|
version 1.2, 2009/01/21 23:40:22
|
version 1.3, 2009/01/26 01:06:45
|
|
Line 1
|
Line 1
|
| /* tls.c - Handle tls/ssl. */ |
/* tls.c - Handle tls/ssl. */ |
| /* $OpenLDAP: pkg/ldap/libraries/libldap/tls2.c,v 1.1 2008/08/13 14:18:51 hyc Exp $ */ |
/* $OpenLDAP: pkg/ldap/libraries/libldap/tls2.c,v 1.2 2009/01/21 23:40:22 kurt Exp $ */ |
| /* This work is part of OpenLDAP Software <http://www.openldap.org/>. |
/* This work is part of OpenLDAP Software <http://www.openldap.org/>. |
| * |
* |
| * Copyright 1998-2009 The OpenLDAP Foundation. |
* Copyright 1998-2009 The OpenLDAP Foundation. |
|
Line 41
|
Line 41
|
| #include <ldap_pvt_thread.h> |
#include <ldap_pvt_thread.h> |
| #endif |
#endif |
| |
|
| #ifdef HAVE_GNUTLS |
static tls_impl *tls_imp = &ldap_int_tls_impl; |
| extern tls_impl ldap_int_gnutls_impl; |
|
| #endif |
|
| |
|
| #ifdef HAVE_OPENSSL |
|
| extern tls_impl ldap_int_openssl_impl; |
|
| #endif |
|
| |
|
| #ifdef HAVE_MOZNSS |
|
| extern tls_impl ldap_int_moznss_impl; |
|
| #endif |
|
| |
|
| static tls_impl *tls_impls[] = { |
|
| #ifdef HAVE_OPENSSL |
|
| &ldap_int_openssl_impl, |
|
| #endif |
|
| #ifdef HAVE_GNUTLS |
|
| &ldap_int_gnutls_impl, |
|
| #endif |
|
| #ifdef HAVE_MOZNSS |
|
| &ldap_int_moznss_impl, |
|
| #endif |
|
| NULL |
|
| }; |
|
| |
|
| #endif /* HAVE_TLS */ |
#endif /* HAVE_TLS */ |
| |
|
|
Line 98 static oid_name oids[] = {
|
Line 75 static oid_name oids[] = {
|
| void |
void |
| ldap_pvt_tls_ctx_free ( void *c ) |
ldap_pvt_tls_ctx_free ( void *c ) |
| { |
{ |
| tls_ctx *ctx = c; |
if ( !c ) return; |
| |
tls_imp->ti_ctx_free( c ); |
| if ( !ctx ) return; |
|
| |
|
| ctx->tc_impl->ti_ctx_free( ctx ); |
|
| } |
} |
| |
|
| static void |
static void |
|
Line 110 tls_ctx_ref( tls_ctx *ctx )
|
Line 84 tls_ctx_ref( tls_ctx *ctx )
|
| { |
{ |
| if ( !ctx ) return; |
if ( !ctx ) return; |
| |
|
| ctx->tc_impl->ti_ctx_ref( ctx ); |
tls_imp->ti_ctx_ref( ctx ); |
| } |
} |
| |
|
| #ifdef LDAP_R_COMPILE |
#ifdef LDAP_R_COMPILE |
|
Line 169 ldap_pvt_tls_destroy( void )
|
Line 143 ldap_pvt_tls_destroy( void )
|
| |
|
| ldap_int_tls_destroy( lo ); |
ldap_int_tls_destroy( lo ); |
| |
|
| for ( i=0; tls_impls[i]; i++ ) { |
tls_imp->ti_tls_destroy(); |
| if ( tls_impls[i]->ti_inited ) { |
|
| tls_impls[i]->ti_tls_destroy(); |
|
| } |
|
| } |
|
| } |
} |
| |
|
| /* |
/* |
|
Line 207 ldap_pvt_tls_init( void )
|
Line 177 ldap_pvt_tls_init( void )
|
| { |
{ |
| struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT(); |
struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT(); |
| |
|
| return tls_init( tls_impls[lo->ldo_tls_impl] ); |
return tls_init( tls_imp ); |
| } |
} |
| |
|
| /* |
/* |
|
Line 217 static int
|
Line 187 static int
|
| ldap_int_tls_init_ctx( struct ldapoptions *lo, int is_server ) |
ldap_int_tls_init_ctx( struct ldapoptions *lo, int is_server ) |
| { |
{ |
| int i, rc = 0; |
int i, rc = 0; |
| tls_impl *ti = tls_impls[lo->ldo_tls_impl]; |
tls_impl *ti = tls_imp; |
| struct ldaptls lts = lo->ldo_tls_info; |
struct ldaptls lts = lo->ldo_tls_info; |
| |
|
| if ( lo->ldo_tls_ctx ) |
if ( lo->ldo_tls_ctx ) |
|
Line 322 alloc_handle( void *ctx_arg, int is_serv
|
Line 292 alloc_handle( void *ctx_arg, int is_serv
|
| ctx = lo->ldo_tls_ctx; |
ctx = lo->ldo_tls_ctx; |
| } |
} |
| |
|
| ssl = ctx->tc_impl->ti_session_new( ctx, is_server ); |
ssl = tls_imp->ti_session_new( ctx, is_server ); |
| if ( ssl == NULL ) { |
if ( ssl == NULL ) { |
| Debug( LDAP_DEBUG_ANY,"TLS: can't create ssl handle.\n",0,0,0); |
Debug( LDAP_DEBUG_ANY,"TLS: can't create ssl handle.\n",0,0,0); |
| return NULL; |
return NULL; |
|
Line 336 update_flags( Sockbuf *sb, tls_session *
|
Line 306 update_flags( Sockbuf *sb, tls_session *
|
| sb->sb_trans_needs_read = 0; |
sb->sb_trans_needs_read = 0; |
| sb->sb_trans_needs_write = 0; |
sb->sb_trans_needs_write = 0; |
| |
|
| return ssl->ts_impl->ti_session_upflags( sb, ssl, rc ); |
return tls_imp->ti_session_upflags( sb, ssl, rc ); |
| } |
} |
| |
|
| /* |
/* |
|
Line 374 ldap_int_tls_connect( LDAP *ld, LDAPConn
|
Line 344 ldap_int_tls_connect( LDAP *ld, LDAPConn
|
| ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug, |
ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug, |
| LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" ); |
LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" ); |
| #endif |
#endif |
| ber_sockbuf_add_io( sb, ssl->ts_impl->ti_sbio, |
ber_sockbuf_add_io( sb, tls_imp->ti_sbio, |
| LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl ); |
LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl ); |
| |
|
| lo = LDAP_INT_GLOBAL_OPT(); |
lo = LDAP_INT_GLOBAL_OPT(); |
|
Line 391 ldap_int_tls_connect( LDAP *ld, LDAPConn
|
Line 361 ldap_int_tls_connect( LDAP *ld, LDAPConn
|
| lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg ); |
lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg ); |
| } |
} |
| |
|
| err = ssl->ts_impl->ti_session_connect( ld, ssl ); |
err = tls_imp->ti_session_connect( ld, ssl ); |
| |
|
| #ifdef HAVE_WINSOCK |
#ifdef HAVE_WINSOCK |
| errno = WSAGetLastError(); |
errno = WSAGetLastError(); |
|
Line 404 ldap_int_tls_connect( LDAP *ld, LDAPConn
|
Line 374 ldap_int_tls_connect( LDAP *ld, LDAPConn
|
| return 1; |
return 1; |
| } |
} |
| |
|
| msg = ssl->ts_impl->ti_session_errmsg( err, buf, sizeof(buf) ); |
msg = tls_imp->ti_session_errmsg( err, buf, sizeof(buf) ); |
| if ( msg ) { |
if ( msg ) { |
| if ( ld->ld_error ) { |
if ( ld->ld_error ) { |
| LDAP_FREE( ld->ld_error ); |
LDAP_FREE( ld->ld_error ); |
|
Line 418 ldap_int_tls_connect( LDAP *ld, LDAPConn
|
Line 388 ldap_int_tls_connect( LDAP *ld, LDAPConn
|
| Debug( LDAP_DEBUG_ANY,"TLS: can't connect: %s.\n", |
Debug( LDAP_DEBUG_ANY,"TLS: can't connect: %s.\n", |
| ld->ld_error ? ld->ld_error : "" ,0,0); |
ld->ld_error ? ld->ld_error : "" ,0,0); |
| |
|
| ber_sockbuf_remove_io( sb, ssl->ts_impl->ti_sbio, |
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio, |
| LBER_SBIOD_LEVEL_TRANSPORT ); |
LBER_SBIOD_LEVEL_TRANSPORT ); |
| #ifdef LDAP_DEBUG |
#ifdef LDAP_DEBUG |
| ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug, |
ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug, |
|
Line 449 ldap_pvt_tls_accept( Sockbuf *sb, void *
|
Line 419 ldap_pvt_tls_accept( Sockbuf *sb, void *
|
| ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug, |
ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug, |
| LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" ); |
LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" ); |
| #endif |
#endif |
| ber_sockbuf_add_io( sb, ssl->ts_impl->ti_sbio, |
ber_sockbuf_add_io( sb, tls_imp->ti_sbio, |
| LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl ); |
LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl ); |
| } |
} |
| |
|
| err = ssl->ts_impl->ti_session_accept( ssl ); |
err = tls_imp->ti_session_accept( ssl ); |
| |
|
| #ifdef HAVE_WINSOCK |
#ifdef HAVE_WINSOCK |
| errno = WSAGetLastError(); |
errno = WSAGetLastError(); |
|
Line 465 ldap_pvt_tls_accept( Sockbuf *sb, void *
|
Line 435 ldap_pvt_tls_accept( Sockbuf *sb, void *
|
| if ( update_flags( sb, ssl, err )) return 1; |
if ( update_flags( sb, ssl, err )) return 1; |
| |
|
| Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n", |
Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n", |
| ssl->ts_impl->ti_session_errmsg( err, buf, sizeof(buf) ),0,0 ); |
tls_imp->ti_session_errmsg( err, buf, sizeof(buf) ),0,0 ); |
| |
|
| ber_sockbuf_remove_io( sb, ssl->ts_impl->ti_sbio, |
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio, |
| LBER_SBIOD_LEVEL_TRANSPORT ); |
LBER_SBIOD_LEVEL_TRANSPORT ); |
| #ifdef LDAP_DEBUG |
#ifdef LDAP_DEBUG |
| ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug, |
ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug, |
|
Line 513 ldap_pvt_tls_get_peer_dn( void *s, struc
|
Line 483 ldap_pvt_tls_get_peer_dn( void *s, struc
|
| struct berval bvdn; |
struct berval bvdn; |
| int rc; |
int rc; |
| |
|
| rc = session->ts_impl->ti_session_peer_dn( session, &bvdn ); |
rc = tls_imp->ti_session_peer_dn( session, &bvdn ); |
| if ( rc ) return rc; |
if ( rc ) return rc; |
| |
|
| rc = ldap_X509dn2bv( &bvdn, dn, |
rc = ldap_X509dn2bv( &bvdn, dn, |
|
Line 526 ldap_pvt_tls_check_hostname( LDAP *ld, v
|
Line 496 ldap_pvt_tls_check_hostname( LDAP *ld, v
|
| { |
{ |
| tls_session *session = s; |
tls_session *session = s; |
| |
|
| return session->ts_impl->ti_session_chkhost( ld, session, name_in ); |
return tls_imp->ti_session_chkhost( ld, session, name_in ); |
| } |
} |
| |
|
| int |
int |
|
Line 823 ldap_int_tls_start ( LDAP *ld, LDAPConn
|
Line 793 ldap_int_tls_start ( LDAP *ld, LDAPConn
|
| host = "localhost"; |
host = "localhost"; |
| } |
} |
| |
|
| (void) tls_init( tls_impls[ld->ld_options.ldo_tls_impl] ); |
(void) tls_init( tls_imp ); |
| |
|
| /* |
/* |
| * Fortunately, the lib uses blocking io... |
* Fortunately, the lib uses blocking io... |
|
Line 866 ldap_pvt_tls_get_strength( void *s )
|
Line 836 ldap_pvt_tls_get_strength( void *s )
|
| { |
{ |
| tls_session *session = s; |
tls_session *session = s; |
| |
|
| return session->ts_impl->ti_session_strength( session ); |
return tls_imp->ti_session_strength( session ); |
| } |
} |
| |
|
| |
|
|
Line 878 ldap_pvt_tls_get_my_dn( void *s, struct
|
Line 848 ldap_pvt_tls_get_my_dn( void *s, struct
|
| struct berval der_dn; |
struct berval der_dn; |
| int rc; |
int rc; |
| |
|
| session->ts_impl->ti_session_my_dn( session, &der_dn ); |
tls_imp->ti_session_my_dn( session, &der_dn ); |
| rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags ); |
rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags ); |
| return rc; |
return rc; |
| #else /* !HAVE_TLS */ |
#else /* !HAVE_TLS */ |
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to tls2.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [OpenLDAP] / libraries / libldap