diff options
| author | bubulle <bubulle@alioth.debian.org> | 2011-06-07 20:43:08 +0000 |
|---|---|---|
| committer | bubulle <bubulle@alioth.debian.org> | 2011-06-07 20:43:08 +0000 |
| commit | e64520a9ed05c9782a6e8ca8015fdef01b92ecc3 (patch) | |
| tree | fc3a71a0b741cbcc6a5a892f91cc0f2218dfe656 /source4/ldap_server/ldap_extended.c | |
| parent | 6fe9013ae23927a67fa6b6033e2711cef99b3533 (diff) | |
| download | samba-e64520a9ed05c9782a6e8ca8015fdef01b92ecc3.tar.gz | |
Revert upstream branch to 3.5.8....oops
git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/upstream@3810 fc4039ab-9d04-0410-8cac-899223bdd6b0
Diffstat (limited to 'source4/ldap_server/ldap_extended.c')
| -rw-r--r-- | source4/ldap_server/ldap_extended.c | 108 |
1 files changed, 24 insertions, 84 deletions
diff --git a/source4/ldap_server/ldap_extended.c b/source4/ldap_server/ldap_extended.c index f70b8084d7..6d630b4922 100644 --- a/source4/ldap_server/ldap_extended.c +++ b/source4/ldap_server/ldap_extended.c @@ -20,93 +20,31 @@ #include "includes.h" #include "ldap_server/ldap_server.h" #include "../lib/util/dlinklist.h" +#include "libcli/ldap/ldap.h" #include "lib/tls/tls.h" #include "smbd/service_stream.h" -#include "../lib/util/tevent_ntstatus.h" -struct ldapsrv_starttls_postprocess_context { +struct ldapsrv_starttls_context { struct ldapsrv_connection *conn; + struct socket_context *tls_socket; }; -struct ldapsrv_starttls_postprocess_state { - struct ldapsrv_connection *conn; -}; - -static void ldapsrv_starttls_postprocess_done(struct tevent_req *subreq); - -static struct tevent_req *ldapsrv_starttls_postprocess_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - void *private_data) -{ - struct ldapsrv_starttls_postprocess_context *context = - talloc_get_type_abort(private_data, - struct ldapsrv_starttls_postprocess_context); - struct ldapsrv_connection *conn = context->conn; - struct tevent_req *req; - struct ldapsrv_starttls_postprocess_state *state; - struct tevent_req *subreq; - - req = tevent_req_create(mem_ctx, &state, - struct ldapsrv_starttls_postprocess_state); - if (req == NULL) { - return NULL; - } - - state->conn = conn; - - subreq = tstream_tls_accept_send(conn, - conn->connection->event.ctx, - conn->sockets.raw, - conn->service->tls_params); - if (tevent_req_nomem(subreq, req)) { - return tevent_req_post(req, ev); - } - tevent_req_set_callback(subreq, ldapsrv_starttls_postprocess_done, req); - - return req; -} - -static void ldapsrv_starttls_postprocess_done(struct tevent_req *subreq) +static void ldapsrv_start_tls(void *private_data) { - struct tevent_req *req = - tevent_req_callback_data(subreq, - struct tevent_req); - struct ldapsrv_starttls_postprocess_state *state = - tevent_req_data(req, - struct ldapsrv_starttls_postprocess_state); - struct ldapsrv_connection *conn = state->conn; - int ret; - int sys_errno; - - ret = tstream_tls_accept_recv(subreq, &sys_errno, - conn, &conn->sockets.tls); - TALLOC_FREE(subreq); - if (ret == -1) { - NTSTATUS status = map_nt_error_from_unix(sys_errno); - - DEBUG(1,("ldapsrv_starttls_postprocess_done: accept_tls_loop: " - "tstream_tls_accept_recv() - %d:%s => %s", - sys_errno, strerror(sys_errno), nt_errstr(status))); - - tevent_req_nterror(req, status); - return; - } - - conn->sockets.active = conn->sockets.tls; - - tevent_req_done(req); -} + struct ldapsrv_starttls_context *ctx = talloc_get_type(private_data, struct ldapsrv_starttls_context); + talloc_steal(ctx->conn->connection, ctx->tls_socket); -static NTSTATUS ldapsrv_starttls_postprocess_recv(struct tevent_req *req) -{ - return tevent_req_simple_recv_ntstatus(req); + ctx->conn->sockets.tls = ctx->tls_socket; + ctx->conn->connection->socket = ctx->tls_socket; + packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket); + packet_set_unreliable_select(ctx->conn->packet); } static NTSTATUS ldapsrv_StartTLS(struct ldapsrv_call *call, struct ldapsrv_reply *reply, const char **errstr) { - struct ldapsrv_starttls_postprocess_context *context; + struct ldapsrv_starttls_context *ctx; (*errstr) = NULL; @@ -121,19 +59,21 @@ static NTSTATUS ldapsrv_StartTLS(struct ldapsrv_call *call, return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR); } - if (call->conn->sockets.sasl) { - (*errstr) = talloc_asprintf(reply, "START-TLS: SASL is already enabled on this LDAP session"); + ctx = talloc(call, struct ldapsrv_starttls_context); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + ctx->conn = call->conn; + ctx->tls_socket = tls_init_server(call->conn->service->tls_params, + call->conn->connection->socket, + call->conn->connection->event.fde, + NULL); + if (!ctx->tls_socket) { + (*errstr) = talloc_asprintf(reply, "START-TLS: Failed to setup TLS socket"); return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR); } - context = talloc(call, struct ldapsrv_starttls_postprocess_context); - NT_STATUS_HAVE_NO_MEMORY(context); - - context->conn = call->conn; - - call->postprocess_send = ldapsrv_starttls_postprocess_send; - call->postprocess_recv = ldapsrv_starttls_postprocess_recv; - call->postprocess_private = context; + call->send_callback = ldapsrv_start_tls; + call->send_private = ctx; reply->msg->r.ExtendedResponse.response.resultcode = LDAP_SUCCESS; reply->msg->r.ExtendedResponse.response.errormessage = NULL; @@ -164,7 +104,7 @@ NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call) int result = LDAP_PROTOCOL_ERROR; const char *error_str = NULL; NTSTATUS status = NT_STATUS_OK; - unsigned int i; + uint32_t i; DEBUG(10, ("Extended\n")); |