From ae592801aa289c953bae3458c0881a815fd58443 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 23 Nov 2004 03:48:09 +0000 Subject: [PATCH] Add callbacks for client TLS connection establishment: LDAP_OPT_X_TLS_CONNECT_CB and LDAP_OPT_X_TLS_CONNECT_ARG with int (LDAP_TLS_CONNECT_CB) (LDAP *ld, SSL *ssl, SSL_CTX *ctx, void *arg) To be called whenever the client library allocates a new SSL* handle. --- include/ldap.h | 2 ++ include/ldap_pvt.h | 3 +++ libraries/libldap/ldap-int.h | 2 ++ libraries/libldap/tls.c | 20 ++++++++++++++++++++ 4 files changed, 27 insertions(+) diff --git a/include/ldap.h b/include/ldap.h index 8209fc6d29..f8811c7ad3 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -134,6 +134,8 @@ LDAP_BEGIN_DECL #define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009 #define LDAP_OPT_X_TLS_SSL_CTX 0x600a #define LDAP_OPT_X_TLS_CRLCHECK 0x600b +#define LDAP_OPT_X_TLS_CONNECT_CB 0x600c +#define LDAP_OPT_X_TLS_CONNECT_ARG 0x600d #define LDAP_OPT_X_TLS_NEVER 0 #define LDAP_OPT_X_TLS_HARD 1 diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h index dbaad7b97a..e95d8b3ae5 100644 --- a/include/ldap_pvt.h +++ b/include/ldap_pvt.h @@ -241,6 +241,9 @@ LDAP_F (int) ldap_pvt_tls_init_default_ctx LDAP_P(( void )); typedef int LDAPDN_rewrite_dummy LDAP_P (( void *dn, unsigned flags )); +typedef int (LDAP_TLS_CONNECT_CB) LDAP_P (( struct ldap *ld, void *ssl, + void *ctx, void *arg )); + LDAP_F (int) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )); LDAP_F (int) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx, struct berval *dn, diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h index 198ffb7a64..4058d8ab7c 100644 --- a/libraries/libldap/ldap-int.h +++ b/libraries/libldap/ldap-int.h @@ -170,6 +170,8 @@ struct ldapoptions { #ifdef HAVE_TLS int ldo_tls_mode; + LDAP_TLS_CONNECT_CB *ldo_tls_connect_cb; + void* ldo_tls_connect_arg; #endif LDAPURLDesc *ldo_defludp; diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c index 3251a8b31c..0672ce5952 100644 --- a/libraries/libldap/tls.c +++ b/libraries/libldap/tls.c @@ -713,6 +713,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn ) ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl ); } else { + struct ldapoptions *lo; void *ctx = ld->ld_defconn ? ld->ld_defconn->lconn_tls_ctx : NULL; @@ -728,8 +729,15 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn ) LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl ); if( ctx == NULL ) { + ctx = tls_def_ctx; conn->lconn_tls_ctx = tls_def_ctx; } + lo = &ld->ld_options; + if ( lo->ldo_tls_connect_cb ) + lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg ); + lo = LDAP_INT_GLOBAL_OPT(); + if ( lo && lo->ldo_tls_connect_cb ) + lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg ); } err = SSL_connect( ssl ); @@ -1201,6 +1209,12 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg ) *(void **)arg = retval; break; } + case LDAP_OPT_X_TLS_CONNECT_CB: + *(LDAP_TLS_CONNECT_CB **)arg = lo->ldo_tls_connect_cb; + break; + case LDAP_OPT_X_TLS_CONNECT_ARG: + *(void **)arg = lo->ldo_tls_connect_arg; + break; default: return -1; } @@ -1253,6 +1267,12 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg ) ld->ld_defconn->lconn_tls_ctx = arg; } return 0; + case LDAP_OPT_X_TLS_CONNECT_CB: + lo->ldo_tls_connect_cb = (LDAP_TLS_CONNECT_CB *)arg; + return 0; + case LDAP_OPT_X_TLS_CONNECT_ARG: + lo->ldo_tls_connect_arg = arg; + return 0; } if ( ld != NULL ) { -- 2.39.5