Univention Bugzilla – Attachment 8781 Details for
Bug 43459
Make bind9 LDAP queries use TLS
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Assert encrypted connection
0001-Bug-43459-bind-Assert-encrypted-connection.patch (text/plain), 1.71 KB, created by
Philipp Hahn
on 2017-04-18 17:02 CEST
(
hide
)
Description:
Assert encrypted connection
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2017-04-18 17:02 CEST
Size:
1.71 KB
patch
obsolete
>From 1dca769ab6421b3c5edf4da5fc66e022b4a1177c Mon Sep 17 00:00:00 2001 >Message-Id: <1dca769ab6421b3c5edf4da5fc66e022b4a1177c.1492527639.git.hahn@univention.de> >From: Philipp Hahn <hahn@univention.de> >Date: Tue, 18 Apr 2017 15:39:49 +0200 >Subject: [PATCH] Bug #43459 bind: Assert encrypted connection >Organization: Univention GmbH, Bremen, Germany > >Make sure the connection is encrypted if 'x-tls' is given. Otherwise the >connections stays unencrypted and the password is transmitted >unprotected in clear text. >--- > bin/named/ldapdb.c | 18 +++++++++++++++--- > 1 file changed, 15 insertions(+), 3 deletions(-) > >diff --git a/bin/named/ldapdb.c b/bin/named/ldapdb.c >index 3cfff9cbb1..e1bf40dc73 100644 >--- a/bin/named/ldapdb.c >+++ b/bin/named/ldapdb.c >@@ -282,9 +282,21 @@ ldapdb_bind(const char *zone, struct ldapdb_data *data, LDAP **ldp) { > /* -- Start TLS. -- */ > #ifdef LDAPDB_TLS > if (data->tls) { >- ldap_start_tls_s(*ldp, NULL, NULL); >- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_CONTROL, ISC_LOG_DEBUG(2), >- "LDAP sdb zone '%s': ldapdb_bind(): Started TLS", zone); >+ if ((rc = ldap_start_tls_s(*ldp, NULL, NULL)) == LDAP_SUCCESS) { >+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_CONTROL, ISC_LOG_DEBUG(2), >+ "LDAP sdb zone '%s': ldapdb_bind(): Started TLS", zone); >+ } else { >+ char *msg = NULL; >+ ldap_get_option(*ldp, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void *)&msg); >+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_CONTROL, ISC_LOG_ERROR, >+ "LDAP sdb zone '%s': ldapdb_bind(): ldap_start_tls_s() failed: %s", >+ zone, msg); >+ ldap_memfree(msg); >+ >+ ldap_unbind_ext(*ldp, NULL, NULL); >+ *ldp = NULL; >+ goto try_bind_again; >+ } > } > #endif > >-- >2.11.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8781">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 43459
: 8781