mirror of
https://github.com/webmin/webmin.git
synced 2026-05-04 22:30:33 +01:00
Properly support TLS and SSL
This commit is contained in:
Jamie Cameron
@@ -64,3 +64,4 @@ Coverted all pages to use the new Webmin UI library, for a more consistent look.
|
||||
---- Changes since 1.440 ----
|
||||
Added a Module Config option to allow / as an IMAP folder separator, thanks to Bas van den Heuvel.
|
||||
Added a check on the module's main page to ensure that the LDAP schema is accessible.
|
||||
Fixed support for SSL and TLS when connecting to the LDAP server, thanks to Paul R. Ganci.
|
||||
|
||||
@@ -19,3 +19,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -19,3 +19,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -18,3 +18,4 @@ other_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -24,3 +24,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -19,3 +19,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -18,3 +18,4 @@ given_class=inetOrgPerson
|
||||
person=1
|
||||
given_order=0
|
||||
imap_foldersep=.
|
||||
ldap_tls=0
|
||||
|
||||
@@ -2,7 +2,7 @@ line1=LDAP server options,11
|
||||
auth_ldap=Linux LDAP NSS library config file,3,None (use settings below),40,,,Use settings from file
|
||||
ldap_host=LDAP server host,3,From NSS config file
|
||||
ldap_port=LDAP server port,3,From NSS config file or default
|
||||
ldap_tls=LDAP server uses TLS?,1,1-Yes,0-No
|
||||
ldap_tls=LDAP server uses encryption?,1,1-Yes SSL,2-Yes TLS,0-No
|
||||
login=Bind to LDAP server as,3,Bind name from NSS config file
|
||||
pass=Credentials for bind name above,12
|
||||
user_base=Base for users,3,From NSS config file
|
||||
|
||||
@@ -81,9 +81,10 @@ if ($conf) {
|
||||
my @hostnames = split(/[ ,]+/, $conf->{'host'});
|
||||
my $port = $conf->{'port'};
|
||||
my @uris = split(/[ ,]+/, $conf->{'uri'});
|
||||
my $ssl = $conf->{'start_tls'};
|
||||
my $ssl = $conf->{'ssl'};
|
||||
foreach my $hname (@hostnames) {
|
||||
push(@hosts, [ $hname, $port, $ssl eq 'start_tls' ]);
|
||||
push(@hosts, [ $hname, $port, $ssl eq 'start_tls' ? 2 :
|
||||
$ssl eq 'on' ? 1 : 0 ]);
|
||||
}
|
||||
foreach my $u (@uris) {
|
||||
if ($u =~ /^(ldap|ldaps|ldapi):\/\/([a-z0-9\_\-\.]+)(:(\d+))?/){
|
||||
@@ -94,12 +95,13 @@ if ($conf) {
|
||||
elsif (!$port && $proto eq "ldaps") {
|
||||
$port = 636;
|
||||
}
|
||||
push(@hosts, [ $host, $port, $proto eq 'ldaps' ]);
|
||||
push(@hosts, [ $host, $port,
|
||||
$proto eq 'ldaps' ? 1 : 0 ]);
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
# From config
|
||||
# From module config
|
||||
foreach my $hname (split(/[ ,]+/, $config{'ldap_host'})) {
|
||||
push(@hosts, [ $hname, $config{'ldap_port'},
|
||||
$config{'ldap_tls'} ]);
|
||||
@@ -113,22 +115,23 @@ if (!@hosts) {
|
||||
# Try each host in turn
|
||||
local ($ldap, $err);
|
||||
foreach my $host (@hosts) {
|
||||
$ldap = Net::LDAP->new($host->[0], port => $host->[1]);
|
||||
$ldap = Net::LDAP->new($host->[0], port => $host->[1],
|
||||
scheme => $host->[2] == 1 ? 'ldaps' : 'ldap');
|
||||
if (!$ldap) {
|
||||
$err = &text('conn_econn',
|
||||
"<tt>$host->[0]</tt>","<tt>$host->[1]</tt>");
|
||||
next;
|
||||
}
|
||||
# Connected .. but try SSL if needed
|
||||
if ($host->[2]) {
|
||||
# Switch to TLS if needed
|
||||
if ($host->[2] == 2) {
|
||||
my $mesg;
|
||||
eval { $mesg = $ldap->start_tls(); };
|
||||
if ($@ || !$mesg || $mesg->code) {
|
||||
# SSL failed
|
||||
$err = &text('conn_essl',
|
||||
"<tt>$host->[0]</tt>", "<tt>$host->[1]</tt>", $@);
|
||||
next;
|
||||
}
|
||||
if ($@ || !$mesg || $mesg->code) {
|
||||
# TLS failed
|
||||
$err = &text('conn_essl',
|
||||
"<tt>$host->[0]</tt>", "<tt>$host->[1]</tt>", $@);
|
||||
next;
|
||||
}
|
||||
}
|
||||
# If we got here, it all worked!
|
||||
$err = undef;
|
||||
|
||||
Reference in New Issue
Block a user