X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fstarttls.c;h=dd649f36fe6d8b52da7040273c518fa4ab9b24f7;hb=e841247c9086053d774d66e4fbb058d0ead706b2;hp=95dc4bbd2a36ad929401addaa34d0f2466b21b71;hpb=d23313a06862d599f45c1bbb3160974231b39157;p=openldap
diff --git a/servers/slapd/starttls.c b/servers/slapd/starttls.c
index 95dc4bbd2a..dd649f36fe 100644
--- a/servers/slapd/starttls.c
+++ b/servers/slapd/starttls.c
@@ -1,107 +1,107 @@
/* $OpenLDAP$ */
-/*
- * Copyright 1999-2000 The OpenLDAP Foundation.
+/* This work is part of OpenLDAP Software .
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
* All rights reserved.
*
- * Redistribution and use in source and binary forms are permitted only
- * as authorized by the OpenLDAP Public License. A copy of this
- * license is available at http://www.OpenLDAP.org/license.html or
- * in file LICENSE in the top-level directory of the distribution.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
*/
#include "portable.h"
#include
#include
-
-#include
+#include
#include "slap.h"
+#include "lber_pvt.h"
-#ifdef HAVE_TLS
+const struct berval slap_EXOP_START_TLS = BER_BVC(LDAP_EXOP_START_TLS);
+#ifdef HAVE_TLS
int
-starttls_extop (
- Connection *conn,
- Operation *op,
- const char * reqoid,
- struct berval * reqdata,
- char ** rspoid,
- struct berval ** rspdata,
- LDAPControl ***rspctrls,
- const char ** text,
- struct berval *** refs )
+starttls_extop ( Operation *op, SlapReply *rs )
{
- void *ctx;
int rc;
- if ( reqdata != NULL ) {
+ Statslog( LDAP_DEBUG_STATS, "%s STARTTLS\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
+
+ if ( op->ore_reqdata != NULL ) {
/* no request data should be provided */
- *text = "no request data expected";
+ rs->sr_text = "no request data expected";
return LDAP_PROTOCOL_ERROR;
}
/* acquire connection lock */
- ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+ ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
/* can't start TLS if it is already started */
- if (conn->c_is_tls != 0) {
- *text = "TLS already started";
+ if (op->o_conn->c_is_tls != 0) {
+ rs->sr_text = "TLS already started";
rc = LDAP_OPERATIONS_ERROR;
goto done;
}
/* can't start TLS if there are other op's around */
- if (( conn->c_ops != NULL &&
- (conn->c_ops != op || op->o_next != NULL)) ||
- ( conn->c_pending_ops != NULL))
+ if (( !LDAP_STAILQ_EMPTY(&op->o_conn->c_ops) &&
+ (LDAP_STAILQ_FIRST(&op->o_conn->c_ops) != op ||
+ LDAP_STAILQ_NEXT(op, o_next) != NULL)) ||
+ ( !LDAP_STAILQ_EMPTY(&op->o_conn->c_pending_ops) ))
{
- *text = "cannot start TLS when operations our outstanding";
+ rs->sr_text = "cannot start TLS when operations are outstanding";
rc = LDAP_OPERATIONS_ERROR;
goto done;
}
if ( !( global_disallows & SLAP_DISALLOW_TLS_2_ANON ) &&
- ( conn->c_dn != NULL ) )
+ ( op->o_conn->c_dn.bv_len != 0 ) )
{
+ Statslog( LDAP_DEBUG_STATS,
+ "%s AUTHZ anonymous mech=starttls ssf=0\n",
+ op->o_log_prefix, 0, 0, 0, 0 );
+
/* force to anonymous */
- connection2anonymous( conn );
+ connection2anonymous( op->o_conn );
}
if ( ( global_disallows & SLAP_DISALLOW_TLS_AUTHC ) &&
- ( conn->c_dn != NULL ) )
+ ( op->o_conn->c_dn.bv_len != 0 ) )
{
- *text = "cannot start TLS after authentication";
+ rs->sr_text = "cannot start TLS after authentication";
rc = LDAP_OPERATIONS_ERROR;
goto done;
}
/* fail if TLS could not be initialized */
- if (ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &ctx ) != 0
- || ctx == NULL)
- {
+ if ( slap_tls_ctx == NULL ) {
if (default_referral != NULL) {
/* caller will put the referral in the result */
rc = LDAP_REFERRAL;
goto done;
}
- *text = "Could not initialize TLS";
+ rs->sr_text = "Could not initialize TLS";
rc = LDAP_UNAVAILABLE;
goto done;
}
- conn->c_is_tls = 1;
- conn->c_needs_tls_accept = 1;
+ op->o_conn->c_is_tls = 1;
+ op->o_conn->c_needs_tls_accept = 1;
rc = LDAP_SUCCESS;
done:
/* give up connection lock */
- ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+ ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
- /*
- * RACE CONDITION: we give up lock before sending result
+ /* FIXME: RACE CONDITION! we give up lock before sending result
* Should be resolved by reworking connection state, not
* by moving send here (so as to ensure proper TLS sequencing)
*/