void krb5_ldap_put_handle_to_pool(krb5_ldap_context *ldap_context, krb5_ldap_server_handle *ldap_server_handle) { if (ldap_server_handle != NULL) { HNDL_LOCK(ldap_context); krb5_put_ldap_handle(ldap_server_handle); HNDL_UNLOCK(ldap_context); } return; }
krb5_error_code krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ctx) { krb5_error_code ret; int i, version = LDAP_VERSION3; unsigned int conns; krb5_ldap_server_info *info; struct timeval local_timelimit = { 10, 0 }; ret = validate_context(context, ctx); if (ret) return ret; #ifdef LDAP_OPT_DEBUG_LEVEL ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ctx->ldap_debug); #endif ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version); #ifdef LDAP_OPT_NETWORK_TIMEOUT ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &local_timelimit); #elif defined LDAP_X_OPT_CONNECT_TIMEOUT ldap_set_option(NULL, LDAP_X_OPT_CONNECT_TIMEOUT, &local_timelimit); #endif HNDL_LOCK(ctx); for (i = 0; ctx->server_info_list[i] != NULL; i++) { info = ctx->server_info_list[i]; if (info->server_status == NOTSET) { krb5_clear_error_message(context); #ifdef LDAP_MOD_INCREMENT info->modify_increment = has_modify_increment(context, info->server_name); #else info->modify_increment = 0; #endif for (conns = 0; conns < ctx->max_server_conns; conns++) { ret = initialize_server(ctx, info); if (ret) break; } /* If we opened a connection, don't try any more servers. */ if (info->server_status == ON) break; } } HNDL_UNLOCK(ctx); return ret; }
krb5_error_code krb5_ldap_request_handle_from_pool(krb5_ldap_context *ldap_context, krb5_ldap_server_handle ** ldap_server_handle) { krb5_error_code st=0; *ldap_server_handle = NULL; HNDL_LOCK(ldap_context); if (((*ldap_server_handle)=krb5_get_ldap_handle(ldap_context)) == NULL) (*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st); HNDL_UNLOCK(ldap_context); return st; }
krb5_error_code krb5_ldap_request_next_handle_from_pool(krb5_ldap_context *ldap_context, krb5_ldap_server_handle ** ldap_server_handle) { krb5_error_code st=0; HNDL_LOCK(ldap_context); (*ldap_server_handle)->server_info->server_status = OFF; time(&(*ldap_server_handle)->server_info->downtime); krb5_put_ldap_handle(*ldap_server_handle); krb5_ldap_cleanup_handles((*ldap_server_handle)->server_info); if (((*ldap_server_handle)=krb5_get_ldap_handle(ldap_context)) == NULL) (*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st); HNDL_UNLOCK(ldap_context); return st; }
krb5_error_code krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context) { krb5_error_code st=0; krb5_boolean sasl_mech_supported=TRUE; int cnt=0, version=LDAP_VERSION3; struct timeval local_timelimit = {10,0}; if ((st=krb5_validate_ldap_context(context, ldap_context)) != 0) goto err_out; ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version); #ifdef LDAP_OPT_NETWORK_TIMEOUT ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &local_timelimit); #elif defined LDAP_X_OPT_CONNECT_TIMEOUT ldap_set_option(NULL, LDAP_X_OPT_CONNECT_TIMEOUT, &local_timelimit); #endif st = HNDL_LOCK(ldap_context); if (st) return st; while (ldap_context->server_info_list[cnt] != NULL) { krb5_ldap_server_info *server_info=NULL; server_info = ldap_context->server_info_list[cnt]; if (server_info->server_status == NOTSET) { unsigned int conns=0; /* * Check if the server has to perform certificate-based authentication */ if (ldap_context->service_cert_path != NULL) { /* Find out if the server supports SASL EXTERNAL mechanism */ if (has_sasl_external_mech(context, server_info->server_name) == 1) { cnt++; sasl_mech_supported = FALSE; continue; /* Check the next LDAP server */ } sasl_mech_supported = TRUE; } krb5_clear_error_message(context); #ifdef LDAP_MOD_INCREMENT server_info->modify_increment = (has_modify_increment(context, server_info->server_name) == 0); #else server_info->modify_increment = 0; #endif /* LDAP_MOD_INCREMENT */ for (conns=0; conns < ldap_context->max_server_conns; ++conns) { if ((st=krb5_ldap_initialize(ldap_context, server_info)) != 0) break; } /* for (conn= ... */ if (server_info->server_status == ON) break; /* server init successful, so break */ } ++cnt; } HNDL_UNLOCK(ldap_context); err_out: if (sasl_mech_supported == FALSE) { st = KRB5_KDB_ACCESS_ERROR; krb5_set_error_message (context, st, _("Certificate based authentication requested " "but not supported by LDAP servers")); } return (st); }