Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-29 04:49:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2292 from drwetter/ldap_starttls_improvements

Browse Source 
make starttls_ldap_dialog() more readable...
This commit is contained in:
Dirk Wetter 2022-12-27 22:06:12 +01:00 committed by GitHub
commit 7670275e59
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
testssl.sh
View File

@ -11422,10 +11422,13 @@ starttls_postgres_dialog() {
} }
# RFC 2830 # RFC 2251, 2830, RFC 4511
#
starttls_ldap_dialog() { starttls_ldap_dialog() {
local debugpad=" > " local debugpad=" > "
local -i ret=0 local -i ret=0
local msg_lenstr=""
local -i msg_len=0
local result="" local result=""
local starttls_init=", local starttls_init=",
x30, x1d, x02, x01, # LDAP extendedReq x30, x1d, x02, x01, # LDAP extendedReq
@ -11436,17 +11439,32 @@ starttls_ldap_dialog() {
debugme echo "=== starting LDAP STARTTLS dialog ===" debugme echo "=== starting LDAP STARTTLS dialog ==="
socksend "${starttls_init}" 0 && debugme echo "${debugpad}initiated STARTTLS" && socksend "${starttls_init}" 0 && debugme echo "${debugpad}initiated STARTTLS" &&
result=$(sockread_fast 256) result=$(sockread_fast 256)
[[ $DEBUG -ge 6 ]] && safe_echo "$debugpad $result\n" [[ $DEBUG -ge 4 ]] && safe_echo "$debugpad $result\n"
# response is typically 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 # response is typically 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00
# ^^ == success! [9] is checked below # ^^ 0 would be success in 9th byte
if [[ ${result:18:2} == 00 ]]; then #
ret=0 # return values in https://www.rfc-editor.org/rfc/rfc2251#page-45 and e.g.
elif [[ ${result:18:2} == 01 ]]; then # https://git.openldap.org/openldap/openldap/-/blob/master/include/ldap.h
ret=1
else case "${result:18:2}" in
ret=127 00) ret=0 ;;
fi # success
01) ret=1 ;;
# operationsError
02) ret=2
# protocolError (text msg: "unsupported extended operation") e.g. when STARTTLS not supported
if [[ $DEBUG -ge 2 ]]; then
msg_lenstr=$(hex2dec ${result:26:02})
msg_len=$((2 * msg_lenstr))
safe_echo "$debugpad $(hex2binary "${result:28:$msg_len}")"
fi ;;
*)
ret=127
if [[ $DEBUG -ge 2 ]]; then
safe_echo "$debugpad $(hex2dec "${result:28:2}")"
fi ;;
esac
debugme echo "=== finished LDAP STARTTLS dialog with ${ret} ===" debugme echo "=== finished LDAP STARTTLS dialog with ${ret} ==="
return $ret return $ret
} }