apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r124190 - in apr/apr-util/branches/1.0.x: . include ldap
Date Wed, 05 Jan 2005 10:43:32 GMT
Author: minfrin
Date: Wed Jan  5 02:43:31 2005
New Revision: 124190

URL: http://svn.apache.org/viewcvs?view=rev&rev=124190
Log:
Teach apr_ldap_init() how to handle STARTTLS in addition to the existing
SSL support. Add apr_ldap_option API.

Added:
   apr/apr-util/branches/1.0.x/include/apr_ldap_option.h
   apr/apr-util/branches/1.0.x/ldap/apr_ldap_option.c
Modified:
   apr/apr-util/branches/1.0.x/CHANGES
   apr/apr-util/branches/1.0.x/aprutil.dsp
   apr/apr-util/branches/1.0.x/include/apr_ldap.h.in
   apr/apr-util/branches/1.0.x/include/apr_ldap.hnw
   apr/apr-util/branches/1.0.x/include/apr_ldap.hw
   apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c
   apr/apr-util/branches/1.0.x/libaprutil.dsp

Modified: apr/apr-util/branches/1.0.x/CHANGES
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/CHANGES?view=diff&rev=124190&p1=apr/apr-util/branches/1.0.x/CHANGES&r1=124189&p2=apr/apr-util/branches/1.0.x/CHANGES&r2=124190
==============================================================================
--- apr/apr-util/branches/1.0.x/CHANGES	(original)
+++ apr/apr-util/branches/1.0.x/CHANGES	Wed Jan  5 02:43:31 2005
@@ -1,5 +1,8 @@
 Changes with APR-util 1.0.2
 
+  *) Teach apr_ldap_init() how to handle STARTTLS in addition to the existing
+     SSL support. Add apr_ldap_option API. [Graham Leggett]
+
   *) Make install passed a shell expanded list of header files to the
      build/install.sh script, which can only install one file at a time.
      Changed to install one header file at a time. [Justin Erenkrantz,

Modified: apr/apr-util/branches/1.0.x/aprutil.dsp
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/aprutil.dsp?view=diff&rev=124190&p1=apr/apr-util/branches/1.0.x/aprutil.dsp&r1=124189&p2=apr/apr-util/branches/1.0.x/aprutil.dsp&r2=124190
==============================================================================
--- apr/apr-util/branches/1.0.x/aprutil.dsp	(original)
+++ apr/apr-util/branches/1.0.x/aprutil.dsp	Wed Jan  5 02:43:31 2005
@@ -211,6 +211,10 @@
 
 SOURCE=.\ldap\apr_ldap_url.c
 # End Source File
+# Begin Source File
+
+SOURCE=.\ldap\apr_ldap_option.c
+# End Source File
 # End Group
 # Begin Group "misc"
 

Modified: apr/apr-util/branches/1.0.x/include/apr_ldap.h.in
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/include/apr_ldap.h.in?view=diff&rev=124190&p1=apr/apr-util/branches/1.0.x/include/apr_ldap.h.in&r1=124189&p2=apr/apr-util/branches/1.0.x/include/apr_ldap.h.in&r2=124190
==============================================================================
--- apr/apr-util/branches/1.0.x/include/apr_ldap.h.in	(original)
+++ apr/apr-util/branches/1.0.x/include/apr_ldap.h.in	Wed Jan  5 02:43:31 2005
@@ -75,9 +75,7 @@
 
 @lber_h@
 @ldap_h@
-#if APR_HAS_LDAP_SSL 
 @ldap_ssl_h@
-#endif
 
 
 /*
@@ -132,7 +130,7 @@
 
 #include "apr_ldap_url.h"
 #include "apr_ldap_init.h"
-
+#include "apr_ldap_option.h"
 
 /** @} */
 #endif /* APR_HAS_LDAP */

Modified: apr/apr-util/branches/1.0.x/include/apr_ldap.hnw
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/include/apr_ldap.hnw?view=diff&rev=124190&p1=apr/apr-util/branches/1.0.x/include/apr_ldap.hnw&r1=124189&p2=apr/apr-util/branches/1.0.x/include/apr_ldap.hnw&r2=124190
==============================================================================
--- apr/apr-util/branches/1.0.x/include/apr_ldap.hnw	(original)
+++ apr/apr-util/branches/1.0.x/include/apr_ldap.hnw	Wed Jan  5 02:43:31 2005
@@ -132,7 +132,7 @@
 
 #include "apr_ldap_url.h"
 #include "apr_ldap_init.h"
-
+#include "apr_ldap_option.h"
 
 /** @} */
 #endif /* APR_HAS_LDAP */

Modified: apr/apr-util/branches/1.0.x/include/apr_ldap.hw
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/include/apr_ldap.hw?view=diff&rev=124190&p1=apr/apr-util/branches/1.0.x/include/apr_ldap.hw&r1=124189&p2=apr/apr-util/branches/1.0.x/include/apr_ldap.hw&r2=124190
==============================================================================
--- apr/apr-util/branches/1.0.x/include/apr_ldap.hw	(original)
+++ apr/apr-util/branches/1.0.x/include/apr_ldap.hw	Wed Jan  5 02:43:31 2005
@@ -128,7 +128,7 @@
 
 #include "apr_ldap_url.h"
 #include "apr_ldap_init.h"
-
+#include "apr_ldap_option.h"
 
 /** @} */
 #endif /* APR_HAS_LDAP */

Added: apr/apr-util/branches/1.0.x/include/apr_ldap_option.h
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/include/apr_ldap_option.h?view=auto&rev=124190
==============================================================================
--- (empty file)
+++ apr/apr-util/branches/1.0.x/include/apr_ldap_option.h	Wed Jan  5 02:43:31 2005
@@ -0,0 +1,115 @@
+/* Copyright 2000-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file apr_ldap_option.h
+ * @brief  APR-UTIL LDAP ldap_*_option() functions
+ */
+#ifndef APR_LDAP_OPTION_H
+#define APR_LDAP_OPTION_H
+
+/**
+ * @defgroup APR_Util_LDAP LDAP
+ * @ingroup APR_Util
+ * @{
+ */
+
+#include "apr_ldap.h"
+
+#if APR_HAS_LDAP
+
+/*
+ * The following defines handle the different TLS certificate
+ * options available. If these options are missing, APR will try and
+ * emulate support for this using the derecated ldap_start_tls_s()
+ * function.
+ */
+#ifdef LDAP_OPT_X_TLS_NEVER
+#define APR_LDAP_OPT_TLS_NEVER LDAP_OPT_X_TLS_NEVER
+#else
+#define APR_LDAP_OPT_TLS_NEVER 0
+#endif
+
+#ifdef LDAP_OPT_X_TLS_HARD
+#define APR_LDAP_OPT_TLS_HARD LDAP_OPT_X_TLS_HARD
+#else
+#define APR_LDAP_OPT_TLS_HARD 1
+#endif
+
+#ifdef LDAP_OPT_X_TLS_DEMAND
+#define APR_LDAP_OPT_TLS_DEMAND LDAP_OPT_X_TLS_DEMAND
+#else
+#define APR_LDAP_OPT_TLS_DEMAND 2
+#endif
+
+#ifdef LDAP_OPT_X_TLS_ALLOW
+#define APR_LDAP_OPT_TLS_ALLOW LDAP_OPT_X_TLS_ALLOW
+#else
+#define APR_LDAP_OPT_TLS_ALLOW 3
+#endif
+
+#ifdef LDAP_OPT_X_TLS_TRY
+#define APR_LDAP_OPT_TLS_TRY LDAP_OPT_X_TLS_TRY
+#else
+#define APR_LDAP_OPT_TLS_TRY 4
+#endif
+
+
+/**
+ * APR LDAP get option function
+ *
+ * This function gets option values from a given LDAP session if
+ * one was specified. It maps to the native ldap_get_option() function.
+ * @param pool The pool to use
+ * @param ldap The LDAP handle
+ * @param option The LDAP_OPT_* option to return
+ * @param outvalue The value returned (if any)
+ * @param result_err The apr_ldap_err_t structure contained detailed results
+ *        of the operation.
+ */
+APU_DECLARE(int) apr_ldap_get_option(apr_pool_t *pool,
+                                     LDAP *ldap,
+                                     int option,
+                                     void *outvalue,
+                                     apr_ldap_err_t **result_err);
+
+/**
+ * APR LDAP set option function
+ * 
+ * This function sets option values to a given LDAP session if
+ * one was specified. It maps to the native ldap_set_option() function.
+ * 
+ * Where an option is not supported by an LDAP toolkit, this function
+ * will try and apply legacy functions to achieve the same effect,
+ * depending on the platform.
+ * @param pool The pool to use
+ * @param ldap The LDAP handle
+ * @param option The LDAP_OPT_* option to set
+ * @param invalue The value to set
+ * @param result_err The apr_ldap_err_t structure contained detailed results
+ *        of the operation.
+ */
+APU_DECLARE(int) apr_ldap_set_option(apr_pool_t *pool,
+                                     LDAP *ldap,
+                                     int option,
+                                     const void *invalue,
+                                     apr_ldap_err_t **result_err);
+
+#endif /* APR_HAS_LDAP */
+
+/** @} */
+
+#endif /* APR_LDAP_OPTION_H */
+

Modified: apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c?view=diff&rev=124190&p1=apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c&r1=124189&p2=apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c&r2=124190
==============================================================================
--- apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c	(original)
+++ apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c	Wed Jan  5 02:43:31 2005
@@ -298,6 +298,16 @@
  * to hide the complexity setup from the user. This function
  * assumes that any certificate setup necessary has already
  * been done.
+ *
+ * If SSL or STARTTLS needs to be enabled, and the underlying
+ * toolkit supports it, the following values are accepted for
+ * secure:
+ *
+ * APR_LDAP_OPT_TLS_NEVER: No encryption
+ * APR_LDAP_OPT_TLS_HARD: SSL encryption (ldaps://)
+ * APR_LDAP_OPT_TLS_DEMAND: Force STARTTLS on ldap://
+ * APR_LDAP_OPT_TLS_ALLOW: Allow STARTTLS on ldap://
+ * APR_LDAP_OPT_TLS_TRY: Optionally try STARTLS on ldap://
  */
 APU_DECLARE(int) apr_ldap_init(apr_pool_t *pool,
                                LDAP **ldap,
@@ -333,19 +343,20 @@
 #ifdef LDAP_OPT_X_TLS
             *ldap = ldap_init(hostname, portno);
             if (NULL != *ldap) {
-                int SSLmode = LDAP_OPT_X_TLS_HARD;
+                int SSLmode = secure;
                 result->rc = ldap_set_option(*ldap, LDAP_OPT_X_TLS, &SSLmode);
                 if (LDAP_SUCCESS != result->rc) {
                     ldap_unbind_s(*ldap);
-                    result->reason = "LDAP: ldap_set_option - "
-                                     "LDAP_OPT_X_TLS_HARD failed";
+                    result->reason = "LDAP: ldap_set_option failed, "
+                                     "could not set security mode for "
+                                     "apr_ldap_init()";
                     result->msg = ldap_err2string(result->rc);
                     *ldap = NULL;
                     return APR_EGENERAL;
                 }
             }
 #else
-            result->reason = "LDAP: SSL not yet supported by APR on this "
+            result->reason = "LDAP: SSL/TLS not yet supported by APR on this "
                              "version of the OpenLDAP toolkit";
             return APR_ENOTIMPL;
 #endif
@@ -353,13 +364,46 @@
 
         /* microsoft toolkit */
         else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_MICROSOFT)) {
+            if (APR_LDAP_OPT_TLS_HARD == secure) {
 #if APR_HAS_LDAP_SSLINIT
-            *ldap = ldap_sslinit((char *)hostname, portno, 1);
+                *ldap = ldap_sslinit((char *)hostname, portno, 1);
 #else
-            result->reason = "LDAP: SSL not yet supported by APR on "
-                             "this version of the Microsoft toolkit";
-            return APR_ENOTIMPL;
+                result->reason = "LDAP: ldap_sslinit() not yet supported by APR on "
+                                 "this version of the Microsoft toolkit";
+                return APR_ENOTIMPL;
+#endif
+            }
+            else {
+#if APR_HAS_LDAP_START_TLS_S
+                if (APR_LDAP_OPT_TLS_DEMAND == secure) {
+                    *ldap = ldap_init(hostname, portno);
+                    if (NULL != *ldap) {
+                        result->rc = ldap_start_tls_s(*ldap, NULL, NULL, NULL, NULL);
+                        if (LDAP_SUCCESS != result->rc) {
+                            ldap_unbind_s(*ldap);
+                            result->reason = "LDAP: ldap_start_tls_s() failed, "
+                                             "could not set STARTTLS mode for "
+                                             "apr_ldap_init()";
+                            result->msg = ldap_err2string(result->rc);
+                            *ldap = NULL;
+                            return APR_EGENERAL;
+                        }
+                    }
+                }
+                else {
+                    result->reason = "LDAP: APR_LDAP_OPT_TLS_ALLOW and "
+                                     "APR_LDAP_OPT_TLS_TRY are not supported "
+                                     "by APR on this version of the Microsoft "
+                                     "toolkit. Use APR_LDAP_OPT_TLS_DEMAND "
+                                     "instead to enable STARTTLS";
+                    return APR_ENOTIMPL;
+                }
+#else
+                result->reason = "LDAP: ldap_start_tls_s() not yet supported "
+                                 "by APR on this version of the Microsoft toolkit";
+                return APR_ENOTIMPL;
 #endif
+            }
         }
 
         /* sun toolkit */

Added: apr/apr-util/branches/1.0.x/ldap/apr_ldap_option.c
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/ldap/apr_ldap_option.c?view=auto&rev=124190
==============================================================================
--- (empty file)
+++ apr/apr-util/branches/1.0.x/ldap/apr_ldap_option.c	Wed Jan  5 02:43:31 2005
@@ -0,0 +1,103 @@
+/* Copyright 2000-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*  apr_ldap_option.c -- LDAP options
+ *
+ *  The LDAP SDK allows the getting and setting of options on an LDAP
+ *  connection.
+ *
+ */
+
+#include <apu.h>
+#include <apr_ldap.h>
+#include <apr_errno.h>
+#include <apr_pools.h>
+#include <apr_strings.h>
+
+#if APR_HAS_LDAP
+
+/**
+ * APR LDAP get option function
+ *
+ * This function gets option values from a given LDAP session if
+ * one was specified.
+ */
+APU_DECLARE(int) apr_ldap_get_option(apr_pool_t *pool,
+                                     LDAP *ldap,
+                                     int option,
+                                     void *outvalue,
+                                     apr_ldap_err_t **result_err) {
+
+    apr_ldap_err_t *result;
+
+    result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
+    *result_err = result;
+    if (!result) {
+        return APR_ENOMEM;
+    }
+
+    /* get the option specified using the native LDAP function */
+    result->rc = ldap_get_option(ldap, option, outvalue);
+
+    /* handle the error case */
+    if (LDAP_SUCCESS != result->rc) {
+        result->msg = ldap_err2string(result-> rc);
+        result->reason = apr_pstrdup (pool, "LDAP: Could not get an option");
+        return APR_EGENERAL;
+    }
+
+    return APR_SUCCESS;
+
+} 
+
+/**
+ * APR LDAP set option function
+ *
+ * This function sets option values to a given LDAP session if
+ * one was specified.
+ *
+ * Where an option is not supported by an LDAP toolkit, this function
+ * will try and apply legacy functions to achieve the same effect,
+ * depending on the platform.
+ */
+APU_DECLARE(int) apr_ldap_set_option(apr_pool_t *pool,
+                                     LDAP *ldap,
+                                     int option,
+                                     const void *invalue,
+                                     apr_ldap_err_t **result_err) {
+
+    apr_ldap_err_t *result;
+
+    result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
+    *result_err = result;
+    if (!result) {
+        return APR_ENOMEM;
+    }
+
+    /* set the option specified using the native LDAP function */
+    result->rc = ldap_set_option(ldap, option, (void *)invalue);
+
+    /* handle the error case */
+    if (LDAP_SUCCESS != result->rc) {
+        result->msg = ldap_err2string(result-> rc);
+        result->reason = apr_pstrdup (pool, "LDAP: Could not get an option");
+        return APR_EGENERAL;
+    }
+
+    return APR_SUCCESS;
+
+}
+
+#endif /* APR_HAS_LDAP */

Modified: apr/apr-util/branches/1.0.x/libaprutil.dsp
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/libaprutil.dsp?view=diff&rev=124190&p1=apr/apr-util/branches/1.0.x/libaprutil.dsp&r1=124189&p2=apr/apr-util/branches/1.0.x/libaprutil.dsp&r2=124190
==============================================================================
--- apr/apr-util/branches/1.0.x/libaprutil.dsp	(original)
+++ apr/apr-util/branches/1.0.x/libaprutil.dsp	Wed Jan  5 02:43:31 2005
@@ -217,6 +217,10 @@
 
 SOURCE=.\ldap\apr_ldap_url.c
 # End Source File
+# Begin Source File
+
+SOURCE=.\ldap\apr_ldap_option.c
+# End Source File 
 # End Group
 # Begin Group "misc"
 

Mime
View raw message