expose ldap_tls_inplace()

[openldap] / libraries / libldap / tls.c

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 3251a8b31cce5c0d08118813e9e2123c2f044b9b..4f7a08b9e6b580464314138595b14fa2c3acf778 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -713,6 +713,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
                ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
 
        } else {
+               struct ldapoptions *lo;
                void *ctx = ld->ld_defconn
                        ? ld->ld_defconn->lconn_tls_ctx : NULL;
 
@@ -728,8 +729,15 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
                        LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
 
                if( ctx == NULL ) {
+                       ctx = tls_def_ctx;
                        conn->lconn_tls_ctx = tls_def_ctx;
                }
+               lo = &ld->ld_options;
+               if ( lo->ldo_tls_connect_cb )
+                       lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
+               lo = LDAP_INT_GLOBAL_OPT();   
+               if ( lo && lo->ldo_tls_connect_cb )
+                       lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
        }
 
        err = SSL_connect( ssl );
@@ -819,6 +827,20 @@ ldap_pvt_tls_inplace ( Sockbuf *sb )
        return HAS_TLS( sb ) ? 1 : 0;
 }
 
+int
+ldap_tls_inplace( LDAP *ld )
+{
+       Sockbuf         *sb = NULL;
+       int             rc;
+
+       rc = ldap_get_option( ld, LDAP_OPT_SOCKBUF, (void *)&sb );
+       if ( rc != LDAP_SUCCESS || sb == NULL ) {
+               return 0;
+       }
+
+       return ldap_pvt_tls_inplace( sb );
+}
+
 static X509 *
 tls_get_cert( SSL *s )
 {
@@ -1201,6 +1223,12 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
                *(void **)arg = retval;
                break;
        }
+       case LDAP_OPT_X_TLS_CONNECT_CB:
+               *(LDAP_TLS_CONNECT_CB **)arg = lo->ldo_tls_connect_cb;
+               break;
+       case LDAP_OPT_X_TLS_CONNECT_ARG:
+               *(void **)arg = lo->ldo_tls_connect_arg;
+               break;
        default:
                return -1;
        }
@@ -1253,6 +1281,12 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
                        ld->ld_defconn->lconn_tls_ctx = arg;
                }
                return 0;
+       case LDAP_OPT_X_TLS_CONNECT_CB:
+               lo->ldo_tls_connect_cb = (LDAP_TLS_CONNECT_CB *)arg;
+               return 0;
+       case LDAP_OPT_X_TLS_CONNECT_ARG:
+               lo->ldo_tls_connect_arg = arg;
+               return 0;
        }
 
        if ( ld != NULL ) {
@@ -1631,14 +1665,39 @@ ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func,
 #endif
 }
 
+int
+ldap_start_tls( LDAP *ld,
+       LDAPControl **serverctrls,
+       LDAPControl **clientctrls,
+       int *msgidp )
+{
+       return ldap_extended_operation( ld, LDAP_EXOP_START_TLS,
+               NULL, serverctrls, clientctrls, msgidp );
+}
+
+int
+ldap_install_tls( LDAP *ld )
+{
+#ifndef HAVE_TLS
+       return LDAP_NOT_SUPPORTED;
+#else
+       if ( ld->ld_sb != NULL && ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) {
+               return LDAP_LOCAL_ERROR;
+       }
+
+       return ldap_int_tls_start( ld, ld->ld_defconn, NULL );
+#endif
+}
+
 int
 ldap_start_tls_s ( LDAP *ld,
        LDAPControl **serverctrls,
        LDAPControl **clientctrls )
 {
+#ifndef HAVE_TLS
+       return LDAP_NOT_SUPPORTED;
+#else
        int rc;
-
-#ifdef HAVE_TLS
        char *rspoid = NULL;
        struct berval *rspdata = NULL;
 
@@ -1663,9 +1722,7 @@ ldap_start_tls_s ( LDAP *ld,
                rc = ldap_int_tls_start( ld, ld->ld_defconn, NULL );
        }
 
-#else
-       rc = LDAP_NOT_SUPPORTED;
-#endif
        return rc;
+#endif
 }