summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2006-07-25 19:20:04 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:10:22 -0500
commit4cdcc1789363907f850a05c4b3349746c710ebf0 (patch)
treebe214797dab346ce18d86ce5b53245eb56aa2526
parentec8d486e267b60ebad3eac937580986155b75914 (diff)
downloadsamba-4cdcc1789363907f850a05c4b3349746c710ebf0.tar.gz
samba-4cdcc1789363907f850a05c4b3349746c710ebf0.tar.bz2
samba-4cdcc1789363907f850a05c4b3349746c710ebf0.zip
r17237: - keep pointer to the different sockets
- we need this to later: - to disallow a StartTLS when TLS is already in use - to place the TLS socket between the raw and sasl socket when we had a sasl bind before the StartTLS - and rfc4513 says that the server may allow to remove the TLS from the tcp connection again and reuse raw tcp - and also a 2nd sasl bind should replace the old sasl socket metze (This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
-rw-r--r--source4/ldap_server/ldap_backend.c2
-rw-r--r--source4/ldap_server/ldap_bind.c1
-rw-r--r--source4/ldap_server/ldap_server.c2
-rw-r--r--source4/ldap_server/ldap_server.h8
4 files changed, 10 insertions, 3 deletions
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index d6aeedfde8..5f51a0a157 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -747,6 +747,7 @@ static void ldapsrv_start_tls(void *private)
talloc_steal(ctx->conn->connection, ctx->tls_socket);
talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
+ ctx->conn->sockets.tls = ctx->tls_socket;
ctx->conn->connection->socket = ctx->tls_socket;
packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
}
@@ -767,7 +768,6 @@ static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
/* check if we have a START_TLS call */
if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) {
- NTSTATUS status;
struct ldapsrv_starttls_context *ctx;
int result = 0;
const char *errstr;
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 0e7a147e52..60783df4df 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -101,6 +101,7 @@ static void ldapsrv_set_sasl(void *private)
talloc_steal(ctx->conn->connection, ctx->sasl_socket);
talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
+ ctx->conn->sockets.sasl = ctx->sasl_socket;
ctx->conn->connection->socket = ctx->sasl_socket;
packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
}
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 7807a93666..8aacbb6369 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -330,6 +330,7 @@ static void ldapsrv_accept(struct stream_connection *c)
conn->packet = NULL;
conn->connection = c;
conn->service = ldapsrv_service;
+ conn->sockets.raw = c->socket;
c->private = conn;
@@ -351,6 +352,7 @@ static void ldapsrv_accept(struct stream_connection *c)
talloc_unlink(c, c->socket);
talloc_steal(c, tls_socket);
c->socket = tls_socket;
+ conn->sockets.tls = tls_socket;
} else if (port == 3268) /* Global catalog */ {
conn->global_catalog = True;
diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h
index c35f62f134..243f5bd559 100644
--- a/source4/ldap_server/ldap_server.h
+++ b/source4/ldap_server/ldap_server.h
@@ -31,6 +31,12 @@ struct ldapsrv_connection {
struct cli_credentials *server_credentials;
struct ldb_context *ldb;
+ struct {
+ struct socket_context *raw;
+ struct socket_context *tls;
+ struct socket_context *sasl;
+ } sockets;
+
BOOL global_catalog;
struct packet_context *packet;
@@ -57,8 +63,6 @@ struct ldapsrv_call {
void *send_private;
};
-struct ldapsrv_service;
-
struct ldapsrv_service {
struct tls_params *tls_params;
};