ITS#6828 fix TLS setup with async connect

33f3de77 · Howard Chu · c0aec23b · 33f3de77 · 33f3de77 · 33f3de77
Commit 33f3de77 authored Jun 08, 2011 by Howard Chu
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -433,7 +433,11 @@ ldap_int_sasl_bind(
 					rc = ld->ld_errno;
 				}
 			}
-		}   
+		}
+		if ( rc == 0 && ld->ld_defconn &&
+			ld->ld_defconn->lconn_status == LDAP_CONNST_CONNECTING ) {
+			rc = ldap_int_check_async_open( ld, sd );
+		}
 		LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );
 		if( rc != 0 ) return ld->ld_errno;


--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -587,6 +587,7 @@ LDAP_F (int) ldap_int_next_line_tokens LDAP_P(( char **bufp, ber_len_t *blenp, c
 LDAP_F (int) ldap_open_defconn( LDAP *ld );
 LDAP_F (int) ldap_int_open_connection( LDAP *ld,
 	LDAPConn *conn, LDAPURLDesc *srvlist, int async );
+LDAP_F (int) ldap_int_check_async_open( LDAP *ld, ber_socket_t sd );

 /*
 * in os-ip.c

--- a/libraries/libldap/open.c
+++ b/libraries/libldap/open.c
@@ -429,7 +429,7 @@ ldap_int_open_connection(
 #endif

 #ifdef HAVE_TLS
-	if (ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
+	if (rc == 0 && ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
 		strcmp( srv->lud_scheme, "ldaps" ) == 0 )
 	{
 		++conn->lconn_refcnt;	/* avoid premature free */
@@ -535,3 +535,39 @@ ldap_dup( LDAP *old )
 	LDAP_MUTEX_UNLOCK( &old->ld_ldcmutex );
 	return ( ld );
 }
+
+int
+ldap_int_check_async_open( LDAP *ld, ber_socket_t sd )
+{
+	struct timeval tv = { 0 };
+	int rc;
+
+	rc = ldap_int_poll( ld, sd, &tv );
+	switch ( rc ) {
+	case 0:
+		/* now ready to start tls */
+		ld->ld_defconn->lconn_status = LDAP_CONNST_CONNECTED;
+		break;
+
+	default:
+		return -1;
+
+	case -2:
+		/* connect not completed yet */
+		ld->ld_errno = LDAP_X_CONNECTING;
+		return rc;
+	}
+
+#ifdef HAVE_TLS
+	if ( ld->ld_options.ldo_tls_mode == LDAP_OPT_X_TLS_HARD ||
+		!strcmp( ld->ld_defconn->lconn_server->lud_scheme, "ldaps" )) {
+
+		++ld->ld_defconn->lconn_refcnt;	/* avoid premature free */
+
+		rc = ldap_int_tls_start( ld, ld->ld_defconn, ld->ld_defconn->lconn_server );
+
+		--ld->ld_defconn->lconn_refcnt;
+	}
+#endif
+	return rc;
+}
--- a/libraries/libldap/request.c
+++ b/libraries/libldap/request.c
@@ -120,15 +120,18 @@ ldap_send_initial_request(
 	ber_int_t msgid)
 {
 	int rc = 1;
+	ber_socket_t sd = AC_SOCKET_INVALID;

 	Debug( LDAP_DEBUG_TRACE, "ldap_send_initial_request\n", 0, 0, 0 );

 	LDAP_MUTEX_LOCK( &ld->ld_conn_mutex );
-	if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
+	if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd ) == -1 ) {
 		/* not connected yet */
 		rc = ldap_open_defconn( ld );

 	}
+	if ( ld->ld_defconn && ld->ld_defconn->lconn_status == LDAP_CONNST_CONNECTING )
+		rc = ldap_int_check_async_open( ld, sd );
 	if( rc < 0 ) {
 		ber_free( ber, 1 );
 		LDAP_MUTEX_UNLOCK( &ld->ld_conn_mutex );