From 3c13b616108d4c0a413380ba72189947898eee57 Mon Sep 17 00:00:00 2001
From: Tyson Whitehead <twhitehead@gmail.com>
Date: Wed, 19 Jan 2011 15:22:49 -0500
Subject: Add ldap_tls_{cert,key,cipher_suite} config options

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
 src/providers/ldap/ldap_common.c |  3 +++
 src/providers/ldap/sdap.c        | 27 +++++++++++++++++++++++++++
 src/providers/ldap/sdap.h        |  3 +++
 3 files changed, 33 insertions(+)

(limited to 'src/providers/ldap')

diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 48c35638..e669ba6c 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -57,6 +57,9 @@ struct dp_option default_basic_opts[] = {
     { "entry_cache_timeout", DP_OPT_NUMBER, { .number = 5400 }, NULL_NUMBER },
     { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+    { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+    { "ldap_tls_key", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+    { "ldap_tls_cipher_suite", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
     { "ldap_sasl_mech", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 573de178..ea2eabe7 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -350,6 +350,33 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
         }
     }
 
+    tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CERT);
+    if (tls_opt) {
+        ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt);
+        if (ret != LDAP_OPT_SUCCESS) {
+            DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
+            return EIO;
+        }
+    }
+
+    tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_KEY);
+    if (tls_opt) {
+        ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt);
+        if (ret != LDAP_OPT_SUCCESS) {
+            DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
+            return EIO;
+        }
+    }
+
+    tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CIPHER_SUITE);
+    if (tls_opt) {
+        ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt);
+        if (ret != LDAP_OPT_SUCCESS) {
+            DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
+            return EIO;
+        }
+    }
+
     return EOK;
 }
 
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 932abca4..e053210a 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -176,6 +176,9 @@ enum sdap_basic_opt {
     SDAP_ENTRY_CACHE_TIMEOUT,
     SDAP_TLS_CACERT,
     SDAP_TLS_CACERTDIR,
+    SDAP_TLS_CERT,
+    SDAP_TLS_KEY,
+    SDAP_TLS_CIPHER_SUITE,
     SDAP_ID_TLS,
     SDAP_SASL_MECH,
     SDAP_SASL_AUTHID,
-- 
cgit