rpms / curl

Clone
Source Code
GIT

Files

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 http2 main metalink olpc2 private-kdudka-bisect-curl-7.78.0 private-kdudka-debug-scp private-kdudka-libcurl-minimal private-kdudka-libcurl-nss private-kdudka-libcurl-openssl private-kdudka-rebase rawhide
  1.   f14
  2.   0012-curl-7.21.0-c59dba3.patch
Blob Blame History Raw 
 CHANGES        |   25 +++++++++++++++++++++++++
 lib/openldap.c |   29 +++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 0 deletions(-)

diff --git a/CHANGES b/CHANGES
index 765c8ff..661c44f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -24,6 +24,31 @@ Kamil Dudka (29 Oct 2010)
   Bug: https://bugzilla.redhat.com/643656
   Reported by: Pasi Karkkainen, Patrick Monnerat
 
+Daniel Stenberg (18 Sep 2010)
+- [Mauro Iorio brought this change]
+
+  LDAP: Support for tunnelling queries through HTTP proxy
+  
+  As of curl-7.21.1 tunnelling ldap queries through HTTP Proxies is not
+  supported. Actually if --proxytunnel command-line option (or equivalent
+  CURLOPT_HTTPPROXYTUNNEL) is used for ldap queries like
+  ldap://ldap.my.server.com/... You are unable to successfully execute the
+  query. In facts ldap_*_bind is executed directly against the ldap server
+  and proxy is totally ignored. This is true for both openLDAP and
+  Microsoft LDAP API.
+  
+  Step to reproduce the error:
+  Just launch "curl --proxytunnel --proxy 192.168.1.1:8080
+  ldap://ldap.my.server.com/dc=... "
+  
+  This fix adds an invocation to Curl_proxyCONNECT against the provided
+  proxy address and on successful "CONNECT" it tunnels ldap query to the
+  final ldap server through the HTTP proxy. As far as I know Microsoft
+  LDAP APIs don't permit tunnelling in any way so the patch provided is
+  for OpenLDAP only.  The patch has been developed against OpenLDAP 2.4.23
+  and has been tested with Microsoft ISA Server 2006 and works properly
+  with basic, digest and NTLM authentication.
+
 Daniel Stenberg (16 Aug 2010)
 - negotiation: Wrong proxy authorization
   
diff --git a/lib/openldap.c b/lib/openldap.c
index 05628ab..5f70919 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -165,6 +165,7 @@ static CURLcode ldap_setup(struct connectdata *conn)
   li = calloc(1, sizeof(ldapconninfo));
   li->proto = proto;
   conn->proto.generic = li;
+  conn->bits.close = FALSE;
   /* TODO:
    * - provide option to choose SASL Binds instead of Simple
    */
@@ -198,6 +199,34 @@ static CURLcode ldap_connect(struct connectdata *conn, bool *done)
 
   ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto);
 
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_PROXY)
+  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
+    /* for LDAP over HTTP proxy */
+    struct HTTP http_proxy;
+    ldapconninfo *li_save;
+
+    /* BLOCKING */
+    /* We want "seamless" LDAP operations through HTTP proxy tunnel */
+
+    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
+     * conn->proto.http; we want LDAP through HTTP and we have to change the
+     * member temporarily for connecting to the HTTP proxy. After
+     * Curl_proxyCONNECT we have to set back the member to the original struct
+     * LDAP pointer
+     */
+    li_save = data->state.proto.generic;
+    memset(&http_proxy, 0, sizeof(http_proxy));
+    data->state.proto.http = &http_proxy;
+    rc = Curl_proxyCONNECT(conn, FIRSTSOCKET,
+                           conn->host.name, conn->remote_port);
+
+    data->state.proto.generic = li_save;
+
+    if(CURLE_OK != rc)
+      return rc;
+  }
+#endif /* !CURL_DISABLE_HTTP && !CURL_DISABLE_PROXY */
+
 #ifdef USE_SSL
   if (conn->protocol & PROT_SSL) {
     CURLcode res;
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.