summaryrefslogtreecommitdiff
path: root/ldap
diff options
context:
space:
mode:
authorminfrin <minfrin@13f79535-47bb-0310-9956-ffa450edef68>2004-12-20 18:12:41 +0000
committerminfrin <minfrin@13f79535-47bb-0310-9956-ffa450edef68>2004-12-20 18:12:41 +0000
commit4d43725c9cf3a4e39445f4f28cfd607996565d20 (patch)
treecf61b611a8713fb1c61b4f17382d5854d1790be2 /ldap
parentd21eb3ece76e866848f36dcbcb2ca557088c3f4b (diff)
downloadlibapr-util-4d43725c9cf3a4e39445f4f28cfd607996565d20.tar.gz
Rework the LDAP toolkit detection to be more accurate than "OpenLDAP
detected regardless", while remaining backwards compatible with v1.0. git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/trunk@122862 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'ldap')
-rw-r--r--ldap/apr_ldap_init.c314
1 files changed, 201 insertions, 113 deletions
diff --git a/ldap/apr_ldap_init.c b/ldap/apr_ldap_init.c
index c5e8f63c..b4079dec 100644
--- a/ldap/apr_ldap_init.c
+++ b/ldap/apr_ldap_init.c
@@ -49,31 +49,40 @@ APU_DECLARE(int) apr_ldap_ssl_init(apr_pool_t *pool,
apr_ldap_err_t *result;
if (cert_auth_file) {
- return apr_ldap_ssl_add_cert(pool, cert_auth_file, cert_file_type, result_err);
+ return apr_ldap_ssl_add_cert(pool,
+ cert_auth_file,
+ cert_file_type,
+ result_err);
}
else {
result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
*result_err = result;
#if APR_HAS_LDAP_SSL /* compiled with ssl support */
-#if APR_HAS_NOVELL_LDAPSDK
- result->rc = ldapssl_client_init(NULL, NULL);
+ /* Novell needs special initialisation */
+ if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NOVELL)) {
- if (LDAP_SUCCESS == result->rc) {
- return APR_SUCCESS;
- }
- else {
- result->msg = ldap_err2string(result-> rc);
- result->reason = apr_pstrdup (pool, "LDAP: Could not initialize SSL");
- return APR_EGENERAL;
- }
-#endif
+#if APR_HAS_LDAPSSL_CLIENT_INIT
+ result->rc = ldapssl_client_init(NULL, NULL);
+ if (LDAP_SUCCESS == result->rc) {
+ return APR_SUCCESS;
+ }
+ else {
+ result->msg = ldap_err2string(result-> rc);
+ result->reason = apr_pstrdup (pool, "LDAP: Could not "
+ "initialize SSL");
+ return APR_EGENERAL;
+ }
#else
- result->reason = "LDAP: Attempt to initialize SSL failed. "
- "Not built with SSL support.";
- result->rc = -1;
- return APR_EGENERAL;
+ result->reason = "LDAP: ldapssl_client_init() function not "
+ "supported by this Novell SDK. SSL not "
+ "initialised";
+ result->rc = -1;
+#endif
+
+ }
+
#endif
}
@@ -84,10 +93,21 @@ APU_DECLARE(int) apr_ldap_ssl_init(apr_pool_t *pool,
}
+
+/**
+ * APR LDAP SSL add client certificate function.
+ *
+ * This function sets up an optional client certificate to be used
+ * when connecting to the remote LDAP server.
+ * If SSL support is not available on this platform, or a problem
+ * was encountered while trying to set the certificate, the function
+ * will return APR_EGENERAL. Further LDAP specific error information
+ * can be found in result_err.
+ */
APU_DECLARE(int) apr_ldap_ssl_add_cert(apr_pool_t *pool,
- const char *cert_auth_file,
- int cert_file_type,
- apr_ldap_err_t **result_err) {
+ const char *cert_auth_file,
+ int cert_file_type,
+ apr_ldap_err_t **result_err) {
apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
*result_err = result;
@@ -95,85 +115,132 @@ APU_DECLARE(int) apr_ldap_ssl_add_cert(apr_pool_t *pool,
if (cert_auth_file) {
#if APR_HAS_LDAP_SSL /* compiled with ssl support */
-#if APR_HAS_NETSCAPE_LDAPSDK
+ /* Netscape SDK */
+ if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NETSCAPE)) {
- /* Netscape sdk only supports a cert7.db file
- */
- if (cert_file_type == APR_LDAP_CA_TYPE_CERT7_DB) {
- result->rc = ldapssl_client_init(cert_auth_file, NULL);
- }
- else {
- result->reason = "LDAP: Invalid certificate type: "
- "CERT7_DB type required";
+#if APR_HAS_LDAP_SSL_CLIENT_INIT
+ /* Netscape sdk only supports a cert7.db file
+ */
+ if (cert_file_type == APR_LDAP_CA_TYPE_CERT7_DB) {
+ result->rc = ldapssl_client_init(cert_auth_file, NULL);
+ }
+ else {
+ result->reason = "LDAP: Invalid certificate type: "
+ "CERT7_DB type required";
+ result->rc = -1;
+ }
+#else
+ result->reason = "LDAP: ldapssl_client_init() function not "
+ "supported by this Netscape SDK. Certificate "
+ "authority file not set";
result->rc = -1;
+#endif
+
}
-#elif APR_HAS_NOVELL_LDAPSDK
-
- /* Novell SDK supports DER or BASE64 files
- */
- if (cert_file_type == APR_LDAP_CA_TYPE_DER ||
- cert_file_type == APR_LDAP_CA_TYPE_BASE64 ) {
+ /* Novell SDK */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NOVELL)) {
- result->rc = ldapssl_client_init(NULL, NULL);
- if (LDAP_SUCCESS == result->rc) {
- if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) {
- result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file,
+#if APR_HAS_LDAPSSL_CLIENT_INIT && APR_HAS_LDAPSSL_ADD_TRUSTED_CERT && APR_HAS_LDAPSSL_CLIENT_DEINIT
+ /* Novell SDK supports DER or BASE64 files
+ */
+ if (cert_file_type == APR_LDAP_CA_TYPE_DER ||
+ cert_file_type == APR_LDAP_CA_TYPE_BASE64 ) {
+
+ result->rc = ldapssl_client_init(NULL, NULL);
+ if (LDAP_SUCCESS == result->rc) {
+ if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) {
+ result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file,
LDAPSSL_CERT_FILETYPE_B64);
- }
- else {
- result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file,
+ }
+ else {
+ result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file,
LDAPSSL_CERT_FILETYPE_DER);
- }
-
- if (LDAP_SUCCESS != result->rc) {
- ldapssl_client_deinit();
- result->reason = apr_psprintf (pool,
- "LDAP: Invalid certificate or path: "
- "Could not add trusted cert %s",
- cert_auth_file);
+ }
+
+ if (LDAP_SUCCESS != result->rc) {
+ ldapssl_client_deinit();
+ result->reason = apr_psprintf(pool,
+ "LDAP: Invalid certificate "
+ "or path: Could not add "
+ "trusted cert %s",
+ cert_auth_file);
+ }
}
}
- }
- else {
- result->reason = "LDAP: Invalid certificate type: "
- "DER or BASE64 type required";
+ else {
+ result->reason = "LDAP: Invalid certificate type: "
+ "DER or BASE64 type required";
+ result->rc = -1;
+ }
+
+#else
+ result->reason = "LDAP: ldapssl_client_init(), "
+ "ldapssl_add_trusted_cert() or "
+ "ldapssl_client_deinit() functions not supported "
+ "by this Novell SDK. Certificate authority file "
+ "not set";
result->rc = -1;
- }
+#endif
+ }
-#elif APR_HAS_OPENLDAP_LDAPSDK
+ /* openldap SDK */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_OPENLDAP)) {
+#ifdef LDAP_OPT_X_TLS_CACERTFILE
- /* OpenLDAP SDK supports BASE64 files
- */
- if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) {
- result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, cert_auth_file);
- }
- else {
- result->reason = "LDAP: Invalid certificate type: "
- "BASE64 type required";
+ /* OpenLDAP SDK supports BASE64 files
+ */
+ if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) {
+ result->rc = ldap_set_option(NULL,
+ LDAP_OPT_X_TLS_CACERTFILE,
+ cert_auth_file);
+ }
+ else {
+ result->reason = "LDAP: Invalid certificate type: "
+ "BASE64 type required";
+ result->rc = -1;
+ }
+
+#else
+ result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not "
+ "defined by this OpenLDAP SDK. Certificate "
+ "authority file not set";
result->rc = -1;
+#endif
}
-#elif APR_HAS_MICROSOFT_LDAPSDK
-
- /* Microsoft SDK use the registry certificate store - always
- * assume support is always available
- */
- result->rc = LDAP_SUCCESS;
+ /* microsoft SDK */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_MICROSOFT)) {
-#else
+ /* Microsoft SDK use the registry certificate store - always
+ * assume support is always available
+ */
+ result->rc = LDAP_SUCCESS;
- /* unknown toolkit type, assume no support available */
- result->reason = "LDAP: Attempt to set certificate store failed. "
- "Toolkit type not recognised as supporting SSL.";
- result->rc = -1;
+ }
-#endif /* APR_HAS_NETSCAPE_LDAPSDK */
+ /* Sun SDK */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_SUN)) {
+ result->reason = "LDAP: Attempt to set certificate store failed. "
+ "APR does not yet know how to set a certificate "
+ "store on the Sun toolkit";
+ result->rc = -1;
+ }
+
+ /* SDK not recognised */
+ else {
+
+ /* unknown toolkit type, assume no support available */
+ result->reason = "LDAP: Attempt to set certificate store failed. "
+ "Toolkit type not recognised by APR as supporting "
+ "SSL";
+ result->rc = -1;
+ }
#else /* not compiled with SSL Support */
result->reason = "LDAP: Attempt to set certificate store failed. "
- "Not built with SSL support.";
+ "Not built with SSL support";
result->rc = -1;
#endif /* APR_HAS_LDAP_SSL */
@@ -212,7 +279,7 @@ APU_DECLARE(int) apr_ldap_ssl_add_cert(apr_pool_t *pool,
*/
APU_DECLARE(int) apr_ldap_ssl_deinit(void) {
-#if APR_HAS_LDAP_SSL && APR_HAS_NOVELL_LDAPSDK
+#if APR_HAS_LDAP_SSL && APR_HAS_LDAPSSL_CLIENT_DEINIT
ldapssl_client_deinit();
#endif
return APR_SUCCESS;
@@ -244,38 +311,68 @@ APU_DECLARE(int) apr_ldap_init(apr_pool_t *pool,
/* clear connection requested */
if (!secure) {
-#if APR_HAS_MICROSOFT_LDAPSDK
*ldap = ldap_init((char *)hostname, portno);
-#else
- *ldap = ldap_init(hostname, portno);
-#endif
}
else { /* ssl connnection requested */
#if APR_HAS_LDAP_SSL
-#if APR_HAS_NOVELL_LDAPSDK
- *ldap = ldapssl_init(hostname, portno, 1);
-#elif APR_HAS_NETSCAPE_LDAPSDK
- *ldap = ldapssl_init(hostname, portno, 1);
-#elif APR_HAS_OPENLDAP_LDAPSDK
- *ldap = ldap_init(hostname, portno);
- if (NULL != *ldap) {
- int SSLmode = LDAP_OPT_X_TLS_HARD;
- result->rc = ldap_set_option(*ldap, LDAP_OPT_X_TLS, &SSLmode);
- if (LDAP_SUCCESS != result->rc) {
- ldap_unbind_s(*ldap);
- result->reason = "LDAP: ldap_set_option - LDAP_OPT_X_TLS_HARD failed";
- result->msg = ldap_err2string(result->rc);
- *ldap = NULL;
- /* @todo make proper APR error codes for LDAP codes */
- return APR_EGENERAL;
+
+ /* novell / netscape toolkit */
+ if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NOVELL) ||
+ !strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NETSCAPE)) {
+#if APR_HAS_LDAPSSL_INIT
+ *ldap = ldapssl_init(hostname, portno, 1);
+#else
+ result->reason = "LDAP: SSL not yet supported by APR on "
+ "this version of the Novell/Netscape toolkit";
+ return APR_ENOTIMPL;
+#endif
+ }
+
+ /* openldap toolkit */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_OPENLDAP)) {
+#ifdef LDAP_OPT_X_TLS
+ *ldap = ldap_init(hostname, portno);
+ if (NULL != *ldap) {
+ int SSLmode = LDAP_OPT_X_TLS_HARD;
+ result->rc = ldap_set_option(*ldap, LDAP_OPT_X_TLS, &SSLmode);
+ if (LDAP_SUCCESS != result->rc) {
+ ldap_unbind_s(*ldap);
+ result->reason = "LDAP: ldap_set_option - "
+ "LDAP_OPT_X_TLS_HARD failed";
+ result->msg = ldap_err2string(result->rc);
+ *ldap = NULL;
+ return APR_EGENERAL;
+ }
}
+#else
+ result->reason = "LDAP: SSL not yet supported by APR on this "
+ "version of the OpenLDAP toolkit";
+ return APR_ENOTIMPL;
+#endif
}
-#elif APR_HAS_MICROSOFT_LDAPSDK
- *ldap = ldap_sslinit((char *)hostname, portno, 1);
+
+ /* microsoft toolkit */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_MICROSOFT)) {
+#if APR_HAS_LDAP_SSLINIT
+ *ldap = ldap_sslinit((char *)hostname, portno, 1);
#else
+ result->reason = "LDAP: SSL not yet supported by APR on "
+ "this version of the Microsoft toolkit";
+ return APR_ENOTIMPL;
+#endif
+ }
+
+ /* sun toolkit */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_SUN)) {
+ result->reason = "LDAP: SSL not yet supported by APR on "
+ "this version of the Sun toolkit";
+ return APR_ENOTIMPL;
+ }
+
/* unknown toolkit - return not implemented */
- return APR_ENOTIMPL;
-#endif /* APR_HAS_NOVELL_LDAPSDK */
+ else {
+ return APR_ENOTIMPL;
+ }
#endif /* APR_HAS_LDAP_SSL */
}
@@ -303,18 +400,9 @@ APU_DECLARE(int) apr_ldap_info(apr_pool_t *pool, apr_ldap_err_t **result_err)
apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
*result_err = result;
-#if APR_HAS_NETSCAPE_LDAPSDK
- result->reason = "APR LDAP: Built with Netscape LDAP SDK";
-#elif APR_HAS_NOVELL_LDAPSDK
- result->reason = "APR LDAP: Built with Novell LDAP SDK";
-#elif APR_HAS_OPENLDAP_LDAPSDK
- result->reason = "APR LDAP: Built with OpenLDAP LDAP SDK";
-#elif APR_HAS_MICROSOFT_LDAPSDK
- result->reason = "APR LDAP: Built with Microsoft LDAP SDK";
-#else
- result->reason = "APR LDAP: Built with an unknown LDAP SDK";
-#endif
-
+ result->reason = "APR LDAP: Built with "
+ LDAP_VENDOR_NAME
+ " LDAP SDK";
return APR_SUCCESS;
}
View Lorry Controller Status