sdap_get_generic_ext_send: check if we a re still connected

At the beginning of a LDAP request we check if we are connecte and have
a valid sdap handle. But for some requests more than one LDAP operation,
typically a search, is needed. Due to the asynchronous handling of LDAP
request it might be possible that a second request might detect a server
error and close the connection while the first request just finished one
LDAP search and wants to start a new LDAP search.

This patch tries to make sure that there is a valid sdap handle before
sending a LDAP search to the server.

Fixes https://fedorahosted.org/sssd/ticket/2126

1 files changed, 7 insertions, 0 deletions

diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 09275dd65..f5cc962b3 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -1167,6 +1167,13 @@ sdap_get_generic_ext_send(TALLOC_CTX *memctx,
     state->cb_data = cb_data;
     state->clientctrls = clientctrls;
 
+    if (state->sh == NULL || state->sh->ldap == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              ("Trying LDAP search while not connected.\n"));
+        tevent_req_error(req, EIO);
+        tevent_req_post(req, ev);
+        return req;
+    }
 
     /* Be extra careful and never allow paging for BASE searches,
      * even if requested.