}
-/*
- * ldap_init - initialize the LDAP library. A magic cookie to be used for
- * future communication is returned on success, NULL on failure.
- * "host" may be a space-separated list of hosts or IP addresses
- *
- * Example:
- * LDAP *ld;
- * ld = ldap_open( host, port );
- */
-LDAP *
-ldap_init( LDAP_CONST char *defhost, int defport )
-{
- LDAP *ld;
- int rc;
-
- rc = ldap_create(&ld);
- if ( rc != LDAP_SUCCESS )
- return NULL;
-
- if (defport != 0)
- ld->ld_options.ldo_defport = defport;
-
- if (defhost != NULL) {
- rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, defhost);
- if ( rc != LDAP_SUCCESS ) {
- ldap_ld_free(ld, 1, NULL, NULL);
- return NULL;
- }
- }
-
- return( ld );
-}
int
ldap_create( LDAP **ldp )
return LDAP_SUCCESS;
}
+/*
+ * ldap_init - initialize the LDAP library. A magic cookie to be used for
+ * future communication is returned on success, NULL on failure.
+ * "host" may be a space-separated list of hosts or IP addresses
+ *
+ * Example:
+ * LDAP *ld;
+ * ld = ldap_open( host, port );
+ */
+LDAP *
+ldap_init( LDAP_CONST char *defhost, int defport )
+{
+ LDAP *ld;
+ int rc;
+
+ rc = ldap_create(&ld);
+ if ( rc != LDAP_SUCCESS )
+ return NULL;
+
+ if (defport != 0)
+ ld->ld_options.ldo_defport = defport;
+
+ if (defhost != NULL) {
+ rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, defhost);
+ if ( rc != LDAP_SUCCESS ) {
+ ldap_ld_free(ld, 1, NULL, NULL);
+ return NULL;
+ }
+ }
+
+ return( ld );
+}
+
+
int
ldap_initialize( LDAP **ldp, LDAP_CONST char *url )
{
return LDAP_SUCCESS;
}
+int
+ldap_start_tls ( LDAP *ld,
+ LDAPControl **serverctrls,
+ LDAPControl **clientctrls )
+{
+#ifdef HAVE_TLS
+ LDAPConn *lc;
+ int rc;
+ char *rspoid;
+ struct berval *rspdata;
+
+ if (ld->ld_conns == NULL) {
+ rc = ldap_open_defconn( ld );
+ if (rc != LDAP_SUCCESS)
+ return(rc);
+ }
+
+ for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) {
+ if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0)
+ return LDAP_OPERATIONS_ERROR;
+ rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS,
+ NULL, serverctrls, clientctrls, &rspoid, &rspdata);
+ if (rc != LDAP_SUCCESS)
+ return rc;
+ rc = ldap_pvt_tls_start( lc->lconn_sb, ld->ld_options.ldo_tls_ctx );
+ if (rc != LDAP_SUCCESS)
+ return rc;
+ }
+ return LDAP_SUCCESS;
+#else
+ return LDAP_NOT_SUPPORTED;
+#endif
+}
+
int
open_ldap_connection( LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv,
char **krbinstancep, int async )
{
- int rc = -1;
- int port;
+ int rc = -1;
+ int port, tls;
long addr;
Debug( LDAP_DEBUG_TRACE, "open_ldap_connection\n", 0, 0, 0 );
ber_pvt_sb_set_io( sb, &ber_pvt_sb_io_tcp, NULL );
#ifdef HAVE_TLS
- if ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD
- || srv->lud_ldaps != 0 )
- {
- /*
- * Fortunately, the lib uses blocking io...
- */
- if ( ldap_pvt_tls_connect( sb, ld->ld_options.ldo_tls_ctx ) <
- 0 ) {
- return -1;
- }
- /* FIXME: hostname of server must be compared with name in
- * certificate....
- */
+ tls = srv->lud_ldaps;
+ if (tls == -1)
+ tls = ld->ld_options.ldo_tls_mode;
+ if ( tls != 0 ) {
+ rc = ldap_pvt_tls_start( sb, ld->ld_options.ldo_tls_ctx );
+ if (rc != LDAP_SUCCESS)
+ return rc;
}
#endif
if ( krbinstancep != NULL ) {
*c = '\0';
}
#else /* HAVE_KERBEROS */
- krbinstancep = NULL;
+ *krbinstancep = NULL;
#endif /* HAVE_KERBEROS */
}