Use new TLS SSL_CTX support

This commit is contained in:
Howard Chu 2006-04-07 01:25:46 +00:00
parent 9693c800bf
commit 76bf5d4c76
3 changed files with 28 additions and 18 deletions

View File

@ -2796,8 +2796,9 @@ config_include(ConfigArgs *c) {
static int
config_tls_option(ConfigArgs *c) {
int flag;
LDAP *ld = slap_tls_ld;
switch(c->type) {
case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; break;
case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; ld = NULL; break;
case CFG_TLS_CIPHER: flag = LDAP_OPT_X_TLS_CIPHER_SUITE; break;
case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE; break;
case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break;
@ -2810,12 +2811,12 @@ config_tls_option(ConfigArgs *c) {
return 1;
}
if (c->op == SLAP_CONFIG_EMIT) {
return ldap_pvt_tls_get_option( NULL, flag, &c->value_string );
return ldap_pvt_tls_get_option( ld, flag, &c->value_string );
} else if ( c->op == LDAP_MOD_DELETE ) {
return ldap_pvt_tls_set_option( NULL, flag, NULL );
return ldap_pvt_tls_set_option( ld, flag, NULL );
}
ch_free(c->value_string);
return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
return(ldap_pvt_tls_set_option(ld, flag, c->argv[1]));
}
/* FIXME: this ought to be provided by libldap */
@ -2845,7 +2846,7 @@ config_tls_config(ConfigArgs *c) {
return 1;
}
if (c->op == SLAP_CONFIG_EMIT) {
ldap_pvt_tls_get_option( NULL, flag, &c->value_int );
ldap_pvt_tls_get_option( slap_tls_ld, flag, &c->value_int );
for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
if (keys[i].mask == c->value_int) {
c->value_string = ch_strdup( keys[i].word.bv_val );
@ -2855,7 +2856,7 @@ config_tls_config(ConfigArgs *c) {
return 1;
} else if ( c->op == LDAP_MOD_DELETE ) {
int i = 0;
return ldap_pvt_tls_set_option( NULL, flag, &i );
return ldap_pvt_tls_set_option( slap_tls_ld, flag, &i );
}
ch_free( c->value_string );
if ( isdigit( (unsigned char)c->argv[1][0] ) ) {
@ -2865,9 +2866,9 @@ config_tls_config(ConfigArgs *c) {
c->log, c->argv[0], c->argv[1] );
return 1;
}
return(ldap_pvt_tls_set_option(NULL, flag, &i));
return(ldap_pvt_tls_set_option(slap_tls_ld, flag, &i));
} else {
return(ldap_int_tls_config(NULL, flag, c->argv[1]));
return(ldap_int_tls_config(slap_tls_ld, flag, c->argv[1]));
}
}
#endif

View File

@ -104,6 +104,7 @@ static int check = CHECK_NONE;
static int version = 0;
void *slap_tls_ctx;
LDAP *slap_tls_ld;
#ifdef LOG_LOCAL4
#define DEFAULT_SYSLOG_USER LOG_LOCAL4
@ -706,6 +707,14 @@ unhandled_option:;
lutil_passwd_init();
slap_op_init();
#ifdef HAVE_TLS
rc = ldap_create( &slap_tls_ld );
if ( rc ) {
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
goto destroy;
}
#endif
rc = slap_init( serverMode, serverName );
if ( rc ) {
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 18 );
@ -776,19 +785,13 @@ unhandled_option:;
}
{
void *def_ctx = NULL;
/* Save existing default ctx, if any */
ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &def_ctx );
int opt = 1;
/* Force new ctx to be created */
ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, NULL );
rc = ldap_pvt_tls_init_def_ctx( 1 );
rc = ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
if( rc == 0 ) {
ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
/* Restore previous ctx */
ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, def_ctx );
/* The ctx's refcount is bumped up here */
ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
load_extop( &slap_EXOP_START_TLS, 0, starttls_extop );
} else if ( rc != LDAP_NOT_SUPPORTED ) {
Debug( LDAP_DEBUG_ANY,
@ -957,6 +960,11 @@ stop:
lutil_passwd_destroy();
#ifdef HAVE_TLS
/* Setting it to itself decreases refcount, allowing it to be freed
* when the LD is freed.
*/
ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, slap_tls_ctx );
ldap_ld_free( slap_tls_ld, 0, NULL, NULL );
ldap_pvt_tls_destroy();
#endif

View File

@ -944,6 +944,7 @@ LDAP_SLAPD_V( const struct berval ) slap_true_bv;
LDAP_SLAPD_V( const struct berval ) slap_false_bv;
LDAP_SLAPD_V( struct slap_sync_cookie_s ) slap_sync_cookie;
LDAP_SLAPD_V( void * ) slap_tls_ctx;
LDAP_SLAPD_V( LDAP * ) slap_tls_ld;
/*
* index.c