git.samba.org / kamenim / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ec8d486)
r17237: - keep pointer to the different sockets
authorStefan Metzmacher <metze@samba.org>
Tue, 25 Jul 2006 19:20:04 +0000 (19:20 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 19:10:22 +0000 (14:10 -0500)
- we need this to later:
  - to disallow a StartTLS when TLS is already in use
  - to place the TLS socket between the raw and sasl socket
    when we had a sasl bind before the StartTLS
  - and rfc4513 says that the server may allow to remove the TLS from
    the tcp connection again and reuse raw tcp
  - and also a 2nd sasl bind should replace the old sasl socket

metze
(This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)

source4/ldap_server/ldap_backend.c patch | blob | history
source4/ldap_server/ldap_bind.c patch | blob | history
source4/ldap_server/ldap_server.c patch | blob | history
source4/ldap_server/ldap_server.h patch | blob | history

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index d6aeedfde8ff664a1f447797e0281eb530e96a22..5f51a0a157f3f07124073cb310e36151defa7904 100644 (file)
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -747,6 +747,7 @@ static void ldapsrv_start_tls(void *private)
        talloc_steal(ctx->conn->connection, ctx->tls_socket);
        talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
 
+       ctx->conn->sockets.tls = ctx->tls_socket;
        ctx->conn->connection->socket = ctx->tls_socket;
        packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
 }
@@ -767,7 +768,6 @@ static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
 
        /* check if we have a START_TLS call */
        if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) {
-               NTSTATUS status;
                struct ldapsrv_starttls_context *ctx;
                int result = 0;
                const char *errstr;
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 0e7a147e5229c2cd806785effbff8a16e66abb37..60783df4df849c464a71666b3e0f45fe7b735506 100644 (file)
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -101,6 +101,7 @@ static void ldapsrv_set_sasl(void *private)
        talloc_steal(ctx->conn->connection, ctx->sasl_socket);
        talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
 
+       ctx->conn->sockets.sasl = ctx->sasl_socket;
        ctx->conn->connection->socket = ctx->sasl_socket;
        packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
 }
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 7807a936669f5869598c408f374dc0938da692af..8aacbb63693927da23e3da98faee63fbead9e823 100644 (file)
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -330,6 +330,7 @@ static void ldapsrv_accept(struct stream_connection *c)
        conn->packet      = NULL;
        conn->connection  = c;
        conn->service     = ldapsrv_service;
+       conn->sockets.raw = c->socket;
 
        c->private        = conn;
 
@@ -351,6 +352,7 @@ static void ldapsrv_accept(struct stream_connection *c)
                talloc_unlink(c, c->socket);
                talloc_steal(c, tls_socket);
                c->socket = tls_socket;
+               conn->sockets.tls = tls_socket;
 
        } else if (port == 3268) /* Global catalog */ {
                conn->global_catalog = True;
diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h
index c35f62f134987ffb680928bfeb9545c0b1fa9679..243f5bd559f07b3466f630a9e961f79c18e064aa 100644 (file)
--- a/source4/ldap_server/ldap_server.h
+++ b/source4/ldap_server/ldap_server.h
@@ -31,6 +31,12 @@ struct ldapsrv_connection {
        struct cli_credentials *server_credentials;
        struct ldb_context *ldb;
 
+       struct {
+               struct socket_context *raw;
+               struct socket_context *tls;
+               struct socket_context *sasl;
+       } sockets;
+
        BOOL global_catalog;
 
        struct packet_context *packet;
@@ -57,8 +63,6 @@ struct ldapsrv_call {
        void *send_private;
 };
 
-struct ldapsrv_service;
-
 struct ldapsrv_service {
        struct tls_params *tls_params;
 };
kamenim's wip repo