Commit 7b41feed authored by Howard Chu's avatar Howard Chu
Browse files

Support setting cacert/cert/key directly in cn=config entry

parent 83fb5155
......@@ -200,6 +200,9 @@ enum {
CFG_DISABLED,
CFG_THREADQS,
CFG_TLS_ECNAME,
CFG_TLS_CACERT,
CFG_TLS_CERT,
CFG_TLS_KEY,
CFG_LAST
};
......@@ -696,6 +699,15 @@ static ConfigTable config_back_cf_table[] = {
{ "timelimit", "limit", 2, 0, 0, ARG_MAY_DB|ARG_MAGIC,
&config_timelimit, "( OLcfgGlAt:67 NAME 'olcTimeLimit' "
"SYNTAX OMsDirectoryString )", NULL, NULL },
{ "TLSCACertificate", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CACERT|ARG_BINARY|ARG_MAGIC, &config_tls_option,
#else
ARG_IGNORED, NULL,
#endif
"( OLcfgGlAt:97 NAME 'olcTLSCACertificate' "
"DESC 'X.509 certificate, must use ;binary' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 SINGLE-VALUE )", NULL, NULL },
{ "TLSCACertificateFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CA_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
......@@ -712,6 +724,15 @@ static ConfigTable config_back_cf_table[] = {
#endif
"( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "TLSCertificate", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CERT|ARG_BINARY|ARG_MAGIC, &config_tls_option,
#else
ARG_IGNORED, NULL,
#endif
"( OLcfgGlAt:98 NAME 'olcTLSCertificate' "
"DESC 'X.509 certificate, must use ;binary' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 SINGLE-VALUE )", NULL, NULL },
{ "TLSCertificateFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CERT_FILE|ARG_STRING|ARG_MAGIC, &config_tls_option,
......@@ -720,6 +741,15 @@ static ConfigTable config_back_cf_table[] = {
#endif
"( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "TLSCertificateKey", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_KEY|ARG_BINARY|ARG_MAGIC, &config_tls_option,
#else
ARG_IGNORED, NULL,
#endif
"( OLcfgGlAt:99 NAME 'olcTLSCertificateKey' "
"DESC 'X.509 privateKey, must use ;binary' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.13 SINGLE-VALUE )", NULL, NULL },
{ "TLSCertificateKeyFile", NULL, 2, 2, 0,
#ifdef HAVE_TLS
CFG_TLS_CERT_KEY|ARG_STRING|ARG_MAGIC, &config_tls_option,
......@@ -868,6 +898,7 @@ static ConfigOCs cf_ocs[] = {
"olcTimeLimit $ olcTLSCACertificateFile $ "
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
"olcTLSCACertificate $ olcTLSCertificate $ olcTLSCertificateKey $ "
"olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSECName $ "
"olcTLSCRLFile $ olcTLSProtocolMin $ olcToolThreads $ olcWriteTimeout $ "
"olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
......@@ -4061,6 +4092,7 @@ config_tls_cleanup(ConfigArgs *c) {
static int
config_tls_option(ConfigArgs *c) {
int flag;
int berval = 0;
LDAP *ld = slap_tls_ld;
switch(c->type) {
case CFG_TLS_RAND: flag = LDAP_OPT_X_TLS_RANDOM_FILE; ld = NULL; break;
......@@ -4074,20 +4106,23 @@ config_tls_option(ConfigArgs *c) {
#ifdef HAVE_GNUTLS
case CFG_TLS_CRL_FILE: flag = LDAP_OPT_X_TLS_CRLFILE; break;
#endif
case CFG_TLS_CACERT: flag = LDAP_OPT_X_TLS_CACERT; berval = 1; break;
case CFG_TLS_CERT: flag = LDAP_OPT_X_TLS_CERT; berval = 1; break;
case CFG_TLS_KEY: flag = LDAP_OPT_X_TLS_KEY; berval = 1; break;
default: Debug(LDAP_DEBUG_ANY, "%s: "
"unknown tls_option <0x%x>\n",
c->log, c->type, 0);
return 1;
}
if (c->op == SLAP_CONFIG_EMIT) {
return ldap_pvt_tls_get_option( ld, flag, &c->value_string );
return ldap_pvt_tls_get_option( ld, flag, berval ? &c->value_bv : &c->value_string );
} else if ( c->op == LDAP_MOD_DELETE ) {
c->cleanup = config_tls_cleanup;
return ldap_pvt_tls_set_option( ld, flag, NULL );
}
ch_free(c->value_string);
c->cleanup = config_tls_cleanup;
return(ldap_pvt_tls_set_option(ld, flag, c->argv[1]));
return(ldap_pvt_tls_set_option(ld, flag, berval ? &c->value_bv : c->argv[1]));
}
/* FIXME: this ought to be provided by libldap */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment