File ITS7683.patch of Package zimbra-openldap

Overview Repositories Revisions Requests Users Attributes Meta

File ITS7683.patch of Package zimbra-openldap

--- openldap-2.4.40/libraries/libldap/tls2.c.orig	2014-11-13 16:57:40.135579570 -0600
+++ openldap-2.4.40/libraries/libldap/tls2.c	2014-11-13 17:17:28.157816084 -0600
@@ -675,6 +675,37 @@
 	case LDAP_OPT_X_TLS_CONNECT_ARG:
 		*(void **)arg = lo->ldo_tls_connect_arg;
 		break;
+	case LDAP_OPT_X_TLS_VERSION: {
+		void *sess = NULL;
+		const char *retval = NULL;
+		if ( ld != NULL ) {
+			LDAPConn *conn = ld->ld_defconn;
+			if ( conn != NULL ) {
+				Sockbuf *sb = conn->lconn_sb;
+				sess = ldap_pvt_tls_sb_ctx( sb );
+				if ( sess != NULL )
+					retval = ldap_pvt_tls_get_version( sess );
+			}
+		}
+		*(char **)arg = retval ? LDAP_STRDUP( retval ) : NULL;
+		break;
+	}
+	case LDAP_OPT_X_TLS_CIPHER: {
+		void *sess = NULL;
+		const char *retval = NULL;
+		if ( ld != NULL ) {
+			LDAPConn *conn = ld->ld_defconn;
+			if ( conn != NULL ) {
+				Sockbuf *sb = conn->lconn_sb;
+				sess = ldap_pvt_tls_sb_ctx( sb );
+				if ( sess != NULL )
+					retval = ldap_pvt_tls_get_cipher( sess );
+			}
+		}
+		*(char **)arg = retval ? LDAP_STRDUP( retval ) : NULL;
+		break;
+	}
+
 	default:
 		return -1;
 	}
@@ -981,6 +1012,20 @@
 		rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
 	return rc;
 }
+
+const char *
+ldap_pvt_tls_get_version( void *s )
+{
+	tls_session *session = s;
+	return tls_imp->ti_session_version( session );
+}
+
+const char *
+ldap_pvt_tls_get_cipher( void *s )
+{
+	tls_session *session = s;
+	return tls_imp->ti_session_cipher( session );
+}
 #endif /* HAVE_TLS */
 
 int
--- openldap-2.4.40/libraries/libldap/tls_o.c.orig	2014-11-13 17:04:07.150247332 -0600
+++ openldap-2.4.40/libraries/libldap/tls_o.c	2014-11-13 17:06:06.982243339 -0600
@@ -676,6 +676,20 @@
 	return SSL_CIPHER_get_bits(SSL_get_current_cipher(s), NULL);
 }
 
+static const char *
+tlso_session_version( tls_session *sess )
+{
+	tlso_session *s = (tlso_session *)sess;
+	return SSL_get_version(s);
+}
+
+static const char *
+tlso_session_cipher( tls_session *sess )
+{
+	tlso_session *s = (tlso_session *)sess;
+	return SSL_CIPHER_get_name(SSL_get_current_cipher(s));
+}
+
 /*
  * TLS support for LBER Sockbufs
  */
@@ -1283,6 +1297,8 @@
 	tlso_session_peer_dn,
 	tlso_session_chkhost,
 	tlso_session_strength,
+	tlso_session_version,
+	tlso_session_cipher,
 
 	&tlso_sbio,
 
--- openldap-2.4.40/libraries/libldap/ldap-tls.h.orig	2014-11-13 16:56:28.583581954 -0600
+++ openldap-2.4.40/libraries/libldap/ldap-tls.h	2014-11-13 16:57:23.267580132 -0600
@@ -41,6 +41,7 @@
 typedef int (TI_session_dn)(tls_session *sess, struct berval *dn);
 typedef int (TI_session_chkhost)(LDAP *ld, tls_session *s, const char *name_in);
 typedef int (TI_session_strength)(tls_session *sess);
+typedef const char *(TI_session_name)(tls_session *s);
 
 typedef void (TI_thr_init)(void);
 
@@ -64,6 +65,8 @@
 	TI_session_dn *ti_session_peer_dn;
 	TI_session_chkhost *ti_session_chkhost;
 	TI_session_strength *ti_session_strength;
+	TI_session_name *ti_session_version;
+	TI_session_name *ti_session_cipher;
 
 	Sockbuf_IO *ti_sbio;
 
--- openldap-2.4.40/libraries/libldap/tls_g.c.orig	2014-11-13 17:01:30.654252546 -0600
+++ openldap-2.4.40/libraries/libldap/tls_g.c	2014-11-13 17:03:25.482248720 -0600
@@ -665,6 +665,20 @@
 	return gnutls_cipher_get_key_size( c ) * 8;
 }
 
+static const char *
+tlsg_session_version( tls_session *sess )
+{
+	tlsg_session *s = (tlsg_session *)sess;
+	return gnutls_protocol_get_name(gnutls_protocol_get_version( s->session ));
+}
+
+static const char *
+tlsg_session_cipher( tls_session *sess )
+{
+	tlsg_session *s = (tlsg_session *)sess;
+	return gnutls_cipher_get_name(gnutls_cipher_get( s->session ));
+}
+
 /* suites is a string of colon-separated cipher suite names. */
 static int
 tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites )
@@ -921,6 +935,8 @@
 	tlsg_session_peer_dn,
 	tlsg_session_chkhost,
 	tlsg_session_strength,
+	tlsg_session_version,
+	tlsg_session_cipher,
 
 	&tlsg_sbio,
 
--- openldap-2.4.40/doc/man/man3/ldap_get_option.3.orig	2014-11-13 17:10:58.383431731 -0600
+++ openldap-2.4.40/doc/man/man3/ldap_get_option.3	2014-11-13 17:13:12.593824599 -0600
@@ -608,6 +608,14 @@
 and its contents need to be freed by the caller using
 .BR ldap_memfree (3).
 .TP
+.B LDAP_OPT_X_TLS_CIPHER
+Gets the cipher being used on an established TLS session.
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller using
+.BR ldap_memfree (3).
+.TP
 .B LDAP_OPT_X_TLS_CIPHER_SUITE
 Sets/gets the allowed cipher suite.
 .BR invalue
@@ -752,6 +760,14 @@
 When using the OpenSSL library this is an SSL*. When using other
 crypto libraries this is a pointer to an OpenLDAP private structure.
 Applications generally should not use this option.
+.TP
+.B LDAP_OPT_X_TLS_VERSION
+Gets the TLS version being used on an established TLS session.
+.BR outvalue
+must be
+.BR "char **" ,
+and its contents need to be freed by the caller using
+.BR ldap_memfree (3).
 .SH ERRORS
 On success, the functions return
 .BR LDAP_OPT_SUCCESS ,
--- openldap-2.4.40/include/ldap.h.orig	2014-11-13 17:13:26.897824122 -0600
+++ openldap-2.4.40/include/ldap.h	2014-11-13 17:13:58.789823060 -0600
@@ -158,6 +158,8 @@
 #define LDAP_OPT_X_TLS_NEWCTX		0x600f
 #define LDAP_OPT_X_TLS_CRLFILE		0x6010	/* GNUtls only */
 #define LDAP_OPT_X_TLS_PACKAGE		0x6011
+#define LDAP_OPT_X_TLS_VERSION		0x6013  /* read-only */
+#define LDAP_OPT_X_TLS_CIPHER		0x6014  /* read-only */
 
 #define LDAP_OPT_X_TLS_NEVER	0
 #define LDAP_OPT_X_TLS_HARD		1
--- openldap-2.4.40/include/ldap_pvt.h.orig	2014-11-13 16:55:18.919584275 -0600
+++ openldap-2.4.40/include/ldap_pvt.h	2014-11-13 16:55:43.983583440 -0600
@@ -420,6 +420,9 @@
 	LDAPDN_rewrite_dummy *func, unsigned flags ));
 LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *ctx ));
 
+LDAP_F (const char *) ldap_pvt_tls_get_version LDAP_P(( void *ctx ));
+LDAP_F (const char *) ldap_pvt_tls_get_cipher LDAP_P(( void *ctx ));
+
 LDAP_END_DECL
 
 /*
--- openldap-2.4.40/servers/slapd/connection.c.orig	2014-11-13 17:07:32.258240498 -0600
+++ openldap-2.4.40/servers/slapd/connection.c	2014-11-13 17:09:17.778236982 -0600
@@ -1386,6 +1386,7 @@
 		} else if ( rc == 0 ) {
 			void *ssl;
 			struct berval authid = BER_BVNULL;
+			char msgbuf[32];
 
 			c->c_needs_tls_accept = 0;
 
@@ -1403,9 +1404,11 @@
 					"unable to get TLS client DN, error=%d id=%lu\n",
 					s, rc, c->c_connid );
 			}
+			sprintf(msgbuf, "tls_ssf=%u ssf=%u", c->c_tls_ssf, c->c_ssf);
 			Statslog( LDAP_DEBUG_STATS,
-				"conn=%lu fd=%d TLS established tls_ssf=%u ssf=%u\n",
-			    c->c_connid, (int) s, c->c_tls_ssf, c->c_ssf, 0 );
+				"conn=%lu fd=%d TLS established %s tls_proto=%s tls_cipher=%s\n",
+				c->c_connid, (int) s,
+				msgbuf, ldap_pvt_tls_get_version( ssl ), ldap_pvt_tls_get_cipher( ssl ));
 			slap_sasl_external( c, c->c_tls_ssf, &authid );
 			if ( authid.bv_val ) free( authid.bv_val );
 		} else if ( rc == 1 && ber_sockbuf_ctrl( c->c_sb,

Places

File ITS7683.patch of Package zimbra-openldap

Places