static int
config_tls_option(ConfigArgs *c) {
int flag;
+ LDAP *ld = slap_tls_ld;
switch(c->type) {
- case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; break;
+ case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; ld = NULL; break;
case CFG_TLS_CIPHER: flag = LDAP_OPT_X_TLS_CIPHER_SUITE; break;
case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE; break;
case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break;
return 1;
}
if (c->op == SLAP_CONFIG_EMIT) {
- return ldap_pvt_tls_get_option( NULL, flag, &c->value_string );
+ return ldap_pvt_tls_get_option( ld, flag, &c->value_string );
} else if ( c->op == LDAP_MOD_DELETE ) {
- return ldap_pvt_tls_set_option( NULL, flag, NULL );
+ return ldap_pvt_tls_set_option( ld, flag, NULL );
}
ch_free(c->value_string);
- return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
+ return(ldap_pvt_tls_set_option(ld, flag, c->argv[1]));
}
/* FIXME: this ought to be provided by libldap */
return 1;
}
if (c->op == SLAP_CONFIG_EMIT) {
- ldap_pvt_tls_get_option( NULL, flag, &c->value_int );
+ ldap_pvt_tls_get_option( slap_tls_ld, flag, &c->value_int );
for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
if (keys[i].mask == c->value_int) {
c->value_string = ch_strdup( keys[i].word.bv_val );
return 1;
} else if ( c->op == LDAP_MOD_DELETE ) {
int i = 0;
- return ldap_pvt_tls_set_option( NULL, flag, &i );
+ return ldap_pvt_tls_set_option( slap_tls_ld, flag, &i );
}
ch_free( c->value_string );
if ( isdigit( (unsigned char)c->argv[1][0] ) ) {
c->log, c->argv[0], c->argv[1] );
return 1;
}
- return(ldap_pvt_tls_set_option(NULL, flag, &i));
+ return(ldap_pvt_tls_set_option(slap_tls_ld, flag, &i));
} else {
- return(ldap_int_tls_config(NULL, flag, c->argv[1]));
+ return(ldap_int_tls_config(slap_tls_ld, flag, c->argv[1]));
}
}
#endif
static int version = 0;
void *slap_tls_ctx;
+LDAP *slap_tls_ld;
#ifdef LOG_LOCAL4
#define DEFAULT_SYSLOG_USER LOG_LOCAL4
lutil_passwd_init();
slap_op_init();
+#ifdef HAVE_TLS
+ rc = ldap_create( &slap_tls_ld );
+ if ( rc ) {
+ SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
+ goto destroy;
+ }
+#endif
+
rc = slap_init( serverMode, serverName );
if ( rc ) {
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 18 );
}
{
- void *def_ctx = NULL;
-
- /* Save existing default ctx, if any */
- ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &def_ctx );
+ int opt = 1;
/* Force new ctx to be created */
- ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, NULL );
-
- rc = ldap_pvt_tls_init_def_ctx( 1 );
+ rc = ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
if( rc == 0 ) {
- ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
- /* Restore previous ctx */
- ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, def_ctx );
+ /* The ctx's refcount is bumped up here */
+ ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
load_extop( &slap_EXOP_START_TLS, 0, starttls_extop );
} else if ( rc != LDAP_NOT_SUPPORTED ) {
Debug( LDAP_DEBUG_ANY,
lutil_passwd_destroy();
#ifdef HAVE_TLS
+ /* Setting it to itself decreases refcount, allowing it to be freed
+ * when the LD is freed.
+ */
+ ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, slap_tls_ctx );
+ ldap_ld_free( slap_tls_ld, 0, NULL, NULL );
ldap_pvt_tls_destroy();
#endif
projects / openldap / commitdiff