#define LDAP_OPT_URI 0x5006
/* OpenLDAP TLS options */
-#define LDAP_OPT_X_TLS_CACERTFILE 0x6001
-#define LDAP_OPT_X_TLS_CACERTDIR 0x6002
-#define LDAP_OPT_X_TLS_CERT 0x6003
+#define LDAP_OPT_X_TLS 0x6000
+#define LDAP_OPT_X_TLS_CTX 0x6001 /* SSL CTX */
+#define LDAP_OPT_X_TLS_CACERTFILE 0x6002
+#define LDAP_OPT_X_TLS_CACERTDIR 0x6003
#define LDAP_OPT_X_TLS_CERTFILE 0x6004
#define LDAP_OPT_X_TLS_KEYFILE 0x6005
#define LDAP_OPT_X_TLS_REQUIRE_CERT 0x6006
-#define LDAP_OPT_X_TLS 0x6007
-#define LDAP_OPT_X_TLS_PROTOCOL 0x6008
-#define LDAP_OPT_X_TLS_CIPHER_SUITE 0x6009
-#define LDAP_OPT_X_TLS_RANDOM_FILE 0x600a
+#define LDAP_OPT_X_TLS_PROTOCOL 0x6007
+#define LDAP_OPT_X_TLS_CIPHER_SUITE 0x6008
+#define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009
#define LDAP_OPT_X_TLS_NEVER 0
#define LDAP_OPT_X_TLS_HARD 1
#define LDAP_PVT_SASL_LOCAL_SSF 71 /* SSF for Unix Domain Sockets */
struct ldap;
+
LDAP_F (int) ldap_open_internal_connection LDAP_P((
struct ldap **ldp, ber_socket_t *fdp ));
ldap_pvt_str2lower LDAP_P(( char *str ));
/* tls.c */
-struct ldapoptions;
-struct ldap;
-
LDAP_F (int) ldap_pvt_tls_init LDAP_P(( void ));
-LDAP_F (int) ldap_pvt_tls_connect LDAP_P(( struct ldap *ld, Sockbuf *sb, void *ctx_arg ));
+LDAP_F (int) ldap_pvt_tls_connect LDAP_P(( struct ldap *ld,
+ Sockbuf *sb, void *ctx_arg ));
LDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
LDAP_F (void *) ldap_pvt_tls_sb_handle LDAP_P(( Sockbuf *sb ));
LDAP_F (void *) ldap_pvt_tls_get_handle LDAP_P(( struct ldap *ld ));
LDAP_F (char *) ldap_pvt_tls_get_peer_dn LDAP_P(( void *handle ));
LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *handle ));
LDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
-LDAP_F (int) ldap_pvt_tls_start LDAP_P(( struct ldap *ld, Sockbuf *sb, void *ctx_arg ));
-
-LDAP_F (int) ldap_pvt_tls_get_option LDAP_P(( struct ldapoptions *lo, int option, void *arg ));
-LDAP_F (int) ldap_pvt_tls_set_option LDAP_P(( struct ldapoptions *lo, int option, void *arg ));
+LDAP_F (int) ldap_pvt_tls_start LDAP_P(( struct ldap *ld,
+ Sockbuf *sb, void *ctx_arg ));
+LDAP_F (int) ldap_pvt_tls_get_option LDAP_P(( struct ldap *ld,
+ int option, void *arg ));
+LDAP_F (int) ldap_pvt_tls_set_option LDAP_P(( struct ldap *ld,
+ int option, void *arg ));
LDAP_END_DECL
return ld->ld_errno;
}
- Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: %s\n",
+ Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_open: host=%s\n",
host, 0, 0 );
lc->lconn_sasl_ctx = ctx;
SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS;
#endif
-#ifdef HAVE_TLS
- gopts->ldo_tls_ctx = NULL;
-#endif
-
gopts->ldo_valid = LDAP_INITIALIZED;
-
return;
}
ber_int_t ldo_timelimit;
ber_int_t ldo_sizelimit;
+#ifdef HAVE_TLS
+ int ldo_tls_mode;
+#endif
+
LDAPURLDesc *ldo_defludp;
int ldo_defport;
char* ldo_defbase;
LDAP_REBIND_PROC *ldo_rebind_proc;
void *ldo_rebind_params;
-#ifdef HAVE_TLS
- /* tls context */
- void *ldo_tls_ctx;
- int ldo_tls_mode;
-#endif
LDAP_BOOLEANS ldo_booleans; /* boolean options */
};
-/*
- * structure for tracking LDAP server host, ports, DNs, etc.
- */
-typedef struct ldap_server {
- char *lsrv_host;
- char *lsrv_dn; /* if NULL, use default */
- int lsrv_port;
- struct ldap_server *lsrv_next;
-} LDAPServer;
-
-
/*
* structure for representing an LDAP server connection
*/
typedef struct ldap_conn {
Sockbuf *lconn_sb;
+#ifdef HAVE_TLS
+ /* tls context */
+ void *lconn_tls_ctx;
+#endif
+#ifdef HAVE_CYRUS_SASL
void *lconn_sasl_ctx;
+#endif
int lconn_refcnt;
time_t lconn_lastused; /* time */
int lconn_rebind_inprogress; /* set if rebind in progress */
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
char *lconn_krbinstance;
#endif
+ BerElement *lconn_ber; /* ber receiving on this conn. */
+
struct ldap_conn *lconn_next;
- BerElement *lconn_ber;/* ber receiving on this conn. */
} LDAPConn;
#define ld_version ld_options.ldo_version
- char *ld_host;
- int ld_port;
-
unsigned short ld_lberoptions;
ber_int_t ld_errno;
int proto, const char *host, unsigned long address, int port,
int async );
-#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) || defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
+#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) || \
+ defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
LDAP_V (char *) ldap_int_hostname;
LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb );
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
+#endif
LDAP_F (void) ldap_int_ip_init( void );
LDAP_F (int) do_ldap_select( LDAP *ld, struct timeval *timeout );
int option, const char *arg ));
LDAP_F (int) ldap_int_sasl_bind LDAP_P((
- struct ldap *ld,
+ LDAP *ld,
const char *,
const char *,
LDAPControl **, LDAPControl **,
/*
* in tls.c
*/
-LDAP_F (int) ldap_int_tls_config LDAP_P(( struct ldapoptions *lo, int option, const char *arg ));
+LDAP_F (int) ldap_int_tls_config LDAP_P(( LDAP *ld,
+ int option, const char *arg ));
LDAP_END_DECL
int rc;
LDAP *ld;
- Debug( LDAP_DEBUG_TRACE, "ldap_open\n", 0, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "ldap_open(%s, %d)\n",
+ host, port, 0 );
- if (( ld = ldap_init( host, port )) == NULL ) {
+ ld = ldap_init( host, port );
+ if ( ld == NULL ) {
return( NULL );
}
if( rc < 0 ) {
ldap_ld_free( ld, 0, NULL, NULL );
- return( NULL );
+ ld = NULL;
}
- Debug( LDAP_DEBUG_TRACE, "ldap_open successful, ld_host is %s\n",
- ( ld->ld_host == NULL ) ? "(null)" : ld->ld_host, 0, 0 );
+ Debug( LDAP_DEBUG_TRACE, "ldap_open: %s\n",
+ ld == NULL ? "succeeded" : "failed", 0, 0 );
- return( ld );
+ return ld;
}
ld->ld_defconn = conn;
rc = ldap_pvt_tls_start( ld, conn->lconn_sb,
- ld->ld_options.ldo_tls_ctx );
+ conn->lconn_tls_ctx );
ld->ld_defconn = savedefconn;
--conn->lconn_refcnt;
default:
#ifdef HAVE_TLS
- if ( ldap_pvt_tls_get_option((struct ldapoptions *)lo, option, outvalue ) == 0 )
- return LDAP_OPT_SUCCESS;
+ if ( ldap_pvt_tls_get_option( ld, option, outvalue ) == 0 ) {
+ return LDAP_OPT_SUCCESS;
+ }
#endif
#ifdef HAVE_CYRUS_SASL
- if ( ldap_int_sasl_get_option(ld, option, outvalue ) == 0 )
- return LDAP_OPT_SUCCESS;
+ if ( ldap_int_sasl_get_option( ld, option, outvalue ) == 0 ) {
+ return LDAP_OPT_SUCCESS;
+ }
#endif
/* bad param */
break;
struct hostent *hp = NULL;
char *ha_buf=NULL, *p, *q;
- osip_debug(ld, "ldap_connect_to_host\n",0,0,0);
+ osip_debug(ld, "ldap_connect_to_host: %s\n",host,0,0);
if (host != NULL) {
#if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
}
Debug( LDAP_DEBUG_TRACE,
- "ldap_delayed_open successful, ld_host is %s\n",
- ( ld->ld_host == NULL ) ? "(null)" : ld->ld_host, 0, 0 );
+ "ldap_open_defconn: successful\n",
+ 0, 0, 0 );
}
{
}
int
-ldap_int_tls_config( struct ldapoptions *lo, int option, const char *arg )
+ldap_int_tls_config( LDAP *ld, int option, const char *arg )
{
int i;
case LDAP_OPT_X_TLS_KEYFILE:
case LDAP_OPT_X_TLS_RANDOM_FILE:
return ldap_pvt_tls_set_option( NULL, option, (void *) arg );
+
case LDAP_OPT_X_TLS_REQUIRE_CERT:
i = ( ( strcasecmp( arg, "on" ) == 0 ) ||
( strcasecmp( arg, "yes" ) == 0) ||
( strcasecmp( arg, "true" ) == 0 ) );
return ldap_pvt_tls_set_option( NULL, option, (void *) &i );
+
case LDAP_OPT_X_TLS:
i = -1;
if ( strcasecmp( arg, "never" ) == 0 )
i = LDAP_OPT_X_TLS_TRY ;
if ( strcasecmp( arg, "hard" ) == 0 )
i = LDAP_OPT_X_TLS_HARD ;
- if (i >= 0)
- return ldap_pvt_tls_set_option( lo, option, &i );
+
+ if (i >= 0) {
+ return ldap_pvt_tls_set_option( ld, option, &i );
+ }
return -1;
}
}
int
-ldap_pvt_tls_get_option( struct ldapoptions *lo, int option, void *arg )
+ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
{
+ struct ldapoptions *lo;
+
+ /* Get pointer to global option structure */
+ lo = LDAP_INT_GLOBAL_OPT();
+ if (NULL == lo) {
+ return LDAP_NO_MEMORY;
+ }
+
+ if(ld != NULL) {
+ assert( LDAP_VALID( ld ) );
+
+ if( !LDAP_VALID( ld ) ) {
+ return LDAP_OPT_ERROR;
+ }
+
+ lo = &ld->ld_options;
+ }
+
switch( option ) {
case LDAP_OPT_X_TLS:
*(int *)arg = lo->ldo_tls_mode;
break;
- case LDAP_OPT_X_TLS_CERT:
- if ( lo == NULL )
+ case LDAP_OPT_X_TLS_CTX:
+ if ( ld == NULL )
*(void **)arg = (void *) tls_def_ctx;
else
- *(void **)arg = lo->ldo_tls_ctx;
+ *(void **)arg = ld->ld_defconn->lconn_tls_ctx;
break;
case LDAP_OPT_X_TLS_CACERTFILE:
*(char **)arg = tls_opt_cacertfile ?
}
int
-ldap_pvt_tls_set_option( struct ldapoptions *lo, int option, void *arg )
+ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
{
+ struct ldapoptions *lo;
+
+ /* Get pointer to global option structure */
+ lo = LDAP_INT_GLOBAL_OPT();
+ if (NULL == lo) {
+ return LDAP_NO_MEMORY;
+ }
+
+ if(ld != NULL) {
+ assert( LDAP_VALID( ld ) );
+
+ if( !LDAP_VALID( ld ) ) {
+ return LDAP_OPT_ERROR;
+ }
+
+ lo = &ld->ld_options;
+ }
+
switch( option ) {
case LDAP_OPT_X_TLS:
switch( *(int *) arg ) {
}
return -1;
- case LDAP_OPT_X_TLS_CERT:
- if ( lo == NULL ) {
+ case LDAP_OPT_X_TLS_CTX:
+ if ( ld == NULL ) {
tls_def_ctx = (SSL_CTX *) arg;
} else {
- lo->ldo_tls_ctx = arg;
+ ld->ld_defconn->lconn_tls_ctx = arg;
}
return 0;
}
int
ldap_pvt_tls_start ( LDAP *ld, Sockbuf *sb, void *ctx_arg )
{
+#if 0
char *peer_cert_cn;
+#endif
void *ssl;
(void) ldap_pvt_tls_init();
ssl = (void *) ldap_pvt_tls_sb_handle( sb );
assert( ssl != NULL );
+#if 0
/*
- * compare ld->ld_host with name in certificate
+ * compare host with name in certificate
*/
peer_cert_cn = ldap_pvt_tls_get_peer_hostname( ssl );
return LDAP_LOCAL_ERROR;
}
- if ( strcasecmp(ld->ld_host, peer_cert_cn) != 0 ) {
+ if ( strcasecmp( ld->ld_host, peer_cert_cn ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
"common name in certificate (%s).\n",
ld->ld_host, peer_cert_cn, 0 );
}
LDAP_FREE( peer_cert_cn );
+#endif
/*
* set SASL properties to TLS ssf and authid
char *rspoid = NULL;
struct berval *rspdata = NULL;
- /* XXYYZ: this initiates operaton only on default connection! */
+ /* XXYYZ: this initiates operation only on default connection! */
if ( ldap_pvt_tls_inplace( ld->ld_sb ) != 0 ) {
return LDAP_LOCAL_ERROR;
ber_bvfree( rspdata );
}
- rc = ldap_pvt_tls_start( ld, ld->ld_sb, ld->ld_options.ldo_tls_ctx );
+ rc = ldap_pvt_tls_start( ld, ld->ld_sb,
+ ld->ld_defconn->lconn_tls_ctx );
+
return rc;
#else
return LDAP_NOT_SUPPORTED;
ld->ld_matched = NULL;
}
- if ( ld->ld_host != NULL ) {
- LDAP_FREE( ld->ld_host );
- ld->ld_host = NULL;
- }
-
if ( ld->ld_abandoned != NULL ) {
LDAP_FREE( ld->ld_abandoned );
ld->ld_abandoned = NULL;
}
/* fail if TLS could not be initialized */
- if (ldap_pvt_tls_get_option(NULL, LDAP_OPT_X_TLS_CERT, &ctx) != 0
+ if (ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &ctx ) != 0
|| ctx == NULL)
{
if (default_referral != NULL) {
projects / openldap / commitdiff