From eb9720c8023564db2c1916c0c17080faed75afd1 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 20 Sep 2004 03:52:39 +0000 Subject: [PATCH] Add register_certificate_map_function() native plugin API for registering alternate X.509 peer normalization function --- servers/slapd/dn.c | 27 +++++++++++++++++++++++++-- servers/slapd/proto-slap.h | 2 ++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c index 8e2a0247dc..05e5ea6916 100644 --- a/servers/slapd/dn.c +++ b/servers/slapd/dn.c @@ -1357,6 +1357,20 @@ dnIsOneLevelRDN( struct berval *rdn ) return 1; } +static SLAP_CERT_MAP_FN *DNX509PeerNormalizeCertMap = NULL; + +int register_certificate_map_function(SLAP_CERT_MAP_FN *fn) +{ +#ifdef HAVE_TLS + if ( DNX509PeerNormalizeCertMap == NULL ) { + DNX509PeerNormalizeCertMap = fn; + return 0; + } +#endif + + return -1; +} + #ifdef HAVE_TLS /* * Convert an X.509 DN into a normalized LDAP DN @@ -1379,7 +1393,16 @@ dnX509normalize( void *x509_name, struct berval *out ) int dnX509peerNormalize( void *ssl, struct berval *dn ) { - return ldap_pvt_tls_get_peer_dn( ssl, dn, - (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 ); + int rc = LDAP_INVALID_CREDENTIALS; + + if ( DNX509PeerNormalizeCertMap != NULL ) + rc = (*DNX509PeerNormalizeCertMap)( ssl, dn ); + + if ( rc != LDAP_SUCCESS ) { + rc = ldap_pvt_tls_get_peer_dn( ssl, dn, + (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 ); + } + + return rc; } #endif diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 99dae3ace4..707a1c47a9 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -558,6 +558,8 @@ LDAP_SLAPD_F (int) dnPrettyNormalDN LDAP_P(( Syntax *syntax, struct berval *val, #define dnNormalDN(syntax, val, dn, ctx) \ dnPrettyNormalDN((syntax),(val),(dn), 0, ctx) +typedef int (SLAP_CERT_MAP_FN) LDAP_P(( void *ssl, struct berval *dn )); +LDAP_SLAPD_F (int) register_certificate_map_function LDAP_P(( SLAP_CERT_MAP_FN *fn )); /* * entry.c -- 2.39.5