int count;
} rlm_ldap_result_t;
-#define LDAP_PROC_SUCCESS 0
-#define LDAP_PROC_ERROR -1
-#define LDAP_PROC_RETRY -2
-#define LDAP_PROC_REJECT -3
-
-static int process_ldap_errno(ldap_instance *inst, LDAP_CONN **pconn,
+typedef enum {
+ LDAP_PROC_SUCCESS = 0,
+ LDAP_PROC_ERROR = -1,
+ LDAP_PROC_RETRY = -2,
+ LDAP_PROC_REJECT = -3
+} ldap_rcode_t;
+
+static ldap_rcode_t process_ldap_errno(ldap_instance *inst, LDAP_CONN **pconn,
const char *operation)
{
- int ldap_errno;
+ int ldap_errno;
ldap_get_option((*pconn)->handle, LDAP_OPT_ERROR_NUMBER,
&ldap_errno);
case LDAP_NO_SUCH_OBJECT:
return LDAP_PROC_SUCCESS;
- case LDAP_SERVER_DOWN:
- do_reconnect:
- *pconn = fr_connection_reconnect(inst->pool, *pconn);
- if (!*pconn) return -1;
- return LDAP_PROC_RETRY;
-
case LDAP_INSUFFICIENT_ACCESS:
radlog(L_ERR, "rlm_ldap (%s): %s failed: Insufficient access. "
"Check the identity and password configuration "
*/
radlog(L_ERR, "rlm_ldap (%s): %s failed: %s",
inst->xlat_name, operation, ldap_err2string(ldap_errno));
- goto do_reconnect;
+ case LDAP_SERVER_DOWN:
+ return LDAP_PROC_RETRY;
case LDAP_INVALID_CREDENTIALS:
case LDAP_CONSTRAINT_VIOLATION:
LDAPMessage *result = NULL;
struct timeval tv;
-bind:
+retry:
msg_id = ldap_bind(conn->handle, user, password, LDAP_AUTH_SIMPLE);
if (msg_id < 0) goto get_error;
break;
case LDAP_PROC_RETRY:
- if (retry) goto bind;
+ if (retry) {
+ *pconn = fr_connection_reconnect(inst->pool, *pconn);
+ if (*pconn) goto retry;
+ }
module_rcode = RLM_MODULE_FAIL;
break;
do_ldap_option(LDAP_OPT_REFERRALS, "chase_referrals",
LDAP_OPT_ON);
-#if LDAP_SET_REBIND_PROC_ARGS == 3
if (inst->rebind == 1) {
+#if LDAP_SET_REBIND_PROC_ARGS == 3
ldap_set_rebind_proc(handle, ldap_rebind, inst);
- }
+#else
+ DEBUGW("The flag 'rebind = yes' is not supported by the system LDAP library. Ignoring.");
#endif
+ }
} else {
do_ldap_option(LDAP_OPT_REFERRALS, "chase_referrals",
LDAP_OPT_OFF);
}
#endif /* HAVE_LDAP_START_TLS */
- conn = rad_malloc(sizeof(*conn));
+ conn = talloc(NULL, LDAP_CONN);
conn->inst = inst;
conn->handle = handle;
conn->rebound = FALSE;
LDAP_CONN *conn = connection;
ldap_unbind_s(conn->handle);
- free(conn);
+ talloc_free(conn);
return 0;
}
{
int ldap_errno;
int count = 0;
- LDAP_CONN *conn = *pconn;
struct timeval tv;
/*
/*
* Do all searches as the default admin user.
*/
- if (conn->rebound) {
+ if ((*pconn)->rebound) {
ldap_errno = ldap_bind_wrapper(pconn, inst->login,
inst->password, TRUE);
if (ldap_errno != RLM_MODULE_OK) {
return -1;
}
- rad_assert(*pconn != NULL);
- conn = *pconn;
- conn->rebound = FALSE;
+ rad_assert(*pconn);
+ (*pconn)->rebound = FALSE;
}
tv.tv_sec = inst->timeout;
filter);
retry:
- ldap_errno = ldap_search_ext_s(conn->handle, search_basedn, scope,
+ ldap_errno = ldap_search_ext_s((*pconn)->handle, search_basedn, scope,
filter, search_attrs, 0, NULL, NULL,
&tv, 0, presult);
if (ldap_errno != LDAP_SUCCESS) {
case LDAP_PROC_ERROR:
return -1;
case LDAP_PROC_RETRY:
- conn = *pconn;
- goto retry;
+ *pconn = fr_connection_reconnect(inst->pool, *pconn);
+ if (*pconn) goto retry;
+ return -1;
default:
rad_assert(0);
}
}
- count = ldap_count_entries(conn->handle, *presult);
+ count = ldap_count_entries((*pconn)->handle, *presult);
if (count == 0) {
ldap_msgfree(*presult);
RDEBUG("Search returned no results");