httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject cvs commit: httpd-2.0/modules/experimental mod_auth_ldap.c util_ldap.c
Date Wed, 04 Aug 2004 00:04:41 GMT
minfrin     2004/08/03 17:04:41

  Modified:    .        CHANGES
               modules/experimental mod_auth_ldap.c util_ldap.c
  Log:
  Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap.
  
  Revision  Changes    Path
  1.1544    +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1543
  retrieving revision 1.1544
  diff -u -r1.1543 -r1.1544
  --- CHANGES	1 Aug 2004 01:12:29 -0000	1.1543
  +++ CHANGES	4 Aug 2004 00:04:40 -0000	1.1544
  @@ -2,6 +2,9 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap.
  +     [Graham Leggett]
  +
     *) Remove deprecated/removed APR_STATUS_IS_SUCCESS().  [Justin Erenkrantz]
   
     *) perchild MPM: Fix thread safety problem in the use of longjmp().
  
  
  
  1.28      +5 -16     httpd-2.0/modules/experimental/mod_auth_ldap.c
  
  Index: mod_auth_ldap.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/experimental/mod_auth_ldap.c,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -u -r1.27 -r1.28
  --- mod_auth_ldap.c	21 May 2004 03:14:06 -0000	1.27
  +++ mod_auth_ldap.c	4 Aug 2004 00:04:41 -0000	1.28
  @@ -692,8 +692,9 @@
                                       void *config,
                                       const char *url)
   {
  -    int result;
  +    int rc;
       apr_ldap_url_desc_t *urld;
  +    apr_ldap_err_t *result;
   
       mod_auth_ldap_config_t *sec = config;
   
  @@ -701,20 +702,9 @@
   	         cmd->server, "[%d] auth_ldap url parse: `%s'", 
   	         getpid(), url);
   
  -    result = apr_ldap_url_parse(url, &(urld));
  -    if (result != LDAP_SUCCESS) {
  -        switch (result) {
  -        case LDAP_URL_ERR_NOTLDAP:
  -            return "LDAP URL does not begin with ldap://";
  -        case LDAP_URL_ERR_NODN:
  -            return "LDAP URL does not have a DN";
  -        case LDAP_URL_ERR_BADSCOPE:
  -            return "LDAP URL has an invalid scope";
  -        case LDAP_URL_ERR_MEM:
  -            return "Out of memory parsing LDAP URL";
  -        default:
  -            return "Could not parse LDAP URL";
  -        }
  +    rc = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result));
  +    if (rc != APR_SUCCESS) {
  +        return result->reason;
       }
       sec->url = apr_pstrdup(cmd->pool, url);
   
  @@ -801,7 +791,6 @@
       }
   
       sec->have_ldap_url = 1;
  -    apr_ldap_free_urldesc(urld);
       return NULL;
   }
   
  
  
  
  1.36      +43 -185   httpd-2.0/modules/experimental/util_ldap.c
  
  Index: util_ldap.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/experimental/util_ldap.c,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- util_ldap.c	26 Jun 2004 16:00:26 -0000	1.35
  +++ util_ldap.c	4 Aug 2004 00:04:41 -0000	1.36
  @@ -254,50 +254,16 @@
       */
       if (NULL == ldc->ldap)
       {
  -            /* clear connection requested */
  -        if (!ldc->secure)
  -        {
  -            ldc->ldap = ldap_init(const_cast(ldc->host), ldc->port);
  -        }
  -        else /* ssl connnection requested */
  -        {
  -                /* check configuration to make sure it supports SSL
  -                */
  -            if (st->ssl_support)
  -            {
  -                #if APR_HAS_LDAP_SSL
  -                
  -                #if APR_HAS_NOVELL_LDAPSDK 
  -                ldc->ldap = ldapssl_init(ldc->host, ldc->port, 1);
  -
  -                #elif APR_HAS_NETSCAPE_LDAPSDK
  -                ldc->ldap = ldapssl_init(ldc->host, ldc->port, 1);
  -
  -                #elif APR_HAS_OPENLDAP_LDAPSDK
  -                ldc->ldap = ldap_init(ldc->host, ldc->port);
  -                if (NULL != ldc->ldap)
  -                {
  -                    int SSLmode = LDAP_OPT_X_TLS_HARD;
  -                    result = ldap_set_option(ldc->ldap, LDAP_OPT_X_TLS, &SSLmode);
  -                    if (LDAP_SUCCESS != result)
  -                    {
  -                        ldap_unbind_s(ldc->ldap);
  -                        ldc->reason = "LDAP: ldap_set_option - LDAP_OPT_X_TLS_HARD failed";
  -                        ldc->ldap = NULL;
  -                    }
  -                }
  +        apr_ldap_err_t *result = NULL;
  +        int rc = apr_ldap_init(r->pool,
  +                               &(ldc->ldap),
  +                               ldc->host,
  +                               ldc->port,
  +                               ldc->secure,
  +                               &(result));
   
  -                #elif APR_HAS_MICROSOFT_LDAPSDK
  -                ldc->ldap = ldap_sslinit(const_cast(ldc->host), ldc->port, 1);
  -
  -                #else
  -                    ldc->reason = "LDAP: ssl connections not supported";
  -                #endif /* APR_HAS_NOVELL_LDAPSDK */
  -            
  -                #endif /* APR_HAS_LDAP_SSL */
  -            }
  -            else
  -                ldc->reason = "LDAP: ssl connections not supported";
  +        if (result != NULL) {
  +            ldc->reason = result->reason;
           }
   
           if (NULL == ldc->ldap)
  @@ -327,7 +293,7 @@
         */
       for (failures=0; failures<10; failures++)
       {
  -        result = ldap_simple_bind_s(ldc->ldap, const_cast(ldc->binddn), const_cast(ldc->bindpw));
  +        result = ldap_simple_bind_s(ldc->ldap, ldc->binddn, ldc->bindpw);
           if (LDAP_SERVER_DOWN != result)
               break;
       }
  @@ -558,7 +524,7 @@
       }
   
       /* search for reqdn */
  -    if ((result = ldap_search_ext_s(ldc->ldap, const_cast(reqdn), LDAP_SCOPE_BASE, 
  +    if ((result = ldap_search_ext_s(ldc->ldap, reqdn, LDAP_SCOPE_BASE, 
   				    "(objectclass=*)", NULL, 1, 
   				    NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
           ldc->reason = "DN Comparison ldap_search_ext_s() failed with server down";
  @@ -690,7 +656,7 @@
           return result;
       }
   
  -    if ((result = ldap_compare_s(ldc->ldap, const_cast(dn), const_cast(attrib), const_cast(value)))
  +    if ((result = ldap_compare_s(ldc->ldap, dn, attrib, value))
           == LDAP_SERVER_DOWN) { 
           /* connection failed - try again */
           ldc->reason = "ldap_compare_s() failed with server down";
  @@ -821,8 +787,8 @@
   
       /* try do the search */
       if ((result = ldap_search_ext_s(ldc->ldap,
  -				    const_cast(basedn), scope, 
  -				    const_cast(filter), attrs, 0, 
  +				    basedn, scope, 
  +				    filter, attrs, 0, 
   				    NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
           ldc->reason = "ldap_search_ext_s() for user failed with server down";
           util_ldap_connection_unbind(ldc);
  @@ -876,7 +842,7 @@
        * exists, since we just retrieved it)
        */
       if ((result = 
  -         ldap_simple_bind_s(ldc->ldap, const_cast(*binddn), const_cast(bindpw))) ==

  +         ldap_simple_bind_s(ldc->ldap, *binddn, bindpw)) == 
            LDAP_SERVER_DOWN) {
           ldc->reason = "ldap_simple_bind_s() to check user credentials failed with server
down";
           ldap_msgfree(res);
  @@ -1150,16 +1116,17 @@
   
   static apr_status_t util_ldap_cleanup_module(void *data)
   {
  -#if APR_HAS_LDAP_SSL && APR_HAS_NOVELL_LDAPSDK
  +
       server_rec *s = data;
       util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(
           s->module_config, &ldap_module);
       
  -    if (st->ssl_support)
  -        ldapssl_client_deinit();
  +    if (st->ssl_support) {
  +        apr_ldap_ssl_deinit();
  +    }
   
  -#endif
       return APR_SUCCESS;
  +
   }
   
   static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, 
  @@ -1247,155 +1214,46 @@
       
       /* log the LDAP SDK used 
        */
  -    #if APR_HAS_NETSCAPE_LDAPSDK 
  -    
  -        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, 
  -             "LDAP: Built with Netscape LDAP SDK" );
  -
  -    #elif APR_HAS_NOVELL_LDAPSDK
  -
  -        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, 
  -             "LDAP: Built with Novell LDAP SDK" );
  -
  -    #elif APR_HAS_OPENLDAP_LDAPSDK
  -
  -        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, 
  -             "LDAP: Built with OpenLDAP LDAP SDK" );
  -
  -    #elif APR_HAS_MICROSOFT_LDAPSDK
  -    
  -        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, 
  -             "LDAP: Built with Microsoft LDAP SDK" );
  -    #else
  -    
  -        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, 
  -             "LDAP: Built with unknown LDAP SDK" );
  -
  -    #endif /* APR_HAS_NETSCAPE_LDAPSDK */
  -
  -
  +    {
  +        apr_ldap_err_t *result = NULL;
  +        apr_ldap_info(&(result), p);
  +        if (result != NULL) {
  +            ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, result->reason);
  +        }
  +    }
   
       apr_pool_cleanup_register(p, s, util_ldap_cleanup_module,
                                 util_ldap_cleanup_module); 
   
       /* initialize SSL support if requested
       */
  -    if (st->cert_auth_file)
  -    {
  -        #if APR_HAS_LDAP_SSL /* compiled with ssl support */
  -
  -        #if APR_HAS_NETSCAPE_LDAPSDK 
  -
  -            /* Netscape sdk only supports a cert7.db file 
  -            */
  -            if (st->cert_file_type == LDAP_CA_TYPE_CERT7_DB)
  -            {
  -                rc = ldapssl_client_init(st->cert_auth_file, NULL);
  -            }
  -            else
  -            {
  -                ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, 
  -                         "LDAP: Invalid LDAPTrustedCAType directive - "
  -                          "CERT7_DB_PATH type required");
  -                rc = -1;
  -            }
  -
  -        #elif APR_HAS_NOVELL_LDAPSDK
  -        
  -            /* Novell SDK supports DER or BASE64 files
  -            */
  -            if (st->cert_file_type == LDAP_CA_TYPE_DER  ||
  -                st->cert_file_type == LDAP_CA_TYPE_BASE64 )
  -            {
  -                rc = ldapssl_client_init(NULL, NULL);
  -                if (LDAP_SUCCESS == rc)
  -                {
  -                    if (st->cert_file_type == LDAP_CA_TYPE_BASE64)
  -                        rc = ldapssl_add_trusted_cert(st->cert_auth_file, 
  -                                                  LDAPSSL_CERT_FILETYPE_B64);
  -                    else
  -                        rc = ldapssl_add_trusted_cert(st->cert_auth_file, 
  -                                                  LDAPSSL_CERT_FILETYPE_DER);
  -
  -                    if (LDAP_SUCCESS != rc)
  -                        ldapssl_client_deinit();
  -                }
  -            }
  -            else
  -            {
  -                ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, 
  -                             "LDAP: Invalid LDAPTrustedCAType directive - "
  -                             "DER_FILE or BASE64_FILE type required");
  -                rc = -1;
  -            }
  -
  -        #elif APR_HAS_OPENLDAP_LDAPSDK
  -
  -            /* OpenLDAP SDK supports BASE64 files
  -            */
  -            if (st->cert_file_type == LDAP_CA_TYPE_BASE64)
  -            {
  -                rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, st->cert_auth_file);
  -            }
  -            else
  -            {
  -                ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, 
  -                             "LDAP: Invalid LDAPTrustedCAType directive - "
  -                             "BASE64_FILE type required");
  -                rc = -1;
  -            }
  -
  -
  -        #elif APR_HAS_MICROSOFT_LDAPSDK
  -            
  -            /* Microsoft SDK use the registry certificate store - always
  -             * assume support is always available
  -            */
  -            rc = LDAP_SUCCESS;
  +    if (st->cert_auth_file) {
   
  -        #else
  -            rc = -1;
  -        #endif /* APR_HAS_NETSCAPE_LDAPSDK */
  +        apr_ldap_err_t *result = NULL;
  +        int rc = apr_ldap_ssl_init(p,
  +                                   st->cert_auth_file,
  +                                   st->cert_file_type,
  +                                   &(result));
   
  -        #else  /* not compiled with SSL Support */
  -
  -            ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, 
  -                     "LDAP: Not built with SSL support." );
  -            rc = -1;
  -
  -        #endif /* APR_HAS_LDAP_SSL */
  -
  -        if (LDAP_SUCCESS == rc)
  -        {
  +        if (LDAP_SUCCESS == rc) {
               st->ssl_support = 1;
           }
  -        else
  -        {
  -            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, 
  -                         "LDAP: SSL initialization failed");
  +        else if (NULL != result) {
  +            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, result->reason);
               st->ssl_support = 0;
           }
  +
       }
         
  -        /* The Microsoft SDK uses the registry certificate store -
  -         * always assume support is available
  -        */
  -    #if APR_HAS_MICROSOFT_LDAPSDK
  -        st->ssl_support = 1;
  -    #endif
  -    
  -
  -        /* log SSL status - If SSL isn't available it isn't necessarily
  -         * an error because the modules asking for LDAP connections 
  -         * may not ask for SSL support
  -        */
  -    if (st->ssl_support)
  -    {
  +    /* log SSL status - If SSL isn't available it isn't necessarily
  +     * an error because the modules asking for LDAP connections 
  +     * may not ask for SSL support
  +     */
  +    if (st->ssl_support) {
          ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, 
                            "LDAP: SSL support available" );
       }
  -    else
  -    {
  +    else {
          ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, 
                            "LDAP: SSL support unavailable" );
       }
  
  
  

Mime
View raw message