From 05960887bb0701d43f9639c28f9d0397090a6b11 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 27 Aug 2001 20:22:28 +0000 Subject: [PATCH] Fix -H ldaps:// crashes due to rework of TLS code --- libraries/libldap/ldap-int.h | 2 +- libraries/libldap/open.c | 14 +++++++------- libraries/libldap/tls.c | 35 ++++++++++++++++++++++++----------- 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h index a90b72e31b..80a66c5ae9 100644 --- a/libraries/libldap/ldap-int.h +++ b/libraries/libldap/ldap-int.h @@ -557,7 +557,7 @@ LDAP_F (int) ldap_int_tls_config LDAP_P(( LDAP *ld, int option, const char *arg )); LDAP_F (int) ldap_int_tls_start LDAP_P(( LDAP *ld, - LDAPConn *conn )); + LDAPConn *conn, LDAPURLDesc *srv )); LDAP_END_DECL diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index 0b1c10e700..451d3a0b76 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -313,12 +313,6 @@ ldap_int_open_connection( break; } -#ifdef HAVE_CYRUS_SASL - if( sasl_host != NULL ) { - ldap_int_sasl_open( ld, conn, sasl_host, sasl_ssf ); - } -#endif - ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_readahead, LBER_SBIOD_LEVEL_PROVIDER, NULL ); @@ -333,7 +327,7 @@ ldap_int_open_connection( { ++conn->lconn_refcnt; /* avoid premature free */ - rc = ldap_int_tls_start( ld, conn ); + rc = ldap_int_tls_start( ld, conn, srv ); --conn->lconn_refcnt; @@ -343,6 +337,12 @@ ldap_int_open_connection( } #endif +#ifdef HAVE_CYRUS_SASL + if( sasl_host != NULL ) { + ldap_int_sasl_open( ld, conn, sasl_host, sasl_ssf ); + } +#endif + #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND if ( conn->lconn_krbinstance == NULL ) { char *c; diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c index 3841fded78..2e067d9a32 100644 --- a/libraries/libldap/tls.c +++ b/libraries/libldap/tls.c @@ -250,8 +250,7 @@ alloc_handle( void *ctx_arg ) if ( ctx_arg ) { ctx = (SSL_CTX *) ctx_arg; } else { - if ( ldap_pvt_tls_init_def_ctx() < 0 ) - return NULL; + if ( ldap_pvt_tls_init_def_ctx() < 0 ) return NULL; ctx = tls_def_ctx; } @@ -557,23 +556,30 @@ static int ldap_int_tls_connect( LDAP *ld, LDAPConn *conn ) { Sockbuf *sb = conn->lconn_sb; - void *ctx = ld->ld_defconn->lconn_tls_ctx; - int err; SSL *ssl; if ( HAS_TLS( sb ) ) { ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl ); + } else { + void *ctx = ld->ld_defconn + ? ld->ld_defconn->lconn_tls_ctx : NULL; + ssl = alloc_handle( ctx ); - if ( ssl == NULL ) - return -1; + + if ( ssl == NULL ) return -1; + #ifdef LDAP_DEBUG ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug, LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" ); #endif ber_sockbuf_add_io( sb, &ldap_pvt_sockbuf_io_tls, LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl ); + + if( ctx == NULL ) { + conn->lconn_tls_ctx = tls_def_ctx; + } } err = SSL_connect( ssl ); @@ -582,8 +588,9 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn ) errno = WSAGetLastError(); #endif if ( err <= 0 ) { - if ( update_flags( sb, ssl, err )) + if ( update_flags( sb, ssl, err )) { return 1; + } if ((err = ERR_peek_error())) { char buf[256]; ld->ld_error = LDAP_STRDUP(ERR_error_string(err, buf)); @@ -597,6 +604,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn ) #endif return -1; } + return 0; } @@ -951,15 +959,20 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) } int -ldap_int_tls_start ( LDAP *ld, LDAPConn *conn ) +ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv ) { Sockbuf *sb = conn->lconn_sb; - char *host = conn->lconn_server->lud_host; void *ctx = ld->ld_defconn->lconn_tls_ctx; - + char *host; char *peer_cert_cn; void *ssl; + if( srv ) { + host = srv->lud_host; + } else { + host = conn->lconn_server->lud_host; + } + (void) ldap_pvt_tls_init(); /* @@ -1209,7 +1222,7 @@ ldap_start_tls_s ( LDAP *ld, ber_bvfree( rspdata ); } - rc = ldap_int_tls_start( ld, ld->ld_defconn ); + rc = ldap_int_tls_start( ld, ld->ld_defconn, NULL ); #else rc = LDAP_NOT_SUPPORTED; #endif -- 2.39.5