Re: POC: updated LDAP support for apr-util 1.7

2023-09-19 Thread Graham Leggett via dev 
On 19 Sep 2023, at 11:34, Ruediger Pluem  wrote:

>> /* For DSO builds, export the table of entry points into the apr_ldap DSO
> 
> In the end I think this effort only makes sense if we find a way to get LDAP 
> back into trunk.
> I cannot remember if these enhancements would be enough to address the points 
> that caused the LDAP API to be removed from trunk in
> r1129809 about 12 years ago.

My understanding was the objection was to the native LDAP type being exposed. 
This is an effort to no longer expose the native LDAP type.

I am still going work to eliminate the native LDAP type from all the httpd 
code, but there are too many bugs in the world and not enough hours in the day.

Regards,
Graham
—

POC: updated LDAP support for apr-util 1.7

2023-04-18 Thread Graham Leggett via dev 
Hi all,

The following patch adds ldapi:// (LDAP over unix domain socket) support to 
apr-util. It is part of a wider cleanup covering the following:

- Add apr_ldap_t to hide the native LDAP type.
- Add apr_ldap_initialize() with URL support, allowing us to do ldapi://, 
including proper pool cleanups.
- Add apr_ldap_get_option_ex() and apr_ldap_set_option_ex() that use 
apr_ldap_t, and support all options used by httpd.
- Options passed to apr_ldap_get_option_ex() / apr_ldap_set_option_ex() are a 
strongly typed union rather than the native void pointers, the assumption being 
the union is extensible in future.

In theory this extends but does not break our ABI and is safe to go into 
apr-util 1.7, if this isn’t the case please tell me so I can fix it.

Regards,
Graham
—

Index: CHANGES
===
--- CHANGES (revision 1909133)
+++ CHANGES (working copy)
@@ -1,6 +1,11 @@
  -*- coding: utf-8 -*-
 Changes with APR-util 1.7.0
 
+  *) apr_ldap: Add apr_ldap_t type. Add apr_ldap_initialize() with
+ URL and ldapi:// support. Add apr_ldap_get_option_ex() and
+ apr_ldap_set_option_ex() with support for the apr_ldap_t type.
+ [Graham Leggett]
+
   *) apr_crypto_openssl: Compatibility with OpenSSL 3.  [Yann Ylavic]
 
   *) configure: Fix configure for compilers which don't accept implicit
Index: build/apu-conf.m4
===
--- build/apu-conf.m4   (revision 1909133)
+++ build/apu-conf.m4   (working copy)
@@ -63,6 +63,7 @@
 AC_CHECK_LIB(${ldaplib}, ldap_init, 
   [
 LDADD_ldap_found="-l${ldaplib} ${extralib}"
+AC_CHECK_LIB(${ldaplib}, ldap_initialize, apu_has_ldap_initialize="1", 
, ${extralib})
 AC_CHECK_LIB(${ldaplib}, ldapssl_client_init, 
apu_has_ldapssl_client_init="1", , ${extralib})
 AC_CHECK_LIB(${ldaplib}, ldapssl_client_deinit, 
apu_has_ldapssl_client_deinit="1", , ${extralib})
 AC_CHECK_LIB(${ldaplib}, ldapssl_add_trusted_cert, 
apu_has_ldapssl_add_trusted_cert="1", , ${extralib})
@@ -84,6 +85,7 @@
 echo $ac_n "${nl}checking for ldap support..."
 
 apu_has_ldap="0";
+apu_has_ldap_initialize="0"
 apu_has_ldapssl_client_init="0"
 apu_has_ldapssl_client_deinit="0"
 apu_has_ldapssl_add_trusted_cert="0"
@@ -277,6 +279,7 @@
 AC_SUBST(ldap_h)
 AC_SUBST(lber_h)
 AC_SUBST(ldap_ssl_h)
+AC_SUBST(apu_has_ldap_initialize)
 AC_SUBST(apu_has_ldapssl_client_init)
 AC_SUBST(apu_has_ldapssl_client_deinit)
 AC_SUBST(apu_has_ldapssl_add_trusted_cert)
Index: include/apr_ldap.h.in
===
--- include/apr_ldap.h.in   (revision 1909133)
+++ include/apr_ldap.h.in   (working copy)
@@ -84,6 +84,7 @@
 /*
  * Detected standard functions
  */
+#define APR_HAS_LDAP_INITIALIZE @apu_has_ldap_initialize@
 #define APR_HAS_LDAPSSL_CLIENT_INIT @apu_has_ldapssl_client_init@
 #define APR_HAS_LDAPSSL_CLIENT_DEINIT @apu_has_ldapssl_client_deinit@
 #define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT @apu_has_ldapssl_add_trusted_cert@
@@ -151,6 +152,11 @@
 int rc;
 } apr_ldap_err_t;
 
+/**
+ * Opaque structure tracking the state of an LDAP connection.
+ */
+typedef struct apr_ldap_t apr_ldap_t;
+
 #ifdef __cplusplus
 }
 #endif
@@ -181,6 +187,9 @@
 #define apr_ldap_rebind_init apr__ldap_rebind_init
 #define apr_ldap_rebind_add apr__ldap_rebind_add
 #define apr_ldap_rebind_remove apr__ldap_rebind_remove
+#define apr_ldap_initialize apr__ldap_initialize
+#define apr_ldap_get_option_ex apr__ldap_get_option_ex
+#define apr_ldap_set_option_ex apr__ldap_set_option_ex
 
 #define APU_DECLARE_LDAP(type) type
 #else
Index: include/apr_ldap.hnw
===
--- include/apr_ldap.hnw(revision 1909133)
+++ include/apr_ldap.hnw(working copy)
@@ -79,6 +79,7 @@
 /*
  * Detected standard functions
  */
+#define APR_HAS_LDAP_INITIALIZE 0
 #define APR_HAS_LDAPSSL_CLIENT_INIT 1
 #define APR_HAS_LDAPSSL_CLIENT_DEINIT 1
 #define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT 1
@@ -120,6 +121,11 @@
 int rc;
 } apr_ldap_err_t;
 
+/**
+ * Opaque structure tracking the state of an LDAP connection.
+ */
+typedef struct apr_ldap_t apr_ldap_t;
+
 #ifdef __cplusplus
 }
 #endif
@@ -141,6 +147,9 @@
 #define apr_ldap_rebind_init apr__ldap_rebind_init
 #define apr_ldap_rebind_add apr__ldap_rebind_add
 #define apr_ldap_rebind_remove apr__ldap_rebind_remove
+#define apr_ldap_initialize apr__ldap_initialize
+#define apr_ldap_get_option_ex apr__ldap_get_option_ex
+#define apr_ldap_set_option_ex apr__ldap_set_option_ex
 
 #define APU_DECLARE_LDAP(type) type
 #else
Index: include/apr_ldap.hw
===
--- include/apr_ldap.hw (revision 1909133)
+++ include/apr_ldap.hw (working copy)
@@ -82,6 +82,7 @@
 /*
  * Detected standard functions
  */
+#define APR_HAS_LDAP_INITIALIZE 0