enable tls-related code only if available; import fix for asynchronous starttls from back-ldap

2025-01-06 10:46:21 +08:00 · 2005-02-27 17:20:04 +00:00 · 2005-02-27 17:20:04 +00:00 · d7a5355176
commit d7a5355176
parent f9b2a8a1d2
1 changed files with 40 additions and 16 deletions
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@ -220,20 +220,25 @@ init_one_conn(
 		ldap_set_option( lsc->msc_ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );
 	}

+#ifdef HAVE_TLS
 	/* start TLS ("start-tls"/"try-start-tls" statements) */
 	if ( ( LDAP_BACK_USE_TLS( li ) || ( op->o_conn->c_is_tls && LDAP_BACK_PROPAGATE_TLS( li ) ) )
 			&& !ldap_is_ldaps_url( lt->mt_uri ) )
 	{
-#if 0
-		int		rc, msgid;
-		LDAPMessage	*res;
-		int		retries = 1;
+#if 1
+		/*
+		 * use asynchronous StartTLS
+		 * in case, chase referral (not implemented yet)
+		 */
+		int		msgid;

-retry:;
-		rc = ldap_start_tls( lsc->msc_ld, NULL, NULL, &msgid );
-		if ( rc == LDAP_SUCCESS ) {
+		rs->sr_err = ldap_start_tls( lsc->msc_ld, NULL, NULL, &msgid );
+		if ( rs->sr_err == LDAP_SUCCESS ) {
+			LDAPMessage	*res = NULL;
+			int		rc, retries = 1;
 			struct timeval	tv = { 0, 0 };

+retry:;
 			rc = ldap_result( lsc->msc_ld, msgid, LDAP_MSG_ALL, &tv, &res );
 			if ( rc < 0 ) {
 				rs->sr_err = LDAP_OTHER;
@ -247,29 +252,47 @@ retry:;
 				}
 				rs->sr_err = LDAP_OTHER;

-			} else {
-				if ( rc == LDAP_RES_EXTENDED ) {
-					rc = ldap_parse_result( lsc->msc_ld, res,
-						&rs->sr_err, NULL, NULL, NULL, NULL, 1 );
-					if ( rc != LDAP_SUCCESS ) {
-						rs->sr_err = rc;
+			} else if ( rc == LDAP_RES_EXTENDED ) {
+				struct berval	*data = NULL;

+				rs->sr_err = ldap_parse_extended_result( lsc->msc_ld, res,
+						NULL, &data, 0 );
+				if ( rs->sr_err == LDAP_SUCCESS ) {
+					rs->sr_err = ldap_result2error( lsc->msc_ld, res, 1 );
+					res = NULL;
+					
 					/* FIXME: in case a referral 
 					 * is returned, should we try
 					 * using it instead of the 
 					 * configured URI? */
+					if ( rs->sr_err == LDAP_SUCCESS ) {
+						ldap_install_tls( lsc->msc_ld );
+
 					} else if ( rs->sr_err == LDAP_REFERRAL ) {
 						rs->sr_err = LDAP_OTHER;
 						rs->sr_text = "unwilling to chase referral returned by Start TLS exop";
 					}

-				} else {
-					ldap_msgfree( res );
-					rs->sr_err = LDAP_OTHER;
+					if ( data ) {
+						if ( data->bv_val ) {
+							ber_memfree( data->bv_val );
+						}
+						ber_memfree( data );
+					}
 				}
+
+			} else {
+				rs->sr_err = LDAP_OTHER;
+			}
+
+			if ( res != NULL ) {
+				ldap_msgfree( res );
 			}
 		}
 #else
+		/*
+		 * use synchronous StartTLS
+		 */
 		rs->sr_err = ldap_start_tls_s( lsc->msc_ld, NULL, NULL );
 #endif

@ -284,6 +307,7 @@ retry:;
 			goto error_return;
 		}
 	}
+#endif /* HAVE_TLS */

 	/*
 	 * Set the network timeout if set