From: Howard Chu <hyc@openldap.org>
Date: Tue, 30 Apr 2002 13:52:49 +0000 (+0000)
Subject: Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result
X-Git-Tag: OPENLDAP_REL_ENG_2_MP~138
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=0f966d2fdb392865cf615324519526c6ee1e4485;p=openldap

Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result
in dn parameter and return a result code.

Changed dnX509peerNormalize as above. Added debug message on failure to
retrieve client DN.
---

diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index 50fba1a220..43844eb97e 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -1189,7 +1189,7 @@ int connection_read(ber_socket_t s)
 
 		} else if ( rc == 0 ) {
 			void *ssl;
-			char *authid;
+			struct berval authid;
 
 			c->c_needs_tls_accept = 0;
 
@@ -1201,9 +1201,21 @@ int connection_read(ber_socket_t s)
 				c->c_ssf = c->c_tls_ssf;
 			}
 
-			authid = dnX509peerNormalize( ssl );
-			slap_sasl_external( c, c->c_tls_ssf, authid );
-			if ( authid )	free( authid );
+			rc = dnX509peerNormalize( ssl, &authid );
+			if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG(( "connection", LDAP_LEVEL_INFO,
+				"connection_read: conn %lu unable to get TLS client DN, error %d\n",
+					c->c_connid, rc));
+#else
+				Debug( LDAP_DEBUG_TRACE,
+				"connection_read(%d): unable to get TLS client DN "
+				"error=%d id=%lu\n",
+				s, rc, c->c_connid );
+#endif
+			}
+			slap_sasl_external( c, c->c_tls_ssf, authid.bv_val );
+			if ( authid.bv_val )	free( authid.bv_val );
 		}
 		connection_return( c );
 		ldap_pvt_thread_mutex_unlock( &connections_mutex );
diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 6c59b455c7..e92364c7e3 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -844,9 +844,10 @@ dnX509normalize( void *x509_name, struct berval *out )
 /*
  * Get the TLS session's peer's DN into a normalized LDAP DN
  */
-char *
-dnX509peerNormalize( void *ssl )
+int
+dnX509peerNormalize( void *ssl, struct berval *dn )
 {
-	return ldap_pvt_tls_get_peer_dn( ssl, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+
+	return ldap_pvt_tls_get_peer_dn( ssl, dn, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
 }
 #endif
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 3559936721..7eaea28368 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -406,7 +406,7 @@ LDAP_SLAPD_F (void) dnParent LDAP_P(( struct berval *dn, struct berval *pdn ));
 
 LDAP_SLAPD_F (int) dnX509normalize LDAP_P(( void *x509_name, struct berval *out ));
 
-LDAP_SLAPD_F (char *) dnX509peerNormalize LDAP_P(( void *ssl ));
+LDAP_SLAPD_F (int) dnX509peerNormalize LDAP_P(( void *ssl, struct berval *dn ));
 
 /*
  * entry.c