void ldap_pvt_sasl_generic_remove( Sockbuf *sb )
{
ber_sockbuf_remove_io( sb, &ldap_pvt_sockbuf_io_sasl_generic,
LBER_SBIOD_LEVEL_APPLICATION );
#ifdef LDAP_DEBUG
ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_APPLICATION );
#endif
}
/*
* Call this to do a TLS accept on a sockbuf.
* Everything else is the same as with tls_connect.
*/
int
ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
{
int err;
tls_session *ssl = NULL;
if ( HAS_TLS( sb )) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
} else {
ssl = alloc_handle( ctx_arg, 1 );
if ( ssl == NULL ) return -1;
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
#endif
ber_sockbuf_add_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
}
err = tls_imp->ti_session_accept( ssl );
#ifdef HAVE_WINSOCK
errno = WSAGetLastError();
#endif
if ( err < 0 )
{
if ( update_flags( sb, ssl, err )) return 1;
if ( DebugTest( LDAP_DEBUG_ANY ) ) {
char buf[256], *msg;
msg = tls_imp->ti_session_errmsg( ssl, err, buf, sizeof(buf) );
Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
msg ? msg : "(unknown)", 0, 0 );
}
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT );
#ifdef LDAP_DEBUG
ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_TRANSPORT );
#endif
return -1;
}
return 0;
}
int
ber_int_sb_destroy( Sockbuf *sb )
{
Sockbuf_IO_Desc *p;
assert( sb != NULL);
assert( SOCKBUF_VALID( sb ) );
while ( sb->sb_iod ) {
p = sb->sb_iod->sbiod_next;
ber_sockbuf_remove_io( sb, sb->sb_iod->sbiod_io,
sb->sb_iod->sbiod_level );
sb->sb_iod = p;
}
return ber_int_sb_init( sb );
}
static int
ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
{
Sockbuf *sb = conn->lconn_sb;
int err;
tls_session *ssl = NULL;
if ( HAS_TLS( sb )) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
} else {
struct ldapoptions *lo;
tls_ctx *ctx;
ctx = ld->ld_options.ldo_tls_ctx;
ssl = alloc_handle( ctx, 0 );
if ( ssl == NULL ) return -1;
#ifdef LDAP_DEBUG
ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
#endif
ber_sockbuf_add_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
lo = LDAP_INT_GLOBAL_OPT();
if( ctx == NULL ) {
ctx = lo->ldo_tls_ctx;
ld->ld_options.ldo_tls_ctx = ctx;
tls_ctx_ref( ctx );
}
if ( ld->ld_options.ldo_tls_connect_cb )
ld->ld_options.ldo_tls_connect_cb( ld, ssl, ctx,
ld->ld_options.ldo_tls_connect_arg );
if ( lo && lo->ldo_tls_connect_cb && lo->ldo_tls_connect_cb !=
ld->ld_options.ldo_tls_connect_cb )
lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
}
err = tls_imp->ti_session_connect( ld, ssl );
#ifdef HAVE_WINSOCK
errno = WSAGetLastError();
#endif
if ( err < 0 )
{
char buf[256], *msg;
if ( update_flags( sb, ssl, err )) {
return 1;
}
msg = tls_imp->ti_session_errmsg( ssl, err, buf, sizeof(buf) );
if ( msg ) {
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
}
ld->ld_error = LDAP_STRDUP( msg );
#ifdef HAVE_EBCDIC
if ( ld->ld_error ) __etoa(ld->ld_error);
#endif
}
Debug( LDAP_DEBUG_ANY,"TLS: can't connect: %s.\n",
ld->ld_error ? ld->ld_error : "" ,0,0);
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT );
#ifdef LDAP_DEBUG
ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
LBER_SBIOD_LEVEL_TRANSPORT );
#endif
return -1;
}
return 0;
}
