From 4cdcc1789363907f850a05c4b3349746c710ebf0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 25 Jul 2006 19:20:04 +0000
Subject: r17237: - keep pointer to the different sockets - we need this to
 later:   - to disallow a StartTLS when TLS is already in use   - to place the
 TLS socket between the raw and sasl socket     when we had a sasl bind before
 the StartTLS   - and rfc4513 says that the server may allow to remove the TLS
 from     the tcp connection again and reuse raw tcp   - and also a 2nd sasl
 bind should replace the old sasl socket

metze
(This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
---
 source4/ldap_server/ldap_backend.c | 2 +-
 source4/ldap_server/ldap_bind.c    | 1 +
 source4/ldap_server/ldap_server.c  | 2 ++
 source4/ldap_server/ldap_server.h  | 8 ++++++--
 4 files changed, 10 insertions(+), 3 deletions(-)

(limited to 'source4/ldap_server')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index d6aeedfde8..5f51a0a157 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -747,6 +747,7 @@ static void ldapsrv_start_tls(void *private)
 	talloc_steal(ctx->conn->connection, ctx->tls_socket);
 	talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
 
+	ctx->conn->sockets.tls = ctx->tls_socket;
 	ctx->conn->connection->socket = ctx->tls_socket;
 	packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
 }
@@ -767,7 +768,6 @@ static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
 
 	/* check if we have a START_TLS call */
 	if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) {
-		NTSTATUS status;
 		struct ldapsrv_starttls_context *ctx;
 		int result = 0;
 		const char *errstr;
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 0e7a147e52..60783df4df 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -101,6 +101,7 @@ static void ldapsrv_set_sasl(void *private)
 	talloc_steal(ctx->conn->connection, ctx->sasl_socket);
 	talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
 
+	ctx->conn->sockets.sasl = ctx->sasl_socket;
 	ctx->conn->connection->socket = ctx->sasl_socket;
 	packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
 }
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 7807a93666..8aacbb6369 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -330,6 +330,7 @@ static void ldapsrv_accept(struct stream_connection *c)
 	conn->packet      = NULL;
 	conn->connection  = c;
 	conn->service     = ldapsrv_service;
+	conn->sockets.raw = c->socket;
 
 	c->private        = conn;
 
@@ -351,6 +352,7 @@ static void ldapsrv_accept(struct stream_connection *c)
 		talloc_unlink(c, c->socket);
 		talloc_steal(c, tls_socket);
 		c->socket = tls_socket;
+		conn->sockets.tls = tls_socket;
 
 	} else if (port == 3268) /* Global catalog */ {
 		conn->global_catalog = True;
diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h
index c35f62f134..243f5bd559 100644
--- a/source4/ldap_server/ldap_server.h
+++ b/source4/ldap_server/ldap_server.h
@@ -31,6 +31,12 @@ struct ldapsrv_connection {
 	struct cli_credentials *server_credentials;
 	struct ldb_context *ldb;
 
+	struct {
+		struct socket_context *raw;
+		struct socket_context *tls;
+		struct socket_context *sasl;
+	} sockets;
+
 	BOOL global_catalog;
 
 	struct packet_context *packet;
@@ -57,8 +63,6 @@ struct ldapsrv_call {
 	void *send_private;
 };
 
-struct ldapsrv_service;
-
 struct ldapsrv_service {
 	struct tls_params *tls_params;
 };
-- 
cgit