From 825fa63ea7750c70c2954b00ec0e56f3e17d6f57 Mon Sep 17 00:00:00 2001
From: Andrea Zagli <azagli@libero.it>
Date: Sat, 20 Oct 2018 10:55:35 +0200
Subject: [PATCH] Added parameter starttls.

---
 src/aute_smbldap.c        | 27 ++++++++++++++++++++++++++-
 tests/Makefile.am         |  3 ++-
 tests/test_confi_tls.conf | 10 ++++++++++
 3 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 tests/test_confi_tls.conf

diff --git a/src/aute_smbldap.c b/src/aute_smbldap.c
index 12fa4f9..98552c0 100644
--- a/src/aute_smbldap.c
+++ b/src/aute_smbldap.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2017 Andrea Zagli <azagli@libero.it>
+ * Copyright (C) 2010-2018 Andrea Zagli <azagli@libero.it>
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -52,6 +52,7 @@ static LDAP *ldap;
 static gchar *base_dn;
 static gchar *users_ou;
 static gchar *groups_ou;
+static gchar *starttls;
 
 static gchar *host;
 static gchar *host_ssh;
@@ -186,6 +187,7 @@ get_connection_parameters_from_confi (ZakConfi *confi, gchar **user_field)
 	users_ou = zak_confi_path_get_value (confi, "libzakauthe/libzakauthesmbldap/ldap/users_ou");
 	groups_ou = zak_confi_path_get_value (confi, "libzakauthe/libzakauthesmbldap/ldap/groups_ou");
 	*user_field = zak_confi_path_get_value (confi, "libzakauthe/libzakauthesmbldap/ldap/user_field");
+	starttls = zak_confi_path_get_value (confi, "libzakauthe/libzakauthesmbldap/ldap/starttls");
 
 	if (host == NULL
 	    || strcmp (g_strstrip (host), "") == 0
@@ -379,6 +381,7 @@ static gchar
 	users_ou = NULL;
 	groups_ou = NULL;
 	user_field = NULL;
+	starttls = NULL;
 
 #ifdef HAVE_LIBZAKCONFI
 	/* the first and only parameters must be a ZakConfi object */
@@ -393,6 +396,7 @@ static gchar
 							users_ou = NULL;
 							groups_ou = NULL;
 							user_field = NULL;
+							starttls = NULL;
 						}
 				}
 		}
@@ -463,6 +467,17 @@ static gchar
 										}
 								}
 						}
+
+					param = g_slist_next (param);
+					if (param != NULL && param->data != NULL)
+						{
+							starttls = g_strdup ((gchar *)param->data);
+							starttls = g_strstrip (starttls);
+							if (g_strcmp0 (starttls, "") == 0)
+								{
+									starttls = NULL;
+								}
+						}
 				}
 		}
 
@@ -520,6 +535,16 @@ static gchar
 			return NULL;
 		}
 
+	if (starttls != NULL)
+		{
+			retldap = ldap_start_tls_s (ldap, NULL, NULL);
+			if (retldap != LDAP_SUCCESS)
+				{
+					g_warning ("Error on LDAP TLS initialization: %s", ldap_err2string (retldap));
+					return NULL;
+				}
+		}
+
 	user_dn = g_strdup_printf ("%s=%s,%s,%s", user_field, username, users_ou, base_dn);
 	retldap = ldap_simple_bind_s (ldap, user_dn, password);
 	if (retldap != LDAP_SUCCESS)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index eb77b08..4666acc 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -12,4 +12,5 @@ noinst_PROGRAMS = test \
                   test_confi \
                   test_get_password
 
-EXTRA_DIST = test_confi.conf
+EXTRA_DIST = test_confi.conf \
+             test_confi_tls.conf
diff --git a/tests/test_confi_tls.conf b/tests/test_confi_tls.conf
new file mode 100644
index 0000000..7f56705
--- /dev/null
+++ b/tests/test_confi_tls.conf
@@ -0,0 +1,10 @@
+[libzakauthe]
+plugin=zakauthesmbldap
+
+[libzakauthe/libzakauthesmbldap/ldap]
+host=ldap://localhost:389/
+base_dn=dc=nonatsamba4,dc=it
+users_ou=cn=Users
+groups_ou=ou=Groups
+user_field=cn
+starttls=1
-- 
2.49.0