ldap-connection.c revision 0f01489817e0306063f12054f20b4f91e13ed6ab
/* Copyright (c) 2016 Dovecot authors, see the included COPYING file */
#include "lib.h"
#include "array.h"
#include "aqueue.h"
#include "ioloop.h"
#include "ldap-private.h"
static
static
int ldap_connect_next_message(struct ldap_connection *conn, struct ldap_op_queue_entry *req, bool *finished_r);
static
static
static
{
for (unsigned int i = 0; i < n; i++) {
struct ldap_op_queue_entry *const *reqp =
}
}
static
{
if (ret != LDAP_SUCCESS) {
return -1;
}
} else {
}
/* refuse to connect to SSLv2 as it's completely insecure */
/* default timeout */
/* timelimit */
opt = LDAP_VERSION3;
return 0;
}
const struct ldap_client_settings *set,
{
/* deep copy relevant strings */
}
/* cannot use these */
}
return -1;
}
return 0;
}
{
for (unsigned int i = 0; i < n; i++) {
struct ldap_op_queue_entry *const *reqp =
}
}
static void
struct ldap_op_queue_entry *req,
{
struct ldap_result res;
else
}
static
struct ldap_op_queue_entry *req)
{
struct ldap_result res;
}
static
{
unsigned int i = 0, n;
struct ldap_op_queue_entry *req;
return;
}
return;
}
/* get next request */
for(i=0; i < n; i++) {
struct ldap_op_queue_entry *const *reqp =
break;
}
i--;
/* nothing to actually send */
const char *error;
int ret;
/* did not succeed */
struct ldap_result res;
}
static
{
}
{
if (req->timeout_secs > 0)
}
static int
struct ldap_op_queue_entry *req,
{
int ret, result_err;
char *retoid, *result_errmsg;
*finished_r = TRUE;
case LDAP_STATE_TLS:
if (msgtype != LDAP_RES_EXTENDED) {
*finished_r = FALSE;
return LDAP_SUCCESS;
}
if (ret != 0) {
"ldap_start_tls(uri=%s) failed: %s",
return ret;
} else if (result_err != 0) {
"ldap_start_tls(uri=%s) failed: %s",
return result_err;
}
} else {
/* retoid can be NULL even if ret == 0 */
if (ret != LDAP_SUCCESS) {
"ldap_start_tls(uri=%s) failed: %s",
return LDAP_UNAVAILABLE;
}
} else {
i_debug("Using TLS connection to remote LDAP server");
}
}
case LDAP_STATE_AUTH:
if (ret != LDAP_SUCCESS) {
"ldap_parse_result() failed for connect: %s",
ldap_err2string(ret)));
return ret;
}
if (result_err != LDAP_SUCCESS) {
"Connect failed: %s", error));
return result_err;
}
if (msgtype != LDAP_RES_BIND) return 0;
if (ret != LDAP_SUCCESS) {
const char *error = t_strdup_printf(
return 1;
}
default:
i_unreached();
}
return LDAP_SUCCESS;
}
static
{
struct ldap_result res;
/* too bad */
for (unsigned int i = 0; i < n; i++) {
struct ldap_op_queue_entry *const *reqp =
return;
}
}
i_unreached();
}
static int
{
int ret;
*finished_r = TRUE;
case LDAP_STATE_DISCONNECT:
if (ret != LDAP_SUCCESS) {
"ldap_start_tls(uri=%s) failed: %s",
return ret;
}
break;
} else {
/* we let it slide intentionally to next case */
}
case LDAP_STATE_AUTH:
NULL,
NULL,
if (ret != LDAP_SUCCESS) {
"ldap_sasl_bind(uri=%s, dn=%s) failed: %s",
return ret;
}
break;
case LDAP_STATE_CONNECT:
return LDAP_SUCCESS; /* we are done here */
default:
i_unreached();
};
*finished_r = FALSE;
return LDAP_SUCCESS;
}
static
{
const char *error;
int fd;
bool finished;
/* try to reconnect after disconnection */
}
pool_unref(&pool);
return -1;
}
/* start timeout */
if (req->timeout_secs > 0)
return 0;
}
{
if (conn->request_queue) {
for (unsigned int i = 0; i < n; i++) {
struct ldap_op_queue_entry *const *reqp =
}
}
}
}
{
/* it's not connected */
return 0;
}
static struct ldap_op_queue_entry *
unsigned int *idx_r)
{
for (i = 0; i < n; i++) {
struct ldap_op_queue_entry *const *reqp =
*idx_r = i;
return *reqp;
}
}
return NULL;
}
static int
{
struct ldap_op_queue_entry *req;
unsigned int i = 0;
int err = LDAP_SUCCESS;
/* we need to look at who it was for */
switch(err) {
case LDAP_SUCCESS:
break;
case LDAP_SERVER_DOWN:
#ifdef LDAP_CONNECT_ERROR
case LDAP_CONNECT_ERROR:
#endif
case LDAP_UNAVAILABLE:
/* fall through */
case LDAP_OPERATIONS_ERROR:
case LDAP_BUSY:
/* requeue */
break;
case LDAP_SIZELIMIT_EXCEEDED:
case LDAP_TIMELIMIT_EXCEEDED:
case LDAP_NO_SUCH_ATTRIBUTE:
case LDAP_UNDEFINED_TYPE:
case LDAP_INVALID_SYNTAX:
case LDAP_NO_SUCH_OBJECT:
case LDAP_ALIAS_PROBLEM:
case LDAP_INVALID_DN_SYNTAX:
case LDAP_IS_LEAF:
case LDAP_ALIAS_DEREF_PROBLEM:
case LDAP_FILTER_ERROR:
case LDAP_LOCAL_ERROR:
case LDAP_INVALID_CREDENTIALS:
break;
default:
/* ignore */
break;
}
if (finished) {
return 1;
}
return 0;
}
static
{
.tv_sec = 0,
.tv_usec = 0
};
int ret;
/* try get a message */
if (ret > 0)
if (ret == -1) {
i_unreached();
if (ret != LDAP_SERVER_DOWN)
else
i_error("Connection lost to LDAP server, reconnecting");
/* kill me */
} else if (ret != 0) {
}
/* reset timeout */
}
{
}
{
return result->error_string;
}