From 8c6ab51793365b8a03e47683f7922f100bfab22f Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Fri, 2 May 2008 14:53:18 +0000 Subject: only support tls-related options if LDAP library supports TLS, only add rebind code if ldap_set_rebind_proc() is found and only set LDAP_X_OPT_CONNECT_TIMEOUT if that option is supported git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@716 ef36b2f9-881f-0410-afb5-c4e39611909c --- nslcd/cfg.c | 6 +++++- nslcd/cfg.h | 4 +++- nslcd/myldap.c | 11 +++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) (limited to 'nslcd') diff --git a/nslcd/cfg.c b/nslcd/cfg.c index bfbac77..a884e98 100644 --- a/nslcd/cfg.c +++ b/nslcd/cfg.c @@ -5,7 +5,7 @@ Copyright (C) 1997-2005 Luke Howard Copyright (C) 2007 West Consulting - Copyright (C) 2007 Arthur de Jong + Copyright (C) 2007, 2008 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -87,6 +87,7 @@ static void cfg_defaults(struct ldap_config *cfg) cfg->ldc_idle_timelimit=0; cfg->ldc_reconnect_sleeptime=1; cfg->ldc_reconnect_maxsleeptime=30; +#ifdef LDAP_OPT_X_TLS cfg->ldc_ssl_on=SSL_OFF; cfg->ldc_sslpath=NULL; cfg->ldc_tls_checkpeer=-1; @@ -96,6 +97,7 @@ static void cfg_defaults(struct ldap_config *cfg) cfg->ldc_tls_ciphers=NULL; cfg->ldc_tls_cert=NULL; cfg->ldc_tls_key=NULL; +#endif /* LDAP_OPT_X_TLS */ cfg->ldc_restart=1; cfg->ldc_pagesize=0; cfg->ldc_debug=0; @@ -712,6 +714,7 @@ static void cfg_read(const char *filename,struct ldap_config *cfg) get_int(filename,lnr,keyword,&line,&cfg->ldc_reconnect_maxsleeptime); get_eol(filename,lnr,keyword,&line); } +#ifdef LDAP_OPT_X_TLS /* SSL/TLS options */ else if (strcasecmp(keyword,"ssl")==0) { @@ -777,6 +780,7 @@ static void cfg_read(const char *filename,struct ldap_config *cfg) get_eol(filename,lnr,keyword,&line); /* TODO: check that the path is valid */ } +#endif /* LDAP_OPT_X_TLS */ /* other options */ else if (strcasecmp(keyword,"restart")==0) { diff --git a/nslcd/cfg.h b/nslcd/cfg.h index 3867348..20ddb30 100644 --- a/nslcd/cfg.h +++ b/nslcd/cfg.h @@ -5,7 +5,7 @@ Copyright (C) 1997-2005 Luke Howard Copyright (C) 2007 West Consulting - Copyright (C) 2007 Arthur de Jong + Copyright (C) 2007, 2008 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -98,6 +98,7 @@ struct ldap_config int ldc_reconnect_sleeptime; /* maximum seconds to sleep */ int ldc_reconnect_maxsleeptime; +#ifdef LDAP_OPT_X_TLS /* SSL enabled */ enum ldap_ssl_options ldc_ssl_on; /* SSL certificate path */ @@ -116,6 +117,7 @@ struct ldap_config char *ldc_tls_cert; /* tls key */ char *ldc_tls_key; +#endif /* LDAP_OPT_X_TLS */ /* whether the LDAP library should restart the select(2) system call when interrupted */ int ldc_restart; /* set to a greater than 0 to enable handling of paged results with the specified size */ diff --git a/nslcd/myldap.c b/nslcd/myldap.c index 38cee34..3584cab 100644 --- a/nslcd/myldap.c +++ b/nslcd/myldap.c @@ -403,6 +403,7 @@ static int do_bind(MYLDAP_SESSION *session,const char *uri) } } +#ifdef HAVE_LDAP_SET_REBIND_PROC /* This function is called by the LDAP library when chasing referrals. It is configured with the ldap_set_rebind_proc() below. */ static int do_rebind(LDAP *UNUSED(ld),LDAP_CONST char *url, @@ -412,6 +413,7 @@ static int do_rebind(LDAP *UNUSED(ld),LDAP_CONST char *url, log_log(LOG_DEBUG,"rebinding to %s",url); return do_bind((MYLDAP_SESSION *)arg,url); } +#endif /* HAVE_LDAP_SET_REBIND_PROC */ /* This function sets a number of properties on the connection, based what is configured in the configfile. This function returns an @@ -420,7 +422,9 @@ static int do_set_options(MYLDAP_SESSION *session) { int rc; struct timeval tv; +#ifdef LDAP_OPT_X_TLS int tls=LDAP_OPT_X_TLS_HARD; +#endif /* LDAP_OPT_X_TLS */ /* turn on debugging */ if (nslcd_cfg->ldc_debug) { @@ -436,6 +440,7 @@ static int do_set_options(MYLDAP_SESSION *session) LDAP_SET_OPTION(NULL,LDAP_OPT_DEBUG_LEVEL,&nslcd_cfg->ldc_debug); #endif /* LDAP_OPT_DEBUG_LEVEL */ } +#ifdef HAVE_LDAP_SET_REBIND_PROC /* the rebind function that is called when chasing referrals, see http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/apis/ldap_set_rebind_proc.htm http://www.openldap.org/software/man.cgi?query=ldap_set_rebind_proc&manpath=OpenLDAP+2.4-Release */ @@ -446,6 +451,7 @@ static int do_set_options(MYLDAP_SESSION *session) log_log(LOG_ERR,"ldap_set_rebind_proc() failed: %s",ldap_err2string(rc)); return rc; } +#endif /* HAVE_LDAP_SET_REBIND_PROC */ /* set the protocol version to use */ LDAP_SET_OPTION(session->ld,LDAP_OPT_PROTOCOL_VERSION,&nslcd_cfg->ldc_version); /* set some other options */ @@ -459,8 +465,12 @@ static int do_set_options(MYLDAP_SESSION *session) #ifdef LDAP_OPT_NETWORK_TIMEOUT LDAP_SET_OPTION(session->ld,LDAP_OPT_NETWORK_TIMEOUT,&tv); #endif /* LDAP_OPT_NETWORK_TIMEOUT */ +#ifdef LDAP_X_OPT_CONNECT_TIMEOUT + LDAP_SET_OPTION(session->ld,LDAP_X_OPT_CONNECT_TIMEOUT,&tv); +#endif /* LDAP_X_OPT_CONNECT_TIMEOUT */ LDAP_SET_OPTION(session->ld,LDAP_OPT_REFERRALS,nslcd_cfg->ldc_referrals?LDAP_OPT_ON:LDAP_OPT_OFF); LDAP_SET_OPTION(session->ld,LDAP_OPT_RESTART,nslcd_cfg->ldc_restart?LDAP_OPT_ON:LDAP_OPT_OFF); +#ifdef LDAP_OPT_X_TLS /* if SSL is desired, then enable it */ if (nslcd_cfg->ldc_ssl_on==SSL_LDAPS) { @@ -502,6 +512,7 @@ static int do_set_options(MYLDAP_SESSION *session) LDAP_SET_OPTION(session->ld,LDAP_OPT_X_TLS_KEYFILE,nslcd_cfg->ldc_tls_key); } } +#endif /* LDAP_OPT_X_TLS */ /* if nothing above failed, everything should be fine */ return LDAP_SUCCESS; } -- cgit v1.2.3