lib-ldap: ldap_set_tls_options() - Add LDAP *ld parameter

author Marco Bettini <marco.bettini@open-xchange.com>

Tue, 22 Oct 2024 08:40:40 +0000 (08:40 +0000)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Fri, 17 Jan 2025 08:40:01 +0000 (10:40 +0200)
author Marco Bettini <marco.bettini@open-xchange.com>
Tue, 22 Oct 2024 08:40:40 +0000 (08:40 +0000)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Fri, 17 Jan 2025 08:40:01 +0000 (10:40 +0200)
diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c

index d1c7a330e6529db74239c1d57897d3a2ad3b0900..9c9a8653bc711cf29f7dd7a98fddea4004c56287 100644 (file)
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -910,7 +910,7 @@ static void ldap_set_options(struct ldap_connection *conn)
  
         ldap_set_opt(conn->log_prefix, conn->ld, LDAP_OPT_PROTOCOL_VERSION,
                      &conn->set->version, "ldap_version", dec2str(conn->set->version));
-       ldap_set_tls_options(conn->log_prefix, conn->set->starttls,
+       ldap_set_tls_options(conn->log_prefix, conn->ld, conn->set->starttls,
                              conn->set->uris, conn->ssl_set);
  }
  
diff --git a/src/lib-ldap/ldap-utils.c b/src/lib-ldap/ldap-utils.c

index bd0420e0e79f2202ed8641901114de55e1ca3436..1d176b1028a74cdfef752e298a809e46d4de480b 100644 (file)
--- a/src/lib-ldap/ldap-utils.c
+++ b/src/lib-ldap/ldap-utils.c
@@ -24,41 +24,41 @@ void ldap_set_opt_str(const char *prefix, LDAP *ld, int opt, const char *value,
  }
  
  #ifndef LDAP_OPT_X_TLS
-void ldap_set_tls_options(const char *prefix ATTR_UNUSED,
+void ldap_set_tls_options(const char *prefix ATTR_UNUSED, LDAP *ld ATTR_UNUSED,
                           bool starttls ATTR_UNUSED, const char *uris ATTR_UNUSED,
                           const struct ssl_settings *ssl_set ATTR_UNUSED) { }
  #else
  
-void ldap_set_tls_options(const char *prefix, bool starttls, const char *uris,
-                         const struct ssl_settings *ssl_set)
+void ldap_set_tls_options(const char *prefix, LDAP *ld, bool starttls,
+                         const char *uris, const struct ssl_settings *ssl_set)
  {
         if (!starttls && strstr(uris, "ldaps:") == NULL)
                 return;
  
         const char *ssl_client_ca_file = t_strcut(ssl_set->ssl_client_ca_file, '\n');
-       ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CACERTFILE,
+       ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_CACERTFILE,
                          ssl_client_ca_file, "ssl_client_ca_file");
  
-       ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CACERTDIR,
+       ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_CACERTDIR,
                          ssl_set->ssl_client_ca_dir, "ssl_client_ca_dir");
  
         const char *ssl_client_cert_file = t_strcut(ssl_set->ssl_client_cert_file, '\n');
-       ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CERTFILE,
+       ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_CERTFILE,
                          ssl_client_cert_file, "ssl_client_cert_file");
  
         const char *ssl_client_key_file = t_strcut(ssl_set->ssl_client_key_file, '\n');
-       ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_KEYFILE,
+       ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_KEYFILE,
                          ssl_client_key_file, "ssl_client_key_file");
  
-       ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CIPHER_SUITE,
+       ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_CIPHER_SUITE,
                          ssl_set->ssl_cipher_list, "ssl_cipher_list");
-       ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_PROTOCOL_MIN,
+       ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_PROTOCOL_MIN,
                          ssl_set->ssl_min_protocol, "ssl_min_protocol");
-       ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_ECNAME,
+       ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_ECNAME,
                          ssl_set->ssl_curve_list, "ssl_curve_list");
  
         bool requires = ssl_set->ssl_client_require_valid_cert;
-       int opt = requires ? LDAP_OPT_X_TLS_HARD : LDAP_OPT_X_TLS_NEVER;
+       int opt = requires ? LDAP_OPT_X_TLS_HARD : LDAP_OPT_X_TLS_ALLOW;
         ldap_set_opt(prefix, NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt,
                      "ssl_client_require_valid_cert", requires ? "yes" : "no" );
  }
diff --git a/src/lib-ldap/ldap-utils.h b/src/lib-ldap/ldap-utils.h

index 73bc47e587f507613ce954cb02ee3ab9fe7c489c..146a371c2457c328e7722107811245ad19b6d171 100644 (file)
--- a/src/lib-ldap/ldap-utils.h
+++ b/src/lib-ldap/ldap-utils.h
@@ -11,7 +11,6 @@ void ldap_set_opt(const char *prefix, LDAP *ld, int opt, const void *value,
  void ldap_set_opt_str(const char *prefix, LDAP *ld, int opt, const char *value,
                       const char *optname);
  
-void ldap_set_tls_options(const char *prefix, bool starttls, const char *uris,
-                         const struct ssl_settings *ssl_set);
-
+void ldap_set_tls_options(const char *prefix, LDAP *ld, bool starttls,
+                         const char *uris, const struct ssl_settings *ssl_set);
  #endif
author	Marco Bettini <marco.bettini@open-xchange.com>
	Tue, 22 Oct 2024 08:40:40 +0000 (08:40 +0000)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Fri, 17 Jan 2025 08:40:01 +0000 (10:40 +0200)
src/auth/db-ldap.c		patch \| blob \| blame \| history
src/lib-ldap/ldap-utils.c		patch \| blob \| blame \| history
src/lib-ldap/ldap-utils.h		patch \| blob \| blame \| history