From: Marco Bettini Date: Tue, 22 Oct 2024 08:40:40 +0000 (+0000) Subject: lib-ldap: ldap_set_tls_options() - Add LDAP *ld parameter X-Git-Tag: 2.4.1~399 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=155f04009467b07e69380da8e7df6f993a334ecf;p=thirdparty%2Fdovecot%2Fcore.git lib-ldap: ldap_set_tls_options() - Add LDAP *ld parameter --- diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c index d1c7a330e6..9c9a8653bc 100644 --- a/src/auth/db-ldap.c +++ b/src/auth/db-ldap.c @@ -910,7 +910,7 @@ static void ldap_set_options(struct ldap_connection *conn) ldap_set_opt(conn->log_prefix, conn->ld, LDAP_OPT_PROTOCOL_VERSION, &conn->set->version, "ldap_version", dec2str(conn->set->version)); - ldap_set_tls_options(conn->log_prefix, conn->set->starttls, + ldap_set_tls_options(conn->log_prefix, conn->ld, conn->set->starttls, conn->set->uris, conn->ssl_set); } diff --git a/src/lib-ldap/ldap-utils.c b/src/lib-ldap/ldap-utils.c index bd0420e0e7..1d176b1028 100644 --- a/src/lib-ldap/ldap-utils.c +++ b/src/lib-ldap/ldap-utils.c @@ -24,41 +24,41 @@ void ldap_set_opt_str(const char *prefix, LDAP *ld, int opt, const char *value, } #ifndef LDAP_OPT_X_TLS -void ldap_set_tls_options(const char *prefix ATTR_UNUSED, +void ldap_set_tls_options(const char *prefix ATTR_UNUSED, LDAP *ld ATTR_UNUSED, bool starttls ATTR_UNUSED, const char *uris ATTR_UNUSED, const struct ssl_settings *ssl_set ATTR_UNUSED) { } #else -void ldap_set_tls_options(const char *prefix, bool starttls, const char *uris, - const struct ssl_settings *ssl_set) +void ldap_set_tls_options(const char *prefix, LDAP *ld, bool starttls, + const char *uris, const struct ssl_settings *ssl_set) { if (!starttls && strstr(uris, "ldaps:") == NULL) return; const char *ssl_client_ca_file = t_strcut(ssl_set->ssl_client_ca_file, '\n'); - ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CACERTFILE, + ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_CACERTFILE, ssl_client_ca_file, "ssl_client_ca_file"); - ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CACERTDIR, + ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_CACERTDIR, ssl_set->ssl_client_ca_dir, "ssl_client_ca_dir"); const char *ssl_client_cert_file = t_strcut(ssl_set->ssl_client_cert_file, '\n'); - ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CERTFILE, + ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_CERTFILE, ssl_client_cert_file, "ssl_client_cert_file"); const char *ssl_client_key_file = t_strcut(ssl_set->ssl_client_key_file, '\n'); - ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_KEYFILE, + ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_KEYFILE, ssl_client_key_file, "ssl_client_key_file"); - ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, + ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_CIPHER_SUITE, ssl_set->ssl_cipher_list, "ssl_cipher_list"); - ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_PROTOCOL_MIN, + ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_PROTOCOL_MIN, ssl_set->ssl_min_protocol, "ssl_min_protocol"); - ldap_set_opt_str(prefix, NULL, LDAP_OPT_X_TLS_ECNAME, + ldap_set_opt_str(prefix, ld, LDAP_OPT_X_TLS_ECNAME, ssl_set->ssl_curve_list, "ssl_curve_list"); bool requires = ssl_set->ssl_client_require_valid_cert; - int opt = requires ? LDAP_OPT_X_TLS_HARD : LDAP_OPT_X_TLS_NEVER; + int opt = requires ? LDAP_OPT_X_TLS_HARD : LDAP_OPT_X_TLS_ALLOW; ldap_set_opt(prefix, NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt, "ssl_client_require_valid_cert", requires ? "yes" : "no" ); } diff --git a/src/lib-ldap/ldap-utils.h b/src/lib-ldap/ldap-utils.h index 73bc47e587..146a371c24 100644 --- a/src/lib-ldap/ldap-utils.h +++ b/src/lib-ldap/ldap-utils.h @@ -11,7 +11,6 @@ void ldap_set_opt(const char *prefix, LDAP *ld, int opt, const void *value, void ldap_set_opt_str(const char *prefix, LDAP *ld, int opt, const char *value, const char *optname); -void ldap_set_tls_options(const char *prefix, bool starttls, const char *uris, - const struct ssl_settings *ssl_set); - +void ldap_set_tls_options(const char *prefix, LDAP *ld, bool starttls, + const char *uris, const struct ssl_settings *ssl_set); #endif