diff options
author | Phil Pennock <pdp@exim.org> | 2013-06-10 02:50:18 -0400 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2013-06-10 02:50:18 -0400 |
commit | d13cdd3049b0191bbb275f9a6cf11dc0917a1f0c (patch) | |
tree | 4a958564b2a72cead984ead5e15f06734d337b19 /src | |
parent | 8c02018827314fde071df70e2e1e080d241ffc49 (diff) |
Guard LDAP TLS usage against Solaris LDAP variant.
PP/22
Report from Prashanth Katuri.
This variant ensures that if TLS won't be activated because of
compile-time guards, but was requested, then we at least debug-log _why_
we're not doing anything.
Diffstat (limited to 'src')
-rw-r--r-- | src/src/lookups/ldap.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index 244d67561..40345bafc 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -519,18 +519,25 @@ if (!lcp->bound || { DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n", (lcp->bound)? "re-" : "", user, password); -#ifdef LDAP_OPT_X_TLS - /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */ if (eldap_start_tls) { - if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) { - *errmsg = string_sprintf("failed to initiate TLS processing on an " - "LDAP session to server %s%s - ldap_start_tls_s() returned %d:" - " %s", host, porttext, rc, ldap_err2string(rc)); - goto RETURN_ERROR; - } - } +#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS) + /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this. + * Note: moreover, they appear to now define LDAP_OPT_X_TLS and still not + * export an ldap_start_tls_s symbol. + */ + if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) + { + *errmsg = string_sprintf("failed to initiate TLS processing on an " + "LDAP session to server %s%s - ldap_start_tls_s() returned %d:" + " %s", host, porttext, rc, ldap_err2string(rc)); + goto RETURN_ERROR; + } +#else + DEBUG(D_lookup) + debug_printf("TLS initiation not supported with this Exim and your LDAP library.\n"); #endif + } if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE)) == -1) { |