Gitweb:
http://git.exim.org/exim.git/commitdiff/d13cdd3049b0191bbb275f9a6cf11dc0917a1f0c
Commit: d13cdd3049b0191bbb275f9a6cf11dc0917a1f0c
Parent: 8c02018827314fde071df70e2e1e080d241ffc49
Author: Phil Pennock <pdp@???>
AuthorDate: Mon Jun 10 02:50:18 2013 -0400
Committer: Phil Pennock <pdp@???>
CommitDate: Mon Jun 10 02:50:18 2013 -0400
Guard LDAP TLS usage against Solaris LDAP variant.
PP/22
Report from Prashanth Katuri.
This variant ensures that if TLS won't be activated because of
compile-time guards, but was requested, then we at least debug-log _why_
we're not doing anything.
---
doc/doc-txt/ChangeLog | 3 +++
src/src/lookups/ldap.c | 25 ++++++++++++++++---------
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e0411ba..d84e2aa 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -202,6 +202,9 @@ PP/21 Fix eximon continuous updating with timestamped log-files.
Report and fix from Heiko Schlichting.
Bugzilla 1363.
+PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
+ Report from Prashanth Katuri.
+
Exim version 4.80.1
-------------------
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 244d675..40345ba 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -519,18 +519,25 @@ if (!lcp->bound ||
{
DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
(lcp->bound)? "re-" : "", user, password);
-#ifdef LDAP_OPT_X_TLS
- /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */
if (eldap_start_tls)
{
- if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) {
- *errmsg = string_sprintf("failed to initiate TLS processing on an "
- "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
- " %s", host, porttext, rc, ldap_err2string(rc));
- goto RETURN_ERROR;
- }
- }
+#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
+ /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.
+ * Note: moreover, they appear to now define LDAP_OPT_X_TLS and still not
+ * export an ldap_start_tls_s symbol.
+ */
+ if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ *errmsg = string_sprintf("failed to initiate TLS processing on an "
+ "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
+ " %s", host, porttext, rc, ldap_err2string(rc));
+ goto RETURN_ERROR;
+ }
+#else
+ DEBUG(D_lookup)
+ debug_printf("TLS initiation not supported with this Exim and your LDAP library.\n");
#endif
+ }
if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))
== -1)
{
