int ldap_install_tls( LDAP *ld ) { #ifndef HAVE_TLS return LDAP_NOT_SUPPORTED; #else if ( ldap_tls_inplace( ld ) ) { return LDAP_LOCAL_ERROR; } return ldap_int_tls_start( ld, ld->ld_defconn, NULL ); #endif }
/** @brief Connect to a LDAP server. * @param uri Server to connect too. * @param starttls Starttls flags to disallow,allow or enforce SSL. * @param timelimit Query timelimit. * @param limit Results limit. * @param debug Set LDAP_OPT_DEBUG_LEVEL and LBER_OPT_DEBUG_LEVEL to this level. * @param err Pointer to a int that will contain the ldap error on failure. * @returns Reference to LDAP connection if its NULL the error is returned in err.*/ extern struct ldap_conn *ldap_connect(const char *uri, enum ldap_starttls starttls, int timelimit, int limit, int debug, int *err) { struct ldap_conn *ld; int version = 3; int res, sslres; struct timeval timeout; if (!(ld = objalloc(sizeof(*ld), free_ldapconn))) { return NULL; } ld->uri = strdup(uri); ld->sctrlsp = NULL; ld->timelim = timelimit; ld->limit = limit; ld->sasl = NULL; if ((res = ldap_initialize(&ld->ldap, ld->uri) != LDAP_SUCCESS)) { objunref(ld); ld = NULL; } else { if (debug) { ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &debug); ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &debug); } if (timelimit) { timeout.tv_sec = timelimit; timeout.tv_usec = 0; ldap_set_option(ld->ldap, LDAP_OPT_NETWORK_TIMEOUT, (void *)&timeout); } ldap_set_option(ld->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); ldap_set_option(ld->ldap, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_ON); ldap_set_rebind_proc(ld->ldap, ldap_rebind_proc, ld); if ((starttls != LDAP_STARTTLS_NONE) & !ldap_tls_inplace(ld->ldap) && (sslres = ldap_start_tls_s(ld->ldap, ld->sctrlsp, NULL))) { if (starttls == LDAP_STARTTLS_ENFORCE) { objunref(ld); ld = NULL; res = sslres; } } } *err = res; return ld; }
int ldap_start_tls_s ( LDAP *ld, LDAPControl **serverctrls, LDAPControl **clientctrls ) { #ifndef HAVE_TLS return LDAP_NOT_SUPPORTED; #else int rc; char *rspoid = NULL; struct berval *rspdata = NULL; /* XXYYZ: this initiates operation only on default connection! */ if ( ldap_tls_inplace( ld ) ) { return LDAP_LOCAL_ERROR; } rc = ldap_extended_operation_s( ld, LDAP_EXOP_START_TLS, NULL, serverctrls, clientctrls, &rspoid, &rspdata ); if ( rspoid != NULL ) { LDAP_FREE(rspoid); } if ( rspdata != NULL ) { ber_bvfree( rspdata ); } if ( rc == LDAP_SUCCESS ) { rc = ldap_int_tls_start( ld, ld->ld_defconn, NULL ); } return rc; #endif }