projects / webmin.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0a7fe91)
Properly support TLS and SSL
authorJamie Cameron <jcameron@webmin.com>
Mon, 1 Dec 2008 23:28:58 +0000 (23:28 +0000)
committerJamie Cameron <jcameron@webmin.com>
Mon, 1 Dec 2008 23:28:58 +0000 (23:28 +0000)
17 files changed:
ldap-useradmin/CHANGELOG patch | blob | history
ldap-useradmin/config patch | blob | history
ldap-useradmin/config-*-linux patch | blob | history
ldap-useradmin/config-coherent-linux patch | blob | history
ldap-useradmin/config-debian-linux patch | blob | history
ldap-useradmin/config-debian-linux-3.1 patch | blob | history
ldap-useradmin/config-debian-linux-4.0-* patch | blob | history
ldap-useradmin/config-debian-squirrelmail-linux patch | blob | history
ldap-useradmin/config-macos patch | blob | history
ldap-useradmin/config-mandrake-linux patch | blob | history
ldap-useradmin/config-redhat-linux patch | blob | history
ldap-useradmin/config-sol-linux patch | blob | history
ldap-useradmin/config-suse-linux patch | blob | history
ldap-useradmin/config-trustix-linux patch | blob | history
ldap-useradmin/config-united-linux patch | blob | history
ldap-useradmin/config.info patch | blob | history
ldap-useradmin/ldap-useradmin-lib.pl patch | blob | history

diff --git a/ldap-useradmin/CHANGELOG b/ldap-useradmin/CHANGELOG
index 9831f34..ff2c1a3 100644 (file)
--- a/ldap-useradmin/CHANGELOG
+++ b/ldap-useradmin/CHANGELOG
@@ -64,3 +64,4 @@ Coverted all pages to use the new Webmin UI library, for a more consistent look.
 ---- Changes since 1.440 ----
 Added a Module Config option to allow / as an IMAP folder separator, thanks to Bas van den Heuvel.
 Added a check on the module's main page to ensure that the LDAP schema is accessible.
+Fixed support for SSL and TLS when connecting to the LDAP server, thanks to Paul R. Ganci.
diff --git a/ldap-useradmin/config b/ldap-useradmin/config
index 3924048..b17ba3a 100644 (file)
--- a/ldap-useradmin/config
+++ b/ldap-useradmin/config
@@ -19,3 +19,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-*-linux b/ldap-useradmin/config-*-linux
index 0a80331..5a1f078 100644 (file)
--- a/ldap-useradmin/config-*-linux
+++ b/ldap-useradmin/config-*-linux
@@ -19,3 +19,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-coherent-linux b/ldap-useradmin/config-coherent-linux
index 80719cb..fb67950 100644 (file)
--- a/ldap-useradmin/config-coherent-linux
+++ b/ldap-useradmin/config-coherent-linux
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-debian-linux b/ldap-useradmin/config-debian-linux
index bad8fb4..8b47f67 100644 (file)
--- a/ldap-useradmin/config-debian-linux
+++ b/ldap-useradmin/config-debian-linux
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-debian-linux-3.1 b/ldap-useradmin/config-debian-linux-3.1
index 96f0b66..f27b2c9 100644 (file)
--- a/ldap-useradmin/config-debian-linux-3.1
+++ b/ldap-useradmin/config-debian-linux-3.1
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-debian-linux-4.0-* b/ldap-useradmin/config-debian-linux-4.0-*
index be54362..5834ba5 100644 (file)
--- a/ldap-useradmin/config-debian-linux-4.0-*
+++ b/ldap-useradmin/config-debian-linux-4.0-*
@@ -18,3 +18,4 @@ other_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-debian-squirrelmail-linux b/ldap-useradmin/config-debian-squirrelmail-linux
index 052af9c..24264c0 100644 (file)
--- a/ldap-useradmin/config-debian-squirrelmail-linux
+++ b/ldap-useradmin/config-debian-squirrelmail-linux
@@ -24,3 +24,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-macos b/ldap-useradmin/config-macos
index 81c2260..4d0d132 100644 (file)
--- a/ldap-useradmin/config-macos
+++ b/ldap-useradmin/config-macos
@@ -19,3 +19,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-mandrake-linux b/ldap-useradmin/config-mandrake-linux
index 80719cb..fb67950 100644 (file)
--- a/ldap-useradmin/config-mandrake-linux
+++ b/ldap-useradmin/config-mandrake-linux
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-redhat-linux b/ldap-useradmin/config-redhat-linux
index 80719cb..fb67950 100644 (file)
--- a/ldap-useradmin/config-redhat-linux
+++ b/ldap-useradmin/config-redhat-linux
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-sol-linux b/ldap-useradmin/config-sol-linux
index 80719cb..fb67950 100644 (file)
--- a/ldap-useradmin/config-sol-linux
+++ b/ldap-useradmin/config-sol-linux
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-suse-linux b/ldap-useradmin/config-suse-linux
index 9084f59..864442d 100644 (file)
--- a/ldap-useradmin/config-suse-linux
+++ b/ldap-useradmin/config-suse-linux
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-trustix-linux b/ldap-useradmin/config-trustix-linux
index 9084f59..864442d 100644 (file)
--- a/ldap-useradmin/config-trustix-linux
+++ b/ldap-useradmin/config-trustix-linux
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config-united-linux b/ldap-useradmin/config-united-linux
index 9084f59..864442d 100644 (file)
--- a/ldap-useradmin/config-united-linux
+++ b/ldap-useradmin/config-united-linux
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
 person=1
 given_order=0
 imap_foldersep=.
+ldap_tls=0
diff --git a/ldap-useradmin/config.info b/ldap-useradmin/config.info
index 383fde5..bcd9b18 100644 (file)
--- a/ldap-useradmin/config.info
+++ b/ldap-useradmin/config.info
@@ -2,7 +2,7 @@ line1=LDAP server options,11
 auth_ldap=Linux LDAP NSS library config file,3,None (use settings below),40,,,Use settings from file
 ldap_host=LDAP server host,3,From NSS config file
 ldap_port=LDAP server port,3,From NSS config file or default
-ldap_tls=LDAP server uses TLS?,1,1-Yes,0-No
+ldap_tls=LDAP server uses encryption?,1,1-Yes SSL,2-Yes TLS,0-No
 login=Bind to LDAP server as,3,Bind name from NSS config file
 pass=Credentials for bind name above,12
 user_base=Base for users,3,From NSS config file
diff --git a/ldap-useradmin/ldap-useradmin-lib.pl b/ldap-useradmin/ldap-useradmin-lib.pl
index 9e5d396..88df752 100644 (file)
--- a/ldap-useradmin/ldap-useradmin-lib.pl
+++ b/ldap-useradmin/ldap-useradmin-lib.pl
@@ -81,9 +81,10 @@ if ($conf) {
        my @hostnames = split(/[ ,]+/, $conf->{'host'});
        my $port = $conf->{'port'};
        my @uris = split(/[ ,]+/, $conf->{'uri'});
-       my $ssl = $conf->{'start_tls'};
+       my $ssl = $conf->{'ssl'};
        foreach my $hname (@hostnames) {
-               push(@hosts, [ $hname, $port, $ssl eq 'start_tls' ]);
+               push(@hosts, [ $hname, $port, $ssl eq 'start_tls' ? 2 :
+                                             $ssl eq 'on' ? 1 : 0 ]);
                }
        foreach my $u (@uris) {
                if ($u =~ /^(ldap|ldaps|ldapi):\/\/([a-z0-9\_\-\.]+)(:(\d+))?/){
@@ -94,12 +95,13 @@ if ($conf) {
                        elsif (!$port && $proto eq "ldaps") {
                                $port = 636;
                                }
-                       push(@hosts, [ $host, $port, $proto eq 'ldaps' ]);
+                       push(@hosts, [ $host, $port,
+                                      $proto eq 'ldaps' ? 1 : 0 ]);
                        }
                }
        }
 else {
-       # From config
+       # From module config
        foreach my $hname (split(/[ ,]+/, $config{'ldap_host'})) {
                push(@hosts, [ $hname, $config{'ldap_port'},
                               $config{'ldap_tls'} ]);
@@ -113,22 +115,23 @@ if (!@hosts) {
 # Try each host in turn
 local ($ldap, $err);
 foreach my $host (@hosts) {
-       $ldap = Net::LDAP->new($host->[0], port => $host->[1]);
+       $ldap = Net::LDAP->new($host->[0], port => $host->[1],
+                              scheme => $host->[2] == 1 ? 'ldaps' : 'ldap');
        if (!$ldap) {
                $err = &text('conn_econn',
                             "<tt>$host->[0]</tt>","<tt>$host->[1]</tt>");
                next;
                }
-       # Connected .. but try SSL if needed
-       if ($host->[2]) {
+       # Switch to TLS if needed
+       if ($host->[2] == 2) {
                my $mesg;
                eval { $mesg = $ldap->start_tls(); };
-               if ($@ || !$mesg || $mesg->code) {
-                       # SSL failed
-                       $err = &text('conn_essl',
-                            "<tt>$host->[0]</tt>", "<tt>$host->[1]</tt>", $@);
-                       next;
-                       }
+                if ($@ || !$mesg || $mesg->code) {
+                        # TLS failed
+                        $err = &text('conn_essl',
+                             "<tt>$host->[0]</tt>", "<tt>$host->[1]</tt>", $@);
+                        next;
+                        }
                }
        # If we got here, it all worked!
        $err = undef;
Webmin PERL server management