Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result

in dn parameter and return a result code.

diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h
index d1d73eba21f2969289f4b122567a395ac09a5b5c..4edb4096f2c7e93b52878ea04a553258616195a5 100644 (file)
--- a/include/ldap_pvt.h
+++ b/include/ldap_pvt.h
@@ -181,9 +181,9 @@ LDAP_F (int) ldap_pvt_tls_init_default_ctx LDAP_P(( void ));
 
 typedef int LDAPDN_rewrite_dummy LDAP_P (( void *dn, unsigned flags ));
 
-LDAP_F (char *) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx,
+LDAP_F (int) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx, struct berval *dn,
        LDAPDN_rewrite_dummy *func, unsigned flags ));
-LDAP_F (char *) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx,
+LDAP_F (int) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx, struct berval *dn,
        LDAPDN_rewrite_dummy *func, unsigned flags ));
 LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *ctx ));
 

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 9aa0775bc9b9ada8c91ff63a71688177ad917b0a..c9e161f6b19ba6e9304a89ae85af3dfabd2e9ca0 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -788,21 +788,21 @@ ldap_pvt_tls_get_strength( void *s )
 }
 
 
-char *
-ldap_pvt_tls_get_my_dn( void *s, LDAPDN_rewrite_dummy *func, unsigned flags )
+int
+ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
 {
        X509 *x;
        X509_NAME *xn;
-       struct berval dn;
+       int rc;
 
        x = SSL_get_certificate((SSL *)s);
 
-       if (!x) return NULL;
+       if (!x) return LDAP_INVALID_CREDENTIALS;
     
        xn = X509_get_subject_name(x);
-       ldap_X509dn2bv(xn, &dn, (LDAPDN_rewrite_func *)func, flags );
+       rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags );
        X509_free(x);
-       return dn.bv_val;
+       return rc;
 }
 
 static X509 *
@@ -819,21 +819,21 @@ tls_get_cert( SSL *s )
     return SSL_get_peer_certificate(s);
 }
 
-char *
-ldap_pvt_tls_get_peer_dn( void *s, LDAPDN_rewrite_dummy *func, unsigned flags )
+int
+ldap_pvt_tls_get_peer_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
 {
        X509 *x;
        X509_NAME *xn;
-       struct berval dn;
+       int rc;
 
        x = tls_get_cert((SSL *)s);
 
-       if (!x) return NULL;
+       if (!x) return LDAP_INVALID_CREDENTIALS;
     
        xn = X509_get_subject_name(x);
-       ldap_X509dn2bv(xn, &dn, (LDAPDN_rewrite_func *)func, flags);
+       rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags);
        X509_free(x);
-       return dn.bv_val;
+       return rc;
 }
 
 char *
@@ -1246,15 +1246,16 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
         * set SASL properties to TLS ssf and authid
         */
        {
-               char *authid;
+               struct berval authid;
                ber_len_t ssf;
 
                /* we need to let SASL know */
                ssf = ldap_pvt_tls_get_strength( ssl );
-               authid = ldap_pvt_tls_get_my_dn( ssl, NULL, 0 );
+               /* failure is OK, we just can't use SASL EXTERNAL */
+               (void) ldap_pvt_tls_get_my_dn( ssl, &authid, NULL, 0 );
 
-               (void) ldap_int_sasl_external( ld, conn, authid, ssf );
-               LDAP_FREE( authid );
+               (void) ldap_int_sasl_external( ld, conn, authid.bv_val, ssf );
+               LDAP_FREE( authid.bv_val );
        }
 
        return LDAP_SUCCESS;