diff options
| author | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-06-29 21:00:35 +0000 |
|---|---|---|
| committer | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-06-29 21:00:35 +0000 |
| commit | 8b1d69a2bdc2868a52d59070d07af600e681646f (patch) | |
| tree | 2055a13f18f43933ad9c9c25ed9fa27482548067 | |
| parent | 9e9fc6ba762367e8a978a2f8baf109ace827ddb5 (diff) | |
Remember on what listener a connection got from, and return protocol error
if trying to use starttls without a configured certificate, instead of just
blocking the client.
| -rw-r--r-- | usr.sbin/ldapd/conn.c | 3 | ||||
| -rw-r--r-- | usr.sbin/ldapd/ldapd.h | 3 | ||||
| -rw-r--r-- | usr.sbin/ldapd/ldape.c | 7 |
3 files changed, 10 insertions, 3 deletions
diff --git a/usr.sbin/ldapd/conn.c b/usr.sbin/ldapd/conn.c index a69af30b612..abd71912988 100644 --- a/usr.sbin/ldapd/conn.c +++ b/usr.sbin/ldapd/conn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conn.c,v 1.3 2010/06/27 18:31:13 martinh Exp $ */ +/* $OpenBSD: conn.c,v 1.4 2010/06/29 21:00:34 martinh Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -266,6 +266,7 @@ conn_accept(int fd, short why, void *data) conn->s_l = l; ber_set_application(&conn->ber, ldap_application); conn->fd = afd; + conn->listener = l; if (l->flags & F_LDAPS) { ssl_session_init(conn); diff --git a/usr.sbin/ldapd/ldapd.h b/usr.sbin/ldapd/ldapd.h index 29cf70ce06e..340fb224d22 100644 --- a/usr.sbin/ldapd/ldapd.h +++ b/usr.sbin/ldapd/ldapd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ldapd.h,v 1.12 2010/06/29 02:45:46 martinh Exp $ */ +/* $OpenBSD: ldapd.h,v 1.13 2010/06/29 21:00:34 martinh Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -203,6 +203,7 @@ struct conn struct request *bind_req; /* ongoing bind request */ char *binddn; TAILQ_HEAD(, search) searches; + struct listener *listener; /* where it connected from */ /* SSL support */ struct event s_ev; diff --git a/usr.sbin/ldapd/ldape.c b/usr.sbin/ldapd/ldape.c index a3bcdd50c06..d4b8a9ad76a 100644 --- a/usr.sbin/ldapd/ldape.c +++ b/usr.sbin/ldapd/ldape.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldape.c,v 1.6 2010/06/23 12:40:19 martinh Exp $ */ +/* $OpenBSD: ldape.c,v 1.7 2010/06/29 21:00:34 martinh Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -153,6 +153,11 @@ ldap_unbind(struct request *req) int ldap_starttls(struct request *req) { + if ((req->conn->listener->flags & F_STARTTLS) == 0) { + log_debug("StartTLS not configured for this connection"); + return LDAP_OPERATIONS_ERROR; + } + req->conn->s_flags |= F_STARTTLS; return LDAP_SUCCESS; } |