Author: minfrin Date: Tue Dec 21 02:06:01 2004 New Revision: 122954 URL: http://svn.apache.org/viewcvs?view=rev&rev=122954 Log: Rework the LDAP toolkit detection to be more accurate than "OpenLDAP detected regardless", while remaining backwards compatible with v1.0. Include Brad Nicholes' patch below, as it affected the same code: Added the apr_ldap_ssl_add_cert() API to allow multiple certificates to be stored and used when establishing an SSL connection to different LDAP servers.
Modified: apr/apr-util/branches/1.0.x/CHANGES apr/apr-util/branches/1.0.x/build/apu-conf.m4 apr/apr-util/branches/1.0.x/include/apr_ldap.h.in apr/apr-util/branches/1.0.x/include/apr_ldap.hnw apr/apr-util/branches/1.0.x/include/apr_ldap.hw apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c Modified: apr/apr-util/branches/1.0.x/CHANGES Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/CHANGES?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/CHANGES&r1=122953&p2=apr/apr-util/branches/1.0.x/CHANGES&r2=122954 ============================================================================== --- apr/apr-util/branches/1.0.x/CHANGES (original) +++ apr/apr-util/branches/1.0.x/CHANGES Tue Dec 21 02:06:01 2004 @@ -1,5 +1,13 @@ Changes with APR-util 1.0.2 + *) Rework the LDAP toolkit detection to be more accurate than "OpenLDAP + detected regardless", while remaining backwards compatible with v1.0. + [Graham Leggett] + + *) Added the apr_ldap_ssl_add_cert() API to allow multiple certificates + to be stored and used when establishing an SSL connection to different + LDAP servers. [Brad Nicholes] + *) Fix the detection of ldap.h on Solaris - it needs lber.h to be defined first. [Graham Leggett] Modified: apr/apr-util/branches/1.0.x/build/apu-conf.m4 Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/build/apu-conf.m4?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/build/apu-conf.m4&r1=122953&p2=apr/apr-util/branches/1.0.x/build/apu-conf.m4&r2=122954 ============================================================================== --- apr/apr-util/branches/1.0.x/build/apu-conf.m4 (original) +++ apr/apr-util/branches/1.0.x/build/apu-conf.m4 Tue Dec 21 02:06:01 2004 @@ -218,8 +218,14 @@ [ APR_ADDTO(APRUTIL_EXPORT_LIBS,[-l${ldaplib} ${extralib}]) APR_ADDTO(APRUTIL_LIBS,[-l${ldaplib} ${extralib}]) - AC_CHECK_LIB(${ldaplib}, ldapssl_install_routines, apu_has_ldap_netscape_ssl="1", , ${extralib}) - AC_CHECK_LIB(${ldaplib}, ldap_start_tls_s, apu_has_ldap_starttls="1", , ${extralib}) + AC_CHECK_LIB(${ldaplib}, ldapssl_client_init, apu_has_ldapssl_client_init="1", , ${extralib}) + AC_CHECK_LIB(${ldaplib}, ldapssl_client_deinit, apu_has_ldapssl_client_deinit="1", , ${extralib}) + AC_CHECK_LIB(${ldaplib}, ldapssl_add_trusted_cert, apu_has_ldapssl_add_trusted_cert="1", , ${extralib}) + AC_CHECK_LIB(${ldaplib}, ldap_start_tls_s, apu_has_ldap_start_tls_s="1", , ${extralib}) + AC_CHECK_LIB(${ldaplib}, ldap_sslinit, apu_has_ldap_sslinit="1", , +${extralib}) + AC_CHECK_LIB(${ldaplib}, ldapssl_init, apu_has_ldapssl_init="1", , +${extralib}) apu_has_ldap="1"; ], , ${extralib}) fi @@ -234,8 +240,12 @@ echo $ac_n "${nl}checking for ldap support..." apu_has_ldap="0"; -apu_has_ldap_netscape_ssl="0" -apu_has_ldap_starttls="0" +apu_has_ldapssl_client_init="0" +apu_has_ldapssl_client_deinit="0" +apu_has_ldapssl_add_trusted_cert="0" +apu_has_ldap_start_tls_s="0" +apu_has_ldapssl_init="0" +apu_has_ldap_sslinit="0" AC_ARG_WITH(ldap-include,[ --with-ldap-include=path path to ldap include files with trailing slash]) AC_ARG_WITH(ldap-lib,[ --with-ldap-lib=path path to ldap lib file]) @@ -291,8 +301,12 @@ AC_SUBST(ldap_h) AC_SUBST(lber_h) AC_SUBST(ldap_ssl_h) -AC_SUBST(apu_has_ldap_netscape_ssl) -AC_SUBST(apu_has_ldap_starttls) +AC_SUBST(apu_has_ldapssl_client_init) +AC_SUBST(apu_has_ldapssl_client_deinit) +AC_SUBST(apu_has_ldapssl_add_trusted_cert) +AC_SUBST(apu_has_ldap_start_tls_s) +AC_SUBST(apu_has_ldapssl_init) +AC_SUBST(apu_has_ldap_sslinit) AC_SUBST(apu_has_ldap) ]) Modified: apr/apr-util/branches/1.0.x/include/apr_ldap.h.in Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/include/apr_ldap.h.in?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/include/apr_ldap.h.in&r1=122953&p2=apr/apr-util/branches/1.0.x/include/apr_ldap.h.in&r2=122954 ============================================================================== --- apr/apr-util/branches/1.0.x/include/apr_ldap.h.in (original) +++ apr/apr-util/branches/1.0.x/include/apr_ldap.h.in Tue Dec 21 02:06:01 2004 @@ -29,95 +29,86 @@ * @{ */ - -/* - * This switches LDAP support on or off. - */ - /* this will be defined if LDAP support was compiled into apr-util */ #define APR_HAS_LDAP @apu_has_ldap@ -/* this whole thing disappears if LDAP is not enabled */ + +/* + * Handle the case when LDAP is disabled - switch everything off by default + */ #if !APR_HAS_LDAP +/* + * The following #defines are DEPRECATED and should not be used. They do + * not work properly anyway. + */ #define APR_HAS_NETSCAPE_LDAPSDK 0 #define APR_HAS_NOVELL_LDAPSDK 0 #define APR_HAS_OPENLDAP_LDAPSDK 0 #define APR_HAS_MICROSOFT_LDAPSDK 0 #define APR_HAS_OTHER_LDAPSDK 0 - #define APR_HAS_LDAP_SSL 0 -#define APR_HAS_LDAP_URL_PARSE 0 +#define APR_HAS_LDAP_URL_PARSE 0 +/* + * Handle the case when LDAP is enabled + */ #else /* ldap support available */ -#ifdef APR_NOT_READY_YET -/* FIXME: this code awaits support from apu-conf.m4 */ - - /* There a several LDAPv3 SDKs available on various platforms - * define which LDAP SDK is used +/* + * The following #defines are DEPRECATED and should not be used for + * anything. They remain to maintain binary compatibility. + * The original code defined the OPENLDAP SDK as present regardless + * of what really was there, which was way bogus. In addition, the + * apr_ldap_url_parse*() functions have been rewritten specifically for + * APR, so the APR_HAS_LDAP_URL_PARSE macro is forced to zero. */ -#define APR_HAS_NETSCAPE_LDAPSDK @apu_has_ldap_netscape@ -#define APR_HAS_NOVELL_LDAPSDK @apu_has_ldap_novell@ -#define APR_HAS_OPENLDAP_LDAPSDK @apu_has_ldap_openldap@ -#define APR_HAS_MICROSOFT_LDAPSDK @apu_has_ldap_microsoft@ -#define APR_HAS_OTHER_LDAPSDK @apu_has_ldap_other@ - - /* define if LDAP SSL support is available - */ -#define APR_HAS_LDAP_SSL @apu_has_ldap_ssl@ - -#else /* APR_NOT_READY_YET */ - -/* FIXME: remove this when above code works. Default to build with - * OpenLDAP until apu-conf.m4 support exists */ #define APR_HAS_OPENLDAP_LDAPSDK 1 #define APR_HAS_LDAP_SSL 1 +#define APR_HAS_LDAP_URL_PARSE 0 -#endif /* APR_NOT_READY_YET */ - /* If no APR_HAS_xxx_LDAPSDK is defined error out - * Define if the SDK supports the ldap_url_parse function - */ -#if APR_HAS_NETSCAPE_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 1 -#elif APR_HAS_NOVELL_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 1 -#elif APR_HAS_OPENLDAP_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 1 -#elif APR_HAS_MICROSOFT_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 0 -#elif APR_HAS_OTHER_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 0 -#else - #define APR_HAS_LDAP_URL_PARSE 0 - #error "ERROR no LDAP SDK defined!" -#endif - -/* LDAP header files */ +/* + * Include the standard LDAP header files. + */ -#if APR_HAS_NETSCAPE_LDAPSDK @lber_h@ @ldap_h@ #if APR_HAS_LDAP_SSL @ldap_ssl_h@ #endif -#endif -#if APR_HAS_NOVELL_LDAPSDK [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ -#if APR_HAS_LDAP_SSL [EMAIL PROTECTED]@ -#endif -#endif -#if APR_HAS_OPENLDAP_LDAPSDK [EMAIL PROTECTED]@ [EMAIL PROTECTED]@ +/* + * Vendor LDAP toolkits that we identify + */ +#define APR_LDAP_VENDOR_NOVELL "Novell" +#define APR_LDAP_VENDOR_NETSCAPE "Netscape Communications Corp." +#define APR_LDAP_VENDOR_MICROSOFT "Microsoft Corporation." +#define APR_LDAP_VENDOR_OPENLDAP "OpenLDAP" +#define APR_LDAP_VENDOR_SUN "Sun Microsystems Inc." + + +/* + * Detected standard functions + */ +#define APR_HAS_LDAPSSL_CLIENT_INIT @apu_has_ldapssl_client_init@ +#define APR_HAS_LDAPSSL_CLIENT_DEINIT @apu_has_ldapssl_client_deinit@ +#define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT @apu_has_ldapssl_add_trusted_cert@ +#define APR_HAS_LDAP_START_TLS_S @apu_has_ldap_start_tls_s@ +#define APR_HAS_LDAP_SSLINIT @apu_has_ldap_sslinit@ +#define APR_HAS_LDAPSSL_INIT @apu_has_ldapssl_init@ + + +/* + * Make sure the secure LDAP port is defined + */ +#ifndef LDAPS_PORT +#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */ #endif + /* Note: Macros defining const casting has been removed in APR v1.0, * pending real support for LDAP v2.0 toolkits. * @@ -127,6 +118,7 @@ #error Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit. #endif + /** * This structure allows the C LDAP API error codes to be returned * along with plain text error messages that explain to us mere mortals @@ -140,6 +132,7 @@ #include "apr_ldap_url.h" #include "apr_ldap_init.h" + /** @} */ #endif /* APR_HAS_LDAP */ Modified: apr/apr-util/branches/1.0.x/include/apr_ldap.hnw Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/include/apr_ldap.hnw?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/include/apr_ldap.hnw&r1=122953&p2=apr/apr-util/branches/1.0.x/include/apr_ldap.hnw&r2=122954 ============================================================================== --- apr/apr-util/branches/1.0.x/include/apr_ldap.hnw (original) +++ apr/apr-util/branches/1.0.x/include/apr_ldap.hnw Tue Dec 21 02:06:01 2004 @@ -1,4 +1,4 @@ -/* Copyright 2000-2004 The Apache Software Foundation +/* Copyright 2002-2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,90 +29,83 @@ * @{ */ +/* this will be defined if LDAP support was compiled into apr-util */ +#define APR_HAS_LDAP 1 + /* - * This switches LDAP support on or off. + * Handle the case when LDAP is disabled - switch everything off by default */ - -/* this will be defined if LDAP support was compiled into apr-util */ -#define APR_HAS_LDAP 1 - -/* this whole thing disappears if LDAP is not enabled */ #if !APR_HAS_LDAP +/* + * The following #defines are DEPRECATED and should not be used. They do + * not work properly anyway. + */ #define APR_HAS_NETSCAPE_LDAPSDK 0 #define APR_HAS_NOVELL_LDAPSDK 0 #define APR_HAS_OPENLDAP_LDAPSDK 0 #define APR_HAS_MICROSOFT_LDAPSDK 0 #define APR_HAS_OTHER_LDAPSDK 0 - #define APR_HAS_LDAP_SSL 0 #define APR_HAS_LDAP_URL_PARSE 0 +/* + * Handle the case when LDAP is enabled + */ #else /* ldap support available */ - - /* There a several LDAPv3 SDKs available on various platforms - * define which LDAP SDK is used - */ -#define APR_HAS_NETSCAPE_LDAPSDK 0 -#define APR_HAS_NOVELL_LDAPSDK 1 -#define APR_HAS_OPENLDAP_LDAPSDK 0 -#define APR_HAS_MICROSOFT_LDAPSDK 0 -#define APR_HAS_OTHER_LDAPSDK 0 - - /* define if LDAP SSL support is available - */ +/* + * The following #defines are DEPRECATED and should not be used for + * anything. They remain to maintain binary compatibility. + * The original code defined the OPENLDAP SDK as present regardless + * of what really was there, which was way bogus. In addition, the + * apr_ldap_url_parse*() functions have been rewritten specifically for + * APR, so the APR_HAS_LDAP_URL_PARSE macro is forced to zero. + */ +#define APR_HAS_NOVELL_LDAPSDK 1 #define APR_HAS_LDAP_SSL 1 +#define APR_HAS_LDAP_URL_PARSE 0 - /* If no APR_HAS_xxx_LDAPSDK is defined error out - * Define if the SDK supports the ldap_url_parse function - */ -#if APR_HAS_NETSCAPE_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 1 -#elif APR_HAS_NOVELL_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 1 -#elif APR_HAS_OPENLDAP_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 1 -#elif APR_HAS_MICROSOFT_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 0 -#elif APR_HAS_OTHER_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 0 -#else - #define APR_HAS_LDAP_URL_PARSE 0 - #error "ERROR no LDAP SDK defined!" -#endif -/* LDAP header files */ +/* + * Include the standard LDAP header files. + */ -#if APR_HAS_NETSCAPE_LDAPSDK -#include <ldap.h> #include <lber.h> -#if APR_HAS_LDAP_SSL -#include <ldap_ssl.h> -#endif -#endif - -#if APR_HAS_NOVELL_LDAPSDK #include <ldap.h> -#include <lber.h> #if APR_HAS_LDAP_SSL #include <ldap_ssl.h> #endif -#endif -#if APR_HAS_OPENLDAP_LDAPSDK -#include <ldap.h> -#include <lber.h> -#endif -/* Included in Windows 2000 and later, earlier 9x/NT 4.0 clients - * will need to obtain the Active Directory Client Extensions. +/* + * Vendor LDAP toolkits that we identify + */ +#define APR_LDAP_VENDOR_NOVELL "Novell" +#define APR_LDAP_VENDOR_NETSCAPE "Netscape Communications Corp." +#define APR_LDAP_VENDOR_MICROSOFT "Microsoft Corporation." +#define APR_LDAP_VENDOR_OPENLDAP "OpenLDAP" +#define APR_LDAP_VENDOR_SUN "Sun Microsystems Inc." + + +/* + * Detected standard functions */ -#if APR_HAS_MICROSOFT_LDAPSDK -#include <winldap.h> -#define LDAPS_PORT LDAP_SSL_PORT +#define APR_HAS_LDAPSSL_CLIENT_INIT 1 +#define APR_HAS_LDAPSSL_CLIENT_DEINIT 1 +#define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT 1 +#define APR_HAS_LDAP_START_TLS_S 0 +#define APR_HAS_LDAP_SSLINIT 0 +#define APR_HAS_LDAPSSL_INIT 1 + + +/* + * Make sure the secure LDAP port is defined + */ +#ifndef LDAPS_PORT +#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */ #endif @@ -125,6 +118,7 @@ #error Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit. #endif + /** * This structure allows the C LDAP API error codes to be returned * along with plain text error messages that explain to us mere mortals @@ -139,6 +133,8 @@ #include "apr_ldap_url.h" #include "apr_ldap_init.h" + /** @} */ -#endif /* APU_HAS_LDAP */ +#endif /* APR_HAS_LDAP */ #endif /* APU_LDAP_H */ + Modified: apr/apr-util/branches/1.0.x/include/apr_ldap.hw Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/include/apr_ldap.hw?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/include/apr_ldap.hw&r1=122953&p2=apr/apr-util/branches/1.0.x/include/apr_ldap.hw&r2=122954 ============================================================================== --- apr/apr-util/branches/1.0.x/include/apr_ldap.hw (original) +++ apr/apr-util/branches/1.0.x/include/apr_ldap.hw Tue Dec 21 02:06:01 2004 @@ -1,4 +1,4 @@ -/* Copyright 2000-2004 The Apache Software Foundation +/* Copyright 2002-2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -13,9 +13,6 @@ * limitations under the License. */ -#include "apr.h" -#include "apu.h" - /* * apr_ldap.h is generated from apr_ldap.h.in by configure -- do not edit apr_ldap.h */ @@ -32,92 +29,82 @@ * @{ */ - -/* - * This switches LDAP support on or off. - */ - /* this will be defined if LDAP support was compiled into apr-util */ #define APR_HAS_LDAP 1 -/* this whole thing disappears if LDAP is not enabled */ + +/* + * Handle the case when LDAP is disabled - switch everything off by default + */ #if !APR_HAS_LDAP +/* + * The following #defines are DEPRECATED and should not be used. They do + * not work properly anyway. + */ #define APR_HAS_NETSCAPE_LDAPSDK 0 #define APR_HAS_NOVELL_LDAPSDK 0 #define APR_HAS_OPENLDAP_LDAPSDK 0 #define APR_HAS_MICROSOFT_LDAPSDK 0 #define APR_HAS_OTHER_LDAPSDK 0 - #define APR_HAS_LDAP_SSL 0 -#define APR_HAS_LDAP_URL_PARSE 0 +#define APR_HAS_LDAP_URL_PARSE 0 +/* + * Handle the case when LDAP is enabled + */ #else /* ldap support available */ +/* + * The following #defines are DEPRECATED and should not be used for + * anything. They remain to maintain binary compatibility. + * The original code defined the OPENLDAP SDK as present regardless + * of what really was there, which was way bogus. In addition, the + * apr_ldap_url_parse*() functions have been rewritten specifically for + * APR, so the APR_HAS_LDAP_URL_PARSE macro is forced to zero. + */ +#define APR_HAS_MICROSOFT_LDAPSDK 1 +#define APR_HAS_LDAP_SSL 1 +#define APR_HAS_LDAP_URL_PARSE 0 - /* There a several LDAPv3 SDKs available on various platforms - * define which LDAP SDK is used - */ -#define APR_HAS_NETSCAPE_LDAPSDK 0 -#define APR_HAS_NOVELL_LDAPSDK 0 -#define APR_HAS_OPENLDAP_LDAPSDK 0 -#define APR_HAS_MICROSOFT_LDAPSDK 1 -#define APR_HAS_OTHER_LDAPSDK 0 - /* define if LDAP SSL support is available - */ -#define APR_HAS_LDAP_SSL 1 - - /* If no APR_HAS_xxx_LDAPSDK is defined error out - * Define if the SDK supports the ldap_url_parse function - */ -#if APR_HAS_NETSCAPE_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 1 -#elif APR_HAS_NOVELL_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 1 -#elif APR_HAS_OPENLDAP_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 1 -#elif APR_HAS_MICROSOFT_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 0 -#elif APR_HAS_OTHER_LDAPSDK - #define APR_HAS_LDAP_URL_PARSE 0 -#else - #define APR_HAS_LDAP_URL_PARSE 0 - #error "ERROR no LDAP SDK defined!" -#endif +/* + * Include the standard LDAP header files. + */ -/* LDAP header files */ +#include <winldap.h> -#if APR_HAS_NETSCAPE_LDAPSDK -#include <ldap.h> -#include <lber.h> -#if APR_HAS_LDAP_SSL -#include <ldap_ssl.h> -#endif -#endif -#if APR_HAS_NOVELL_LDAPSDK -#include <ldap.h> -#include <lber.h> -#if APR_HAS_LDAP_SSL -#include <ldap_ssl.h> -#endif -#endif +/* + * Vendor LDAP toolkits that we identify + */ +#define APR_LDAP_VENDOR_NOVELL "Novell" +#define APR_LDAP_VENDOR_NETSCAPE "Netscape Communications Corp." +#define APR_LDAP_VENDOR_MICROSOFT "Microsoft Corporation." +#define APR_LDAP_VENDOR_OPENLDAP "OpenLDAP" +#define APR_LDAP_VENDOR_SUN "Sun Microsystems Inc." -#if APR_HAS_OPENLDAP_LDAPSDK -#include <ldap.h> -#include <lber.h> -#endif -/* Included in Windows 2000 and later, earlier 9x/NT 4.0 clients - * will need to obtain the Active Directory Client Extensions. +/* + * Detected standard functions */ -#if APR_HAS_MICROSOFT_LDAPSDK -#include <winldap.h> -#define LDAPS_PORT LDAP_SSL_PORT +#define APR_HAS_LDAPSSL_CLIENT_INIT 0 +#define APR_HAS_LDAPSSL_CLIENT_DEINIT 0 +#define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT 0 +#define APR_HAS_LDAP_START_TLS_S 0 +#define APR_HAS_LDAP_SSLINIT 1 +#define APR_HAS_LDAPSSL_INIT 0 + + +/* + * Make sure the secure LDAP port is defined + */ +#ifndef LDAPS_PORT +#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */ #endif + /* Note: Macros defining const casting has been removed in APR v1.0, * pending real support for LDAP v2.0 toolkits. * @@ -127,6 +114,7 @@ #error Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit. #endif + /** * This structure allows the C LDAP API error codes to be returned * along with plain text error messages that explain to us mere mortals @@ -140,6 +128,7 @@ #include "apr_ldap_url.h" #include "apr_ldap_init.h" + /** @} */ #endif /* APR_HAS_LDAP */ Modified: apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c&r1=122953&p2=apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c&r2=122954 ============================================================================== --- apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c (original) +++ apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c Tue Dec 21 02:06:01 2004 @@ -46,91 +46,201 @@ int cert_file_type, apr_ldap_err_t **result_err) { + apr_ldap_err_t *result; + + if (cert_auth_file) { + return apr_ldap_ssl_add_cert(pool, + cert_auth_file, + cert_file_type, + result_err); + } + else { + result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); + *result_err = result; +#if APR_HAS_LDAP_SSL /* compiled with ssl support */ + + /* Novell needs special initialisation */ + if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NOVELL)) { + +#if APR_HAS_LDAPSSL_CLIENT_INIT + result->rc = ldapssl_client_init(NULL, NULL); + + if (LDAP_SUCCESS == result->rc) { + return APR_SUCCESS; + } + else { + result->msg = ldap_err2string(result-> rc); + result->reason = apr_pstrdup (pool, "LDAP: Could not " + "initialize SSL"); + return APR_EGENERAL; + } +#else + result->reason = "LDAP: ldapssl_client_init() function not " + "supported by this Novell SDK. SSL not " + "initialised"; + result->rc = -1; +#endif + + } + +#endif + } + + /* if no cert_auth_file was passed, we assume SSL support + * is possible, as we have not been specifically told otherwise. + */ + return APR_SUCCESS; + +} + + +/** + * APR LDAP SSL add client certificate function. + * + * This function sets up an optional client certificate to be used + * when connecting to the remote LDAP server. + * If SSL support is not available on this platform, or a problem + * was encountered while trying to set the certificate, the function + * will return APR_EGENERAL. Further LDAP specific error information + * can be found in result_err. + */ +APU_DECLARE(int) apr_ldap_ssl_add_cert(apr_pool_t *pool, + const char *cert_auth_file, + int cert_file_type, + apr_ldap_err_t **result_err) { + apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; if (cert_auth_file) { #if APR_HAS_LDAP_SSL /* compiled with ssl support */ -#if APR_HAS_NETSCAPE_LDAPSDK + /* Netscape SDK */ + if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NETSCAPE)) { - /* Netscape sdk only supports a cert7.db file - */ - if (cert_file_type == APR_LDAP_CA_TYPE_CERT7_DB) { - result->rc = ldapssl_client_init(cert_auth_file, NULL); - } - else { - result->reason = "LDAP: Invalid certificate type: " - "CERT7_DB type required"; +#if APR_HAS_LDAP_SSL_CLIENT_INIT + /* Netscape sdk only supports a cert7.db file + */ + if (cert_file_type == APR_LDAP_CA_TYPE_CERT7_DB) { + result->rc = ldapssl_client_init(cert_auth_file, NULL); + } + else { + result->reason = "LDAP: Invalid certificate type: " + "CERT7_DB type required"; + result->rc = -1; + } +#else + result->reason = "LDAP: ldapssl_client_init() function not " + "supported by this Netscape SDK. Certificate " + "authority file not set"; result->rc = -1; +#endif + } -#elif APR_HAS_NOVELL_LDAPSDK - - /* Novell SDK supports DER or BASE64 files - */ - if (cert_file_type == APR_LDAP_CA_TYPE_DER || - cert_file_type == APR_LDAP_CA_TYPE_BASE64 ) { + /* Novell SDK */ + else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NOVELL)) { - result->rc = ldapssl_client_init(NULL, NULL); - if (LDAP_SUCCESS == result->rc) { - if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) { - result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file, +#if APR_HAS_LDAPSSL_CLIENT_INIT && APR_HAS_LDAPSSL_ADD_TRUSTED_CERT && APR_HAS_LDAPSSL_CLIENT_DEINIT + /* Novell SDK supports DER or BASE64 files + */ + if (cert_file_type == APR_LDAP_CA_TYPE_DER || + cert_file_type == APR_LDAP_CA_TYPE_BASE64 ) { + + result->rc = ldapssl_client_init(NULL, NULL); + if (LDAP_SUCCESS == result->rc) { + if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) { + result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file, LDAPSSL_CERT_FILETYPE_B64); - } - else { - result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file, + } + else { + result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file, LDAPSSL_CERT_FILETYPE_DER); - } + } - if (LDAP_SUCCESS != result->rc) { - ldapssl_client_deinit(); - result->reason = apr_psprintf (pool, - "LDAP: Invalid certificate or path: " - "Could not add trusted cert %s", - cert_auth_file); + if (LDAP_SUCCESS != result->rc) { + ldapssl_client_deinit(); + result->reason = apr_psprintf(pool, + "LDAP: Invalid certificate " + "or path: Could not add " + "trusted cert %s", + cert_auth_file); + } } } - } - else { - result->reason = "LDAP: Invalid certificate type: " - "DER or BASE64 type required"; + else { + result->reason = "LDAP: Invalid certificate type: " + "DER or BASE64 type required"; + result->rc = -1; + } + +#else + result->reason = "LDAP: ldapssl_client_init(), " + "ldapssl_add_trusted_cert() or " + "ldapssl_client_deinit() functions not supported " + "by this Novell SDK. Certificate authority file " + "not set"; result->rc = -1; +#endif } -#elif APR_HAS_OPENLDAP_LDAPSDK + /* openldap SDK */ + else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_OPENLDAP)) { +#ifdef LDAP_OPT_X_TLS_CACERTFILE + + /* OpenLDAP SDK supports BASE64 files + */ + if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) { + result->rc = ldap_set_option(NULL, + LDAP_OPT_X_TLS_CACERTFILE, + cert_auth_file); + } + else { + result->reason = "LDAP: Invalid certificate type: " + "BASE64 type required"; + result->rc = -1; + } - /* OpenLDAP SDK supports BASE64 files - */ - if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) { - result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, cert_auth_file); - } - else { - result->reason = "LDAP: Invalid certificate type: " - "BASE64 type required"; +#else + result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not " + "defined by this OpenLDAP SDK. Certificate " + "authority file not set"; result->rc = -1; +#endif } -#elif APR_HAS_MICROSOFT_LDAPSDK - - /* Microsoft SDK use the registry certificate store - always - * assume support is always available - */ - result->rc = LDAP_SUCCESS; + /* microsoft SDK */ + else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_MICROSOFT)) { -#else + /* Microsoft SDK use the registry certificate store - always + * assume support is always available + */ + result->rc = LDAP_SUCCESS; - /* unknown toolkit type, assume no support available */ - result->reason = "LDAP: Attempt to set certificate store failed. " - "Toolkit type not recognised as supporting SSL."; - result->rc = -1; + } -#endif /* APR_HAS_NETSCAPE_LDAPSDK */ + /* Sun SDK */ + else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_SUN)) { + result->reason = "LDAP: Attempt to set certificate store failed. " + "APR does not yet know how to set a certificate " + "store on the Sun toolkit"; + result->rc = -1; + } + + /* SDK not recognised */ + else { + + /* unknown toolkit type, assume no support available */ + result->reason = "LDAP: Attempt to set certificate store failed. " + "Toolkit type not recognised by APR as supporting " + "SSL"; + result->rc = -1; + } #else /* not compiled with SSL Support */ result->reason = "LDAP: Attempt to set certificate store failed. " - "Not built with SSL support."; + "Not built with SSL support"; result->rc = -1; #endif /* APR_HAS_LDAP_SSL */ @@ -169,7 +279,7 @@ */ APU_DECLARE(int) apr_ldap_ssl_deinit(void) { -#if APR_HAS_LDAP_SSL && APR_HAS_NOVELL_LDAPSDK +#if APR_HAS_LDAP_SSL && APR_HAS_LDAPSSL_CLIENT_DEINIT ldapssl_client_deinit(); #endif return APR_SUCCESS; @@ -201,38 +311,68 @@ /* clear connection requested */ if (!secure) { -#if APR_HAS_MICROSOFT_LDAPSDK *ldap = ldap_init((char *)hostname, portno); -#else - *ldap = ldap_init(hostname, portno); -#endif } else { /* ssl connnection requested */ #if APR_HAS_LDAP_SSL -#if APR_HAS_NOVELL_LDAPSDK - *ldap = ldapssl_init(hostname, portno, 1); -#elif APR_HAS_NETSCAPE_LDAPSDK - *ldap = ldapssl_init(hostname, portno, 1); -#elif APR_HAS_OPENLDAP_LDAPSDK - *ldap = ldap_init(hostname, portno); - if (NULL != *ldap) { - int SSLmode = LDAP_OPT_X_TLS_HARD; - result->rc = ldap_set_option(*ldap, LDAP_OPT_X_TLS, &SSLmode); - if (LDAP_SUCCESS != result->rc) { - ldap_unbind_s(*ldap); - result->reason = "LDAP: ldap_set_option - LDAP_OPT_X_TLS_HARD failed"; - result->msg = ldap_err2string(result->rc); - *ldap = NULL; - /* @todo make proper APR error codes for LDAP codes */ - return APR_EGENERAL; + + /* novell / netscape toolkit */ + if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NOVELL) || + !strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NETSCAPE)) { +#if APR_HAS_LDAPSSL_INIT + *ldap = ldapssl_init(hostname, portno, 1); +#else + result->reason = "LDAP: SSL not yet supported by APR on " + "this version of the Novell/Netscape toolkit"; + return APR_ENOTIMPL; +#endif + } + + /* openldap toolkit */ + else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_OPENLDAP)) { +#ifdef LDAP_OPT_X_TLS + *ldap = ldap_init(hostname, portno); + if (NULL != *ldap) { + int SSLmode = LDAP_OPT_X_TLS_HARD; + result->rc = ldap_set_option(*ldap, LDAP_OPT_X_TLS, &SSLmode); + if (LDAP_SUCCESS != result->rc) { + ldap_unbind_s(*ldap); + result->reason = "LDAP: ldap_set_option - " + "LDAP_OPT_X_TLS_HARD failed"; + result->msg = ldap_err2string(result->rc); + *ldap = NULL; + return APR_EGENERAL; + } } +#else + result->reason = "LDAP: SSL not yet supported by APR on this " + "version of the OpenLDAP toolkit"; + return APR_ENOTIMPL; +#endif } -#elif APR_HAS_MICROSOFT_LDAPSDK - *ldap = ldap_sslinit((char *)hostname, portno, 1); + + /* microsoft toolkit */ + else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_MICROSOFT)) { +#if APR_HAS_LDAP_SSLINIT + *ldap = ldap_sslinit((char *)hostname, portno, 1); #else + result->reason = "LDAP: SSL not yet supported by APR on " + "this version of the Microsoft toolkit"; + return APR_ENOTIMPL; +#endif + } + + /* sun toolkit */ + else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_SUN)) { + result->reason = "LDAP: SSL not yet supported by APR on " + "this version of the Sun toolkit"; + return APR_ENOTIMPL; + } + /* unknown toolkit - return not implemented */ - return APR_ENOTIMPL; -#endif /* APR_HAS_NOVELL_LDAPSDK */ + else { + return APR_ENOTIMPL; + } #endif /* APR_HAS_LDAP_SSL */ } @@ -260,18 +400,9 @@ apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; -#if APR_HAS_NETSCAPE_LDAPSDK - result->reason = "APR LDAP: Built with Netscape LDAP SDK"; -#elif APR_HAS_NOVELL_LDAPSDK - result->reason = "APR LDAP: Built with Novell LDAP SDK"; -#elif APR_HAS_OPENLDAP_LDAPSDK - result->reason = "APR LDAP: Built with OpenLDAP LDAP SDK"; -#elif APR_HAS_MICROSOFT_LDAPSDK - result->reason = "APR LDAP: Built with Microsoft LDAP SDK"; -#else - result->reason = "APR LDAP: Built with an unknown LDAP SDK"; -#endif - + result->reason = "APR LDAP: Built with " + LDAP_VENDOR_NAME + " LDAP SDK"; return APR_SUCCESS; }
