Hi
I had a bit time to add starttls support for table-ldap. Special
usefull for users who want to get data from Active directory. I haven't
had time to test it yet.
Philipp
diff --git a/table_ldap.c b/table_ldap.c
index fcef111..90d5825 100644
--- a/table_ldap.c
+++ b/table_ldap.c
@@ -95,8 +95,10 @@ ldap_connect(const char *addr)
struct aldap *ldap = NULL;
struct tls_config *tls_config = NULL;
struct addrinfo hints, *res0, *res;
+ struct aldap_message *m;
int error, fd = -1;
int flags;
+ int msgid, code;
int keepalive = 1;
if (aldap_parse_url(addr, &lu) != 1) {
@@ -107,10 +109,6 @@ ldap_connect(const char *addr)
log_warnx("ldapi:// is not supported yet");
goto out;
}
- if (lu.protocol == LDAPTLS) {
- log_warnx("ldap+tls:// is not supported yet");
- goto out;
- }
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
@@ -150,6 +148,32 @@ ldap_connect(const char *addr)
flags = fcntl(fd, F_GETFL, 0);
fcntl(fd, F_SETFL, flags | O_NONBLOCK);
+ if (lu.protocol == LDAPTLS) {
+ msgid = aldap_req_starttls(ldap);
+ if (msgid == -1) {
+ log_warn("warn: could not request STARTTLS");
+ aldap_close(ldap);
+ ldap = NULL;
+ goto out;
+ }
+ m = aldap_parse(ldap, 1);
+ if (!m || m->msgid != msgid) {
+ log_warn("warn: failed to recive STARTTLS response");
+ aldap_freemsg(m);
+ aldap_close(ldap);
+ ldap = NULL;
+ goto out;
+ }
+ code = aldap_get_resultcode(m);
+ aldap_freemsg(m);
+ if (code != LDAP_SUCCESS) {
+ log_warn("warn: STARTTLS failed: %d", code);
+ aldap_close(ldap);
+ ldap = NULL;
+ goto out;
+ }
+ }
+
if (lu.protocol == LDAPS || lu.protocol == LDAPTLS) {
tls_config = tls_config_new();
if (!tls_config) {
