From aad4db830817eec9aa1703bd52fbc72458344872 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Wed, 8 Jun 2011 18:27:54 -0700 Subject: [PATCH] ITS#6828 fix TLS setup with async connect --- libraries/libldap/cyrus.c | 6 +++++- libraries/libldap/ldap-int.h | 1 + libraries/libldap/open.c | 38 +++++++++++++++++++++++++++++++++++- libraries/libldap/request.c | 5 ++++- 4 files changed, 47 insertions(+), 3 deletions(-) diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index 52a04d7a4c..2e2ef95f40 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -433,7 +433,11 @@ ldap_int_sasl_bind( rc = ld->ld_errno; } } - } + } + if ( rc == 0 && ld->ld_defconn && + ld->ld_defconn->lconn_status == LDAP_CONNST_CONNECTING ) { + rc = ldap_int_check_async_open( ld, sd ); + } LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex ); if( rc != 0 ) return ld->ld_errno; diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h index e284ea820f..45f2bba433 100644 --- a/libraries/libldap/ldap-int.h +++ b/libraries/libldap/ldap-int.h @@ -595,6 +595,7 @@ LDAP_F (int) ldap_int_next_line_tokens LDAP_P(( char **bufp, ber_len_t *blenp, c LDAP_F (int) ldap_open_defconn( LDAP *ld ); LDAP_F (int) ldap_int_open_connection( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srvlist, int async ); +LDAP_F (int) ldap_int_check_async_open( LDAP *ld, ber_socket_t sd ); /* * in os-ip.c diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index 306c3e40b1..06bbd9471b 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -429,7 +429,7 @@ ldap_int_open_connection( #endif #ifdef HAVE_TLS - if (ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || + if (rc == 0 && ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || strcmp( srv->lud_scheme, "ldaps" ) == 0 ) { ++conn->lconn_refcnt; /* avoid premature free */ @@ -535,3 +535,39 @@ ldap_dup( LDAP *old ) LDAP_MUTEX_UNLOCK( &old->ld_ldcmutex ); return ( ld ); } + +int +ldap_int_check_async_open( LDAP *ld, ber_socket_t sd ) +{ + struct timeval tv = { 0 }; + int rc; + + rc = ldap_int_poll( ld, sd, &tv ); + switch ( rc ) { + case 0: + /* now ready to start tls */ + ld->ld_defconn->lconn_status = LDAP_CONNST_CONNECTED; + break; + + default: + return -1; + + case -2: + /* connect not completed yet */ + ld->ld_errno = LDAP_X_CONNECTING; + return rc; + } + +#ifdef HAVE_TLS + if ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD || + !strcmp( ld->ld_defconn->lconn_server->lud_scheme, "ldaps" )) { + + ++ld->ld_defconn->lconn_refcnt; /* avoid premature free */ + + rc = ldap_int_tls_start( ld, ld->ld_defconn, ld->ld_defconn->lconn_server ); + + --ld->ld_defconn->lconn_refcnt; + } +#endif + return rc; +} diff --git a/libraries/libldap/request.c b/libraries/libldap/request.c index 38b4466ba6..ab4463dd6a 100644 --- a/libraries/libldap/request.c +++ b/libraries/libldap/request.c @@ -120,15 +120,18 @@ ldap_send_initial_request( ber_int_t msgid) { int rc = 1; + ber_socket_t sd = AC_SOCKET_INVALID; Debug( LDAP_DEBUG_TRACE, "ldap_send_initial_request\n", 0, 0, 0 ); LDAP_MUTEX_LOCK( &ld->ld_conn_mutex ); - if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) { + if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd ) == -1 ) { /* not connected yet */ rc = ldap_open_defconn( ld ); } + if ( ld->ld_defconn && ld->ld_defconn->lconn_status == LDAP_CONNST_CONNECTING ) + rc = ldap_int_check_async_open( ld, sd ); if( rc < 0 ) { ber_free( ber, 1 ); LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex ); -- 2.39.2