aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMauro Iorio <mio@bit4id.com>2010-09-18 00:03:23 +0200
committerDaniel Stenberg <daniel@haxx.se>2010-09-18 00:03:23 +0200
commitc59dba338ea2c71fa0422a8594928d3c1787469e (patch)
tree38e71447f7927f0711f154e84a09a0be955a54a9
parenta76f852ca41b9972eff1ddf52d5de8a90cfad521 (diff)
LDAP: Support for tunnelling queries through HTTP proxy
As of curl-7.21.1 tunnelling ldap queries through HTTP Proxies is not supported. Actually if --proxytunnel command-line option (or equivalent CURLOPT_HTTPPROXYTUNNEL) is used for ldap queries like ldap://ldap.my.server.com/... You are unable to successfully execute the query. In facts ldap_*_bind is executed directly against the ldap server and proxy is totally ignored. This is true for both openLDAP and Microsoft LDAP API. Step to reproduce the error: Just launch "curl --proxytunnel --proxy 192.168.1.1:8080 ldap://ldap.my.server.com/dc=... " This fix adds an invocation to Curl_proxyCONNECT against the provided proxy address and on successful "CONNECT" it tunnels ldap query to the final ldap server through the HTTP proxy. As far as I know Microsoft LDAP APIs don't permit tunnelling in any way so the patch provided is for OpenLDAP only. The patch has been developed against OpenLDAP 2.4.23 and has been tested with Microsoft ISA Server 2006 and works properly with basic, digest and NTLM authentication.
-rw-r--r--lib/openldap.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/lib/openldap.c b/lib/openldap.c
index 05628ab8e..445d30167 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -165,6 +165,7 @@ static CURLcode ldap_setup(struct connectdata *conn)
li = calloc(1, sizeof(ldapconninfo));
li->proto = proto;
conn->proto.generic = li;
+ conn->bits.close = bool_false;
/* TODO:
* - provide option to choose SASL Binds instead of Simple
*/
@@ -198,6 +199,34 @@ static CURLcode ldap_connect(struct connectdata *conn, bool *done)
ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto);
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_PROXY)
+ if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
+ /* for LDAP over HTTP proxy */
+ struct HTTP http_proxy;
+ ldapconninfo *li_save;
+
+ /* BLOCKING */
+ /* We want "seamless" LDAP operations through HTTP proxy tunnel */
+
+ /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
+ * conn->proto.http; we want LDAP through HTTP and we have to change the
+ * member temporarily for connecting to the HTTP proxy. After
+ * Curl_proxyCONNECT we have to set back the member to the original struct
+ * LDAP pointer
+ */
+ li_save = data->state.proto.generic;
+ memset(&http_proxy, 0, sizeof(http_proxy));
+ data->state.proto.http = &http_proxy;
+ result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
+ conn->host.name, conn->remote_port);
+
+ data->state.proto.generic = li_save;
+
+ if(CURLE_OK != result)
+ return result;
+ }
+#endif /* !CURL_DISABLE_HTTP && !CURL_DISABLE_PROXY */
+
#ifdef USE_SSL
if (conn->protocol & PROT_SSL) {
CURLcode res;