goto done;
}
+#ifdef HAVE_TLS
ssl = ldap_pvt_tls_sb_ctx( client->c_sb );
if ( !ssl || ldap_pvt_tls_get_peer_dn( ssl, &binddn, NULL, 0 ) ) {
result = LDAP_INVALID_CREDENTIALS;
if ( !ber_bvstrcasecmp( &client->c_auth, &lloadd_identity ) ) {
client->c_type = LLOAD_C_PRIVILEGED;
}
+#else /* ! HAVE_TLS */
+ result = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+ message = "requested SASL mechanism not supported";
+#endif /* ! HAVE_TLS */
done:
CONNECTION_UNLOCK(client);
return handler( c, op );
}
+#ifdef HAVE_TLS
/*
* The connection has a token assigned to it when the callback is set up.
*/
CONNECTION_LOCK_DESTROY(c);
epoch_leave( epoch );
}
+#endif /* HAVE_TLS */
LloadConnection *
client_init(
c->c_state = LLOAD_C_READY;
if ( flags & CONN_IS_TLS ) {
+#ifdef HAVE_TLS
int rc;
c->c_is_tls = LLOAD_LDAPS;
c->c_read_timeout = lload_timeout_net;
read_cb = write_cb = client_tls_handshake_cb;
}
+#else /* ! HAVE_TLS */
+ assert(0);
+#endif /* ! HAVE_TLS */
}
event = event_new( base, s, EV_READ|EV_PERSIST, read_cb, c );
"invalid starttls configuration" );
goto fail;
}
+#ifndef HAVE_TLS
+ if ( tlskey[i].mask == LLOAD_STARTTLS_OPTIONAL ) {
+ Debug( LDAP_DEBUG_ANY, "%s: "
+ "lloadd compiled without TLS but starttls specified, "
+ "it will be ignored\n",
+ c->log );
+ } else if ( tlskey[i].mask != LLOAD_CLEARTEXT ) {
+ snprintf( c->cr_msg, sizeof(c->cr_msg),
+ "invalid starttls configuration when compiled without "
+ "TLS support" );
+ goto fail;
+ }
+#endif /* ! HAVE_TLS */
b->b_tls_conf = tlskey[i].mask;
} break;
default:
return 0;
}
+#ifdef HAVE_TLS
int
client_tls_cb( ldap_pvt_thread_start_t *start, void *startarg, void *arg )
{
}
return 0;
}
+#endif /* HAVE_TLS */
void
lload_handle_backend_invalidation( LloadChange *change )
assert( !feature_diff );
}
+#ifdef HAVE_TLS
if ( change->flags.daemon & LLOAD_DAEMON_MOD_TLS ) {
/* terminate all clients with TLS set up */
ldap_pvt_thread_pool_walk(
}
}
}
+#endif /* HAVE_TLS */
if ( change->flags.daemon & LLOAD_DAEMON_MOD_BINDCONF ) {
LloadBackend *b;
Avlnode *lload_exop_handlers = NULL;
+#ifdef HAVE_TLS
void *lload_tls_ctx;
LDAP *lload_tls_ld, *lload_tls_backend_ld;
#ifdef BALANCER_MODULE
int lload_use_slap_tls_ctx = 0;
#endif
+#endif /* HAVE_TLS */
int
handle_starttls( LloadConnection *c, LloadOperation *op )
assert( op == found );
c->c_n_ops_executing--;
+#ifdef HAVE_TLS
if ( c->c_is_tls == LLOAD_TLS_ESTABLISHED ) {
rc = LDAP_OPERATIONS_ERROR;
msg = "TLS layer already in effect";
rc = LDAP_UNAVAILABLE;
msg = "Could not initialize TLS";
}
+#else /* ! HAVE_TLS */
+ rc = LDAP_UNAVAILABLE;
+ msg = "Could not initialize TLS";
+#endif /* ! HAVE_TLS */
+
CONNECTION_UNLOCK(c);
Debug( LDAP_DEBUG_STATS, "handle_starttls: "
return LDAP_SUCCESS;
}
+#ifdef HAVE_TLS
event_del( c->c_read_event );
event_del( c->c_write_event );
/*
operation_unlink( op );
return -1;
+#endif /* HAVE_TLS */
}
int
if ( !ctx ) {
const char *mech = NULL;
+#ifdef HAVE_TLS
void *ssl;
+#endif /* HAVE_TLS */
if ( sasl_client_new( "ldap", b->b_host, NULL, NULL, client_callbacks,
0, &ctx ) != SASL_OK ) {
return LDAP_SUCCESS;
}
+#ifdef HAVE_TLS
static void
upstream_tls_handshake_cb( evutil_socket_t s, short what, void *arg )
{
CONNECTION_DESTROY(c);
return -1;
}
+#endif /* HAVE_TLS */
/*
* We must already hold b->b_mutex when called.
CONNECTION_LOCK(c);
c->c_private = b;
+#ifdef HAVE_TLS
c->c_is_tls = b->b_tls;
+#endif
c->c_pdu_cb = handle_one_response;
LDAP_CIRCLEQ_INSERT_HEAD( &b->b_preparing, c, c_next );
c->c_destroy = upstream_destroy;
c->c_unlink = upstream_unlink;
+#ifdef HAVE_TLS
if ( c->c_is_tls == LLOAD_CLEARTEXT ) {
+#endif /* HAVE_TLS */
if ( upstream_finish( c ) ) {
goto fail;
}
+#ifdef HAVE_TLS
} else if ( c->c_is_tls == LLOAD_LDAPS ) {
event_assign( c->c_read_event, base, s, EV_READ|EV_PERSIST,
upstream_tls_handshake_cb, c );
event_add( c->c_read_event, c->c_read_timeout );
}
}
+#endif /* HAVE_TLS */
CONNECTION_UNLOCK(c);
return c;
projects / thirdparty / openldap.git / commitdiff
