Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
James Lowden
OpenLDAP
Commits
c88a448c
Commit
c88a448c
authored
Jan 15, 2021
by
Ondřej Kuzník
Committed by
Quanah Gibson-Mount
May 10, 2021
Browse files
ITS#8747 Fix lloadd builds --without-tls
parent
54a9c909
Changes
6
Hide whitespace changes
Inline
Side-by-side
servers/lloadd/bind.c
View file @
c88a448c
...
...
@@ -56,6 +56,7 @@ bind_mech_external(
goto
done
;
}
#ifdef HAVE_TLS
ssl
=
ldap_pvt_tls_sb_ctx
(
client
->
c_sb
);
if
(
!
ssl
||
ldap_pvt_tls_get_peer_dn
(
ssl
,
&
binddn
,
NULL
,
0
)
)
{
result
=
LDAP_INVALID_CREDENTIALS
;
...
...
@@ -74,6 +75,10 @@ bind_mech_external(
if
(
!
ber_bvstrcasecmp
(
&
client
->
c_auth
,
&
lloadd_identity
)
)
{
client
->
c_type
=
LLOAD_C_PRIVILEGED
;
}
#else
/* ! HAVE_TLS */
result
=
LDAP_AUTH_METHOD_NOT_SUPPORTED
;
message
=
"requested SASL mechanism not supported"
;
#endif
/* ! HAVE_TLS */
done:
CONNECTION_UNLOCK
(
client
);
...
...
servers/lloadd/client.c
View file @
c88a448c
...
...
@@ -288,6 +288,7 @@ handle_one_request( LloadConnection *c )
return
handler
(
c
,
op
);
}
#ifdef HAVE_TLS
/*
* The connection has a token assigned to it when the callback is set up.
*/
...
...
@@ -385,6 +386,7 @@ fail:
CONNECTION_LOCK_DESTROY
(
c
);
epoch_leave
(
epoch
);
}
#endif
/* HAVE_TLS */
LloadConnection
*
client_init
(
...
...
@@ -413,6 +415,7 @@ client_init(
c
->
c_state
=
LLOAD_C_READY
;
if
(
flags
&
CONN_IS_TLS
)
{
#ifdef HAVE_TLS
int
rc
;
c
->
c_is_tls
=
LLOAD_LDAPS
;
...
...
@@ -430,6 +433,9 @@ client_init(
c
->
c_read_timeout
=
lload_timeout_net
;
read_cb
=
write_cb
=
client_tls_handshake_cb
;
}
#else
/* ! HAVE_TLS */
assert
(
0
);
#endif
/* ! HAVE_TLS */
}
event
=
event_new
(
base
,
s
,
EV_READ
|
EV_PERSIST
,
read_cb
,
c
);
...
...
servers/lloadd/config.c
View file @
c88a448c
...
...
@@ -3671,6 +3671,19 @@ backend_cf_gen( ConfigArgs *c )
"invalid starttls configuration"
);
goto
fail
;
}
#ifndef HAVE_TLS
if
(
tlskey
[
i
].
mask
==
LLOAD_STARTTLS_OPTIONAL
)
{
Debug
(
LDAP_DEBUG_ANY
,
"%s: "
"lloadd compiled without TLS but starttls specified, "
"it will be ignored
\n
"
,
c
->
log
);
}
else
if
(
tlskey
[
i
].
mask
!=
LLOAD_CLEARTEXT
)
{
snprintf
(
c
->
cr_msg
,
sizeof
(
c
->
cr_msg
),
"invalid starttls configuration when compiled without "
"TLS support"
);
goto
fail
;
}
#endif
/* ! HAVE_TLS */
b
->
b_tls_conf
=
tlskey
[
i
].
mask
;
}
break
;
default:
...
...
servers/lloadd/daemon.c
View file @
c88a448c
...
...
@@ -1410,6 +1410,7 @@ backend_conn_cb( ldap_pvt_thread_start_t *start, void *startarg, void *arg )
return
0
;
}
#ifdef HAVE_TLS
int
client_tls_cb
(
ldap_pvt_thread_start_t
*
start
,
void
*
startarg
,
void
*
arg
)
{
...
...
@@ -1422,6 +1423,7 @@ client_tls_cb( ldap_pvt_thread_start_t *start, void *startarg, void *arg )
}
return
0
;
}
#endif
/* HAVE_TLS */
void
lload_handle_backend_invalidation
(
LloadChange
*
change
)
...
...
@@ -1648,6 +1650,7 @@ lload_handle_global_invalidation( LloadChange *change )
assert
(
!
feature_diff
);
}
#ifdef HAVE_TLS
if
(
change
->
flags
.
daemon
&
LLOAD_DAEMON_MOD_TLS
)
{
/* terminate all clients with TLS set up */
ldap_pvt_thread_pool_walk
(
...
...
@@ -1670,6 +1673,7 @@ lload_handle_global_invalidation( LloadChange *change )
}
}
}
#endif
/* HAVE_TLS */
if
(
change
->
flags
.
daemon
&
LLOAD_DAEMON_MOD_BINDCONF
)
{
LloadBackend
*
b
;
...
...
servers/lloadd/extended.c
View file @
c88a448c
...
...
@@ -22,11 +22,13 @@
Avlnode
*
lload_exop_handlers
=
NULL
;
#ifdef HAVE_TLS
void
*
lload_tls_ctx
;
LDAP
*
lload_tls_ld
,
*
lload_tls_backend_ld
;
#ifdef BALANCER_MODULE
int
lload_use_slap_tls_ctx
=
0
;
#endif
#endif
/* HAVE_TLS */
int
handle_starttls
(
LloadConnection
*
c
,
LloadOperation
*
op
)
...
...
@@ -42,6 +44,7 @@ handle_starttls( LloadConnection *c, LloadOperation *op )
assert
(
op
==
found
);
c
->
c_n_ops_executing
--
;
#ifdef HAVE_TLS
if
(
c
->
c_is_tls
==
LLOAD_TLS_ESTABLISHED
)
{
rc
=
LDAP_OPERATIONS_ERROR
;
msg
=
"TLS layer already in effect"
;
...
...
@@ -55,6 +58,11 @@ handle_starttls( LloadConnection *c, LloadOperation *op )
rc
=
LDAP_UNAVAILABLE
;
msg
=
"Could not initialize TLS"
;
}
#else
/* ! HAVE_TLS */
rc
=
LDAP_UNAVAILABLE
;
msg
=
"Could not initialize TLS"
;
#endif
/* ! HAVE_TLS */
CONNECTION_UNLOCK
(
c
);
Debug
(
LDAP_DEBUG_STATS
,
"handle_starttls: "
...
...
@@ -67,6 +75,7 @@ handle_starttls( LloadConnection *c, LloadOperation *op )
return
LDAP_SUCCESS
;
}
#ifdef HAVE_TLS
event_del
(
c
->
c_read_event
);
event_del
(
c
->
c_write_event
);
/*
...
...
@@ -109,6 +118,7 @@ handle_starttls( LloadConnection *c, LloadOperation *op )
operation_unlink
(
op
);
return
-
1
;
#endif
/* HAVE_TLS */
}
int
...
...
servers/lloadd/upstream.c
View file @
c88a448c
...
...
@@ -281,7 +281,9 @@ sasl_bind_step( LloadConnection *c, BerValue *scred, BerValue *ccred )
if
(
!
ctx
)
{
const
char
*
mech
=
NULL
;
#ifdef HAVE_TLS
void
*
ssl
;
#endif
/* HAVE_TLS */
if
(
sasl_client_new
(
"ldap"
,
b
->
b_host
,
NULL
,
NULL
,
client_callbacks
,
0
,
&
ctx
)
!=
SASL_OK
)
{
...
...
@@ -688,6 +690,7 @@ upstream_finish( LloadConnection *c )
return
LDAP_SUCCESS
;
}
#ifdef HAVE_TLS
static
void
upstream_tls_handshake_cb
(
evutil_socket_t
s
,
short
what
,
void
*
arg
)
{
...
...
@@ -872,6 +875,7 @@ fail:
CONNECTION_DESTROY
(
c
);
return
-
1
;
}
#endif
/* HAVE_TLS */
/*
* We must already hold b->b_mutex when called.
...
...
@@ -893,7 +897,9 @@ upstream_init( ber_socket_t s, LloadBackend *b )
CONNECTION_LOCK
(
c
);
c
->
c_private
=
b
;
#ifdef HAVE_TLS
c
->
c_is_tls
=
b
->
b_tls
;
#endif
c
->
c_pdu_cb
=
handle_one_response
;
LDAP_CIRCLEQ_INSERT_HEAD
(
&
b
->
b_preparing
,
c
,
c_next
);
...
...
@@ -924,10 +930,13 @@ upstream_init( ber_socket_t s, LloadBackend *b )
c
->
c_destroy
=
upstream_destroy
;
c
->
c_unlink
=
upstream_unlink
;
#ifdef HAVE_TLS
if
(
c
->
c_is_tls
==
LLOAD_CLEARTEXT
)
{
#endif
/* HAVE_TLS */
if
(
upstream_finish
(
c
)
)
{
goto
fail
;
}
#ifdef HAVE_TLS
}
else
if
(
c
->
c_is_tls
==
LLOAD_LDAPS
)
{
event_assign
(
c
->
c_read_event
,
base
,
s
,
EV_READ
|
EV_PERSIST
,
upstream_tls_handshake_cb
,
c
);
...
...
@@ -958,6 +967,7 @@ upstream_init( ber_socket_t s, LloadBackend *b )
event_add
(
c
->
c_read_event
,
c
->
c_read_timeout
);
}
}
#endif
/* HAVE_TLS */
CONNECTION_UNLOCK
(
c
);
return
c
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment