From 7a17da2186c628f0d8e8a43ca34320b0f10d9d8f Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 19 Jun 2005 11:10:15 +0000
Subject: r7751: only enable tls on the ldaps port in ldap server, and reject
 non-tls connections on that port (This used to be commit
 30da6a1cc41308a16a486111887f45bcf598f064)

---
 source4/lib/tls/tls.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'source4/lib/tls/tls.c')

diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 559a54a2f0..86a2ca0f0b 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -332,7 +332,8 @@ init_failed:
 struct tls_context *tls_init_server(struct tls_params *params, 
 				    struct socket_context *socket,
 				    struct fd_event *fde, 
-				    const char *plain_chars)
+				    const char *plain_chars,
+				    BOOL tls_enable)
 {
 	struct tls_context *tls;
 	int ret;
@@ -343,7 +344,7 @@ struct tls_context *tls_init_server(struct tls_params *params,
 	tls->socket          = socket;
 	tls->fde             = fde;
 
-	if (!params->tls_enabled) {
+	if (!params->tls_enabled || !tls_enable) {
 		tls->tls_enabled = False;
 		return tls;
 	}
@@ -402,7 +403,6 @@ BOOL tls_support(struct tls_params *params)
 	return params->tls_enabled;
 }
 
-
 #else
 
 /* for systems without tls we just map the tls socket calls to the
@@ -416,7 +416,8 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx)
 struct tls_context *tls_init_server(struct tls_params *params, 
 				    struct socket_context *sock, 
 				    struct fd_event *fde,
-				    const char *plain_chars)
+				    const char *plain_chars,
+				    BOOL tls_enable)
 {
 	if (plain_chars == NULL) return NULL;
 	return (struct tls_context *)sock;
-- 
cgit