/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1999-2010 The OpenLDAP Foundation.
+ * Copyright 1999-2013 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
int do_return = 0;
#ifdef HAVE_TLS
int is_ldaps = 0;
+ int do_start_tls = 0;
#endif /* HAVE_TLS */
/* if the server is quarantined, and
ldap_set_option( msc->msc_ld, LDAP_OPT_REFERRALS,
META_BACK_TGT_CHASE_REFERRALS( mt ) ? LDAP_OPT_ON : LDAP_OPT_OFF );
+ slap_client_keepalive(msc->msc_ld, &mt->mt_tls.sb_keepalive);
+
#ifdef HAVE_TLS
+ if ( !is_ldaps ) {
+ slap_bindconf *sb = NULL;
+
+ if ( ispriv ) {
+ sb = &mt->mt_idassert.si_bc;
+ } else {
+ sb = &mt->mt_tls;
+ }
+
+ if ( sb->sb_tls_do_init ) {
+ bindconf_tls_set( sb, msc->msc_ld );
+ } else if ( sb->sb_tls_ctx ) {
+ ldap_set_option( msc->msc_ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx );
+ }
+
+ if ( sb == &mt->mt_idassert.si_bc && sb->sb_tls_ctx ) {
+ do_start_tls = 1;
+
+ } else if ( META_BACK_TGT_USE_TLS( mt )
+ || ( op->o_conn->c_is_tls && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
+ {
+ do_start_tls = 1;
+ }
+ }
+
/* start TLS ("tls [try-]{start|propagate}" statement) */
- if ( ( META_BACK_TGT_USE_TLS( mt )
- || ( op->o_conn->c_is_tls
- && META_BACK_TGT_PROPAGATE_TLS( mt ) ) )
- && !is_ldaps )
- {
+ if ( do_start_tls ) {
#ifdef SLAP_STARTTLS_ASYNCHRONOUS
/*
* use asynchronous StartTLS; in case, chase referral
rc = meta_back_init_one_conn( op, rs, mc, candidate,
LDAP_BACK_CONN_ISPRIV( mc ), sendok, 0 );
- /* restore credentials, if any;
+ /* restore credentials, if any and if needed;
* meta_back_init_one_conn() restores msc_bound_ndn, if any;
* if no msc_bound_ndn is restored, destroy credentials */
- if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+ if ( !BER_BVISNULL( &msc->msc_bound_ndn )
+ && BER_BVISNULL( &msc->msc_cred ) )
+ {
msc->msc_cred = save_cred;
} else if ( !BER_BVISNULL( &save_cred ) ) {
memset( save_cred.bv_val, 0, save_cred.bv_len );
- ber_memfree( save_cred.bv_val );
+ ber_memfree_x( save_cred.bv_val, NULL );
}
/* restore the "binding" flag, in case */
if ( rc == LDAP_SUCCESS ) {
quarantine = 0;
+ LDAP_BACK_CONN_BINDING_SET( msc ); binding = 1;
rc = meta_back_single_dobind( op, rs, mcp, candidate,
sendok, mt->mt_nretries, 0 );
} else if ( candidate == META_TARGET_MULTIPLE ) {
Operation op2 = *op;
- SlapReply rs2 = { 0 };
+ SlapReply rs2 = { REP_RESULT };
slap_callback cb2 = { 0 };
int rc;
mc = NULL;
} else {
- if ( ( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
- || ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout ) )
+ if ( mc->mc_refcnt == 0 && (( mi->mi_conn_ttl != 0 && op->o_time > mc->mc_create_time + mi->mi_conn_ttl )
+ || ( mi->mi_idle_timeout != 0 && op->o_time > mc->mc_time + mi->mi_idle_timeout )) )
{
#if META_BACK_PRINT_CONNTREE > 0
meta_back_print_conntree( mi,
if ( i == cached
|| meta_back_is_candidate( mt, &op->o_req_ndn,
- LDAP_SCOPE_SUBTREE ) )
+ op->o_tag == LDAP_REQ_SEARCH ? op->ors_scope : LDAP_SCOPE_SUBTREE ) )
{
/*
done:;
ldap_pvt_thread_mutex_unlock( &mt->mt_quarantine_mutex );
}
-