diff options
| author | Stefan Metzmacher <metze@samba.org> | 2006-07-25 19:20:04 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:10:22 -0500 |
| commit | 4cdcc1789363907f850a05c4b3349746c710ebf0 (patch) | |
| tree | be214797dab346ce18d86ce5b53245eb56aa2526 | |
| parent | ec8d486e267b60ebad3eac937580986155b75914 (diff) | |
| download | samba-4cdcc1789363907f850a05c4b3349746c710ebf0.tar.gz samba-4cdcc1789363907f850a05c4b3349746c710ebf0.tar.bz2 samba-4cdcc1789363907f850a05c4b3349746c710ebf0.zip | |
r17237: - keep pointer to the different sockets
- we need this to later:
- to disallow a StartTLS when TLS is already in use
- to place the TLS socket between the raw and sasl socket
when we had a sasl bind before the StartTLS
- and rfc4513 says that the server may allow to remove the TLS from
the tcp connection again and reuse raw tcp
- and also a 2nd sasl bind should replace the old sasl socket
metze
(This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
| -rw-r--r-- | source4/ldap_server/ldap_backend.c | 2 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_bind.c | 1 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_server.c | 2 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_server.h | 8 |
4 files changed, 10 insertions, 3 deletions
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index d6aeedfde8..5f51a0a157 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -747,6 +747,7 @@ static void ldapsrv_start_tls(void *private) talloc_steal(ctx->conn->connection, ctx->tls_socket); talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket); + ctx->conn->sockets.tls = ctx->tls_socket; ctx->conn->connection->socket = ctx->tls_socket; packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket); } @@ -767,7 +768,6 @@ static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call) /* check if we have a START_TLS call */ if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) { - NTSTATUS status; struct ldapsrv_starttls_context *ctx; int result = 0; const char *errstr; diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 0e7a147e52..60783df4df 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -101,6 +101,7 @@ static void ldapsrv_set_sasl(void *private) talloc_steal(ctx->conn->connection, ctx->sasl_socket); talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket); + ctx->conn->sockets.sasl = ctx->sasl_socket; ctx->conn->connection->socket = ctx->sasl_socket; packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket); } diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 7807a93666..8aacbb6369 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -330,6 +330,7 @@ static void ldapsrv_accept(struct stream_connection *c) conn->packet = NULL; conn->connection = c; conn->service = ldapsrv_service; + conn->sockets.raw = c->socket; c->private = conn; @@ -351,6 +352,7 @@ static void ldapsrv_accept(struct stream_connection *c) talloc_unlink(c, c->socket); talloc_steal(c, tls_socket); c->socket = tls_socket; + conn->sockets.tls = tls_socket; } else if (port == 3268) /* Global catalog */ { conn->global_catalog = True; diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h index c35f62f134..243f5bd559 100644 --- a/source4/ldap_server/ldap_server.h +++ b/source4/ldap_server/ldap_server.h @@ -31,6 +31,12 @@ struct ldapsrv_connection { struct cli_credentials *server_credentials; struct ldb_context *ldb; + struct { + struct socket_context *raw; + struct socket_context *tls; + struct socket_context *sasl; + } sockets; + BOOL global_catalog; struct packet_context *packet; @@ -57,8 +63,6 @@ struct ldapsrv_call { void *send_private; }; -struct ldapsrv_service; - struct ldapsrv_service { struct tls_params *tls_params; }; |