X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/e6d225ae6e6811d3c88dc201642a2127ff6c11bd..109066729a54f6ba5c4e8bc174133da33242e930:/src/src/lookups/ldap.c diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index 461ec15e3..06b749469 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -431,6 +431,60 @@ if (lcp == NULL) } #endif /* LDAP_OPT_X_TLS */ + #ifdef LDAP_OPT_X_TLS_CACERTFILE + if (eldap_ca_cert_file != NULL) + { + ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTFILE, eldap_ca_cert_file); + } + #endif + #ifdef LDAP_OPT_X_TLS_CACERTDIR + if (eldap_ca_cert_dir != NULL) + { + ldap_set_option(ld, LDAP_OPT_X_TLS_CACERTDIR, eldap_ca_cert_dir); + } + #endif + #ifdef LDAP_OPT_X_TLS_CERTFILE + if (eldap_cert_file != NULL) + { + ldap_set_option(ld, LDAP_OPT_X_TLS_CERTFILE, eldap_cert_file); + } + #endif + #ifdef LDAP_OPT_X_TLS_KEYFILE + if (eldap_cert_key != NULL) + { + ldap_set_option(ld, LDAP_OPT_X_TLS_KEYFILE, eldap_cert_key); + } + #endif + #ifdef LDAP_OPT_X_TLS_CIPHER_SUITE + if (eldap_cipher_suite != NULL) + { + ldap_set_option(ld, LDAP_OPT_X_TLS_CIPHER_SUITE, eldap_cipher_suite); + } + #endif + #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT + if (eldap_require_cert != NULL) + { + int cert_option = LDAP_OPT_X_TLS_NEVER; + if (Ustrcmp(eldap_require_cert, "hard") == 0) + { + cert_option = LDAP_OPT_X_TLS_HARD; + } + else if (Ustrcmp(eldap_require_cert, "demand") == 0) + { + cert_option = LDAP_OPT_X_TLS_DEMAND; + } + else if (Ustrcmp(eldap_require_cert, "allow") == 0) + { + cert_option = LDAP_OPT_X_TLS_ALLOW; + } + else if (Ustrcmp(eldap_require_cert, "try") == 0) + { + cert_option = LDAP_OPT_X_TLS_TRY; + } + ldap_set_option(ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_option); + } + #endif + /* Now add this connection to the chain of cached connections */ lcp = store_get(sizeof(LDAP_CONNECTION)); @@ -467,6 +521,10 @@ if (!lcp->bound || { DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n", (lcp->bound)? "re-" : "", user, password); + if (eldap_start_tls) + { + ldap_start_tls_s(lcp->ld, NULL, NULL); + } if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE)) == -1) { @@ -1456,6 +1514,25 @@ else return quoted; } + + +/************************************************* +* Version reporting entry point * +*************************************************/ + +/* See local README for interface description. */ + +#include "../version.h" + +void +ldap_version_report(FILE *f) +{ +#ifdef DYNLOOKUP +fprintf(f, "Library version: LDAP: Exim version %s\n", EXIM_VERSION_STR); +#endif +} + + static lookup_info ldap_lookup_info = { US"ldap", /* lookup name */ lookup_querystyle, /* query-style lookup */ @@ -1464,7 +1541,8 @@ static lookup_info ldap_lookup_info = { eldap_find, /* find function */ NULL, /* no close function */ eldap_tidy, /* tidy function */ - eldap_quote /* quoting function */ + eldap_quote, /* quoting function */ + ldap_version_report /* version reporting */ }; static lookup_info ldapdn_lookup_info = { @@ -1475,7 +1553,8 @@ static lookup_info ldapdn_lookup_info = { eldapdn_find, /* find function */ NULL, /* no close function */ eldap_tidy, /* sic */ /* tidy function */ - eldap_quote /* sic */ /* quoting function */ + eldap_quote, /* sic */ /* quoting function */ + NULL /* no version reporting (redundant) */ }; static lookup_info ldapm_lookup_info = { @@ -1486,7 +1565,8 @@ static lookup_info ldapm_lookup_info = { eldapm_find, /* find function */ NULL, /* no close function */ eldap_tidy, /* sic */ /* tidy function */ - eldap_quote /* sic */ /* quoting function */ + eldap_quote, /* sic */ /* quoting function */ + NULL /* no version reporting (redundant) */ }; #ifdef DYNLOOKUP