apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r601938 - in /apr/apr-util/trunk: CHANGES include/apr_ldap.h.in include/apr_ldap_rebind.h ldap/NWGNUmakefile ldap/apr_ldap_rebind.c
Date Fri, 07 Dec 2007 00:50:10 GMT
Author: minfrin
Date: Thu Dec  6 16:50:09 2007
New Revision: 601938

URL: http://svn.apache.org/viewvc?rev=601938&view=rev
Log:
Add an LDAP rebind implementation so that authentication can be
carried through referrals. [Paul J. Reder]

Added:
    apr/apr-util/trunk/include/apr_ldap_rebind.h
    apr/apr-util/trunk/ldap/apr_ldap_rebind.c
Modified:
    apr/apr-util/trunk/CHANGES
    apr/apr-util/trunk/include/apr_ldap.h.in
    apr/apr-util/trunk/ldap/NWGNUmakefile

Modified: apr/apr-util/trunk/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/CHANGES?rev=601938&r1=601937&r2=601938&view=diff
==============================================================================
--- apr/apr-util/trunk/CHANGES [utf-8] (original)
+++ apr/apr-util/trunk/CHANGES [utf-8] Thu Dec  6 16:50:09 2007
@@ -1,6 +1,9 @@
                                                      -*- coding: utf-8 -*-
 Changes with APR-util 1.3.0
 
+  *) Add an LDAP rebind implementation so that authentication can be
+     carried through referrals. [Paul J. Reder]
+
   *) Fix the make test target in the spec file. [Graham Leggett]
 
   *) Expose the SSL EVP interface to encrypt and decrypt arbitrary

Modified: apr/apr-util/trunk/include/apr_ldap.h.in
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/include/apr_ldap.h.in?rev=601938&r1=601937&r2=601938&view=diff
==============================================================================
--- apr/apr-util/trunk/include/apr_ldap.h.in (original)
+++ apr/apr-util/trunk/include/apr_ldap.h.in Thu Dec  6 16:50:09 2007
@@ -154,6 +154,7 @@
 #include "apr_ldap_url.h"
 #include "apr_ldap_init.h"
 #include "apr_ldap_option.h"
+#include "apr_ldap_rebind.h"
 
 /** @} */
 #endif /* APR_HAS_LDAP */

Added: apr/apr-util/trunk/include/apr_ldap_rebind.h
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/include/apr_ldap_rebind.h?rev=601938&view=auto
==============================================================================
--- apr/apr-util/trunk/include/apr_ldap_rebind.h (added)
+++ apr/apr-util/trunk/include/apr_ldap_rebind.h Thu Dec  6 16:50:09 2007
@@ -0,0 +1,80 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * The APR LDAP rebind functions provide an implementation of
+ * a rebind procedure that can be used to allow clients to chase referrals,
+ * using the same credentials used to log in originally.
+ *
+ * Use of this implementation is optional.
+ *
+ * @file apu_ldap_rebind.h
+ * @brief Apache LDAP library
+ */
+
+#ifndef APU_LDAP_REBIND_H
+#define APU_LDAP_REBIND_H
+
+/**
+ * APR LDAP initialize rebind lock
+ *
+ * This function creates the lock for controlling access to the xref list..
+ * @param pool Pool to use when creating the xref_lock.
+ */
+APU_DECLARE(apr_status_t) apr_ldap_rebind_init(apr_pool_t *pool);
+
+
+/**
+ * APR LDAP rebind_add function
+ *
+ * This function creates a cross reference entry for the specified ldap
+ * connection. The rebind callback function will look up this ldap 
+ * connection so it can retrieve the bindDN and bindPW for use in any 
+ * binds while referrals are being chased.
+ *
+ * This function will add the callback to the LDAP handle passed in.
+ *
+ * A cleanup is registered within the pool provided to remove this
+ * entry when the pool is removed. Alternatively apr_ldap_rebind_remove()
+ * can be called to explicitly remove the entry at will.
+ *
+ * @param pool The pool to use
+ * @param ld The LDAP connectionhandle
+ * @param bindDN The bind DN to be used for any binds while chasing 
+ *               referrals on this ldap connection.
+ * @param bindPW The bind Password to be used for any binds while 
+ *               chasing referrals on this ldap connection.
+ */
+APU_DECLARE(apr_status_t) apr_ldap_rebind_add(apr_pool_t *pool,
+                                              LDAP *ld,
+                                              const char *bindDN,
+                                              const char *bindPW);
+
+/**
+ * APR LDAP rebind_remove function
+ *
+ * This function removes the rebind cross reference entry for the
+ * specified ldap connection.
+ *
+ * If not explicitly removed, this function will be called automatically
+ * when the pool is cleaned up.
+ *
+ * @param ld The LDAP connectionhandle
+ */
+APU_DECLARE(apr_status_t) apr_ldap_rebind_remove(LDAP *ld);
+
+#endif /* APU_LDAP_REBIND_H */
+

Modified: apr/apr-util/trunk/ldap/NWGNUmakefile
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/ldap/NWGNUmakefile?rev=601938&r1=601937&r2=601938&view=diff
==============================================================================
--- apr/apr-util/trunk/ldap/NWGNUmakefile (original)
+++ apr/apr-util/trunk/ldap/NWGNUmakefile Thu Dec  6 16:50:09 2007
@@ -231,6 +231,7 @@
 	$(OBJDIR)/apr_ldap_init.o \
 	$(OBJDIR)/apr_ldap_option.o \
 	$(OBJDIR)/apr_ldap_url.o \
+	$(OBJDIR)/apr_ldap_rebind.o \
 	$(EOLIST)
 
 #

Added: apr/apr-util/trunk/ldap/apr_ldap_rebind.c
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/ldap/apr_ldap_rebind.c?rev=601938&view=auto
==============================================================================
--- apr/apr-util/trunk/ldap/apr_ldap_rebind.c (added)
+++ apr/apr-util/trunk/ldap/apr_ldap_rebind.c Thu Dec  6 16:50:09 2007
@@ -0,0 +1,266 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*  apr_ldap_rebind.c -- LDAP rebind callbacks for referrals
+ *
+ *  The LDAP SDK allows a callback to be set to enable rebinding
+ *  for referral processing.
+ *
+ */
+
+#include "apr.h"
+#include "apu.h"
+#include "apr_ldap.h"
+#include "apr_errno.h"
+#include "apr_strings.h"
+#include "apr_ldap_rebind.h"
+
+#include "stdio.h"
+
+#if APR_HAS_THREADS
+static apr_thread_mutex_t *apr_ldap_xref_lock = NULL;
+#endif
+
+/* Used to store information about connections for use in the referral rebind callback. */
+struct apr_ldap_rebind_entry {
+    apr_pool_t *pool;
+    LDAP *index;
+    const char *bindDN;
+    const char *bindPW;
+    struct apr_ldap_rebind_entry *next;
+};
+typedef struct apr_ldap_rebind_entry apr_ldap_rebind_entry_t;
+
+static apr_ldap_rebind_entry_t *xref_head = NULL;
+
+static int apr_ldap_rebind_set_callback(LDAP *ld);
+static apr_status_t apr_ldap_rebind_remove_helper(void *data);
+
+/* APR utility routine used to create the xref_lock. */
+APU_DECLARE(apr_status_t) apr_ldap_rebind_init(apr_pool_t *pool)
+{
+    apr_status_t retcode = APR_SUCCESS;
+
+#if APR_HAS_THREADS
+    if (apr_ldap_xref_lock == NULL) {
+        retcode = apr_thread_mutex_create(&apr_ldap_xref_lock, APR_THREAD_MUTEX_DEFAULT,
pool);
+    }
+#endif
+
+    return(retcode);
+}
+
+
+/*************************************************************************************/
+APU_DECLARE(apr_status_t) apr_ldap_rebind_add(apr_pool_t *pool, LDAP *ld, const char *bindDN,
const char *bindPW)
+{
+    apr_status_t retcode = APR_SUCCESS;
+    apr_ldap_rebind_entry_t *new_xref;
+
+    new_xref = (apr_ldap_rebind_entry_t *)apr_pcalloc(pool, sizeof(apr_ldap_rebind_entry_t));
+    if (new_xref) {
+        new_xref->pool = pool;
+        new_xref->index = ld;
+        if (bindDN) {
+            new_xref->bindDN = apr_pstrdup(pool, bindDN);
+        }
+        if (bindPW) {
+            new_xref->bindPW = apr_pstrdup(pool, bindPW);
+        }
+    
+#if APR_HAS_THREADS
+       apr_thread_mutex_lock(apr_ldap_xref_lock);
+#endif
+    
+        new_xref->next = xref_head;
+        xref_head = new_xref;
+    
+#if APR_HAS_THREADS
+        apr_thread_mutex_unlock(apr_ldap_xref_lock);
+#endif
+    }
+    else {
+        return(APR_ENOMEM);
+    }
+
+    retcode = apr_ldap_rebind_set_callback(ld);
+    if (APR_SUCCESS != retcode) {
+        apr_ldap_rebind_remove(ld);
+        return retcode;
+    }
+
+    apr_pool_cleanup_register(pool, ld,
+                              apr_ldap_rebind_remove_helper,
+                              apr_pool_cleanup_null);
+
+    return(APR_SUCCESS);
+}
+
+/*************************************************************************************/
+APU_DECLARE(apr_status_t) apr_ldap_rebind_remove(LDAP *ld)
+{
+    apr_ldap_rebind_entry_t *tmp_xref, *prev = NULL;
+
+#if APR_HAS_THREADS
+    apr_thread_mutex_lock(apr_ldap_xref_lock);
+#endif
+    tmp_xref = xref_head;
+
+    while ((tmp_xref) && (tmp_xref->index != ld)) {
+        prev = tmp_xref;
+        tmp_xref = tmp_xref->next;
+    }
+
+    if (tmp_xref) {
+        if (tmp_xref == xref_head) {
+            xref_head = xref_head->next;
+        }
+        else {
+            prev->next = tmp_xref->next;
+        }
+
+        /* tmp_xref and its contents were pool allocated so they don't need to be freed here.
*/
+
+        /* remove the cleanup, just in case this was done manually */
+        apr_pool_cleanup_kill(tmp_xref->pool, tmp_xref->index,
+                              apr_ldap_rebind_remove_helper);
+    }
+
+#if APR_HAS_THREADS
+    apr_thread_mutex_unlock(apr_ldap_xref_lock);
+#endif
+    return APR_SUCCESS;
+}
+
+static apr_status_t apr_ldap_rebind_remove_helper(void *data)
+{
+    LDAP *ld = (LDAP *)data;
+    apr_ldap_rebind_remove(ld);
+    return APR_SUCCESS;
+}
+
+/*************************************************************************************/
+static apr_ldap_rebind_entry_t *apr_ldap_rebind_lookup(LDAP *ld)
+{
+    apr_ldap_rebind_entry_t *tmp_xref, *match = NULL;
+
+#if APR_HAS_THREADS
+    apr_thread_mutex_lock(apr_ldap_xref_lock);
+#endif
+    tmp_xref = xref_head;
+
+    while (tmp_xref) {
+        if (tmp_xref->index == ld) {
+            match = tmp_xref;
+            tmp_xref = NULL;
+        }
+        else {
+            tmp_xref = tmp_xref->next;
+        }
+    }
+
+#if APR_HAS_THREADS
+    apr_thread_mutex_unlock(apr_ldap_xref_lock);
+#endif
+
+    return (match);
+}
+
+#if APR_HAS_TIVOLI_LDAPSDK
+
+/* LDAP_rebindproc() Tivoli LDAP style
+ *     Rebind callback function. Called when chasing referrals. See API docs.
+ * ON ENTRY:
+ *     ld       Pointer to an LDAP control structure. (input only)
+ *     binddnp  Pointer to an Application DName used for binding (in *or* out)
+ *     passwdp  Pointer to the password associated with the DName (in *or* out)
+ *     methodp  Pointer to the Auth method (output only)
+ *     freeit   Flag to indicate if this is a lookup or a free request (input only)
+ */
+static int LDAP_rebindproc(LDAP *ld, char **binddnp, char **passwdp, int *methodp, int freeit)
+{
+    if (!freeit) {
+        apr_ldap_rebind_entry_t *my_conn;
+
+        *methodp = LDAP_AUTH_SIMPLE;
+        my_conn = apr_ldap_rebind_lookup(ld);
+
+        if ((my_conn) && (my_conn->bindDN != NULL)) {
+            *binddnp = strdup(my_conn->bindDN);
+            *passwdp = strdup(my_conn->bindPW);
+        } else {
+            *binddnp = NULL;
+            *passwdp = NULL;
+        }
+    } else {
+        if (*binddnp) {
+            free(*binddnp);
+        }
+        if (*passwdp) {
+            free(*passwdp);
+        }
+    }
+
+    return LDAP_SUCCESS;
+}
+
+static int apr_ldap_rebind_set_callback(LDAP *ld)
+{
+    ldap_set_rebind_proc(ld, (LDAPRebindProc)LDAP_rebindproc);
+    return APR_SUCCESS;
+}
+
+#elif APR_HAS_OPENLDAP_LDAPSDK
+
+/* LDAP_rebindproc() openLDAP V3 style
+ * ON ENTRY:
+ *     ld       Pointer to an LDAP control structure. (input only)
+ *     url      Unused in this routine
+ *     request  Unused in this routine
+ *     msgid    Unused in this routine
+ *     params   Unused in this routine
+ */
+static int LDAP_rebindproc(LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid,
void *params)
+{
+    apr_ldap_rebind_entry_t *my_conn;
+    const char *bindDN = NULL;
+    const char *bindPW = NULL;
+
+    my_conn = apr_ldap_rebind_lookup(ld);
+
+    if ((my_conn) && (my_conn->bindDN != NULL)) {
+        bindDN = my_conn->bindDN;
+        bindPW = my_conn->bindPW;
+    }
+
+    return (ldap_bind_s(ld, bindDN, bindPW, LDAP_AUTH_SIMPLE));
+}
+
+static int apr_ldap_rebind_set_callback(LDAP *ld)
+{
+    ldap_set_rebind_proc(ld, LDAP_rebindproc, NULL);
+    return APR_SUCCESS;
+}
+
+#else         /* Implementation not recognised */
+
+static int apr_ldap_rebind_set_callback(LDAP *ld)
+{
+    return APR_ENOTIMPL;
+}
+
+#endif
+



Mime
View raw message