Skip to content
Snippets Groups Projects
Commit 0f8047b9 authored by Howard Chu's avatar Howard Chu
Browse files

Implemented ldap_pvt_tls_get_peer() for use with SASL/EXTERNAL.

Added ldap_pvt_tls_get_strength() - return encryption strength, for
use as a SASL session security factor.
parent c243a6fa
No related branches found
No related tags found
No related merge requests found
......@@ -164,6 +164,8 @@ LDAP_F (int) ldap_pvt_tls_connect LDAP_P(( struct ldap *ld, Sockbuf *sb, void *c
LDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
LDAP_F (void *) ldap_pvt_tls_sb_handle LDAP_P(( Sockbuf *sb ));
LDAP_F (void *) ldap_pvt_tls_get_handle LDAP_P(( struct ldap *ld ));
LDAP_F (const char *) ldap_pvt_tls_get_peer LDAP_P(( void *handle ));
LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *handle ));
LDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
LDAP_F (int) ldap_pvt_tls_start LDAP_P(( struct ldap *ld, Sockbuf *sb, void *ctx_arg ));
......
......@@ -658,16 +658,54 @@ ldap_pvt_tls_get_handle( LDAP *ld )
return ldap_pvt_tls_sb_handle( ld->ld_sb );
}
int
ldap_pvt_tls_get_strength( void *s )
{
SSL_CIPHER *c;
c = SSL_get_current_cipher((SSL *)s);
return SSL_CIPHER_get_bits(c, NULL);
}
const char *
ldap_pvt_tls_get_peer( LDAP *ld )
ldap_pvt_tls_get_peer( void *s )
{
return NULL;
X509 *x;
X509_NAME *xn;
char buf[2048], *p;
x = SSL_get_peer_certificate((SSL *)s);
if (!x)
return NULL;
xn = X509_get_subject_name(x);
p = LDAP_STRDUP(X509_NAME_oneline(xn, buf, sizeof(buf)));
X509_free(x);
return p;
}
const char *
ldap_pvt_tls_get_peer_issuer( LDAP *ld )
ldap_pvt_tls_get_peer_issuer( void *s )
{
#if 0 /* currently unused; see ldap_pvt_tls_get_peer() if needed */
X509 *x;
X509_NAME *xn;
char buf[2048], *p;
x = SSL_get_peer_certificate((SSL *)s);
if (!x)
return NULL;
xn = X509_get_issuer_name(x);
p = LDAP_STRDUP(X509_NAME_oneline(xn, buf, sizeof(buf)));
X509_free(x);
return p;
#else
return NULL;
#endif
}
int
......
......@@ -919,12 +919,17 @@ int connection_read(ber_socket_t s)
connection_close( c );
} else if ( rc == 0 ) {
void *ssl;
unsigned ssf;
char *authid;
c->c_needs_tls_accept = 0;
#if 0
/* we need to let SASL know */
ssl = (void *)ldap_pvt_tls_sb_handle( c->c_sb );
ssf = (unsigned)ldap_pvt_tls_get_strength( ssl );
authid = (char *)ldap_pvt_tls_get_peer( ssl );
slap_sasl_external( c, ssf, authid );
#endif
}
connection_return( c );
ldap_pvt_thread_mutex_unlock( &connections_mutex );
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment