- we need this to later:
- to disallow a StartTLS when TLS is already in use
- to place the TLS socket between the raw and sasl socket
when we had a sasl bind before the StartTLS
- and rfc4513 says that the server may allow to remove the TLS from
the tcp connection again and reuse raw tcp
- and also a 2nd sasl bind should replace the old sasl socket
metze
(This used to be commit
10cb9c07ac60b03472f2b0b09c4581cc715002ba)
talloc_steal(ctx->conn->connection, ctx->tls_socket);
talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
+ ctx->conn->sockets.tls = ctx->tls_socket;
ctx->conn->connection->socket = ctx->tls_socket;
packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
}
/* check if we have a START_TLS call */
if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) {
- NTSTATUS status;
struct ldapsrv_starttls_context *ctx;
int result = 0;
const char *errstr;
talloc_steal(ctx->conn->connection, ctx->sasl_socket);
talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
+ ctx->conn->sockets.sasl = ctx->sasl_socket;
ctx->conn->connection->socket = ctx->sasl_socket;
packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
}
conn->packet = NULL;
conn->connection = c;
conn->service = ldapsrv_service;
+ conn->sockets.raw = c->socket;
c->private = conn;
talloc_unlink(c, c->socket);
talloc_steal(c, tls_socket);
c->socket = tls_socket;
+ conn->sockets.tls = tls_socket;
} else if (port == 3268) /* Global catalog */ {
conn->global_catalog = True;
struct cli_credentials *server_credentials;
struct ldb_context *ldb;
+ struct {
+ struct socket_context *raw;
+ struct socket_context *tls;
+ struct socket_context *sasl;
+ } sockets;
+
BOOL global_catalog;
struct packet_context *packet;
void *send_private;
};
-struct ldapsrv_service;
-
struct ldapsrv_service {
struct tls_params *tls_params;
};