Changed ldap_pvt_tls_get_my_dn and ldap_pvt_tls_get_peer_dn to store result

in dn parameter and return a result code. Changed dnX509peerNormalize as above. Added debug message on failure to retrieve client DN.
2025-02-17 14:00:30 +08:00 · 2002-04-30 13:52:49 +00:00 · 2002-04-30 13:52:49 +00:00 · 0f966d2fdb
commit 0f966d2fdb
parent de3e81cebb
3 changed files with 21 additions and 8 deletions
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@ -1189,7 +1189,7 @@ int connection_read(ber_socket_t s)

 		} else if ( rc == 0 ) {
 			void *ssl;
-			char *authid;
+			struct berval authid;

 			c->c_needs_tls_accept = 0;

@ -1201,9 +1201,21 @@ int connection_read(ber_socket_t s)
 				c->c_ssf = c->c_tls_ssf;
 			}

-			authid = dnX509peerNormalize( ssl );
-			slap_sasl_external( c, c->c_tls_ssf, authid );
-			if ( authid )	free( authid );
+			rc = dnX509peerNormalize( ssl, &authid );
+			if ( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG(( "connection", LDAP_LEVEL_INFO,
+				"connection_read: conn %lu unable to get TLS client DN, error %d\n",
+					c->c_connid, rc));
+#else
+				Debug( LDAP_DEBUG_TRACE,
+				"connection_read(%d): unable to get TLS client DN "
+				"error=%d id=%lu\n",
+				s, rc, c->c_connid );
+#endif
+			}
+			slap_sasl_external( c, c->c_tls_ssf, authid.bv_val );
+			if ( authid.bv_val )	free( authid.bv_val );
 		}
 		connection_return( c );
 		ldap_pvt_thread_mutex_unlock( &connections_mutex );
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@ -844,9 +844,10 @@ dnX509normalize( void *x509_name, struct berval *out )
 /*
 * Get the TLS session's peer's DN into a normalized LDAP DN
 */
-char *
-dnX509peerNormalize( void *ssl )
+int
+dnX509peerNormalize( void *ssl, struct berval *dn )
 {
-	return ldap_pvt_tls_get_peer_dn( ssl, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
+
+	return ldap_pvt_tls_get_peer_dn( ssl, dn, (LDAPDN_rewrite_dummy *)LDAPDN_rewrite, 0 );
 }
 #endif
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@ -406,7 +406,7 @@ LDAP_SLAPD_F (void) dnParent LDAP_P(( struct berval *dn, struct berval *pdn ));

 LDAP_SLAPD_F (int) dnX509normalize LDAP_P(( void *x509_name, struct berval *out ));

-LDAP_SLAPD_F (char *) dnX509peerNormalize LDAP_P(( void *ssl ));
+LDAP_SLAPD_F (int) dnX509peerNormalize LDAP_P(( void *ssl, struct berval *dn ));

 /*
 * entry.c