liquid_feedback_frontend
diff lib/mldap/mldap.c @ 1640:15bde6a79d41
Added TLS support for ldap
| author | bsw |
|---|---|
| date | Tue Feb 09 17:40:50 2021 +0100 (2021-02-09) |
| parents | 39bf0af7f5e3 |
| children | ab837b075cf7 |
line diff
1.1 --- a/lib/mldap/mldap.c Tue Feb 09 17:40:05 2021 +0100 1.2 +++ b/lib/mldap/mldap.c Tue Feb 09 17:40:50 2021 +0100 1.3 @@ -151,6 +151,51 @@ 1.4 } 1.5 1.6 1.7 +static bool mldap_get_named_boolean_arg( 1.8 + // gets a named argument of type "boolean" from a table at the given stack position 1.9 + 1.10 + lua_State *L, // pointer to lua_State variable 1.11 + int idx, // stack index of the table containing the named arguments 1.12 + const char *argname, // name of the argument 1.13 + int mandatory, // if not 0, then the argument is mandatory and an error is raised if it isn't found 1.14 + bool default_value // default value to return, if the argument is not mandatory and nil 1.15 + 1.16 + // opposed to 'mldap_get_named_string_arg', this function leaves no element on the stack 1.17 +) { 1.18 + 1.19 + bool value; // value to return 1.20 + 1.21 + // pushes the table entry with the given argument name on top of the stack: 1.22 + lua_getfield(L, idx, argname); 1.23 + 1.24 + // check, if the entry is nil: 1.25 + if (lua_isnil(L, -1)) { 1.26 + 1.27 + // throw error, if named argument is mandatory: 1.28 + if (mandatory) return luaL_error(L, "Named argument '%s' missing", argname), 0; 1.29 + 1.30 + // set default value as return value, if named argument is not mandatory: 1.31 + value = default_value; 1.32 + 1.33 + } else { 1.34 + 1.35 + // throw error, if the value of the argument is not a number: 1.36 + if (lua_type(L, -1) != LUA_TBOOLEAN) return luaL_error(L, "Named argument '%s' is not a boolean", argname), 0; 1.37 + 1.38 + // set return value to the number: 1.39 + value = lua_toboolean(L, -1); 1.40 + 1.41 + } 1.42 + 1.43 + // remove unnecessary element from stack (not needed to avoid garbage collection): 1.44 + lua_pop(L, 1); 1.45 + 1.46 + return value; 1.47 + 1.48 + // leaves no new elements on the stack 1.49 +} 1.50 + 1.51 + 1.52 static int mldap_scope( 1.53 // converts a string ("base", "onelevel", "subtree", "children") to an integer representing the LDAP scope 1.54 // and throws an error for any unknown string 1.55 @@ -183,9 +228,11 @@ 1.56 // "who" (string) DN to bind as 1.57 // "password" (string) password for DN to bind as 1.58 // "timeout" (number) timeout in seconds 1.59 + // "tls" (boolean) use TLS 1.60 1.61 static const int ldap_version = LDAP_VERSION3; // providing a pointer (&ldap_version) to set LDAP protocol version 3 1.62 const char *uri; // C string for "uri" argument 1.63 + bool tls; // boolean indicating if TLS is to be used 1.64 const char *who; // C string for "who" argument 1.65 struct berval cred; // credentials ("password") are stored as struct berval 1.66 lua_Number timeout_float; // float (lua_Number) for timeout 1.67 @@ -201,6 +248,7 @@ 1.68 1.69 // extract arguments: 1.70 uri = mldap_get_named_string_arg(L, 1, "uri", true); 1.71 + tls = mldap_get_named_boolean_arg(L, 1, "tls", false, false); 1.72 who = mldap_get_named_string_arg(L, 1, "who", false); 1.73 cred.bv_val = (char *)mldap_get_named_string_arg(L, 1, "password", false); 1.74 // use (char *) cast to suppress compiler warning (should be const anyway) 1.75 @@ -225,6 +273,12 @@ 1.76 // on error, jump to label "mldap_queryconn_error2", as ldap_unbind_ext_s() must be called: 1.77 if (ldap_error != LDAP_SUCCESS) goto mldap_queryconn_error2; 1.78 1.79 + // initiate TLS if requested 1.80 + if (tls) { 1.81 + ldap_error = ldap_start_tls_s(ldp, NULL, NULL); 1.82 + if (ldap_error != LDAP_SUCCESS) goto mldap_queryconn_error2; 1.83 + } 1.84 + 1.85 // connect to LDAP server: 1.86 ldap_error = ldap_sasl_bind_s( 1.87 ldp, // pointer to opaque OpenLDAP structure representing the connection