|
Lines 676-685
Link Here
|
| 676 |
*/ |
676 |
*/ |
| 677 |
static int enable_tls_on(LDAP *conn) { |
677 |
static int enable_tls_on(LDAP *conn) { |
| 678 |
#if HAVE_LDAP_TLS |
678 |
#if HAVE_LDAP_TLS |
| 679 |
int version; |
679 |
// int version; |
| 680 |
int ldrc; |
680 |
int ldrc; |
| 681 |
|
681 |
|
| 682 |
if (ldaperror(ldrc=ldap_get_option (conn, |
682 |
/* if (ldaperror(ldrc=ldap_get_option (conn, |
| 683 |
LDAP_OPT_PROTOCOL_VERSION, |
683 |
LDAP_OPT_PROTOCOL_VERSION, |
| 684 |
&version)) |
684 |
&version)) |
| 685 |
!= LDAP_SUCCESS) |
685 |
!= LDAP_SUCCESS) |
|
Lines 699-705
Link Here
|
| 699 |
(void)ldap_set_option (conn, |
699 |
(void)ldap_set_option (conn, |
| 700 |
LDAP_OPT_PROTOCOL_VERSION, |
700 |
LDAP_OPT_PROTOCOL_VERSION, |
| 701 |
&version); |
701 |
&version); |
| 702 |
} |
702 |
}*/ |
| 703 |
|
703 |
|
| 704 |
if (ldaperror(ldrc=ldap_start_tls_s(conn, NULL, NULL)) |
704 |
if (ldaperror(ldrc=ldap_start_tls_s(conn, NULL, NULL)) |
| 705 |
!= LDAP_SUCCESS) |
705 |
!= LDAP_SUCCESS) |
|
Lines 754-760
Link Here
|
| 754 |
|
754 |
|
| 755 |
static int ldapopen() |
755 |
static int ldapopen() |
| 756 |
{ |
756 |
{ |
| 757 |
int ldrc; |
757 |
int ldrc; |
|
|
758 |
int curversion; |
| 759 |
int wantversion; |
| 760 |
char *confversion = NULL; |
| 758 |
|
761 |
|
| 759 |
if (my_ldap_fp) return (0); |
762 |
if (my_ldap_fp) return (0); |
| 760 |
|
763 |
|
|
Lines 768-773
Link Here
|
| 768 |
return (1); |
771 |
return (1); |
| 769 |
} |
772 |
} |
| 770 |
|
773 |
|
|
|
774 |
read_env("LDAP_PROTOVER", &confversion, "", 0, NULL); |
| 775 |
if(confversion) |
| 776 |
{ |
| 777 |
char *errpnt; |
| 778 |
wantversion = strtol(confversion, &errpnt, 0); |
| 779 |
if(*errpnt) |
| 780 |
{ |
| 781 |
#if HAVE_SYSLOG_H |
| 782 |
syslog(LOG_DAEMON|LOG_ERR, |
| 783 |
"\"%s\" not a valid integer for LDAP_PROTOVER, " |
| 784 |
"defaulting to %d.", |
| 785 |
confversion, LDAP_VERSION_MAX); |
| 786 |
#else |
| 787 |
fprintf(stderr, |
| 788 |
"\"%s\" not a valid integer for LDAP_PROTOVER, " |
| 789 |
"defaulting to %d.", |
| 790 |
confversion, LDAP_VERSION_MAX); |
| 791 |
#endif |
| 792 |
} |
| 793 |
else if(wantversion > LDAP_VERSION_MAX) |
| 794 |
{ |
| 795 |
#if HAVE_SYSLOG_H |
| 796 |
syslog(LOG_DAEMON|LOG_WARNING, |
| 797 |
"protocol version %d is not supported, " |
| 798 |
"max protocol version supported is %d.", |
| 799 |
wantversion, LDAP_VERSION_MAX); |
| 800 |
#else |
| 801 |
fprintf(stderr, |
| 802 |
"protocol version %d is not supported, " |
| 803 |
"max protocol version supported is %d.\n", |
| 804 |
wantversion, LDAP_VERSION_MAX); |
| 805 |
#endif |
| 806 |
wantversion = LDAP_VERSION_MAX; |
| 807 |
} |
| 808 |
else if(wantversion < LDAP_VERSION_MIN) |
| 809 |
{ |
| 810 |
#if HAVE_SYSLOG_H |
| 811 |
syslog(LOG_DAEMON|LOG_WARNING, |
| 812 |
"protocol version %d is not supported, " |
| 813 |
"min protocol version supported is %d.", |
| 814 |
wantversion, LDAP_VERSION_MIN); |
| 815 |
#else |
| 816 |
fprintf(stderr, |
| 817 |
"protocol version %d is not supported, " |
| 818 |
"min protocol version supported is %d.\n", |
| 819 |
wantversion, LDAP_VERSION_MIN); |
| 820 |
#endif |
| 821 |
wantversion = LDAP_VERSION_MIN; |
| 822 |
} |
| 823 |
} |
| 824 |
else |
| 825 |
wantversion = LDAP_VERSION_MAX; |
| 826 |
|
| 827 |
if (ldaperror(ldrc=ldap_get_option (my_ldap_fp, |
| 828 |
LDAP_OPT_PROTOCOL_VERSION, |
| 829 |
&curversion)) |
| 830 |
!= LDAP_SUCCESS) |
| 831 |
{ |
| 832 |
const char *s=ldap_err2string(ldrc); |
| 833 |
|
| 834 |
#if HAVE_SYSLOG_H |
| 835 |
syslog(LOG_DAEMON|LOG_WARNING, |
| 836 |
"ldap_get_option failed: %s", s); |
| 837 |
#endif |
| 838 |
curversion = -1; // force a set_option. |
| 839 |
} |
| 840 |
|
| 841 |
if((curversion != wantversion) && |
| 842 |
ldap_set_option (my_ldap_fp, |
| 843 |
LDAP_OPT_PROTOCOL_VERSION, |
| 844 |
&wantversion) != LDAP_SUCCESS) |
| 845 |
{ |
| 846 |
#if HAVE_SYSLOG_H |
| 847 |
syslog(LOG_DAEMON|LOG_ERR, |
| 848 |
"error changing protocol version from %d to %d, " |
| 849 |
"attempting to continue.", |
| 850 |
curversion, wantversion); |
| 851 |
#else |
| 852 |
fprintf(stderr, |
| 853 |
"error changing protocol version from %d to %d, " |
| 854 |
"attempting to continue.\n", |
| 855 |
curversion, wantversion); |
| 856 |
#endif |
| 857 |
} |
| 858 |
|
| 771 |
#if HAVE_LDAP_TLS |
859 |
#if HAVE_LDAP_TLS |
| 772 |
if (my_ldap.tls && enable_tls_on(my_ldap_fp)) |
860 |
if (my_ldap.tls && enable_tls_on(my_ldap_fp)) |
| 773 |
{ |
861 |
{ |
