
}
- talloc_steal(conn, conn->tls);
- talloc_steal(conn->tls, conn->sock);
conn->packet = packet_init(conn);
if (conn->packet == NULL) {
talloc_free(conn->sock);
return;
}
+
packet_set_private(conn->packet, conn);
- packet_set_tls(conn->packet, conn->tls);
+ packet_set_socket(conn->packet, conn->sock);
packet_set_callback(conn->packet, ldap_recv_handler);
packet_set_full_request(conn->packet, ldap_complete_packet);
packet_set_error_handler(conn->packet, ldap_error_handler);
@@ -535,7 +538,7 @@ struct ldap_request *ldap_request_send(struct ldap_connection *conn,
req = talloc_zero(conn, struct ldap_request);
if (req == NULL) return NULL;
- if (conn->tls == NULL) {
+ if (conn->sock == NULL) {
status = NT_STATUS_INVALID_CONNECTION;
goto failed;
}
diff --git a/source4/libcli/ldap/ldap_client.h b/source4/libcli/ldap/ldap_client.h
index 7801f8b6bc..28b9f2763c 100644
--- a/source4/libcli/ldap/ldap_client.h
+++ b/source4/libcli/ldap/ldap_client.h
@@ -51,7 +51,6 @@ struct ldap_request {
/* main context for a ldap client connection */
struct ldap_connection {
- struct tls_context *tls;
struct socket_context *sock;
char *host;
uint16_t port;
generated by cgit (git 2.34.1) at 2024-10-01 09:10:04 +0000