Lines 676-685
Link Here
|
676 |
*/ |
676 |
*/ |
677 |
static int enable_tls_on(LDAP *conn) { |
677 |
static int enable_tls_on(LDAP *conn) { |
678 |
#if HAVE_LDAP_TLS |
678 |
#if HAVE_LDAP_TLS |
679 |
int version; |
679 |
// int version; |
680 |
int ldrc; |
680 |
int ldrc; |
681 |
|
681 |
|
682 |
if (ldaperror(ldrc=ldap_get_option (conn, |
682 |
/* if (ldaperror(ldrc=ldap_get_option (conn, |
683 |
LDAP_OPT_PROTOCOL_VERSION, |
683 |
LDAP_OPT_PROTOCOL_VERSION, |
684 |
&version)) |
684 |
&version)) |
685 |
!= LDAP_SUCCESS) |
685 |
!= LDAP_SUCCESS) |
Lines 699-705
Link Here
|
699 |
(void)ldap_set_option (conn, |
699 |
(void)ldap_set_option (conn, |
700 |
LDAP_OPT_PROTOCOL_VERSION, |
700 |
LDAP_OPT_PROTOCOL_VERSION, |
701 |
&version); |
701 |
&version); |
702 |
} |
702 |
}*/ |
703 |
|
703 |
|
704 |
if (ldaperror(ldrc=ldap_start_tls_s(conn, NULL, NULL)) |
704 |
if (ldaperror(ldrc=ldap_start_tls_s(conn, NULL, NULL)) |
705 |
!= LDAP_SUCCESS) |
705 |
!= LDAP_SUCCESS) |
Lines 754-760
Link Here
|
754 |
|
754 |
|
755 |
static int ldapopen() |
755 |
static int ldapopen() |
756 |
{ |
756 |
{ |
757 |
int ldrc; |
757 |
int ldrc; |
|
|
758 |
int curversion; |
759 |
int wantversion; |
760 |
char *confversion = NULL; |
758 |
|
761 |
|
759 |
if (my_ldap_fp) return (0); |
762 |
if (my_ldap_fp) return (0); |
760 |
|
763 |
|
Lines 768-773
Link Here
|
768 |
return (1); |
771 |
return (1); |
769 |
} |
772 |
} |
770 |
|
773 |
|
|
|
774 |
read_env("LDAP_PROTOVER", &confversion, "", 0, NULL); |
775 |
if(confversion) |
776 |
{ |
777 |
char *errpnt; |
778 |
wantversion = strtol(confversion, &errpnt, 0); |
779 |
if(*errpnt) |
780 |
{ |
781 |
#if HAVE_SYSLOG_H |
782 |
syslog(LOG_DAEMON|LOG_ERR, |
783 |
"\"%s\" not a valid integer for LDAP_PROTOVER, " |
784 |
"defaulting to %d.", |
785 |
confversion, LDAP_VERSION_MAX); |
786 |
#else |
787 |
fprintf(stderr, |
788 |
"\"%s\" not a valid integer for LDAP_PROTOVER, " |
789 |
"defaulting to %d.", |
790 |
confversion, LDAP_VERSION_MAX); |
791 |
#endif |
792 |
} |
793 |
else if(wantversion > LDAP_VERSION_MAX) |
794 |
{ |
795 |
#if HAVE_SYSLOG_H |
796 |
syslog(LOG_DAEMON|LOG_WARNING, |
797 |
"protocol version %d is not supported, " |
798 |
"max protocol version supported is %d.", |
799 |
wantversion, LDAP_VERSION_MAX); |
800 |
#else |
801 |
fprintf(stderr, |
802 |
"protocol version %d is not supported, " |
803 |
"max protocol version supported is %d.\n", |
804 |
wantversion, LDAP_VERSION_MAX); |
805 |
#endif |
806 |
wantversion = LDAP_VERSION_MAX; |
807 |
} |
808 |
else if(wantversion < LDAP_VERSION_MIN) |
809 |
{ |
810 |
#if HAVE_SYSLOG_H |
811 |
syslog(LOG_DAEMON|LOG_WARNING, |
812 |
"protocol version %d is not supported, " |
813 |
"min protocol version supported is %d.", |
814 |
wantversion, LDAP_VERSION_MIN); |
815 |
#else |
816 |
fprintf(stderr, |
817 |
"protocol version %d is not supported, " |
818 |
"min protocol version supported is %d.\n", |
819 |
wantversion, LDAP_VERSION_MIN); |
820 |
#endif |
821 |
wantversion = LDAP_VERSION_MIN; |
822 |
} |
823 |
} |
824 |
else |
825 |
wantversion = LDAP_VERSION_MAX; |
826 |
|
827 |
if (ldaperror(ldrc=ldap_get_option (my_ldap_fp, |
828 |
LDAP_OPT_PROTOCOL_VERSION, |
829 |
&curversion)) |
830 |
!= LDAP_SUCCESS) |
831 |
{ |
832 |
const char *s=ldap_err2string(ldrc); |
833 |
|
834 |
#if HAVE_SYSLOG_H |
835 |
syslog(LOG_DAEMON|LOG_WARNING, |
836 |
"ldap_get_option failed: %s", s); |
837 |
#endif |
838 |
curversion = -1; // force a set_option. |
839 |
} |
840 |
|
841 |
if((curversion != wantversion) && |
842 |
ldap_set_option (my_ldap_fp, |
843 |
LDAP_OPT_PROTOCOL_VERSION, |
844 |
&wantversion) != LDAP_SUCCESS) |
845 |
{ |
846 |
#if HAVE_SYSLOG_H |
847 |
syslog(LOG_DAEMON|LOG_ERR, |
848 |
"error changing protocol version from %d to %d, " |
849 |
"attempting to continue.", |
850 |
curversion, wantversion); |
851 |
#else |
852 |
fprintf(stderr, |
853 |
"error changing protocol version from %d to %d, " |
854 |
"attempting to continue.\n", |
855 |
curversion, wantversion); |
856 |
#endif |
857 |
} |
858 |
|
771 |
#if HAVE_LDAP_TLS |
859 |
#if HAVE_LDAP_TLS |
772 |
if (my_ldap.tls && enable_tls_on(my_ldap_fp)) |
860 |
if (my_ldap.tls && enable_tls_on(my_ldap_fp)) |
773 |
{ |
861 |
{ |