From 7a17da2186c628f0d8e8a43ca34320b0f10d9d8f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 19 Jun 2005 11:10:15 +0000 Subject: r7751: only enable tls on the ldaps port in ldap server, and reject non-tls connections on that port (This used to be commit 30da6a1cc41308a16a486111887f45bcf598f064) --- source4/ldap_server/ldap_server.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/ldap_server/ldap_server.c') diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 5ac50bd514..88df0ed876 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -330,6 +330,7 @@ static void ldapsrv_accept(struct stream_connection *c) struct ldapsrv_service *ldapsrv_service = talloc_get_type(c->private, struct ldapsrv_service); struct ldapsrv_connection *conn; + int port; conn = talloc_zero(c, struct ldapsrv_connection); if (conn == NULL) goto failed; @@ -341,10 +342,12 @@ static void ldapsrv_accept(struct stream_connection *c) conn->service = talloc_get_type(c->private, struct ldapsrv_service); c->private = conn; + port = socket_get_my_port(c->socket); + /* note that '0' is a ASN1_SEQUENCE(0), which is the first byte on any ldap connection */ conn->tls = tls_init_server(ldapsrv_service->tls_params, c->socket, - c->event.fde, "0"); + c->event.fde, NULL, port != 389); if (conn->tls == NULL) goto failed; return; -- cgit