summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-09-16 13:02:47 +0200
committerStephen Gallagher <sgallagh@redhat.com>2009-09-16 13:29:08 -0400
commited615a8b7a3053f12b557bd73e4fb1d56f7d2c8e (patch)
treead9dccac1d933b5e4dc7f2972b94aea91a5beed6 /server
parentcc98edd9479d4622634a1275c98058916c14059a (diff)
downloadsssd-ed615a8b7a3053f12b557bd73e4fb1d56f7d2c8e.tar.gz
sssd-ed615a8b7a3053f12b557bd73e4fb1d56f7d2c8e.tar.bz2
sssd-ed615a8b7a3053f12b557bd73e4fb1d56f7d2c8e.zip
Check if SSL/TLS handler is already in place
Authentication against a LDAP server should always use an encrypted connection. To acchive this the LDAP provider calls ldap_start_tls which will fail if the connection is already encrypted, e.g. if an ldaps tunnel is already established. Because the error message from ldap_start_tls is not specific we check the status with ldap_tls_inplace before calling ldap_start_tls.
Diffstat (limited to 'server')
-rw-r--r--server/providers/ldap/sdap_async.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c
index 1a0faf4e..6ab88679 100644
--- a/server/providers/ldap/sdap_async.c
+++ b/server/providers/ldap/sdap_async.c
@@ -578,10 +578,17 @@ static void sdap_connect_done(struct sdap_op *op,
DEBUG(3, ("START TLS result: %s(%d), %s\n",
ldap_err2string(state->result), state->result, errmsg));
+ if (ldap_tls_inplace(state->sh->ldap)) {
+ DEBUG(9, ("SSL/TLS handler already in place.\n"));
+ tevent_req_done(req);
+ return;
+ }
+
/* FIXME: take care that ldap_install_tls might block */
ret = ldap_install_tls(state->sh->ldap);
if (ret != LDAP_SUCCESS) {
- DEBUG(1, ("ldap_install_tls failed.\n"));
+ DEBUG(1, ("ldap_install_tls failed: [%d][%s]\n", ret,
+ ldap_err2string(ret)));
state->result = ret;
tevent_req_error(req, EIO);
return;