From 65b042b4fb629840031b19c3b3105473f2036d37 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Thu, 9 Sep 2010 00:12:01 +0000 Subject: [PATCH] if required by the bindconf configuration, force TLS (partially addresses ITS#6642) --- servers/slapd/back-ldap/bind.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index 1862022ab1..c8cfe17143 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -668,6 +668,7 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_ LDAP *ld = NULL; #ifdef HAVE_TLS int is_tls = op->o_conn->c_is_tls; + int flags = li->li_flags; time_t lctime = (time_t)(-1); slap_bindconf *sb; #endif /* HAVE_TLS */ @@ -727,11 +728,18 @@ ldap_back_prepare_conn( ldapconn_t *lc, Operation *op, SlapReply *rs, ldap_back_ ldap_set_option( ld, LDAP_OPT_X_TLS_CTX, sb->sb_tls_ctx ); } + /* if required by the bindconf configuration, force TLS */ + if ( ( sb == &li->li_acl || sb == &li->li_idassert.si_bc ) && + ( sb->sb_tls_do_init || sb->sb_tls_ctx ) ) + { + flags |= LDAP_BACK_F_USE_TLS; + } + ldap_pvt_thread_mutex_lock( &li->li_uri_mutex ); assert( li->li_uri_mutex_do_not_lock == 0 ); li->li_uri_mutex_do_not_lock = 1; rs->sr_err = ldap_back_start_tls( ld, op->o_protocol, &is_tls, - li->li_uri, li->li_flags, li->li_nretries, &rs->sr_text ); + li->li_uri, flags, li->li_nretries, &rs->sr_text ); li->li_uri_mutex_do_not_lock = 0; ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex ); if ( rs->sr_err != LDAP_SUCCESS ) { -- 2.39.5