pike.git / lib / modules / Protocols.pmod / LDAP.pmod / client.pike

version» Context lines:

pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:665: Inside #if undefined(PARSE_RFCS)
   if(!url || !sizeof(url))    url = LDAP_DEFAULT_URL;       if (mappingp (url))    lauth = url;    else    lauth = parse_ldap_url(url);       if(!stringp(lauth->scheme) ||    ((lauth->scheme != "ldap") - #if constant(SSL.Cipher.CipherAlgorithm) + #if constant(SSL.Cipher)    && (lauth->scheme != "ldaps")   #endif    )) {    THROW(({"Unknown scheme in server URL.\n",backtrace()}));    }       if(!lauth->host)    lauth += ([ "host" : LDAP_DEFAULT_HOST ]);    if(!lauth->port)    lauth += ([ "port" : lauth->scheme == "ldap" ? LDAP_DEFAULT_PORT : LDAPS_DEFAULT_PORT ]);    - #if constant(SSL.Cipher.CipherAlgorithm) + #if constant(SSL.Cipher)    if(lauth->scheme == "ldaps" && !context) {    context = SSL.Context(); -  // Allow only strong crypto -  context->preferred_suites = ({ -  SSL_rsa_with_idea_cbc_sha, -  SSL_rsa_with_rc4_128_sha, -  SSL_rsa_with_rc4_128_md5, -  SSL_rsa_with_3des_ede_cbc_sha, -  }); +     }   #endif       Stdio.File low_fd = Stdio.File();       if(!(low_fd->connect(lauth->host, lauth->port))) {    //errno = ldapfd->errno();    seterr (LDAP_SERVER_DOWN, strerror (low_fd->errno()));    //ldapfd->destroy();    //ldap=0;    //ok = 0;    //if(con_fail)    // con_fail(this, @extra_args);    ERROR ("Failed to connect to LDAP server: %s\n", ldap_rem_errstr);    }    - #if constant(SSL.Cipher.CipherAlgorithm) + #if constant(SSL.Cipher)    if(lauth->scheme == "ldaps") { -  context->random = Crypto.Random.random_string; +     ::create(SSL.sslfile(low_fd, context, 1,1));    info->tls_version = ldapfd->version;    } else    ::create(low_fd);   #else    if(lauth->scheme == "ldaps") {    THROW(({"LDAP: LDAPS is not available without SSL support.\n",backtrace()}));    }    else    ::create(low_fd);
pike.git/lib/modules/Protocols.pmod/LDAP.pmod/client.pike:760:    // SASL credentials ommited       msgval = ASN1_APPLICATION_SEQUENCE(0, ({vers, namedn, auth}));       return do_op(msgval);    }       private mixed send_starttls_op(object|void context) {       object msgval; - #if constant(SSL.Cipher.CipherAlgorithm) + #if constant(SSL.Cipher)       // can we do this now?    if(ldapfd->context)    {    THROW(({"LDAP: TLS/SSL already established.\n",backtrace()}));    }       // NOTE: should we be on the lookout for requests in flight?             msgval = ASN1_APPLICATION_SEQUENCE(23, ({Standards.ASN1.Types.OctetString("1.3.6.1.4.1.1466.20037")}));       do_op(msgval);    int result = ASN1_RESULTCODE(.ldap_privates.ldap_der_decode (readbuf));    if(result!=0) return 0;    // otherwise, we can try to negotiate.    if(!context)    {    context = SSL.Context(); -  // Allow only strong crypto -  context->preferred_suites = ({ -  SSL_rsa_with_idea_cbc_sha, -  SSL_rsa_with_rc4_128_sha, -  SSL_rsa_with_rc4_128_md5, -  SSL_rsa_with_3des_ede_cbc_sha, -  }); +     }    object _f = ldapfd;    ldapfd=SSL.sslfile(_f, context, 1, 1);    return 1;   #endif    return 0;    }       //! Requests that a SSL/TLS session be negotiated on the connection.    //! If the connection is already secure, this call will fail.    //!    //! @param context    //! an optional SSL.context object to provide to the    //! SSL/TLS connection client.    //!    //! Returns @expr{1@} on success, @expr{0@} otherwise.    //!    int start_tls (void|SSL.Context context) { -  + #if constant(SSL.Cipher)    if(ldap_version < 3)    {    seterr (LDAP_PROTOCOL_ERROR);    THROW(({"LDAP: Unknown/unsupported protocol version.\n",backtrace()}));    return -ldap_errno;    }       return send_starttls_op(context||UNDEFINED);       return 1; -  + #else +  return 0; + #endif    } // start_tls       //! @decl int bind()    //! @decl int bind(string dn, string password)    //! @decl int bind(string dn, string password, int version)    //!    //! Authenticates connection to the direcory.    //!    //! First form uses default value previously entered in create.    //!