Prevent TLS rebinding in LDAP connections

Bugzilla 1375
author: Todd Lyons <tlyons@exim.org> 2013-09-04 13:22:51 -0700
committer: Todd Lyons <tlyons@exim.org> 2013-09-22 09:21:37 -0700
commit: a30a8861ef512a88394517f713f1e66b486e5c7c (patch)
tree: 7bf977db6b4b39e5ce0c037447eb9dc4e3d18a7a /src
parent: 2d07a2158e07fbaddd52e734fcbaeff44bf61919 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 40345bafc..f121bce61 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -81,6 +81,7 @@ typedef struct ldap_connection {
   uschar *password;
   BOOL  bound;
   int   port;
+  BOOL  is_start_tls_called;
   LDAP *ld;
 } LDAP_CONNECTION;
 
@@ -493,6 +494,7 @@ if (lcp == NULL)
   lcp->port = port;
   lcp->ld = ld;
   lcp->next = ldap_connections;
+  lcp->is_start_tls_called = FALSE;
   ldap_connections = lcp;
   }
 
@@ -519,7 +521,7 @@ if (!lcp->bound ||
   {
   DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
     (lcp->bound)? "re-" : "", user, password);
-  if (eldap_start_tls)
+  if (eldap_start_tls && !lcp->is_start_tls_called)
     {
 #if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
     /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.
@@ -533,6 +535,7 @@ if (!lcp->bound ||
           " %s", host, porttext, rc, ldap_err2string(rc));
       goto RETURN_ERROR;
       }
+    lcp->is_start_tls_called = TRUE;
 #else
     DEBUG(D_lookup)
       debug_printf("TLS initiation not supported with this Exim and your LDAP library.\n");
author	Todd Lyons <tlyons@exim.org>	2013-09-04 13:22:51 -0700
committer	Todd Lyons <tlyons@exim.org>	2013-09-22 09:21:37 -0700
commit	a30a8861ef512a88394517f713f1e66b486e5c7c (patch)
tree	7bf977db6b4b39e5ce0c037447eb9dc4e3d18a7a /src
parent	2d07a2158e07fbaddd52e734fcbaeff44bf61919 (diff)