mirror of
https://github.com/samba-team/samba.git
synced 2025-08-03 04:22:09 +03:00
Revert "s4:ldap_server: rewrite to socket layer to use tstream"
This reverts commit b53fbc75ac.
There are problems with problems with broken gnutls versions.
We can readd this once we have the needed configure checks to
detect the bug in gnutls. See https://bugzilla.samba.org/show_bug.cgi?id=7218.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Oct 7 10:31:18 UTC 2010 on sn-devel-104
This commit is contained in:
Stefan Metzmacher
@ -22,91 +22,28 @@
|
||||
#include "../lib/util/dlinklist.h"
|
||||
#include "lib/tls/tls.h"
|
||||
#include "smbd/service_stream.h"
|
||||
#include "../lib/util/tevent_ntstatus.h"
|
||||
|
||||
struct ldapsrv_starttls_postprocess_context {
|
||||
struct ldapsrv_starttls_context {
|
||||
struct ldapsrv_connection *conn;
|
||||
struct socket_context *tls_socket;
|
||||
};
|
||||
|
||||
struct ldapsrv_starttls_postprocess_state {
|
||||
struct ldapsrv_connection *conn;
|
||||
};
|
||||
|
||||
static void ldapsrv_starttls_postprocess_done(struct tevent_req *subreq);
|
||||
|
||||
static struct tevent_req *ldapsrv_starttls_postprocess_send(TALLOC_CTX *mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
void *private_data)
|
||||
static void ldapsrv_start_tls(void *private_data)
|
||||
{
|
||||
struct ldapsrv_starttls_postprocess_context *context =
|
||||
talloc_get_type_abort(private_data,
|
||||
struct ldapsrv_starttls_postprocess_context);
|
||||
struct ldapsrv_connection *conn = context->conn;
|
||||
struct tevent_req *req;
|
||||
struct ldapsrv_starttls_postprocess_state *state;
|
||||
struct tevent_req *subreq;
|
||||
struct ldapsrv_starttls_context *ctx = talloc_get_type(private_data, struct ldapsrv_starttls_context);
|
||||
talloc_steal(ctx->conn->connection, ctx->tls_socket);
|
||||
|
||||
req = tevent_req_create(mem_ctx, &state,
|
||||
struct ldapsrv_starttls_postprocess_state);
|
||||
if (req == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
state->conn = conn;
|
||||
|
||||
subreq = tstream_tls_accept_send(conn,
|
||||
conn->connection->event.ctx,
|
||||
conn->sockets.raw,
|
||||
conn->service->tls_params);
|
||||
if (tevent_req_nomem(subreq, req)) {
|
||||
return tevent_req_post(req, ev);
|
||||
}
|
||||
tevent_req_set_callback(subreq, ldapsrv_starttls_postprocess_done, req);
|
||||
|
||||
return req;
|
||||
}
|
||||
|
||||
static void ldapsrv_starttls_postprocess_done(struct tevent_req *subreq)
|
||||
{
|
||||
struct tevent_req *req =
|
||||
tevent_req_callback_data(subreq,
|
||||
struct tevent_req);
|
||||
struct ldapsrv_starttls_postprocess_state *state =
|
||||
tevent_req_data(req,
|
||||
struct ldapsrv_starttls_postprocess_state);
|
||||
struct ldapsrv_connection *conn = state->conn;
|
||||
int ret;
|
||||
int sys_errno;
|
||||
|
||||
ret = tstream_tls_accept_recv(subreq, &sys_errno,
|
||||
conn, &conn->sockets.tls);
|
||||
TALLOC_FREE(subreq);
|
||||
if (ret == -1) {
|
||||
NTSTATUS status = map_nt_error_from_unix(sys_errno);
|
||||
|
||||
DEBUG(1,("ldapsrv_starttls_postprocess_done: accept_tls_loop: "
|
||||
"tstream_tls_accept_recv() - %d:%s => %s",
|
||||
sys_errno, strerror(sys_errno), nt_errstr(status)));
|
||||
|
||||
tevent_req_nterror(req, status);
|
||||
return;
|
||||
}
|
||||
|
||||
conn->sockets.active = conn->sockets.tls;
|
||||
|
||||
tevent_req_done(req);
|
||||
}
|
||||
|
||||
static NTSTATUS ldapsrv_starttls_postprocess_recv(struct tevent_req *req)
|
||||
{
|
||||
return tevent_req_simple_recv_ntstatus(req);
|
||||
ctx->conn->sockets.tls = ctx->tls_socket;
|
||||
ctx->conn->connection->socket = ctx->tls_socket;
|
||||
packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
|
||||
packet_set_unreliable_select(ctx->conn->packet);
|
||||
}
|
||||
|
||||
static NTSTATUS ldapsrv_StartTLS(struct ldapsrv_call *call,
|
||||
struct ldapsrv_reply *reply,
|
||||
const char **errstr)
|
||||
{
|
||||
struct ldapsrv_starttls_postprocess_context *context;
|
||||
struct ldapsrv_starttls_context *ctx;
|
||||
|
||||
(*errstr) = NULL;
|
||||
|
||||
@ -121,19 +58,21 @@ static NTSTATUS ldapsrv_StartTLS(struct ldapsrv_call *call,
|
||||
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
|
||||
}
|
||||
|
||||
if (call->conn->sockets.sasl) {
|
||||
(*errstr) = talloc_asprintf(reply, "START-TLS: SASL is already enabled on this LDAP session");
|
||||
ctx = talloc(call, struct ldapsrv_starttls_context);
|
||||
NT_STATUS_HAVE_NO_MEMORY(ctx);
|
||||
|
||||
ctx->conn = call->conn;
|
||||
ctx->tls_socket = tls_init_server(call->conn->service->tls_params,
|
||||
call->conn->connection->socket,
|
||||
call->conn->connection->event.fde,
|
||||
NULL);
|
||||
if (!ctx->tls_socket) {
|
||||
(*errstr) = talloc_asprintf(reply, "START-TLS: Failed to setup TLS socket");
|
||||
return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR);
|
||||
}
|
||||
|
||||
context = talloc(call, struct ldapsrv_starttls_postprocess_context);
|
||||
NT_STATUS_HAVE_NO_MEMORY(context);
|
||||
|
||||
context->conn = call->conn;
|
||||
|
||||
call->postprocess_send = ldapsrv_starttls_postprocess_send;
|
||||
call->postprocess_recv = ldapsrv_starttls_postprocess_recv;
|
||||
call->postprocess_private = context;
|
||||
call->send_callback = ldapsrv_start_tls;
|
||||
call->send_private = ctx;
|
||||
|
||||
reply->msg->r.ExtendedResponse.response.resultcode = LDAP_SUCCESS;
|
||||
reply->msg->r.ExtendedResponse.response.errormessage = NULL;
|
||||
|
||||
Reference in New Issue
Block a user