Lines 676-706
Link Here
|
676 |
*/ |
676 |
*/ |
677 |
static int enable_tls_on(LDAP *conn) { |
677 |
static int enable_tls_on(LDAP *conn) { |
678 |
#if HAVE_LDAP_TLS |
678 |
#if HAVE_LDAP_TLS |
679 |
int version; |
|
|
680 |
int ldrc; |
679 |
int ldrc; |
681 |
|
680 |
|
682 |
if (ldaperror(ldrc=ldap_get_option (conn, |
|
|
683 |
LDAP_OPT_PROTOCOL_VERSION, |
684 |
&version)) |
685 |
!= LDAP_SUCCESS) |
686 |
{ |
687 |
const char *s=ldap_err2string(ldrc); |
688 |
|
689 |
#if HAVE_SYSLOG_H |
690 |
syslog(LOG_DAEMON|LOG_CRIT, |
691 |
"ldap_get_option failed: %s", s); |
692 |
#endif |
693 |
return (-1); |
694 |
} |
695 |
|
696 |
if (version < LDAP_VERSION3) |
697 |
{ |
698 |
version = LDAP_VERSION3; |
699 |
(void)ldap_set_option (conn, |
700 |
LDAP_OPT_PROTOCOL_VERSION, |
701 |
&version); |
702 |
} |
703 |
|
704 |
if (ldaperror(ldrc=ldap_start_tls_s(conn, NULL, NULL)) |
681 |
if (ldaperror(ldrc=ldap_start_tls_s(conn, NULL, NULL)) |
705 |
!= LDAP_SUCCESS) |
682 |
!= LDAP_SUCCESS) |
706 |
{ |
683 |
{ |
Lines 754-761
Link Here
|
754 |
|
731 |
|
755 |
static int ldapopen() |
732 |
static int ldapopen() |
756 |
{ |
733 |
{ |
757 |
int ldrc; |
734 |
int ldrc; |
758 |
|
735 |
int version; |
|
|
736 |
|
759 |
if (my_ldap_fp) return (0); |
737 |
if (my_ldap_fp) return (0); |
760 |
|
738 |
|
761 |
if (authldap_read_config(&my_ldap) == 0) |
739 |
if (authldap_read_config(&my_ldap) == 0) |
Lines 767-773
Link Here
|
767 |
{ |
745 |
{ |
768 |
return (1); |
746 |
return (1); |
769 |
} |
747 |
} |
|
|
748 |
|
749 |
// attempt to upgrade the protocol version as high as we can. |
750 |
// We might want to add a config option like LDAP_PROTO_VERSION |
751 |
// and try to set to that if set, or else run this. |
752 |
if (ldaperror(ldrc=ldap_get_option (my_ldap_fp, |
753 |
LDAP_OPT_PROTOCOL_VERSION, |
754 |
&version)) |
755 |
!= LDAP_SUCCESS) |
756 |
{ |
757 |
const char *s=ldap_err2string(ldrc); |
770 |
|
758 |
|
|
|
759 |
#if HAVE_SYSLOG_H |
760 |
syslog(LOG_DAEMON|LOG_CRIT, |
761 |
"ldap_get_option failed: %s", s); |
762 |
#endif |
763 |
} |
764 |
else |
765 |
{ |
766 |
int tmpversion = LDAP_VERSION_MAX; |
767 |
while(tmpversion > version) |
768 |
{ |
769 |
if(ldap_set_option (my_ldap_fp, |
770 |
LDAP_OPT_PROTOCOL_VERSION, |
771 |
&tmpversion) == LDAP_SUCCESS) |
772 |
break; |
773 |
tmpversion--; |
774 |
} |
775 |
version = tmpversion; |
776 |
} |
777 |
|
771 |
#if HAVE_LDAP_TLS |
778 |
#if HAVE_LDAP_TLS |
772 |
if (my_ldap.tls && enable_tls_on(my_ldap_fp)) |
779 |
if (my_ldap.tls && enable_tls_on(my_ldap_fp)) |
773 |
{ |
780 |
{ |