From: Arran Cudbard-Bell Date: Sat, 30 Jan 2016 01:17:44 +0000 (-0500) Subject: rand_file can only be set as a global option X-Git-Tag: release_3_0_12~259 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ed892f49937cd21c5ad9007a4768cedf4769347;p=thirdparty%2Ffreeradius-server.git rand_file can only be set as a global option --- diff --git a/src/modules/rlm_ldap/ldap.c b/src/modules/rlm_ldap/ldap.c index 6001c0dc9c9..768e7110f87 100644 --- a/src/modules/rlm_ldap/ldap.c +++ b/src/modules/rlm_ldap/ldap.c @@ -1327,6 +1327,34 @@ static int rlm_ldap_rebind(LDAP *handle, LDAP_CONST char *url, UNUSED ber_tag_t } #endif +int rlm_ldap_global_init(rlm_ldap_t *inst) +{ + int ldap_errno; + +#define do_ldap_global_option(_option, _name, _value) \ + if (ldap_set_option(NULL, _option, _value) != LDAP_OPT_SUCCESS) { \ + ldap_get_option(NULL, LDAP_OPT_ERROR_NUMBER, &ldap_errno); \ + ERROR("Failed setting global option %s: %s", _name, \ + (ldap_errno != LDAP_SUCCESS) ? ldap_err2string(ldap_errno) : "Unknown error"); \ + return -1;\ + } + +#define maybe_ldap_global_option(_option, _name, _value) \ + if (_value) do_ldap_global_option(_option, _name, _value) + + maybe_ldap_global_option(LDAP_OPT_DEBUG_LEVEL, "ldap_debug", &(inst->ldap_debug)); + +#ifdef LDAP_OPT_X_TLS_RANDOM_FILE + /* + * OpenLDAP will error out if we attempt to set + * this on a handle. Presumably it's global in + * OpenSSL too. + */ + maybe_ldap_global_option(LDAP_OPT_X_TLS_RANDOM_FILE, "random_file", inst->tls_random_file); +#endif + return 0; +} + /** Close and delete a connection * * Unbinds the LDAP connection, informing the server and freeing any memory, then releases the memory used by the @@ -1403,17 +1431,8 @@ void *mod_conn_create(TALLOC_CTX *ctx, void *instance) goto error;\ } -#define do_ldap_global_option(_option, _name, _value) \ - if (ldap_set_option(NULL, _option, _value) != LDAP_OPT_SUCCESS) { \ - ldap_get_option(conn->handle, LDAP_OPT_ERROR_NUMBER, &ldap_errno); \ - LDAP_ERR("Failed setting global option %s: %s", _name, \ - (ldap_errno != LDAP_SUCCESS) ? ldap_err2string(ldap_errno) : "Unknown error"); \ - goto error;\ - } - - if (inst->ldap_debug) { - do_ldap_global_option(LDAP_OPT_DEBUG_LEVEL, "ldap_debug", &(inst->ldap_debug)); - } +#define maybe_ldap_option(_option, _name, _value) \ + if (_value) do_ldap_option(_option, _name, _value) /* * Leave "dereference" unset to use the OpenLDAP default. @@ -1473,9 +1492,6 @@ void *mod_conn_create(TALLOC_CTX *ctx, void *instance) do_ldap_option(LDAP_OPT_X_TLS, "tls_mode", &(inst->tls_mode)); } -# define maybe_ldap_option(_option, _name, _value) \ - if (_value) do_ldap_option(_option, _name, _value) - maybe_ldap_option(LDAP_OPT_X_TLS_CACERTFILE, "ca_file", inst->tls_ca_file); maybe_ldap_option(LDAP_OPT_X_TLS_CACERTDIR, "ca_path", inst->tls_ca_path); @@ -1485,7 +1501,6 @@ void *mod_conn_create(TALLOC_CTX *ctx, void *instance) */ maybe_ldap_option(LDAP_OPT_X_TLS_CERTFILE, "certificate_file", inst->tls_certificate_file); maybe_ldap_option(LDAP_OPT_X_TLS_KEYFILE, "private_key_file", inst->tls_private_key_file); - maybe_ldap_option(LDAP_OPT_X_TLS_RANDOM_FILE, "random_file", inst->tls_random_file); # ifdef LDAP_OPT_X_TLS_NEVER if (inst->tls_require_cert_str) { diff --git a/src/modules/rlm_ldap/ldap.h b/src/modules/rlm_ldap/ldap.h index ee17d242073..5e25f74f4ea 100644 --- a/src/modules/rlm_ldap/ldap.h +++ b/src/modules/rlm_ldap/ldap.h @@ -417,6 +417,8 @@ ldap_rcode_t rlm_ldap_result(rlm_ldap_t const *inst, ldap_handle_t const *conn, char *rlm_ldap_berval_to_string(TALLOC_CTX *ctx, struct berval const *in); +int rlm_ldap_global_init(rlm_ldap_t *inst); + void *mod_conn_create(TALLOC_CTX *ctx, void *instance); ldap_handle_t *mod_conn_get(rlm_ldap_t const *inst, REQUEST *request); diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 99323702d22..172a59e1892 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -1167,6 +1167,11 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) return -1; } + /* + * Set global options + */ + if (rlm_ldap_global_init(inst) < 0) goto error; + /* * Initialize the socket pool. */