svn commit: samba r7751 - in branches/SAMBA_4_0/source: ldap_server
lib/tls web_server
tridge at samba.org
tridge at samba.org
Sun Jun 19 11:10:15 GMT 2005
Author: tridge
Date: 2005-06-19 11:10:15 +0000 (Sun, 19 Jun 2005)
New Revision: 7751
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7751
Log:
only enable tls on the ldaps port in ldap server, and reject non-tls
connections on that port
Modified:
branches/SAMBA_4_0/source/ldap_server/ldap_server.c
branches/SAMBA_4_0/source/lib/tls/tls.c
branches/SAMBA_4_0/source/lib/tls/tls.h
branches/SAMBA_4_0/source/web_server/web_server.c
Changeset:
Modified: branches/SAMBA_4_0/source/ldap_server/ldap_server.c
===================================================================
--- branches/SAMBA_4_0/source/ldap_server/ldap_server.c 2005-06-19 11:00:13 UTC (rev 7750)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_server.c 2005-06-19 11:10:15 UTC (rev 7751)
@@ -330,6 +330,7 @@
struct ldapsrv_service *ldapsrv_service =
talloc_get_type(c->private, struct ldapsrv_service);
struct ldapsrv_connection *conn;
+ int port;
conn = talloc_zero(c, struct ldapsrv_connection);
if (conn == NULL) goto failed;
@@ -341,10 +342,12 @@
conn->service = talloc_get_type(c->private, struct ldapsrv_service);
c->private = conn;
+ port = socket_get_my_port(c->socket);
+
/* note that '0' is a ASN1_SEQUENCE(0), which is the first byte on
any ldap connection */
conn->tls = tls_init_server(ldapsrv_service->tls_params, c->socket,
- c->event.fde, "0");
+ c->event.fde, NULL, port != 389);
if (conn->tls == NULL) goto failed;
return;
Modified: branches/SAMBA_4_0/source/lib/tls/tls.c
===================================================================
--- branches/SAMBA_4_0/source/lib/tls/tls.c 2005-06-19 11:00:13 UTC (rev 7750)
+++ branches/SAMBA_4_0/source/lib/tls/tls.c 2005-06-19 11:10:15 UTC (rev 7751)
@@ -332,7 +332,8 @@
struct tls_context *tls_init_server(struct tls_params *params,
struct socket_context *socket,
struct fd_event *fde,
- const char *plain_chars)
+ const char *plain_chars,
+ BOOL tls_enable)
{
struct tls_context *tls;
int ret;
@@ -343,7 +344,7 @@
tls->socket = socket;
tls->fde = fde;
- if (!params->tls_enabled) {
+ if (!params->tls_enabled || !tls_enable) {
tls->tls_enabled = False;
return tls;
}
@@ -402,7 +403,6 @@
return params->tls_enabled;
}
-
#else
/* for systems without tls we just map the tls socket calls to the
@@ -416,7 +416,8 @@
struct tls_context *tls_init_server(struct tls_params *params,
struct socket_context *sock,
struct fd_event *fde,
- const char *plain_chars)
+ const char *plain_chars,
+ BOOL tls_enable)
{
if (plain_chars == NULL) return NULL;
return (struct tls_context *)sock;
Modified: branches/SAMBA_4_0/source/lib/tls/tls.h
===================================================================
--- branches/SAMBA_4_0/source/lib/tls/tls.h 2005-06-19 11:00:13 UTC (rev 7750)
+++ branches/SAMBA_4_0/source/lib/tls/tls.h 2005-06-19 11:10:15 UTC (rev 7751)
@@ -37,7 +37,8 @@
struct tls_context *tls_init_server(struct tls_params *parms,
struct socket_context *sock,
struct fd_event *fde,
- const char *plain_chars);
+ const char *plain_chars,
+ BOOL tls_enable);
/*
call these to send and receive data. They behave like socket_send() and socket_recv()
Modified: branches/SAMBA_4_0/source/web_server/web_server.c
===================================================================
--- branches/SAMBA_4_0/source/web_server/web_server.c 2005-06-19 11:00:13 UTC (rev 7750)
+++ branches/SAMBA_4_0/source/web_server/web_server.c 2005-06-19 11:10:15 UTC (rev 7751)
@@ -191,7 +191,7 @@
websrv_timeout, web);
web->tls = tls_init_server(edata->tls_params, conn->socket,
- conn->event.fde, "GPHO");
+ conn->event.fde, "GPHO", True);
if (web->tls == NULL) goto failed;
return;
More information about the samba-cvs
mailing list