Fix TLS/SSL validation after switch to ldap_init_fd

Add sockaddr_storage to sdap_service

Add sdap_call_conn_cb() to call add connection callback directly

Use name based URI instead of IP address based URIs

Use ldap_init_fd() instead of ldap_initialize() if available

Do not access state after tevent_req_done() is called.

Call ldap_install_tls() on ldaps connections

1 files changed, 38 insertions, 0 deletions

diff --git a/src/providers/ldap/sdap_fd_events.c b/src/providers/ldap/sdap_fd_events.c
index c3f9e118b..43c94ddbb 100644
--- a/src/providers/ldap/sdap_fd_events.c
+++ b/src/providers/ldap/sdap_fd_events.c
@@ -273,3 +273,41 @@ errno_t sdap_set_connected(struct sdap_handle *sh, struct tevent_context *ev)
 
     return ret;
 }
+
+errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh)
+{
+#ifdef HAVE_LDAP_CONNCB
+    int ret;
+    Sockbuf *sb;
+    LDAPURLDesc *lud;
+
+    sb = ber_sockbuf_alloc();
+    if (sb == NULL) {
+        DEBUG(1, ("ber_sockbuf_alloc failed.\n"));
+        return ENOMEM;
+    }
+
+    ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_SET_FD, &fd);
+    if (ret != 1) {
+        DEBUG(1, ("ber_sockbuf_ctrl failed.\n"));
+        return EFAULT;
+    }
+
+    ret = ldap_url_parse(uri, &lud);
+    if (ret != 0) {
+        ber_sockbuf_free(sb);
+        DEBUG(1, ("ber_sockbuf_ctrl failed.\n"));
+        return EFAULT;
+    }
+
+    ret = sdap_ldap_connect_callback_add(NULL, sb, lud, NULL,
+                                         sh->sdap_fd_events->conncb);
+
+    ldap_free_urldesc(lud);
+    ber_sockbuf_free(sb);
+    return ret;
+#else
+    DEBUG(9, ("LDAP connection callbacks are not supported.\n"));
+    return EOK;
+#endif
+}