[exim-cvs] Guard LDAP TLS usage against Solaris LDAP variant…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Exim Git Commits Mailing List
Dátum:  
Címzett: exim-cvs
Tárgy: [exim-cvs] Guard LDAP TLS usage against Solaris LDAP variant.
Gitweb: http://git.exim.org/exim.git/commitdiff/d13cdd3049b0191bbb275f9a6cf11dc0917a1f0c
Commit:     d13cdd3049b0191bbb275f9a6cf11dc0917a1f0c
Parent:     8c02018827314fde071df70e2e1e080d241ffc49
Author:     Phil Pennock <pdp@???>
AuthorDate: Mon Jun 10 02:50:18 2013 -0400
Committer:  Phil Pennock <pdp@???>
CommitDate: Mon Jun 10 02:50:18 2013 -0400


    Guard LDAP TLS usage against Solaris LDAP variant.


    PP/22
    Report from Prashanth Katuri.


    This variant ensures that if TLS won't be activated because of
    compile-time guards, but was requested, then we at least debug-log _why_
    we're not doing anything.
---
 doc/doc-txt/ChangeLog  |    3 +++
 src/src/lookups/ldap.c |   25 ++++++++++++++++---------
 2 files changed, 19 insertions(+), 9 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e0411ba..d84e2aa 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -202,6 +202,9 @@ PP/21 Fix eximon continuous updating with timestamped log-files.
       Report and fix from Heiko Schlichting.
       Bugzilla 1363.


+PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
+      Report from Prashanth Katuri.
+


 Exim version 4.80.1
 -------------------
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 244d675..40345ba 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -519,18 +519,25 @@ if (!lcp->bound ||
   {
   DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
     (lcp->bound)? "re-" : "", user, password);
-#ifdef LDAP_OPT_X_TLS
-  /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */
   if (eldap_start_tls)
     {
-        if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) {
-            *errmsg = string_sprintf("failed to initiate TLS processing on an "
-                "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
-                " %s", host, porttext, rc, ldap_err2string(rc));
-            goto RETURN_ERROR;
-        }
-    }
+#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
+    /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.
+     * Note: moreover, they appear to now define LDAP_OPT_X_TLS and still not
+     *       export an ldap_start_tls_s symbol.
+     */
+    if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS)
+      {
+      *errmsg = string_sprintf("failed to initiate TLS processing on an "
+          "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
+          " %s", host, porttext, rc, ldap_err2string(rc));
+      goto RETURN_ERROR;
+      }
+#else
+    DEBUG(D_lookup)
+      debug_printf("TLS initiation not supported with this Exim and your LDAP library.\n");
 #endif
+    }
   if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))
        == -1)
     {