[Fedora-directory-commits] ldapserver/ldap/servers/plugins/passthru passthru.h, 1.5, 1.6 ptconfig.c, 1.9, 1.10
Richard Allen Megginson
rmeggins at fedoraproject.org
Mon Nov 10 23:57:49 UTC 2008
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/passthru
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31171/ldapserver/ldap/servers/plugins/passthru
Modified Files:
passthru.h ptconfig.c
Log Message:
Resolves: bug 469261
Bug Description: Support server-to-server SASL - part 4 - pta, winsync
Reviewed by: nhosoi (Thanks!)
Fix Description: Allow pass through auth (PTA) to use starttls. PTA uses the old style argv config params, so I just added an optional starttls (0, 1) to the end of the list, since there is currently no way to encode the startTLS extop in the LDAP URL. NOTE: adding support for true pass through auth for sasl or external cert auth will require a lot of work - not sure it's worth it - anyone other than console users can use chaining backend instead.
For windows sync, I just ported the same slapi_ldap_init/slapi_ldap_bind changes made to regular replication to the windows specific code. The Windows code still needs the do_simple_bind function to check the windows password, but it is not used for server to server bind anymore. NOTE: Windows does support startTLS, but I did not test the SASL mechanisms with Windows.
Platforms tested: Fedora 9
Flag Day: no
Doc impact: yes
Index: passthru.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/passthru/passthru.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- passthru.h 10 Nov 2006 23:45:04 -0000 1.5
+++ passthru.h 10 Nov 2008 23:57:47 -0000 1.6
@@ -112,7 +112,7 @@
char *ptsrvr_url; /* copy from argv[i] */
char *ptsrvr_hostname;
int ptsrvr_port;
- int ptsrvr_secure; /* use SSL? */
+ int ptsrvr_secure; /* use SSL? or TLS == 2 */
int ptsrvr_ldapversion;
int ptsrvr_maxconnections;
int ptsrvr_maxconcurrency;
Index: ptconfig.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/passthru/ptconfig.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- ptconfig.c 8 Oct 2008 17:29:02 -0000 1.9
+++ ptconfig.c 10 Nov 2008 23:57:47 -0000 1.10
@@ -101,7 +101,7 @@
int
passthru_config( int argc, char **argv )
{
- int i, j, rc, tosecs, using_def_connlifetime;
+ int i, j, rc, tosecs, using_def_connlifetime, starttls = 0;
char **suffixarray;
PassThruServer *prevsrvr, *srvr;
PassThruSuffix *suffix, *prevsuffix;
@@ -170,11 +170,13 @@
* parse parameters. format is:
* maxconnections,maxconcurrency,timeout,ldapversion
* OR maxconnections,maxconcurrency,timeout,ldapversion,lifetime
+ * OR maxconnections,maxconcurrency,timeout,ldapversion,lifetime,starttls
*/
*p++ = '\0'; /* p points at space preceding optional arguments */
- rc = sscanf( p, "%d,%d,%d,%d,%d", &srvr->ptsrvr_maxconnections,
+ rc = sscanf( p, "%d,%d,%d,%d,%d,%d", &srvr->ptsrvr_maxconnections,
&srvr->ptsrvr_maxconcurrency, &tosecs,
- &srvr->ptsrvr_ldapversion, &srvr->ptsrvr_connlifetime );
+ &srvr->ptsrvr_ldapversion, &srvr->ptsrvr_connlifetime,
+ &starttls);
if ( rc < 4 ) {
slapi_log_error( SLAPI_LOG_FATAL, PASSTHRU_PLUGIN_SUBSYSTEM,
"server parameters should be in the form "
@@ -184,8 +186,13 @@
} else if ( rc < 5 ) {
using_def_connlifetime = 1;
srvr->ptsrvr_connlifetime = PASSTHRU_DEF_SRVR_CONNLIFETIME;
- } else {
- using_def_connlifetime = 0;
+ starttls = 0;
+ } else if ( rc < 6 ) {
+ using_def_connlifetime = 0; /* lifetime specified */
+ starttls = 0; /* but not starttls */
+ } else { /* all 6 args supplied */
+ using_def_connlifetime = 0; /* lifetime specified */
+ /* and starttls */
}
if ( srvr->ptsrvr_ldapversion != LDAP_VERSION2
@@ -241,6 +248,9 @@
srvr->ptsrvr_port = ludp->lud_port;
srvr->ptsrvr_secure =
(( ludp->lud_options & LDAP_URL_OPT_SECURE ) != 0 );
+ if (starttls) {
+ srvr->ptsrvr_secure = 2;
+ }
/*
* If a space-separated list of hosts is configured for failover,
More information about the Fedora-directory-commits
mailing list