]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e0e7e98)
Start TLS extension: check that TLS was inited successfully, return default referral...
authorMark Valence <mrv@openldap.org>
Fri, 10 Dec 1999 19:18:33 +0000 (19:18 +0000)
committerMark Valence <mrv@openldap.org>
Fri, 10 Dec 1999 19:18:33 +0000 (19:18 +0000)
libraries/libldap/tls.c patch | blob | history
servers/slapd/extended.c patch | blob | history
servers/slapd/proto-slap.h patch | blob | history
servers/slapd/result.c patch | blob | history
servers/slapd/starttls.c patch | blob | history
servers/slapd/tools/mimic.c patch | blob | history

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index bad5312c5caa6f74010aba24c5edd18f66215b35..ba0a9e69474091dae2251d4940ca57bf8b6526d8 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -110,6 +110,7 @@ ldap_pvt_tls_init( void )
 
        if ( tls_initialized )
                return -1;
+       tls_initialized = 1;
 #ifdef LDAP_R_COMPILE
        tls_init_threads();
 #endif
@@ -211,6 +212,10 @@ ldap_pvt_tls_init_def_ctx( void )
 #endif
        return 0;
 error_exit:
+       if ( tls_def_ctx != NULL ) {
+               SSL_CTX_free( tls_def_ctx );
+               tls_def_ctx = NULL;
+       }
 #ifdef LDAP_R_COMPILE
        ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
 #endif
diff --git a/servers/slapd/extended.c b/servers/slapd/extended.c
index f907dc808d677deb2804d02e0dd383d9996eb845..d3db89e29b89bbec8ddd7c88aecda338f1d44ce9 100644 (file)
--- a/servers/slapd/extended.c
+++ b/servers/slapd/extended.c
@@ -92,6 +92,7 @@ do_extended(
        ber_len_t len;
        extop_list_t *ext;
        char *text;
+       struct berval **refs;
        struct berval *rspdata;
        LDAPControl **rspctrls;
 
@@ -152,8 +153,12 @@ do_extended(
                oid, reqdata, &rspdata, &rspctrls, &text );
 
        if( rc != SLAPD_ABANDON ) {
+               refs = NULL;
+               if (rc == LDAP_REFERRAL)
+                       refs = default_referral;
+
                send_ldap_extended( conn, op, rc, NULL, text,
-                       oid, rspdata, rspctrls );
+                       refs, oid, rspdata, rspctrls );
        }
 
        if ( rspdata != NULL )
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index fe4dc39f5dd92870c7525064d9d73cf93c4b35ab..3b977a22c039fd7c7dfa40b725277da2c5ab0a9a 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -387,7 +387,7 @@ LIBSLAPD_F (void) send_ldap_disconnect LDAP_P((
 LIBSLAPD_F (void) send_ldap_extended LDAP_P((
        Connection *conn, Operation *op,
        ber_int_t err, const char *matched,
-       const char *text,
+       const char *text, struct berval **refs,
        char *rspoid, struct berval *rspdata,
        LDAPControl **ctrls ));
 
diff --git a/servers/slapd/result.c b/servers/slapd/result.c
index 204ba41db1e7035e1a11a10db77c11a4a123e64c..ad3c065ddf33803a12151dd725cc0dcafc93b8c6 100644 (file)
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -493,6 +493,7 @@ send_ldap_extended(
     ber_int_t  err,
     const char *matched,
     const char *text,
+    struct berval **refs,
     char               *rspoid,
        struct berval *rspdata,
        LDAPControl **ctrls
@@ -522,7 +523,7 @@ send_ldap_extended(
 #endif
 
        send_ldap_response( conn, op, tag, msgid,
-               err, matched, text, NULL,
+               err, matched, text, refs,
                rspoid, rspdata, NULL, ctrls );
 }
 
diff --git a/servers/slapd/starttls.c b/servers/slapd/starttls.c
index 410e450733ce0e3473d42cf0de0fe5e6fe309a82..35767fae392faf530c6d5bc254cd6c12e357e4fd 100644 (file)
--- a/servers/slapd/starttls.c
+++ b/servers/slapd/starttls.c
@@ -29,6 +29,8 @@ starttls_extop (
        LDAPControl ***rspctrls,
        char ** text )
 {
+       void *ctx;
+
        if ( reqdata != NULL ) {
                /* no request data should be provided */
                return LDAP_PROTOCOL_ERROR;
@@ -38,6 +40,17 @@ starttls_extop (
        if (conn->c_is_tls != 0)
                return(LDAP_OPERATIONS_ERROR);
 
+       /* fail if TLS could not be initialized */
+       if (ldap_pvt_tls_get_option(NULL, LDAP_OPT_X_TLS_CERT, &ctx) != 0
+               || ctx == NULL)
+       {
+               if (default_referral != NULL) {
+                       /* caller will put the referral into the result */
+                       return(LDAP_REFERRAL);
+               }
+               return(LDAP_UNAVAILABLE);
+       }
+
        /* can't start TLS if there are other op's around */
        if (conn->c_ops != NULL) {
                if (conn->c_ops != op || op->o_next != NULL)
@@ -48,19 +61,6 @@ starttls_extop (
                        return(LDAP_OPERATIONS_ERROR);
        }
 
-       /* here's some pseudo-code if HAVE_TLS is defined
-        * but for some reason TLS is not available.
-        */
-       /*
-               if (tls not really supported) {
-                       if (referral exists) {
-                               // caller will need to put the referral into the result
-                               return(LDAP_REFERRAL);
-                       }
-                       return(LDAP_UNAVAILABLE);
-               }
-       */
-
     conn->c_is_tls = 1;
     conn->c_needs_tls_accept = 1;
 
diff --git a/servers/slapd/tools/mimic.c b/servers/slapd/tools/mimic.c
index a3a7d603090e793b38d15b9310adff232f71308d..f1e1a51521e1e1879a70d1b049036684f4fe0951 100644 (file)
--- a/servers/slapd/tools/mimic.c
+++ b/servers/slapd/tools/mimic.c
@@ -46,6 +46,7 @@ send_ldap_extended(
     ber_int_t  err,
     const char *matched,
     const char *text,
+       struct berval **refs,
     char       *rspoid,
        struct berval *rspdata,
        LDAPControl **ctrls
Cloned from git://git.openldap.org/openldap.git