Author: metze Date: 2006-07-25 19:20:04 +0000 (Tue, 25 Jul 2006) New Revision: 17237
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17237 Log: - keep pointer to the different sockets - we need this to later: - to disallow a StartTLS when TLS is already in use - to place the TLS socket between the raw and sasl socket when we had a sasl bind before the StartTLS - and rfc4513 says that the server may allow to remove the TLS from the tcp connection again and reuse raw tcp - and also a 2nd sasl bind should replace the old sasl socket metze Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c branches/SAMBA_4_0/source/ldap_server/ldap_bind.c branches/SAMBA_4_0/source/ldap_server/ldap_server.c branches/SAMBA_4_0/source/ldap_server/ldap_server.h Changeset: Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c =================================================================== --- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c 2006-07-25 18:42:26 UTC (rev 17236) +++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c 2006-07-25 19:20:04 UTC (rev 17237) @@ -747,6 +747,7 @@ talloc_steal(ctx->conn->connection, ctx->tls_socket); talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket); + ctx->conn->sockets.tls = ctx->tls_socket; ctx->conn->connection->socket = ctx->tls_socket; packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket); } @@ -767,7 +768,6 @@ /* check if we have a START_TLS call */ if (strcmp(req->oid, LDB_EXTENDED_START_TLS_OID) == 0) { - NTSTATUS status; struct ldapsrv_starttls_context *ctx; int result = 0; const char *errstr; Modified: branches/SAMBA_4_0/source/ldap_server/ldap_bind.c =================================================================== --- branches/SAMBA_4_0/source/ldap_server/ldap_bind.c 2006-07-25 18:42:26 UTC (rev 17236) +++ branches/SAMBA_4_0/source/ldap_server/ldap_bind.c 2006-07-25 19:20:04 UTC (rev 17237) @@ -101,6 +101,7 @@ talloc_steal(ctx->conn->connection, ctx->sasl_socket); talloc_unlink(ctx->conn->connection, ctx->conn->connection->socket); + ctx->conn->sockets.sasl = ctx->sasl_socket; ctx->conn->connection->socket = ctx->sasl_socket; packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket); } Modified: branches/SAMBA_4_0/source/ldap_server/ldap_server.c =================================================================== --- branches/SAMBA_4_0/source/ldap_server/ldap_server.c 2006-07-25 18:42:26 UTC (rev 17236) +++ branches/SAMBA_4_0/source/ldap_server/ldap_server.c 2006-07-25 19:20:04 UTC (rev 17237) @@ -330,6 +330,7 @@ conn->packet = NULL; conn->connection = c; conn->service = ldapsrv_service; + conn->sockets.raw = c->socket; c->private = conn; @@ -351,6 +352,7 @@ talloc_unlink(c, c->socket); talloc_steal(c, tls_socket); c->socket = tls_socket; + conn->sockets.tls = tls_socket; } else if (port == 3268) /* Global catalog */ { conn->global_catalog = True; Modified: branches/SAMBA_4_0/source/ldap_server/ldap_server.h =================================================================== --- branches/SAMBA_4_0/source/ldap_server/ldap_server.h 2006-07-25 18:42:26 UTC (rev 17236) +++ branches/SAMBA_4_0/source/ldap_server/ldap_server.h 2006-07-25 19:20:04 UTC (rev 17237) @@ -31,6 +31,12 @@ struct cli_credentials *server_credentials; struct ldb_context *ldb; + struct { + struct socket_context *raw; + struct socket_context *tls; + struct socket_context *sasl; + } sockets; + BOOL global_catalog; struct packet_context *packet; @@ -57,8 +63,6 @@ void *send_private; }; -struct ldapsrv_service; - struct ldapsrv_service { struct tls_params *tls_params; };