You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2004/08/04 02:04:41 UTC
cvs commit: httpd-2.0/modules/experimental mod_auth_ldap.c util_ldap.c
minfrin 2004/08/03 17:04:41
Modified: . CHANGES
modules/experimental mod_auth_ldap.c util_ldap.c
Log:
Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap.
Revision Changes Path
1.1544 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1543
retrieving revision 1.1544
diff -u -r1.1543 -r1.1544
--- CHANGES 1 Aug 2004 01:12:29 -0000 1.1543
+++ CHANGES 4 Aug 2004 00:04:40 -0000 1.1544
@@ -2,6 +2,9 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap.
+ [Graham Leggett]
+
*) Remove deprecated/removed APR_STATUS_IS_SUCCESS(). [Justin Erenkrantz]
*) perchild MPM: Fix thread safety problem in the use of longjmp().
1.28 +5 -16 httpd-2.0/modules/experimental/mod_auth_ldap.c
Index: mod_auth_ldap.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/experimental/mod_auth_ldap.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- mod_auth_ldap.c 21 May 2004 03:14:06 -0000 1.27
+++ mod_auth_ldap.c 4 Aug 2004 00:04:41 -0000 1.28
@@ -692,8 +692,9 @@
void *config,
const char *url)
{
- int result;
+ int rc;
apr_ldap_url_desc_t *urld;
+ apr_ldap_err_t *result;
mod_auth_ldap_config_t *sec = config;
@@ -701,20 +702,9 @@
cmd->server, "[%d] auth_ldap url parse: `%s'",
getpid(), url);
- result = apr_ldap_url_parse(url, &(urld));
- if (result != LDAP_SUCCESS) {
- switch (result) {
- case LDAP_URL_ERR_NOTLDAP:
- return "LDAP URL does not begin with ldap://";
- case LDAP_URL_ERR_NODN:
- return "LDAP URL does not have a DN";
- case LDAP_URL_ERR_BADSCOPE:
- return "LDAP URL has an invalid scope";
- case LDAP_URL_ERR_MEM:
- return "Out of memory parsing LDAP URL";
- default:
- return "Could not parse LDAP URL";
- }
+ rc = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result));
+ if (rc != APR_SUCCESS) {
+ return result->reason;
}
sec->url = apr_pstrdup(cmd->pool, url);
@@ -801,7 +791,6 @@
}
sec->have_ldap_url = 1;
- apr_ldap_free_urldesc(urld);
return NULL;
}
1.36 +43 -185 httpd-2.0/modules/experimental/util_ldap.c
Index: util_ldap.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/experimental/util_ldap.c,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- util_ldap.c 26 Jun 2004 16:00:26 -0000 1.35
+++ util_ldap.c 4 Aug 2004 00:04:41 -0000 1.36
@@ -254,50 +254,16 @@
*/
if (NULL == ldc->ldap)
{
- /* clear connection requested */
- if (!ldc->secure)
- {
- ldc->ldap = ldap_init(const_cast(ldc->host), ldc->port);
- }
- else /* ssl connnection requested */
- {
- /* check configuration to make sure it supports SSL
- */
- if (st->ssl_support)
- {
- #if APR_HAS_LDAP_SSL
-
- #if APR_HAS_NOVELL_LDAPSDK
- ldc->ldap = ldapssl_init(ldc->host, ldc->port, 1);
-
- #elif APR_HAS_NETSCAPE_LDAPSDK
- ldc->ldap = ldapssl_init(ldc->host, ldc->port, 1);
-
- #elif APR_HAS_OPENLDAP_LDAPSDK
- ldc->ldap = ldap_init(ldc->host, ldc->port);
- if (NULL != ldc->ldap)
- {
- int SSLmode = LDAP_OPT_X_TLS_HARD;
- result = ldap_set_option(ldc->ldap, LDAP_OPT_X_TLS, &SSLmode);
- if (LDAP_SUCCESS != result)
- {
- ldap_unbind_s(ldc->ldap);
- ldc->reason = "LDAP: ldap_set_option - LDAP_OPT_X_TLS_HARD failed";
- ldc->ldap = NULL;
- }
- }
+ apr_ldap_err_t *result = NULL;
+ int rc = apr_ldap_init(r->pool,
+ &(ldc->ldap),
+ ldc->host,
+ ldc->port,
+ ldc->secure,
+ &(result));
- #elif APR_HAS_MICROSOFT_LDAPSDK
- ldc->ldap = ldap_sslinit(const_cast(ldc->host), ldc->port, 1);
-
- #else
- ldc->reason = "LDAP: ssl connections not supported";
- #endif /* APR_HAS_NOVELL_LDAPSDK */
-
- #endif /* APR_HAS_LDAP_SSL */
- }
- else
- ldc->reason = "LDAP: ssl connections not supported";
+ if (result != NULL) {
+ ldc->reason = result->reason;
}
if (NULL == ldc->ldap)
@@ -327,7 +293,7 @@
*/
for (failures=0; failures<10; failures++)
{
- result = ldap_simple_bind_s(ldc->ldap, const_cast(ldc->binddn), const_cast(ldc->bindpw));
+ result = ldap_simple_bind_s(ldc->ldap, ldc->binddn, ldc->bindpw);
if (LDAP_SERVER_DOWN != result)
break;
}
@@ -558,7 +524,7 @@
}
/* search for reqdn */
- if ((result = ldap_search_ext_s(ldc->ldap, const_cast(reqdn), LDAP_SCOPE_BASE,
+ if ((result = ldap_search_ext_s(ldc->ldap, reqdn, LDAP_SCOPE_BASE,
"(objectclass=*)", NULL, 1,
NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
ldc->reason = "DN Comparison ldap_search_ext_s() failed with server down";
@@ -690,7 +656,7 @@
return result;
}
- if ((result = ldap_compare_s(ldc->ldap, const_cast(dn), const_cast(attrib), const_cast(value)))
+ if ((result = ldap_compare_s(ldc->ldap, dn, attrib, value))
== LDAP_SERVER_DOWN) {
/* connection failed - try again */
ldc->reason = "ldap_compare_s() failed with server down";
@@ -821,8 +787,8 @@
/* try do the search */
if ((result = ldap_search_ext_s(ldc->ldap,
- const_cast(basedn), scope,
- const_cast(filter), attrs, 0,
+ basedn, scope,
+ filter, attrs, 0,
NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
ldc->reason = "ldap_search_ext_s() for user failed with server down";
util_ldap_connection_unbind(ldc);
@@ -876,7 +842,7 @@
* exists, since we just retrieved it)
*/
if ((result =
- ldap_simple_bind_s(ldc->ldap, const_cast(*binddn), const_cast(bindpw))) ==
+ ldap_simple_bind_s(ldc->ldap, *binddn, bindpw)) ==
LDAP_SERVER_DOWN) {
ldc->reason = "ldap_simple_bind_s() to check user credentials failed with server down";
ldap_msgfree(res);
@@ -1150,16 +1116,17 @@
static apr_status_t util_ldap_cleanup_module(void *data)
{
-#if APR_HAS_LDAP_SSL && APR_HAS_NOVELL_LDAPSDK
+
server_rec *s = data;
util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(
s->module_config, &ldap_module);
- if (st->ssl_support)
- ldapssl_client_deinit();
+ if (st->ssl_support) {
+ apr_ldap_ssl_deinit();
+ }
-#endif
return APR_SUCCESS;
+
}
static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog,
@@ -1247,155 +1214,46 @@
/* log the LDAP SDK used
*/
- #if APR_HAS_NETSCAPE_LDAPSDK
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Built with Netscape LDAP SDK" );
-
- #elif APR_HAS_NOVELL_LDAPSDK
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Built with Novell LDAP SDK" );
-
- #elif APR_HAS_OPENLDAP_LDAPSDK
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Built with OpenLDAP LDAP SDK" );
-
- #elif APR_HAS_MICROSOFT_LDAPSDK
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Built with Microsoft LDAP SDK" );
- #else
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Built with unknown LDAP SDK" );
-
- #endif /* APR_HAS_NETSCAPE_LDAPSDK */
-
-
+ {
+ apr_ldap_err_t *result = NULL;
+ apr_ldap_info(&(result), p);
+ if (result != NULL) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, result->reason);
+ }
+ }
apr_pool_cleanup_register(p, s, util_ldap_cleanup_module,
util_ldap_cleanup_module);
/* initialize SSL support if requested
*/
- if (st->cert_auth_file)
- {
- #if APR_HAS_LDAP_SSL /* compiled with ssl support */
-
- #if APR_HAS_NETSCAPE_LDAPSDK
-
- /* Netscape sdk only supports a cert7.db file
- */
- if (st->cert_file_type == LDAP_CA_TYPE_CERT7_DB)
- {
- rc = ldapssl_client_init(st->cert_auth_file, NULL);
- }
- else
- {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
- "LDAP: Invalid LDAPTrustedCAType directive - "
- "CERT7_DB_PATH type required");
- rc = -1;
- }
-
- #elif APR_HAS_NOVELL_LDAPSDK
-
- /* Novell SDK supports DER or BASE64 files
- */
- if (st->cert_file_type == LDAP_CA_TYPE_DER ||
- st->cert_file_type == LDAP_CA_TYPE_BASE64 )
- {
- rc = ldapssl_client_init(NULL, NULL);
- if (LDAP_SUCCESS == rc)
- {
- if (st->cert_file_type == LDAP_CA_TYPE_BASE64)
- rc = ldapssl_add_trusted_cert(st->cert_auth_file,
- LDAPSSL_CERT_FILETYPE_B64);
- else
- rc = ldapssl_add_trusted_cert(st->cert_auth_file,
- LDAPSSL_CERT_FILETYPE_DER);
-
- if (LDAP_SUCCESS != rc)
- ldapssl_client_deinit();
- }
- }
- else
- {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
- "LDAP: Invalid LDAPTrustedCAType directive - "
- "DER_FILE or BASE64_FILE type required");
- rc = -1;
- }
-
- #elif APR_HAS_OPENLDAP_LDAPSDK
-
- /* OpenLDAP SDK supports BASE64 files
- */
- if (st->cert_file_type == LDAP_CA_TYPE_BASE64)
- {
- rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, st->cert_auth_file);
- }
- else
- {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
- "LDAP: Invalid LDAPTrustedCAType directive - "
- "BASE64_FILE type required");
- rc = -1;
- }
-
-
- #elif APR_HAS_MICROSOFT_LDAPSDK
-
- /* Microsoft SDK use the registry certificate store - always
- * assume support is always available
- */
- rc = LDAP_SUCCESS;
+ if (st->cert_auth_file) {
- #else
- rc = -1;
- #endif /* APR_HAS_NETSCAPE_LDAPSDK */
+ apr_ldap_err_t *result = NULL;
+ int rc = apr_ldap_ssl_init(p,
+ st->cert_auth_file,
+ st->cert_file_type,
+ &(result));
- #else /* not compiled with SSL Support */
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Not built with SSL support." );
- rc = -1;
-
- #endif /* APR_HAS_LDAP_SSL */
-
- if (LDAP_SUCCESS == rc)
- {
+ if (LDAP_SUCCESS == rc) {
st->ssl_support = 1;
}
- else
- {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "LDAP: SSL initialization failed");
+ else if (NULL != result) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, result->reason);
st->ssl_support = 0;
}
+
}
- /* The Microsoft SDK uses the registry certificate store -
- * always assume support is available
- */
- #if APR_HAS_MICROSOFT_LDAPSDK
- st->ssl_support = 1;
- #endif
-
-
- /* log SSL status - If SSL isn't available it isn't necessarily
- * an error because the modules asking for LDAP connections
- * may not ask for SSL support
- */
- if (st->ssl_support)
- {
+ /* log SSL status - If SSL isn't available it isn't necessarily
+ * an error because the modules asking for LDAP connections
+ * may not ask for SSL support
+ */
+ if (st->ssl_support) {
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
"LDAP: SSL support available" );
}
- else
- {
+ else {
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
"LDAP: SSL support unavailable" );
}