diff options
| author | Stefan Metzmacher <metze@samba.org> | 2010-10-05 07:47:51 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2010-10-07 10:31:18 +0000 |
| commit | ab31d9aac9a02756cf5af313ed36fc549a8f4b67 (patch) | |
| tree | b0a3b0201e187a7a7e51c8b2e206efb5250e6eb7 /source4/ldap_server/ldap_extended.c | |
| parent | ea36245ebeb26e5bc98983c817fb023cd8a8d50f (diff) | |
| download | samba-ab31d9aac9a02756cf5af313ed36fc549a8f4b67.tar.gz | |
Revert "s4:ldap_server: rewrite to socket layer to use tstream"
This reverts commit b53fbc75acc525f2e2450370e704a62791271788.
There are problems with problems with broken gnutls versions.
We can readd this once we have the needed configure checks to
detect the bug in gnutls. See https://bugzilla.samba.org/show_bug.cgi?id=7218.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Oct 7 10:31:18 UTC 2010 on sn-devel-104
Diffstat (limited to 'source4/ldap_server/ldap_extended.c')
| -rw-r--r-- | source4/ldap_server/ldap_extended.c | 105 |
1 files changed, 22 insertions, 83 deletions
diff --git a/source4/ldap_server/ldap_extended.c b/source4/ldap_server/ldap_extended.c index f70b8084d7f..42fc83b146b 100644 --- a/source4/ldap_server/ldap_extended.c +++ b/source4/ldap_server/ldap_extended.c @@ -22,91 +22,28 @@ #include "../lib/util/dlinklist.h" #include "lib/tls/tls.h" #include "smbd/service_stream.h" -#include "../lib/util/tevent_ntstatus.h" -struct ldapsrv_starttls_postprocess_context { +struct ldapsrv_starttls_context { struct ldapsrv_connection *conn; + struct socket_context *tls_socket; }; -struct ldapsrv_starttls_postprocess_state { - struct ldapsrv_connection *conn; -}; - -static void ldapsrv_starttls_postprocess_done(struct tevent_req *subreq); - -static struct tevent_req *ldapsrv_starttls_postprocess_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - void *private_data) -{ - struct ldapsrv_starttls_postprocess_context *context = - talloc_get_type_abort(private_data, - struct ldapsrv_starttls_postprocess_context); - struct ldapsrv_connection *conn = context->conn; - struct tevent_req *req; - struct ldapsrv_starttls_postprocess_state *state; - struct tevent_req *subreq; - - req = tevent_req_create(mem_ctx, &state, - struct ldapsrv_starttls_postprocess_state); - if (req == NULL) { - return NULL; - } - - state->conn = conn; - - subreq = tstream_tls_accept_send(conn, - conn->connection->event.ctx, - conn->sockets.raw, - conn->service->tls_params); - if (tevent_req_nomem(subreq, req)) { - return tevent_req_post(req, ev); - } - tevent_req_set_callback(subreq, ldapsrv_starttls_postprocess_done, req); - - return req; -} - -static void ldapsrv_starttls_postprocess_done(struct tevent_req *subreq) +static void ldapsrv_start_tls(void *private_data) { - struct tevent_req *req = - tevent_req_callback_data(subreq, - struct tevent_req); - struct ldapsrv_starttls_postprocess_state *state = - tevent_req_data(req, - struct ldapsrv_starttls_postprocess_state); - struct ldapsrv_connection *conn = state->conn; - int ret; - int sys_errno; - - ret = tstream_tls_accept_recv(subreq, &sys_errno, - conn, &conn->sockets.tls); - TALLOC_FREE(subreq); - if (ret == -1) { - NTSTATUS status = map_nt_error_from_unix(sys_errno); - - DEBUG(1,("ldapsrv_starttls_postprocess_done: accept_tls_loop: " - "tstream_tls_accept_recv() - %d:%s => %s", - sys_errno, strerror(sys_errno), nt_errstr(status))); - - tevent_req_nterror(req, status); - return; - } - - conn->sockets.active = conn->sockets.tls; - - tevent_req_done(req); -} + struct ldapsrv_starttls_context *ctx = talloc_get_type(private_data, struct ldapsrv_starttls_context); + talloc_steal(ctx->conn->connection, ctx->tls_socket); -static NTSTATUS ldapsrv_starttls_postprocess_recv(struct tevent_req *req) -{ - return tevent_req_simple_recv_ntstatus(req); + ctx->conn->sockets.tls = ctx->tls_socket; + ctx->conn->connection->socket = ctx->tls_socket; + packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket); + packet_set_unreliable_select(ctx->conn->packet); } static NTSTATUS ldapsrv_StartTLS(struct ldapsrv_call *call, struct ldapsrv_reply *reply, const char **errstr) { - struct ldapsrv_starttls_postprocess_context *context; + struct ldapsrv_starttls_context *ctx; (*errstr) = NULL; @@ -121,19 +58,21 @@ static NTSTATUS ldapsrv_StartTLS(struct ldapsrv_call *call, return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR); } - if (call->conn->sockets.sasl) { - (*errstr) = talloc_asprintf(reply, "START-TLS: SASL is already enabled on this LDAP session"); + ctx = talloc(call, struct ldapsrv_starttls_context); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + ctx->conn = call->conn; + ctx->tls_socket = tls_init_server(call->conn->service->tls_params, + call->conn->connection->socket, + call->conn->connection->event.fde, + NULL); + if (!ctx->tls_socket) { + (*errstr) = talloc_asprintf(reply, "START-TLS: Failed to setup TLS socket"); return NT_STATUS_LDAP(LDAP_OPERATIONS_ERROR); } - context = talloc(call, struct ldapsrv_starttls_postprocess_context); - NT_STATUS_HAVE_NO_MEMORY(context); - - context->conn = call->conn; - - call->postprocess_send = ldapsrv_starttls_postprocess_send; - call->postprocess_recv = ldapsrv_starttls_postprocess_recv; - call->postprocess_private = context; + call->send_callback = ldapsrv_start_tls; + call->send_private = ctx; reply->msg->r.ExtendedResponse.response.resultcode = LDAP_SUCCESS; reply->msg->r.ExtendedResponse.response.errormessage = NULL; |