mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-03-13 14:27:59 +08:00
Use new TLS SSL_CTX support
This commit is contained in:
parent
9693c800bf
commit
76bf5d4c76
@ -2796,8 +2796,9 @@ config_include(ConfigArgs *c) {
|
||||
static int
|
||||
config_tls_option(ConfigArgs *c) {
|
||||
int flag;
|
||||
LDAP *ld = slap_tls_ld;
|
||||
switch(c->type) {
|
||||
case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; break;
|
||||
case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; ld = NULL; break;
|
||||
case CFG_TLS_CIPHER: flag = LDAP_OPT_X_TLS_CIPHER_SUITE; break;
|
||||
case CFG_TLS_CERT_FILE: flag = LDAP_OPT_X_TLS_CERTFILE; break;
|
||||
case CFG_TLS_CERT_KEY: flag = LDAP_OPT_X_TLS_KEYFILE; break;
|
||||
@ -2810,12 +2811,12 @@ config_tls_option(ConfigArgs *c) {
|
||||
return 1;
|
||||
}
|
||||
if (c->op == SLAP_CONFIG_EMIT) {
|
||||
return ldap_pvt_tls_get_option( NULL, flag, &c->value_string );
|
||||
return ldap_pvt_tls_get_option( ld, flag, &c->value_string );
|
||||
} else if ( c->op == LDAP_MOD_DELETE ) {
|
||||
return ldap_pvt_tls_set_option( NULL, flag, NULL );
|
||||
return ldap_pvt_tls_set_option( ld, flag, NULL );
|
||||
}
|
||||
ch_free(c->value_string);
|
||||
return(ldap_pvt_tls_set_option(NULL, flag, c->argv[1]));
|
||||
return(ldap_pvt_tls_set_option(ld, flag, c->argv[1]));
|
||||
}
|
||||
|
||||
/* FIXME: this ought to be provided by libldap */
|
||||
@ -2845,7 +2846,7 @@ config_tls_config(ConfigArgs *c) {
|
||||
return 1;
|
||||
}
|
||||
if (c->op == SLAP_CONFIG_EMIT) {
|
||||
ldap_pvt_tls_get_option( NULL, flag, &c->value_int );
|
||||
ldap_pvt_tls_get_option( slap_tls_ld, flag, &c->value_int );
|
||||
for (i=0; !BER_BVISNULL(&keys[i].word); i++) {
|
||||
if (keys[i].mask == c->value_int) {
|
||||
c->value_string = ch_strdup( keys[i].word.bv_val );
|
||||
@ -2855,7 +2856,7 @@ config_tls_config(ConfigArgs *c) {
|
||||
return 1;
|
||||
} else if ( c->op == LDAP_MOD_DELETE ) {
|
||||
int i = 0;
|
||||
return ldap_pvt_tls_set_option( NULL, flag, &i );
|
||||
return ldap_pvt_tls_set_option( slap_tls_ld, flag, &i );
|
||||
}
|
||||
ch_free( c->value_string );
|
||||
if ( isdigit( (unsigned char)c->argv[1][0] ) ) {
|
||||
@ -2865,9 +2866,9 @@ config_tls_config(ConfigArgs *c) {
|
||||
c->log, c->argv[0], c->argv[1] );
|
||||
return 1;
|
||||
}
|
||||
return(ldap_pvt_tls_set_option(NULL, flag, &i));
|
||||
return(ldap_pvt_tls_set_option(slap_tls_ld, flag, &i));
|
||||
} else {
|
||||
return(ldap_int_tls_config(NULL, flag, c->argv[1]));
|
||||
return(ldap_int_tls_config(slap_tls_ld, flag, c->argv[1]));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -104,6 +104,7 @@ static int check = CHECK_NONE;
|
||||
static int version = 0;
|
||||
|
||||
void *slap_tls_ctx;
|
||||
LDAP *slap_tls_ld;
|
||||
|
||||
#ifdef LOG_LOCAL4
|
||||
#define DEFAULT_SYSLOG_USER LOG_LOCAL4
|
||||
@ -706,6 +707,14 @@ unhandled_option:;
|
||||
lutil_passwd_init();
|
||||
slap_op_init();
|
||||
|
||||
#ifdef HAVE_TLS
|
||||
rc = ldap_create( &slap_tls_ld );
|
||||
if ( rc ) {
|
||||
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 20 );
|
||||
goto destroy;
|
||||
}
|
||||
#endif
|
||||
|
||||
rc = slap_init( serverMode, serverName );
|
||||
if ( rc ) {
|
||||
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 18 );
|
||||
@ -776,19 +785,13 @@ unhandled_option:;
|
||||
}
|
||||
|
||||
{
|
||||
void *def_ctx = NULL;
|
||||
|
||||
/* Save existing default ctx, if any */
|
||||
ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &def_ctx );
|
||||
int opt = 1;
|
||||
|
||||
/* Force new ctx to be created */
|
||||
ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, NULL );
|
||||
|
||||
rc = ldap_pvt_tls_init_def_ctx( 1 );
|
||||
rc = ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
|
||||
if( rc == 0 ) {
|
||||
ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
|
||||
/* Restore previous ctx */
|
||||
ldap_pvt_tls_set_option( NULL, LDAP_OPT_X_TLS_CTX, def_ctx );
|
||||
/* The ctx's refcount is bumped up here */
|
||||
ldap_pvt_tls_get_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, &slap_tls_ctx );
|
||||
load_extop( &slap_EXOP_START_TLS, 0, starttls_extop );
|
||||
} else if ( rc != LDAP_NOT_SUPPORTED ) {
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
@ -957,6 +960,11 @@ stop:
|
||||
lutil_passwd_destroy();
|
||||
|
||||
#ifdef HAVE_TLS
|
||||
/* Setting it to itself decreases refcount, allowing it to be freed
|
||||
* when the LD is freed.
|
||||
*/
|
||||
ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, slap_tls_ctx );
|
||||
ldap_ld_free( slap_tls_ld, 0, NULL, NULL );
|
||||
ldap_pvt_tls_destroy();
|
||||
#endif
|
||||
|
||||
|
@ -944,6 +944,7 @@ LDAP_SLAPD_V( const struct berval ) slap_true_bv;
|
||||
LDAP_SLAPD_V( const struct berval ) slap_false_bv;
|
||||
LDAP_SLAPD_V( struct slap_sync_cookie_s ) slap_sync_cookie;
|
||||
LDAP_SLAPD_V( void * ) slap_tls_ctx;
|
||||
LDAP_SLAPD_V( LDAP * ) slap_tls_ld;
|
||||
|
||||
/*
|
||||
* index.c
|
||||
|
Loading…
x
Reference in New Issue
Block a user