From 4bbbe755ff070215c4bae6c9b942fdde65bf6632 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 27 Jul 2011 18:34:04 +0200 Subject: [PATCH 1/2] Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connections --- src/providers/ldap/ldap_id.c | 3 ++- src/providers/ldap/sdap_async.h | 4 +++- src/providers/ldap/sdap_async_connection.c | 25 +++++++++++++++++++------ src/providers/ldap/sdap_id_op.c | 3 ++- 4 files changed, 26 insertions(+), 9 deletions(-) diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 2d8aeff..7358627 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -687,7 +687,8 @@ void sdap_check_online(struct be_req *be_req) struct sdap_id_ctx); req = sdap_cli_connect_send(be_req, be_req->be_ctx->ev, ctx->opts, - be_req->be_ctx, ctx->service, false); + be_req->be_ctx, ctx->service, false, + NULL, NULL); if (req == NULL) { DEBUG(1, ("sdap_cli_connect_send failed.\n")); goto done; diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 4115f62..6a78fa0 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -130,7 +130,9 @@ struct tevent_req *sdap_cli_connect_send(TALLOC_CTX *memctx, struct sdap_options *opts, struct be_ctx *be, struct sdap_service *service, - bool skip_rootdse); + bool skip_rootdse, + bool *force_tls, + bool *force_gssapi); int sdap_cli_connect_recv(struct tevent_req *req, TALLOC_CTX *memctx, bool *can_retry, diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 6f67700..46bf122 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -1103,6 +1103,9 @@ struct sdap_cli_connect_state { struct fo_server *srv; struct sdap_server_opts *srv_opts; + + bool *force_tls; + bool *force_gssapi; }; static int sdap_cli_resolve_next(struct tevent_req *req); @@ -1120,7 +1123,9 @@ struct tevent_req *sdap_cli_connect_send(TALLOC_CTX *memctx, struct sdap_options *opts, struct be_ctx *be, struct sdap_service *service, - bool skip_rootdse) + bool skip_rootdse, + bool *force_tls, + bool *force_gssapi) { struct sdap_cli_connect_state *state; struct tevent_req *req; @@ -1137,6 +1142,8 @@ struct tevent_req *sdap_cli_connect_send(TALLOC_CTX *memctx, state->srv_opts = NULL; state->be = be; state->use_rootdse = !skip_rootdse; + state->force_tls = force_tls; + state->force_gssapi = force_gssapi; ret = sdap_cli_resolve_next(req); if (ret) { @@ -1174,8 +1181,9 @@ static void sdap_cli_resolve_done(struct tevent_req *subreq) struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); int ret; - bool use_tls = dp_opt_get_bool(state->opts->basic, - SDAP_ID_TLS); + bool use_tls = state->force_tls ? *state->force_tls : \ + dp_opt_get_bool(state->opts->basic, + SDAP_ID_TLS); ret = be_resolve_server_recv(subreq, &state->srv); talloc_zfree(subreq); @@ -1212,7 +1220,9 @@ static void sdap_cli_connect_done(struct tevent_req *subreq) struct sdap_cli_connect_state); const char *sasl_mech; int ret; - + bool use_gssapi = state->force_gssapi ? *state->force_gssapi : \ + dp_opt_get_bool(state->opts->basic, + SDAP_KRB5_KINIT); talloc_zfree(state->sh); ret = sdap_connect_recv(subreq, state, &state->sh); talloc_zfree(subreq); @@ -1247,7 +1257,7 @@ static void sdap_cli_connect_done(struct tevent_req *subreq) } if (sasl_mech && (strcasecmp(sasl_mech, "GSSAPI") == 0)) { - if (dp_opt_get_bool(state->opts->basic, SDAP_KRB5_KINIT)) { + if (use_gssapi) { sdap_cli_kinit_step(req); return; } @@ -1291,6 +1301,9 @@ static void sdap_cli_rootdse_done(struct tevent_req *subreq) struct sysdb_attrs *rootdse; const char *sasl_mech; int ret; + bool use_gssapi = state->force_gssapi ? *state->force_gssapi : \ + dp_opt_get_bool(state->opts->basic, + SDAP_KRB5_KINIT); ret = sdap_get_rootdse_recv(subreq, state, &rootdse); talloc_zfree(subreq); @@ -1359,7 +1372,7 @@ static void sdap_cli_rootdse_done(struct tevent_req *subreq) } if (sasl_mech && (strcasecmp(sasl_mech, "GSSAPI") == 0)) { - if (dp_opt_get_bool(state->opts->basic, SDAP_KRB5_KINIT)) { + if (use_gssapi) { sdap_cli_kinit_step(req); return; } diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c index 11a379c..ab42d05 100644 --- a/src/providers/ldap/sdap_id_op.c +++ b/src/providers/ldap/sdap_id_op.c @@ -465,7 +465,8 @@ static int sdap_id_op_connect_step(struct tevent_req *req) subreq = sdap_cli_connect_send(conn_data, state->ev, state->id_ctx->opts, state->id_ctx->be, - state->id_ctx->service, false); + state->id_ctx->service, false, + NULL, NULL); if (!subreq) { ret = ENOMEM; goto done; -- 1.7.6