LDAP_CONST char *host,
int port ));
+LIBLDAP_F( int )
+ldap_create LDAP_P((
+ LDAP **ldp ));
+
+LIBLDAP_F( int )
+ldap_initialize LDAP_P((
+ LDAP **ldp,
+ LDAP_CONST char *url ));
+
+LIBLDAP_F( int )
+ldap_start_tls LDAP_P((
+ LDAP *ld ));
/*
* in messages.c:
LIBLDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
LIBLDAP_F (int) ldap_pvt_tls_get_option LDAP_P(( struct ldapoptions *lo, int option, void *arg ));
LIBLDAP_F (int) ldap_pvt_tls_set_option LDAP_P(( struct ldapoptions *lo, int option, void *arg ));
+LIBLDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
+LIBLDAP_F (int) ldap_pvt_tls_start LDAP_P(( Sockbuf *sb, void *ctx_arg ));
LDAP_END_DECL
return LDAP_SUCCESS;
}
+int
+ldap_start_tls ( LDAP *ld )
+{
+ LDAPConn *lc;
+ int rc;
+ char *rspoid;
+ struct berval *rspdata;
+
+ if (ld->ld_conns == NULL) {
+ rc = ldap_open_defconn( ld );
+ if (rc != LDAP_SUCCESS)
+ return(rc);
+ }
+
+ for (lc = ld->ld_conns; lc != NULL; lc = lc->lconn_next) {
+ if (ldap_pvt_tls_inplace(lc->lconn_sb) != 0)
+ return LDAP_OPERATIONS_ERROR;
+ rc = ldap_extended_operation_s(ld, LDAP_EXOP_START_TLS,
+ NULL, NULL, NULL, &rspoid, &rspdata);
+ if (rc != LDAP_SUCCESS)
+ return rc;
+ rc = ldap_pvt_tls_start( lc->lconn_sb, ld->ld_options.ldo_tls_ctx );
+ if (rc != LDAP_SUCCESS)
+ return rc;
+ }
+ return LDAP_SUCCESS;
+}
+
int
open_ldap_connection( LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv,
char **krbinstancep, int async )
{
- int rc = -1;
- int port;
+ int rc = -1;
+ int port, tls;
long addr;
Debug( LDAP_DEBUG_TRACE, "open_ldap_connection\n", 0, 0, 0 );
ber_pvt_sb_set_io( sb, &ber_pvt_sb_io_tcp, NULL );
#ifdef HAVE_TLS
- if ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD
- || srv->lud_ldaps != 0 )
- {
- /*
- * Fortunately, the lib uses blocking io...
- */
- if ( ldap_pvt_tls_connect( sb, ld->ld_options.ldo_tls_ctx ) <
- 0 ) {
- return -1;
- }
- /* FIXME: hostname of server must be compared with name in
- * certificate....
- */
+ tls = srv->lud_ldaps;
+ if (tls == -1)
+ tls = ld->ld_options.ldo_tls_mode;
+ if ( tls != 0 ) {
+ rc = ldap_pvt_tls_start( sb, ld->ld_options.ldo_tls_ctx );
+ if (rc != LDAP_SUCCESS)
+ return rc;
}
#endif
if ( krbinstancep != NULL ) {
*c = '\0';
}
#else /* HAVE_KERBEROS */
- krbinstancep = NULL;
+ *krbinstancep = NULL;
#endif /* HAVE_KERBEROS */
}
return 0;
}
+int
+ldap_pvt_tls_inplace ( Sockbuf *sb )
+{
+ if ( HAS_TLS( sb ) )
+ return(1);
+ return(0);
+}
+
const char *
ldap_pvt_tls_get_peer( LDAP *ld )
{
return 0;
}
+int
+ldap_pvt_tls_start ( Sockbuf *sb, void *ctx_arg )
+{
+ /*
+ * Fortunately, the lib uses blocking io...
+ */
+ if ( ldap_pvt_tls_connect( sb, ctx_arg ) < 0 ) {
+ return LDAP_CONNECT_ERROR;
+ }
+
+ /* FIXME: hostname of server must be compared with name in
+ * certificate....
+ */
+
+ return LDAP_SUCCESS;
+}
+
+
static int
tls_setup( Sockbuf *sb, void *arg )
{
*p++ = 0;
ludp->lud_port = atoi(p);
}
- if (ludp->lud_port == LDAPS_PORT)
- ludp->lud_ldaps = 1; /* cheat */
+ ludp->lud_ldaps = -1; /* unknown (use TLS default) */
ludp->lud_next = *ludlist;
*ludlist = ludp;
}
p = s;
for (ludp = ludlist; ludp != NULL; ludp = ludp->lud_next) {
- p += sprintf(p, "ldap%s://%s", ludp->lud_ldaps ? "s" : "", ludp->lud_host);
+ p += sprintf(p, "ldap%s://%s", (ludp->lud_ldaps == 1) ? "s" : "", ludp->lud_host);
if (ludp->lud_port != 0)
p += sprintf(p, ":%d", ludp->lud_port);
*p++ = '/';
value.c ava.c bind.c unbind.c abandon.c filterentry.c \
phonetic.c acl.c str2filter.c aclparse.c init.c user.c \
repl.c lock.c controls.c extended.c kerberos.c passwd.c \
- schema.c schemaparse.c monitor.c configinfo.c \
+ schema.c schemaparse.c monitor.c configinfo.c starttls.c \
root_dse.c sasl.c module.c suffixalias.c $(@PLAT@_SRCS)
OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \
value.o ava.o bind.o unbind.o abandon.o filterentry.o \
phonetic.o acl.o str2filter.o aclparse.o init.o user.o \
repl.o lock.o controls.o extended.o kerberos.o passwd.o \
- schema.o schemaparse.o monitor.o configinfo.o \
+ schema.o schemaparse.o monitor.o configinfo.o starttls.o \
root_dse.o sasl.o module.o suffixalias.o $(@PLAT@_OBJS)
LDAP_INCDIR= ../../include
extop_list_t *supp_ext_list = NULL;
+/* this list of built-in extops is for extops that are not part
+ * of backends or in external modules. essentially, this is
+ * just a way to get built-in extops onto the extop list without
+ * having a separate init routine for each built-in extop.
+ */
+struct {
+ char *oid;
+ SLAP_EXTOP_MAIN_FN ext_main;
+} builtin_extops[] = {
+#ifdef HAVE_TLS
+ { LDAP_EXOP_START_TLS, starttls_extop },
+#endif
+ { NULL, NULL }
+ };
+
+
static extop_list_t *find_extop( extop_list_t *list, char *oid );
static int extop_callback(
return(0);
}
+int
+extops_init (void)
+{
+ int i;
+
+ for (i = 0; builtin_extops[i].oid != NULL; i++) {
+ load_extop(builtin_extops[i].oid, builtin_extops[i].ext_main);
+ }
+ return(0);
+}
+
+int
+extops_kill (void)
+{
+ extop_list_t *ext;
+
+ /* we allocated the memory, so we have to free it, too. */
+ while ((ext = supp_ext_list) != NULL) {
+ supp_ext_list = ext->next;
+ if (ext->oid != NULL)
+ ch_free(ext->oid);
+ ch_free(ext);
+ }
+ return(0);
+}
static extop_list_t *
find_extop( extop_list_t *list, char *oid )
}
#endif
+ extops_init();
+
#ifdef SLAPD_MODULES
if ( module_init() != 0 ) {
rc = 1;
module_kill();
#endif
+ extops_kill();
+
stop:
#ifdef HAVE_NT_EVENT_LOG
LogSlapdStoppedEvent( NTservice );
return 0;
}
-int load_null (const void *module, const char *file_name)
+int load_null_module (const void *module, const char *file_name)
{
return 0;
}
const char *file_name
)
{
- ext_main = module_resolve(module, "ext_main");
+ SLAP_EXTOP_MAIN_FN ext_main;
+ int (*ext_getoid)(int index, char *oid, int blen);
+ char *oid;
+ int rc;
+
+ ext_main = (SLAP_EXTOP_MAIN_FN)module_resolve(module, "ext_main");
if (ext_main == NULL) {
return(-1);
}
return(-1);
}
- return load_extop( ext_main, ext_getoid );
+ oid = ch_malloc(256);
+ rc = (ext_getoid)(0, oid, 256);
+ if (rc != 0) {
+ ch_free(oid);
+ return(rc);
+ }
+ if (*oid == 0) {
+ free(oid);
+ return(-1);
+ }
+
+ rc = load_extop( oid, ext_main );
+ free(oid);
+ return rc;
}
#endif /* SLAPD_EXTERNAL_EXTENSIONS */
#endif /* SLAPD_MODULES */
const char *ext_oid,
SLAP_EXTOP_MAIN_FN ext_main ));
+LIBSLAPD_F (int) extops_init LDAP_P(( void ));
+
+LIBSLAPD_F (int) extops_kill LDAP_P(( void ));
+
LIBSLAPD_F (char *) get_supported_extop LDAP_P((int index));
/*
LIBSLAPD_F (void) parse_oidm LDAP_P(( const char *fname, int lineno, int argc, char **argv ));
LIBSLAPD_F (char *) scherr2str LDAP_P((int code)) LDAP_GCCATTR((const));
LIBSLAPD_F (int) dscompare LDAP_P(( const char *s1, const char *s2del, char delim ));
+
+
+/*
+ * starttls.c
+ */
+
+LIBSLAPD_F (int) starttls_extop LDAP_P(( SLAP_EXTOP_CALLBACK_FN, Connection *conn, Operation *op, char * oid, struct berval * reqdata, struct berval ** rspdata, char ** text ));
+
+
/*
* str2filter.c
*/
../acl.o ../phonetic.o ../attr.o ../value.o ../entry.o \
../dn.o ../filter.o ../str2filter.o ../ava.o ../init.o \
../controls.o ../schemaparse.o ../kerberos.o ../passwd.o \
- ../extended.o
+ ../extended.o ../starttls.o
SLAPOBJS = $(SLAPD_OBJS) slapcommon.o mimic.o
projects / openldap / commitdiff