X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fbind.c;h=09b23924d5f11d5313ac508e30c8350be7804559;hb=a0b5f5138b0888a019b7305de3ef2faf15907429;hp=2d1131f5aabb7e1f0b3442fa38843e9111932fae;hpb=c6e2a69f2722a540a36fd5bcfb43296b282997e5;p=openldap diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index 2d1131f5aa..09b23924d5 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -382,7 +382,6 @@ retry:; *is_tls = 0; } -error_return:; return rc; } #endif /* HAVE_TLS */ @@ -393,7 +392,9 @@ ldap_back_prepare_conn( struct ldapconn **lcp, Operation *op, SlapReply *rs, lda struct ldapinfo *li = (struct ldapinfo *)op->o_bd->be_private; int vers = op->o_protocol; LDAP *ld = NULL; +#ifdef HAVE_TLS int is_tls = op->o_conn->c_is_tls; +#endif /* HAVE_TLS */ assert( lcp != NULL ); @@ -428,7 +429,9 @@ ldap_back_prepare_conn( struct ldapconn **lcp, Operation *op, SlapReply *rs, lda } (*lcp)->lc_ld = ld; (*lcp)->lc_refcnt = 1; +#ifdef HAVE_TLS (*lcp)->lc_is_tls = is_tls; +#endif /* HAVE_TLS */ error_return:; if ( rs->sr_err != LDAP_SUCCESS ) { @@ -464,16 +467,28 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok ) lc_curr.lc_conn = op->o_conn; } else { - lc_curr.lc_conn = op->o_conn->c_is_tls ? - LDAP_BACK_PRIV_CONN_TLS : LDAP_BACK_PRIV_CONN; +#ifdef HAVE_TLS + if ( op->o_conn->c_is_tls ) { + lc_curr.lc_conn = LDAP_BACK_PRIV_CONN_TLS; + } else +#endif /* HAVE_TLS */ + { + lc_curr.lc_conn = LDAP_BACK_PRIV_CONN; + } } /* Internal searches are privileged and shared. So is root. */ /* FIXME: there seem to be concurrency issues */ if ( op->o_do_not_cache || be_isroot( op ) ) { lc_curr.lc_local_ndn = op->o_bd->be_rootndn; - lc_curr.lc_conn = op->o_conn->c_is_tls ? - LDAP_BACK_PRIV_CONN_TLS : LDAP_BACK_PRIV_CONN; +#ifdef HAVE_TLS + if ( op->o_conn->c_is_tls ) { + lc_curr.lc_conn = LDAP_BACK_PRIV_CONN_TLS; + } else +#endif /* HAVE_TLS */ + { + lc_curr.lc_conn = LDAP_BACK_PRIV_CONN; + } lc_curr.lc_ispriv = 1; } else { @@ -513,6 +528,7 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok ) } } +#ifdef HAVE_TLS /* if start TLS failed but it was not mandatory, * check if the non-TLS connection was already * in cache; in case, destroy the newly created @@ -537,6 +553,7 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok ) goto done; } } +#endif /* HAVE_TLS */ lc->lc_bound = 0;