ITS#6828 fix TLS setup with async connect

author Howard Chu <hyc@openldap.org>

Thu, 9 Jun 2011 01:27:54 +0000 (18:27 -0700)

committer Howard Chu <hyc@openldap.org>

Thu, 9 Jun 2011 01:27:54 +0000 (18:27 -0700)
author Howard Chu <hyc@openldap.org>
Thu, 9 Jun 2011 01:27:54 +0000 (18:27 -0700)
committer Howard Chu <hyc@openldap.org>
Thu, 9 Jun 2011 01:27:54 +0000 (18:27 -0700)
diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c

index 52a04d7a4cbdc9220f50bedf3e883840db9a8c33..2e2ef95f40d237be9c4d16a47dbd65151728ac7a 100644 (file)
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -433,7 +433,11 @@ ldap_int_sasl_bind(
                                         rc = ld->ld_errno;
                                 }
                         }
-               }   
+               }
+               if ( rc == 0 && ld->ld_defconn &&
+                       ld->ld_defconn->lconn_status == LDAP_CONNST_CONNECTING ) {
+                       rc = ldap_int_check_async_open( ld, sd );
+               }
                 LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
                 if( rc != 0 ) return ld->ld_errno;
  
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h

index 46b11daba5db79a4260697393073b31cffa87468..98a2ead3fba6ea10b343c440207ffd38861b154f 100644 (file)
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -587,6 +587,7 @@ LDAP_F (int) ldap_int_next_line_tokens LDAP_P(( char **bufp, ber_len_t *blenp, c
  LDAP_F (int) ldap_open_defconn( LDAP *ld );
  LDAP_F (int) ldap_int_open_connection( LDAP *ld,
         LDAPConn *conn, LDAPURLDesc *srvlist, int async );
+LDAP_F (int) ldap_int_check_async_open( LDAP *ld, ber_socket_t sd );
  
  /*
   * in os-ip.c
diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c

index 306c3e40b18963addfc32018adb5da6c1bf77f2f..06bbd9471b3ec2d4ab59f57f09637b7118046aa3 100644 (file)
--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -429,7 +429,7 @@ ldap_int_open_connection(
  #endif
  
  #ifdef HAVE_TLS
-       if (ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
+       if (rc == 0 && ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
                 strcmp( srv->lud_scheme, "ldaps" ) == 0 )
         {
                 ++conn->lconn_refcnt;   /* avoid premature free */
@@ -535,3 +535,39 @@ ldap_dup( LDAP *old )
         LDAP_MUTEX_UNLOCK( &old->ld_ldcmutex );
         return ( ld );
  }
+
+int
+ldap_int_check_async_open( LDAP *ld, ber_socket_t sd )
+{
+       struct timeval tv = { 0 };
+       int rc;
+
+       rc = ldap_int_poll( ld, sd, &tv );
+       switch ( rc ) {
+       case 0:
+               /* now ready to start tls */
+               ld->ld_defconn->lconn_status = LDAP_CONNST_CONNECTED;
+               break;
+
+       default:
+               return -1;
+
+       case -2:
+               /* connect not completed yet */
+               ld->ld_errno = LDAP_X_CONNECTING;
+               return rc;
+       }
+
+#ifdef HAVE_TLS
+       if ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
+               !strcmp( ld->ld_defconn->lconn_server->lud_scheme, "ldaps" )) {
+
+               ++ld->ld_defconn->lconn_refcnt; /* avoid premature free */
+
+               rc = ldap_int_tls_start( ld, ld->ld_defconn, ld->ld_defconn->lconn_server );
+
+               --ld->ld_defconn->lconn_refcnt;
+       }
+#endif
+       return rc;
+}
diff --git a/libraries/libldap/request.c b/libraries/libldap/request.c

index 38b4466ba69f63a76bf969c2ebc93f02b807d451..ab4463dd6a5f1d44368a25cde28976a48922b876 100644 (file)
--- a/libraries/libldap/request.c
+++ b/libraries/libldap/request.c
@@ -120,15 +120,18 @@ ldap_send_initial_request(
         ber_int_t msgid)
  {
         int rc = 1;
+       ber_socket_t sd = AC_SOCKET_INVALID;
  
         Debug( LDAP_DEBUG_TRACE, "ldap_send_initial_request\n", 0, 0, 0 );
  
         LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
-       if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
+       if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd ) == -1 ) {
                 /* not connected yet */
                 rc = ldap_open_defconn( ld );
  
         }
+       if ( ld->ld_defconn && ld->ld_defconn->lconn_status == LDAP_CONNST_CONNECTING )
+               rc = ldap_int_check_async_open( ld, sd );
         if( rc < 0 ) {
                 ber_free( ber, 1 );
                 LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
author	Howard Chu <hyc@openldap.org>
	Thu, 9 Jun 2011 01:27:54 +0000 (18:27 -0700)
committer	Howard Chu <hyc@openldap.org>
	Thu, 9 Jun 2011 01:27:54 +0000 (18:27 -0700)
libraries/libldap/cyrus.c		patch \| blob \| history
libraries/libldap/ldap-int.h		patch \| blob \| history
libraries/libldap/open.c		patch \| blob \| history
libraries/libldap/request.c		patch \| blob \| history