diff options
author | Sumit Bose <sbose@redhat.com> | 2009-09-16 13:02:47 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-09-16 13:29:08 -0400 |
commit | ed615a8b7a3053f12b557bd73e4fb1d56f7d2c8e (patch) | |
tree | ad9dccac1d933b5e4dc7f2972b94aea91a5beed6 /server | |
parent | cc98edd9479d4622634a1275c98058916c14059a (diff) | |
download | sssd-ed615a8b7a3053f12b557bd73e4fb1d56f7d2c8e.tar.gz sssd-ed615a8b7a3053f12b557bd73e4fb1d56f7d2c8e.tar.bz2 sssd-ed615a8b7a3053f12b557bd73e4fb1d56f7d2c8e.zip |
Check if SSL/TLS handler is already in place
Authentication against a LDAP server should always use an
encrypted connection. To acchive this the LDAP provider calls
ldap_start_tls which will fail if the connection is already
encrypted, e.g. if an ldaps tunnel is already established.
Because the error message from ldap_start_tls is not specific we
check the status with ldap_tls_inplace before calling ldap_start_tls.
Diffstat (limited to 'server')
-rw-r--r-- | server/providers/ldap/sdap_async.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c index 1a0faf4e..6ab88679 100644 --- a/server/providers/ldap/sdap_async.c +++ b/server/providers/ldap/sdap_async.c @@ -578,10 +578,17 @@ static void sdap_connect_done(struct sdap_op *op, DEBUG(3, ("START TLS result: %s(%d), %s\n", ldap_err2string(state->result), state->result, errmsg)); + if (ldap_tls_inplace(state->sh->ldap)) { + DEBUG(9, ("SSL/TLS handler already in place.\n")); + tevent_req_done(req); + return; + } + /* FIXME: take care that ldap_install_tls might block */ ret = ldap_install_tls(state->sh->ldap); if (ret != LDAP_SUCCESS) { - DEBUG(1, ("ldap_install_tls failed.\n")); + DEBUG(1, ("ldap_install_tls failed: [%d][%s]\n", ret, + ldap_err2string(ret))); state->result = ret; tevent_req_error(req, EIO); return; |