/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2015 The OpenLDAP Foundation.
+ * Copyright 1999-2018 The OpenLDAP Foundation.
* Portions Copyright 2000-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
#define LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ "2.16.840.1.113730.3.4.12"
+#ifdef LDAP_DEVEL
#define SLAP_AUTH_DN 1
+#endif
#if LDAP_BACK_PRINT_CONNTREE > 0
if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_BIND_SERR ) ) {
goto retry;
}
+ if ( !lc )
+ return( rc );
}
ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );
int *is_tls,
const char *url,
unsigned flags,
- int retries,
+ int timeout,
const char **text )
{
int rc = LDAP_SUCCESS;
LDAPMessage *res = NULL;
struct timeval tv;
- LDAP_BACK_TV_SET( &tv );
-
-retry:;
+ if ( timeout ) {
+ tv.tv_sec = timeout;
+ tv.tv_usec = 0;
+ } else {
+ LDAP_BACK_TV_SET( &tv );
+ }
rc = ldap_result( ld, msgid, LDAP_MSG_ALL, &tv, &res );
- if ( rc < 0 ) {
- rc = LDAP_UNAVAILABLE;
-
- } else if ( rc == 0 ) {
- if ( retries != LDAP_BACK_RETRY_NEVER ) {
- ldap_pvt_thread_yield();
- if ( retries > 0 ) {
- retries--;
- }
- LDAP_BACK_TV_SET( &tv );
- goto retry;
- }
+ if ( rc <= 0 ) {
rc = LDAP_UNAVAILABLE;
} else if ( rc == LDAP_RES_EXTENDED ) {
assert( li->li_uri_mutex_do_not_lock == 0 );
li->li_uri_mutex_do_not_lock = 1;
rs->sr_err = ldap_back_start_tls( ld, op->o_protocol, &is_tls,
- li->li_uri, flags, li->li_nretries, &rs->sr_text );
+ li->li_uri, flags, li->li_timeout[ SLAP_OP_EXTENDED ], &rs->sr_text );
li->li_uri_mutex_do_not_lock = 0;
ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
if ( rs->sr_err != LDAP_SUCCESS ) {
if ( lc != NULL ) {
if ( lc != LDAP_TAILQ_LAST( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
- ldapconn_t, lc_q ) )
+ lc_conn_priv_q ) )
{
LDAP_TAILQ_REMOVE( &li->li_conn_priv[ LDAP_BACK_CONN2PRIV( lc ) ].lic_priv,
lc, lc_q );
lc = (ldapconn_t *)ch_calloc( 1, sizeof( ldapconn_t ) );
lc->lc_flags = li->li_flags;
lc->lc_lcflags = lc_curr.lc_lcflags;
+ lc->lc_ldapinfo = li;
if ( ldap_back_prepare_conn( lc, op, rs, sendok ) != LDAP_SUCCESS ) {
ch_free( lc );
return NULL;
op->o_tag = o_tag;
rs->sr_text = "Proxy can't contact remote server";
send_ldap_result( op, rs );
+ /* if we originally bound and wanted rebind-as-user, must drop
+ * the connection now because we just discarded the credentials.
+ * ITS#7464, #8142
+ */
+ if ( LDAP_BACK_SAVECRED( li ) && SLAP_IS_AUTHZ_BACKEND( op ) )
+ rs->sr_err = SLAPD_DISCONNECT;
}
rc = 0;
const char *text = NULL;
rc = ldap_back_start_tls( ld, 0, &is_tls, url, lc->lc_flags,
- LDAP_BACK_RETRY_DEFAULT, &text );
+ lc->lc_ldapinfo->li_timeout[ SLAP_OP_EXTENDED ], &text );
if ( rc != LDAP_SUCCESS ) {
return rc;
}