mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r17224: Accept the start-tls extended request. Getting OpenLDAP to recognise
our certificate, and proceed with the connection is left as an
exercise for the reader...
Andrew Bartlett
(This used to be commit 9bd66d4c95
)
This commit is contained in:
parent
1ea4f560fc
commit
a6629e037a
@ -25,6 +25,10 @@
|
||||
#include "lib/ldb/include/ldb.h"
|
||||
#include "lib/ldb/include/ldb_errors.h"
|
||||
#include "lib/db_wrap.h"
|
||||
#include "lib/tls/tls.h"
|
||||
#include "smbd/service_task.h"
|
||||
#include "smbd/service_stream.h"
|
||||
#include "smbd/service.h"
|
||||
|
||||
#define VALID_DN_SYNTAX(dn,i) do {\
|
||||
if (!(dn)) {\
|
||||
@ -731,9 +735,25 @@ static NTSTATUS ldapsrv_AbandonRequest(struct ldapsrv_call *call)
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
||||
struct ldapsrv_starttls_context {
|
||||
struct ldapsrv_connection *conn;
|
||||
struct socket_context *tls_socket;
|
||||
};
|
||||
|
||||
static void ldapsrv_start_tls(void *private)
|
||||
{
|
||||
struct ldapsrv_starttls_context *ctx = talloc_get_type(private, struct ldapsrv_starttls_context);
|
||||
talloc_steal(ctx->conn->connection, ctx->tls_socket);
|
||||
talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket);
|
||||
|
||||
ctx->conn->connection->socket = ctx->tls_socket;
|
||||
packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
|
||||
}
|
||||
|
||||
static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
|
||||
{
|
||||
/* struct ldap_ExtendedRequest *req = &call->request.r.ExtendedRequest;*/
|
||||
struct ldap_ExtendedRequest *req = &call->request->r.ExtendedRequest;
|
||||
struct ldapsrv_reply *reply;
|
||||
|
||||
DEBUG(10, ("Extended\n"));
|
||||
@ -745,6 +765,43 @@ static NTSTATUS ldapsrv_ExtendedRequest(struct ldapsrv_call *call)
|
||||
|
||||
ZERO_STRUCT(reply->msg->r);
|
||||
|
||||
/* check if we have a START_TLS call */
|
||||
if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) {
|
||||
NTSTATUS status;
|
||||
struct ldapsrv_starttls_context *ctx;
|
||||
int result = 0;
|
||||
const char *errstr;
|
||||
ctx = talloc(call, struct ldapsrv_starttls_context);
|
||||
|
||||
if (ctx) {
|
||||
ctx->conn = call->conn;
|
||||
ctx->tls_socket = tls_init_server(call->conn->service->tls_params,
|
||||
call->conn->connection->socket,
|
||||
call->conn->connection->event.fde,
|
||||
NULL);
|
||||
}
|
||||
|
||||
if (!ctx || !ctx->tls_socket) {
|
||||
result = LDAP_OPERATIONS_ERROR;
|
||||
errstr = talloc_asprintf(reply,
|
||||
"START-TLS: Failed to setup TLS socket");
|
||||
} else {
|
||||
result = LDAP_SUCCESS;
|
||||
errstr = NULL;
|
||||
call->send_callback = ldapsrv_start_tls;
|
||||
call->send_private = ctx;
|
||||
}
|
||||
|
||||
reply->msg->r.ExtendedResponse.response.resultcode = result;
|
||||
reply->msg->r.ExtendedResponse.response.errormessage = errstr;
|
||||
reply->msg->r.ExtendedResponse.oid = talloc_strdup(reply, req->oid);
|
||||
if (!reply->msg->r.ExtendedResponse.oid) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
}
|
||||
|
||||
/* TODO: OID not recognized, return a protocol error */
|
||||
|
||||
ldapsrv_queue_reply(call, reply);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user