You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by mi...@apache.org on 2004/12/21 11:06:02 UTC
svn commit: r122954 - in apr/apr-util/branches/1.0.x: . build include ldap
Author: minfrin
Date: Tue Dec 21 02:06:01 2004
New Revision: 122954
URL: http://svn.apache.org/viewcvs?view=rev&rev=122954
Log:
Rework the LDAP toolkit detection to be more accurate than "OpenLDAP
detected regardless", while remaining backwards compatible with v1.0.
Include Brad Nicholes' patch below, as it affected the same code:
Added the apr_ldap_ssl_add_cert() API to allow multiple certificates
to be stored and used when establishing an SSL connection to different
LDAP servers.
Modified:
apr/apr-util/branches/1.0.x/CHANGES
apr/apr-util/branches/1.0.x/build/apu-conf.m4
apr/apr-util/branches/1.0.x/include/apr_ldap.h.in
apr/apr-util/branches/1.0.x/include/apr_ldap.hnw
apr/apr-util/branches/1.0.x/include/apr_ldap.hw
apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c
Modified: apr/apr-util/branches/1.0.x/CHANGES
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/CHANGES?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/CHANGES&r1=122953&p2=apr/apr-util/branches/1.0.x/CHANGES&r2=122954
==============================================================================
--- apr/apr-util/branches/1.0.x/CHANGES (original)
+++ apr/apr-util/branches/1.0.x/CHANGES Tue Dec 21 02:06:01 2004
@@ -1,5 +1,13 @@
Changes with APR-util 1.0.2
+ *) Rework the LDAP toolkit detection to be more accurate than "OpenLDAP
+ detected regardless", while remaining backwards compatible with v1.0.
+ [Graham Leggett]
+
+ *) Added the apr_ldap_ssl_add_cert() API to allow multiple certificates
+ to be stored and used when establishing an SSL connection to different
+ LDAP servers. [Brad Nicholes]
+
*) Fix the detection of ldap.h on Solaris - it needs lber.h to be
defined first. [Graham Leggett]
Modified: apr/apr-util/branches/1.0.x/build/apu-conf.m4
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/build/apu-conf.m4?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/build/apu-conf.m4&r1=122953&p2=apr/apr-util/branches/1.0.x/build/apu-conf.m4&r2=122954
==============================================================================
--- apr/apr-util/branches/1.0.x/build/apu-conf.m4 (original)
+++ apr/apr-util/branches/1.0.x/build/apu-conf.m4 Tue Dec 21 02:06:01 2004
@@ -218,8 +218,14 @@
[
APR_ADDTO(APRUTIL_EXPORT_LIBS,[-l${ldaplib} ${extralib}])
APR_ADDTO(APRUTIL_LIBS,[-l${ldaplib} ${extralib}])
- AC_CHECK_LIB(${ldaplib}, ldapssl_install_routines, apu_has_ldap_netscape_ssl="1", , ${extralib})
- AC_CHECK_LIB(${ldaplib}, ldap_start_tls_s, apu_has_ldap_starttls="1", , ${extralib})
+ AC_CHECK_LIB(${ldaplib}, ldapssl_client_init, apu_has_ldapssl_client_init="1", , ${extralib})
+ AC_CHECK_LIB(${ldaplib}, ldapssl_client_deinit, apu_has_ldapssl_client_deinit="1", , ${extralib})
+ AC_CHECK_LIB(${ldaplib}, ldapssl_add_trusted_cert, apu_has_ldapssl_add_trusted_cert="1", , ${extralib})
+ AC_CHECK_LIB(${ldaplib}, ldap_start_tls_s, apu_has_ldap_start_tls_s="1", , ${extralib})
+ AC_CHECK_LIB(${ldaplib}, ldap_sslinit, apu_has_ldap_sslinit="1", ,
+${extralib})
+ AC_CHECK_LIB(${ldaplib}, ldapssl_init, apu_has_ldapssl_init="1", ,
+${extralib})
apu_has_ldap="1";
], , ${extralib})
fi
@@ -234,8 +240,12 @@
echo $ac_n "${nl}checking for ldap support..."
apu_has_ldap="0";
-apu_has_ldap_netscape_ssl="0"
-apu_has_ldap_starttls="0"
+apu_has_ldapssl_client_init="0"
+apu_has_ldapssl_client_deinit="0"
+apu_has_ldapssl_add_trusted_cert="0"
+apu_has_ldap_start_tls_s="0"
+apu_has_ldapssl_init="0"
+apu_has_ldap_sslinit="0"
AC_ARG_WITH(ldap-include,[ --with-ldap-include=path path to ldap include files with trailing slash])
AC_ARG_WITH(ldap-lib,[ --with-ldap-lib=path path to ldap lib file])
@@ -291,8 +301,12 @@
AC_SUBST(ldap_h)
AC_SUBST(lber_h)
AC_SUBST(ldap_ssl_h)
-AC_SUBST(apu_has_ldap_netscape_ssl)
-AC_SUBST(apu_has_ldap_starttls)
+AC_SUBST(apu_has_ldapssl_client_init)
+AC_SUBST(apu_has_ldapssl_client_deinit)
+AC_SUBST(apu_has_ldapssl_add_trusted_cert)
+AC_SUBST(apu_has_ldap_start_tls_s)
+AC_SUBST(apu_has_ldapssl_init)
+AC_SUBST(apu_has_ldap_sslinit)
AC_SUBST(apu_has_ldap)
])
Modified: apr/apr-util/branches/1.0.x/include/apr_ldap.h.in
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/include/apr_ldap.h.in?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/include/apr_ldap.h.in&r1=122953&p2=apr/apr-util/branches/1.0.x/include/apr_ldap.h.in&r2=122954
==============================================================================
--- apr/apr-util/branches/1.0.x/include/apr_ldap.h.in (original)
+++ apr/apr-util/branches/1.0.x/include/apr_ldap.h.in Tue Dec 21 02:06:01 2004
@@ -29,95 +29,86 @@
* @{
*/
-
-/*
- * This switches LDAP support on or off.
- */
-
/* this will be defined if LDAP support was compiled into apr-util */
#define APR_HAS_LDAP @apu_has_ldap@
-/* this whole thing disappears if LDAP is not enabled */
+
+/*
+ * Handle the case when LDAP is disabled - switch everything off by default
+ */
#if !APR_HAS_LDAP
+/*
+ * The following #defines are DEPRECATED and should not be used. They do
+ * not work properly anyway.
+ */
#define APR_HAS_NETSCAPE_LDAPSDK 0
#define APR_HAS_NOVELL_LDAPSDK 0
#define APR_HAS_OPENLDAP_LDAPSDK 0
#define APR_HAS_MICROSOFT_LDAPSDK 0
#define APR_HAS_OTHER_LDAPSDK 0
-
#define APR_HAS_LDAP_SSL 0
-#define APR_HAS_LDAP_URL_PARSE 0
+#define APR_HAS_LDAP_URL_PARSE 0
+/*
+ * Handle the case when LDAP is enabled
+ */
#else /* ldap support available */
-#ifdef APR_NOT_READY_YET
-/* FIXME: this code awaits support from apu-conf.m4 */
-
- /* There a several LDAPv3 SDKs available on various platforms
- * define which LDAP SDK is used
+/*
+ * The following #defines are DEPRECATED and should not be used for
+ * anything. They remain to maintain binary compatibility.
+ * The original code defined the OPENLDAP SDK as present regardless
+ * of what really was there, which was way bogus. In addition, the
+ * apr_ldap_url_parse*() functions have been rewritten specifically for
+ * APR, so the APR_HAS_LDAP_URL_PARSE macro is forced to zero.
*/
-#define APR_HAS_NETSCAPE_LDAPSDK @apu_has_ldap_netscape@
-#define APR_HAS_NOVELL_LDAPSDK @apu_has_ldap_novell@
-#define APR_HAS_OPENLDAP_LDAPSDK @apu_has_ldap_openldap@
-#define APR_HAS_MICROSOFT_LDAPSDK @apu_has_ldap_microsoft@
-#define APR_HAS_OTHER_LDAPSDK @apu_has_ldap_other@
-
- /* define if LDAP SSL support is available
- */
-#define APR_HAS_LDAP_SSL @apu_has_ldap_ssl@
-
-#else /* APR_NOT_READY_YET */
-
-/* FIXME: remove this when above code works. Default to build with
- * OpenLDAP until apu-conf.m4 support exists */
#define APR_HAS_OPENLDAP_LDAPSDK 1
#define APR_HAS_LDAP_SSL 1
+#define APR_HAS_LDAP_URL_PARSE 0
-#endif /* APR_NOT_READY_YET */
- /* If no APR_HAS_xxx_LDAPSDK is defined error out
- * Define if the SDK supports the ldap_url_parse function
- */
-#if APR_HAS_NETSCAPE_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 1
-#elif APR_HAS_NOVELL_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 1
-#elif APR_HAS_OPENLDAP_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 1
-#elif APR_HAS_MICROSOFT_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 0
-#elif APR_HAS_OTHER_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 0
-#else
- #define APR_HAS_LDAP_URL_PARSE 0
- #error "ERROR no LDAP SDK defined!"
-#endif
-
-/* LDAP header files */
+/*
+ * Include the standard LDAP header files.
+ */
-#if APR_HAS_NETSCAPE_LDAPSDK
@lber_h@
@ldap_h@
#if APR_HAS_LDAP_SSL
@ldap_ssl_h@
#endif
-#endif
-#if APR_HAS_NOVELL_LDAPSDK
-@lber_h@
-@ldap_h@
-#if APR_HAS_LDAP_SSL
-@ldap_ssl_h@
-#endif
-#endif
-#if APR_HAS_OPENLDAP_LDAPSDK
-@lber_h@
-@ldap_h@
+/*
+ * Vendor LDAP toolkits that we identify
+ */
+#define APR_LDAP_VENDOR_NOVELL "Novell"
+#define APR_LDAP_VENDOR_NETSCAPE "Netscape Communications Corp."
+#define APR_LDAP_VENDOR_MICROSOFT "Microsoft Corporation."
+#define APR_LDAP_VENDOR_OPENLDAP "OpenLDAP"
+#define APR_LDAP_VENDOR_SUN "Sun Microsystems Inc."
+
+
+/*
+ * Detected standard functions
+ */
+#define APR_HAS_LDAPSSL_CLIENT_INIT @apu_has_ldapssl_client_init@
+#define APR_HAS_LDAPSSL_CLIENT_DEINIT @apu_has_ldapssl_client_deinit@
+#define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT @apu_has_ldapssl_add_trusted_cert@
+#define APR_HAS_LDAP_START_TLS_S @apu_has_ldap_start_tls_s@
+#define APR_HAS_LDAP_SSLINIT @apu_has_ldap_sslinit@
+#define APR_HAS_LDAPSSL_INIT @apu_has_ldapssl_init@
+
+
+/*
+ * Make sure the secure LDAP port is defined
+ */
+#ifndef LDAPS_PORT
+#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
#endif
+
/* Note: Macros defining const casting has been removed in APR v1.0,
* pending real support for LDAP v2.0 toolkits.
*
@@ -127,6 +118,7 @@
#error Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit.
#endif
+
/**
* This structure allows the C LDAP API error codes to be returned
* along with plain text error messages that explain to us mere mortals
@@ -140,6 +132,7 @@
#include "apr_ldap_url.h"
#include "apr_ldap_init.h"
+
/** @} */
#endif /* APR_HAS_LDAP */
Modified: apr/apr-util/branches/1.0.x/include/apr_ldap.hnw
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/include/apr_ldap.hnw?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/include/apr_ldap.hnw&r1=122953&p2=apr/apr-util/branches/1.0.x/include/apr_ldap.hnw&r2=122954
==============================================================================
--- apr/apr-util/branches/1.0.x/include/apr_ldap.hnw (original)
+++ apr/apr-util/branches/1.0.x/include/apr_ldap.hnw Tue Dec 21 02:06:01 2004
@@ -1,4 +1,4 @@
-/* Copyright 2000-2004 The Apache Software Foundation
+/* Copyright 2002-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -29,90 +29,83 @@
* @{
*/
+/* this will be defined if LDAP support was compiled into apr-util */
+#define APR_HAS_LDAP 1
+
/*
- * This switches LDAP support on or off.
+ * Handle the case when LDAP is disabled - switch everything off by default
*/
-
-/* this will be defined if LDAP support was compiled into apr-util */
-#define APR_HAS_LDAP 1
-
-/* this whole thing disappears if LDAP is not enabled */
#if !APR_HAS_LDAP
+/*
+ * The following #defines are DEPRECATED and should not be used. They do
+ * not work properly anyway.
+ */
#define APR_HAS_NETSCAPE_LDAPSDK 0
#define APR_HAS_NOVELL_LDAPSDK 0
#define APR_HAS_OPENLDAP_LDAPSDK 0
#define APR_HAS_MICROSOFT_LDAPSDK 0
#define APR_HAS_OTHER_LDAPSDK 0
-
#define APR_HAS_LDAP_SSL 0
#define APR_HAS_LDAP_URL_PARSE 0
+/*
+ * Handle the case when LDAP is enabled
+ */
#else /* ldap support available */
-
- /* There a several LDAPv3 SDKs available on various platforms
- * define which LDAP SDK is used
- */
-#define APR_HAS_NETSCAPE_LDAPSDK 0
-#define APR_HAS_NOVELL_LDAPSDK 1
-#define APR_HAS_OPENLDAP_LDAPSDK 0
-#define APR_HAS_MICROSOFT_LDAPSDK 0
-#define APR_HAS_OTHER_LDAPSDK 0
-
- /* define if LDAP SSL support is available
- */
+/*
+ * The following #defines are DEPRECATED and should not be used for
+ * anything. They remain to maintain binary compatibility.
+ * The original code defined the OPENLDAP SDK as present regardless
+ * of what really was there, which was way bogus. In addition, the
+ * apr_ldap_url_parse*() functions have been rewritten specifically for
+ * APR, so the APR_HAS_LDAP_URL_PARSE macro is forced to zero.
+ */
+#define APR_HAS_NOVELL_LDAPSDK 1
#define APR_HAS_LDAP_SSL 1
+#define APR_HAS_LDAP_URL_PARSE 0
- /* If no APR_HAS_xxx_LDAPSDK is defined error out
- * Define if the SDK supports the ldap_url_parse function
- */
-#if APR_HAS_NETSCAPE_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 1
-#elif APR_HAS_NOVELL_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 1
-#elif APR_HAS_OPENLDAP_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 1
-#elif APR_HAS_MICROSOFT_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 0
-#elif APR_HAS_OTHER_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 0
-#else
- #define APR_HAS_LDAP_URL_PARSE 0
- #error "ERROR no LDAP SDK defined!"
-#endif
-/* LDAP header files */
+/*
+ * Include the standard LDAP header files.
+ */
-#if APR_HAS_NETSCAPE_LDAPSDK
-#include <ldap.h>
#include <lber.h>
-#if APR_HAS_LDAP_SSL
-#include <ldap_ssl.h>
-#endif
-#endif
-
-#if APR_HAS_NOVELL_LDAPSDK
#include <ldap.h>
-#include <lber.h>
#if APR_HAS_LDAP_SSL
#include <ldap_ssl.h>
#endif
-#endif
-#if APR_HAS_OPENLDAP_LDAPSDK
-#include <ldap.h>
-#include <lber.h>
-#endif
-/* Included in Windows 2000 and later, earlier 9x/NT 4.0 clients
- * will need to obtain the Active Directory Client Extensions.
+/*
+ * Vendor LDAP toolkits that we identify
+ */
+#define APR_LDAP_VENDOR_NOVELL "Novell"
+#define APR_LDAP_VENDOR_NETSCAPE "Netscape Communications Corp."
+#define APR_LDAP_VENDOR_MICROSOFT "Microsoft Corporation."
+#define APR_LDAP_VENDOR_OPENLDAP "OpenLDAP"
+#define APR_LDAP_VENDOR_SUN "Sun Microsystems Inc."
+
+
+/*
+ * Detected standard functions
*/
-#if APR_HAS_MICROSOFT_LDAPSDK
-#include <winldap.h>
-#define LDAPS_PORT LDAP_SSL_PORT
+#define APR_HAS_LDAPSSL_CLIENT_INIT 1
+#define APR_HAS_LDAPSSL_CLIENT_DEINIT 1
+#define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT 1
+#define APR_HAS_LDAP_START_TLS_S 0
+#define APR_HAS_LDAP_SSLINIT 0
+#define APR_HAS_LDAPSSL_INIT 1
+
+
+/*
+ * Make sure the secure LDAP port is defined
+ */
+#ifndef LDAPS_PORT
+#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
#endif
@@ -125,6 +118,7 @@
#error Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit.
#endif
+
/**
* This structure allows the C LDAP API error codes to be returned
* along with plain text error messages that explain to us mere mortals
@@ -139,6 +133,8 @@
#include "apr_ldap_url.h"
#include "apr_ldap_init.h"
+
/** @} */
-#endif /* APU_HAS_LDAP */
+#endif /* APR_HAS_LDAP */
#endif /* APU_LDAP_H */
+
Modified: apr/apr-util/branches/1.0.x/include/apr_ldap.hw
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/include/apr_ldap.hw?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/include/apr_ldap.hw&r1=122953&p2=apr/apr-util/branches/1.0.x/include/apr_ldap.hw&r2=122954
==============================================================================
--- apr/apr-util/branches/1.0.x/include/apr_ldap.hw (original)
+++ apr/apr-util/branches/1.0.x/include/apr_ldap.hw Tue Dec 21 02:06:01 2004
@@ -1,4 +1,4 @@
-/* Copyright 2000-2004 The Apache Software Foundation
+/* Copyright 2002-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -13,9 +13,6 @@
* limitations under the License.
*/
-#include "apr.h"
-#include "apu.h"
-
/*
* apr_ldap.h is generated from apr_ldap.h.in by configure -- do not edit apr_ldap.h
*/
@@ -32,92 +29,82 @@
* @{
*/
-
-/*
- * This switches LDAP support on or off.
- */
-
/* this will be defined if LDAP support was compiled into apr-util */
#define APR_HAS_LDAP 1
-/* this whole thing disappears if LDAP is not enabled */
+
+/*
+ * Handle the case when LDAP is disabled - switch everything off by default
+ */
#if !APR_HAS_LDAP
+/*
+ * The following #defines are DEPRECATED and should not be used. They do
+ * not work properly anyway.
+ */
#define APR_HAS_NETSCAPE_LDAPSDK 0
#define APR_HAS_NOVELL_LDAPSDK 0
#define APR_HAS_OPENLDAP_LDAPSDK 0
#define APR_HAS_MICROSOFT_LDAPSDK 0
#define APR_HAS_OTHER_LDAPSDK 0
-
#define APR_HAS_LDAP_SSL 0
-#define APR_HAS_LDAP_URL_PARSE 0
+#define APR_HAS_LDAP_URL_PARSE 0
+/*
+ * Handle the case when LDAP is enabled
+ */
#else /* ldap support available */
+/*
+ * The following #defines are DEPRECATED and should not be used for
+ * anything. They remain to maintain binary compatibility.
+ * The original code defined the OPENLDAP SDK as present regardless
+ * of what really was there, which was way bogus. In addition, the
+ * apr_ldap_url_parse*() functions have been rewritten specifically for
+ * APR, so the APR_HAS_LDAP_URL_PARSE macro is forced to zero.
+ */
+#define APR_HAS_MICROSOFT_LDAPSDK 1
+#define APR_HAS_LDAP_SSL 1
+#define APR_HAS_LDAP_URL_PARSE 0
- /* There a several LDAPv3 SDKs available on various platforms
- * define which LDAP SDK is used
- */
-#define APR_HAS_NETSCAPE_LDAPSDK 0
-#define APR_HAS_NOVELL_LDAPSDK 0
-#define APR_HAS_OPENLDAP_LDAPSDK 0
-#define APR_HAS_MICROSOFT_LDAPSDK 1
-#define APR_HAS_OTHER_LDAPSDK 0
- /* define if LDAP SSL support is available
- */
-#define APR_HAS_LDAP_SSL 1
-
- /* If no APR_HAS_xxx_LDAPSDK is defined error out
- * Define if the SDK supports the ldap_url_parse function
- */
-#if APR_HAS_NETSCAPE_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 1
-#elif APR_HAS_NOVELL_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 1
-#elif APR_HAS_OPENLDAP_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 1
-#elif APR_HAS_MICROSOFT_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 0
-#elif APR_HAS_OTHER_LDAPSDK
- #define APR_HAS_LDAP_URL_PARSE 0
-#else
- #define APR_HAS_LDAP_URL_PARSE 0
- #error "ERROR no LDAP SDK defined!"
-#endif
+/*
+ * Include the standard LDAP header files.
+ */
-/* LDAP header files */
+#include <winldap.h>
-#if APR_HAS_NETSCAPE_LDAPSDK
-#include <ldap.h>
-#include <lber.h>
-#if APR_HAS_LDAP_SSL
-#include <ldap_ssl.h>
-#endif
-#endif
-#if APR_HAS_NOVELL_LDAPSDK
-#include <ldap.h>
-#include <lber.h>
-#if APR_HAS_LDAP_SSL
-#include <ldap_ssl.h>
-#endif
-#endif
+/*
+ * Vendor LDAP toolkits that we identify
+ */
+#define APR_LDAP_VENDOR_NOVELL "Novell"
+#define APR_LDAP_VENDOR_NETSCAPE "Netscape Communications Corp."
+#define APR_LDAP_VENDOR_MICROSOFT "Microsoft Corporation."
+#define APR_LDAP_VENDOR_OPENLDAP "OpenLDAP"
+#define APR_LDAP_VENDOR_SUN "Sun Microsystems Inc."
-#if APR_HAS_OPENLDAP_LDAPSDK
-#include <ldap.h>
-#include <lber.h>
-#endif
-/* Included in Windows 2000 and later, earlier 9x/NT 4.0 clients
- * will need to obtain the Active Directory Client Extensions.
+/*
+ * Detected standard functions
*/
-#if APR_HAS_MICROSOFT_LDAPSDK
-#include <winldap.h>
-#define LDAPS_PORT LDAP_SSL_PORT
+#define APR_HAS_LDAPSSL_CLIENT_INIT 0
+#define APR_HAS_LDAPSSL_CLIENT_DEINIT 0
+#define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT 0
+#define APR_HAS_LDAP_START_TLS_S 0
+#define APR_HAS_LDAP_SSLINIT 1
+#define APR_HAS_LDAPSSL_INIT 0
+
+
+/*
+ * Make sure the secure LDAP port is defined
+ */
+#ifndef LDAPS_PORT
+#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
#endif
+
/* Note: Macros defining const casting has been removed in APR v1.0,
* pending real support for LDAP v2.0 toolkits.
*
@@ -127,6 +114,7 @@
#error Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit.
#endif
+
/**
* This structure allows the C LDAP API error codes to be returned
* along with plain text error messages that explain to us mere mortals
@@ -140,6 +128,7 @@
#include "apr_ldap_url.h"
#include "apr_ldap_init.h"
+
/** @} */
#endif /* APR_HAS_LDAP */
Modified: apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c
Url: http://svn.apache.org/viewcvs/apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c?view=diff&rev=122954&p1=apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c&r1=122953&p2=apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c&r2=122954
==============================================================================
--- apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c (original)
+++ apr/apr-util/branches/1.0.x/ldap/apr_ldap_init.c Tue Dec 21 02:06:01 2004
@@ -46,91 +46,201 @@
int cert_file_type,
apr_ldap_err_t **result_err) {
+ apr_ldap_err_t *result;
+
+ if (cert_auth_file) {
+ return apr_ldap_ssl_add_cert(pool,
+ cert_auth_file,
+ cert_file_type,
+ result_err);
+ }
+ else {
+ result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
+ *result_err = result;
+#if APR_HAS_LDAP_SSL /* compiled with ssl support */
+
+ /* Novell needs special initialisation */
+ if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NOVELL)) {
+
+#if APR_HAS_LDAPSSL_CLIENT_INIT
+ result->rc = ldapssl_client_init(NULL, NULL);
+
+ if (LDAP_SUCCESS == result->rc) {
+ return APR_SUCCESS;
+ }
+ else {
+ result->msg = ldap_err2string(result-> rc);
+ result->reason = apr_pstrdup (pool, "LDAP: Could not "
+ "initialize SSL");
+ return APR_EGENERAL;
+ }
+#else
+ result->reason = "LDAP: ldapssl_client_init() function not "
+ "supported by this Novell SDK. SSL not "
+ "initialised";
+ result->rc = -1;
+#endif
+
+ }
+
+#endif
+ }
+
+ /* if no cert_auth_file was passed, we assume SSL support
+ * is possible, as we have not been specifically told otherwise.
+ */
+ return APR_SUCCESS;
+
+}
+
+
+/**
+ * APR LDAP SSL add client certificate function.
+ *
+ * This function sets up an optional client certificate to be used
+ * when connecting to the remote LDAP server.
+ * If SSL support is not available on this platform, or a problem
+ * was encountered while trying to set the certificate, the function
+ * will return APR_EGENERAL. Further LDAP specific error information
+ * can be found in result_err.
+ */
+APU_DECLARE(int) apr_ldap_ssl_add_cert(apr_pool_t *pool,
+ const char *cert_auth_file,
+ int cert_file_type,
+ apr_ldap_err_t **result_err) {
+
apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
*result_err = result;
if (cert_auth_file) {
#if APR_HAS_LDAP_SSL /* compiled with ssl support */
-#if APR_HAS_NETSCAPE_LDAPSDK
+ /* Netscape SDK */
+ if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NETSCAPE)) {
- /* Netscape sdk only supports a cert7.db file
- */
- if (cert_file_type == APR_LDAP_CA_TYPE_CERT7_DB) {
- result->rc = ldapssl_client_init(cert_auth_file, NULL);
- }
- else {
- result->reason = "LDAP: Invalid certificate type: "
- "CERT7_DB type required";
+#if APR_HAS_LDAP_SSL_CLIENT_INIT
+ /* Netscape sdk only supports a cert7.db file
+ */
+ if (cert_file_type == APR_LDAP_CA_TYPE_CERT7_DB) {
+ result->rc = ldapssl_client_init(cert_auth_file, NULL);
+ }
+ else {
+ result->reason = "LDAP: Invalid certificate type: "
+ "CERT7_DB type required";
+ result->rc = -1;
+ }
+#else
+ result->reason = "LDAP: ldapssl_client_init() function not "
+ "supported by this Netscape SDK. Certificate "
+ "authority file not set";
result->rc = -1;
+#endif
+
}
-#elif APR_HAS_NOVELL_LDAPSDK
-
- /* Novell SDK supports DER or BASE64 files
- */
- if (cert_file_type == APR_LDAP_CA_TYPE_DER ||
- cert_file_type == APR_LDAP_CA_TYPE_BASE64 ) {
+ /* Novell SDK */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NOVELL)) {
- result->rc = ldapssl_client_init(NULL, NULL);
- if (LDAP_SUCCESS == result->rc) {
- if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) {
- result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file,
+#if APR_HAS_LDAPSSL_CLIENT_INIT && APR_HAS_LDAPSSL_ADD_TRUSTED_CERT && APR_HAS_LDAPSSL_CLIENT_DEINIT
+ /* Novell SDK supports DER or BASE64 files
+ */
+ if (cert_file_type == APR_LDAP_CA_TYPE_DER ||
+ cert_file_type == APR_LDAP_CA_TYPE_BASE64 ) {
+
+ result->rc = ldapssl_client_init(NULL, NULL);
+ if (LDAP_SUCCESS == result->rc) {
+ if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) {
+ result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file,
LDAPSSL_CERT_FILETYPE_B64);
- }
- else {
- result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file,
+ }
+ else {
+ result->rc = ldapssl_add_trusted_cert((void*)cert_auth_file,
LDAPSSL_CERT_FILETYPE_DER);
- }
+ }
- if (LDAP_SUCCESS != result->rc) {
- ldapssl_client_deinit();
- result->reason = apr_psprintf (pool,
- "LDAP: Invalid certificate or path: "
- "Could not add trusted cert %s",
- cert_auth_file);
+ if (LDAP_SUCCESS != result->rc) {
+ ldapssl_client_deinit();
+ result->reason = apr_psprintf(pool,
+ "LDAP: Invalid certificate "
+ "or path: Could not add "
+ "trusted cert %s",
+ cert_auth_file);
+ }
}
}
- }
- else {
- result->reason = "LDAP: Invalid certificate type: "
- "DER or BASE64 type required";
+ else {
+ result->reason = "LDAP: Invalid certificate type: "
+ "DER or BASE64 type required";
+ result->rc = -1;
+ }
+
+#else
+ result->reason = "LDAP: ldapssl_client_init(), "
+ "ldapssl_add_trusted_cert() or "
+ "ldapssl_client_deinit() functions not supported "
+ "by this Novell SDK. Certificate authority file "
+ "not set";
result->rc = -1;
+#endif
}
-#elif APR_HAS_OPENLDAP_LDAPSDK
+ /* openldap SDK */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_OPENLDAP)) {
+#ifdef LDAP_OPT_X_TLS_CACERTFILE
+
+ /* OpenLDAP SDK supports BASE64 files
+ */
+ if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) {
+ result->rc = ldap_set_option(NULL,
+ LDAP_OPT_X_TLS_CACERTFILE,
+ cert_auth_file);
+ }
+ else {
+ result->reason = "LDAP: Invalid certificate type: "
+ "BASE64 type required";
+ result->rc = -1;
+ }
- /* OpenLDAP SDK supports BASE64 files
- */
- if (cert_file_type == APR_LDAP_CA_TYPE_BASE64) {
- result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, cert_auth_file);
- }
- else {
- result->reason = "LDAP: Invalid certificate type: "
- "BASE64 type required";
+#else
+ result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not "
+ "defined by this OpenLDAP SDK. Certificate "
+ "authority file not set";
result->rc = -1;
+#endif
}
-#elif APR_HAS_MICROSOFT_LDAPSDK
-
- /* Microsoft SDK use the registry certificate store - always
- * assume support is always available
- */
- result->rc = LDAP_SUCCESS;
+ /* microsoft SDK */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_MICROSOFT)) {
-#else
+ /* Microsoft SDK use the registry certificate store - always
+ * assume support is always available
+ */
+ result->rc = LDAP_SUCCESS;
- /* unknown toolkit type, assume no support available */
- result->reason = "LDAP: Attempt to set certificate store failed. "
- "Toolkit type not recognised as supporting SSL.";
- result->rc = -1;
+ }
-#endif /* APR_HAS_NETSCAPE_LDAPSDK */
+ /* Sun SDK */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_SUN)) {
+ result->reason = "LDAP: Attempt to set certificate store failed. "
+ "APR does not yet know how to set a certificate "
+ "store on the Sun toolkit";
+ result->rc = -1;
+ }
+
+ /* SDK not recognised */
+ else {
+
+ /* unknown toolkit type, assume no support available */
+ result->reason = "LDAP: Attempt to set certificate store failed. "
+ "Toolkit type not recognised by APR as supporting "
+ "SSL";
+ result->rc = -1;
+ }
#else /* not compiled with SSL Support */
result->reason = "LDAP: Attempt to set certificate store failed. "
- "Not built with SSL support.";
+ "Not built with SSL support";
result->rc = -1;
#endif /* APR_HAS_LDAP_SSL */
@@ -169,7 +279,7 @@
*/
APU_DECLARE(int) apr_ldap_ssl_deinit(void) {
-#if APR_HAS_LDAP_SSL && APR_HAS_NOVELL_LDAPSDK
+#if APR_HAS_LDAP_SSL && APR_HAS_LDAPSSL_CLIENT_DEINIT
ldapssl_client_deinit();
#endif
return APR_SUCCESS;
@@ -201,38 +311,68 @@
/* clear connection requested */
if (!secure) {
-#if APR_HAS_MICROSOFT_LDAPSDK
*ldap = ldap_init((char *)hostname, portno);
-#else
- *ldap = ldap_init(hostname, portno);
-#endif
}
else { /* ssl connnection requested */
#if APR_HAS_LDAP_SSL
-#if APR_HAS_NOVELL_LDAPSDK
- *ldap = ldapssl_init(hostname, portno, 1);
-#elif APR_HAS_NETSCAPE_LDAPSDK
- *ldap = ldapssl_init(hostname, portno, 1);
-#elif APR_HAS_OPENLDAP_LDAPSDK
- *ldap = ldap_init(hostname, portno);
- if (NULL != *ldap) {
- int SSLmode = LDAP_OPT_X_TLS_HARD;
- result->rc = ldap_set_option(*ldap, LDAP_OPT_X_TLS, &SSLmode);
- if (LDAP_SUCCESS != result->rc) {
- ldap_unbind_s(*ldap);
- result->reason = "LDAP: ldap_set_option - LDAP_OPT_X_TLS_HARD failed";
- result->msg = ldap_err2string(result->rc);
- *ldap = NULL;
- /* @todo make proper APR error codes for LDAP codes */
- return APR_EGENERAL;
+
+ /* novell / netscape toolkit */
+ if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NOVELL) ||
+ !strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_NETSCAPE)) {
+#if APR_HAS_LDAPSSL_INIT
+ *ldap = ldapssl_init(hostname, portno, 1);
+#else
+ result->reason = "LDAP: SSL not yet supported by APR on "
+ "this version of the Novell/Netscape toolkit";
+ return APR_ENOTIMPL;
+#endif
+ }
+
+ /* openldap toolkit */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_OPENLDAP)) {
+#ifdef LDAP_OPT_X_TLS
+ *ldap = ldap_init(hostname, portno);
+ if (NULL != *ldap) {
+ int SSLmode = LDAP_OPT_X_TLS_HARD;
+ result->rc = ldap_set_option(*ldap, LDAP_OPT_X_TLS, &SSLmode);
+ if (LDAP_SUCCESS != result->rc) {
+ ldap_unbind_s(*ldap);
+ result->reason = "LDAP: ldap_set_option - "
+ "LDAP_OPT_X_TLS_HARD failed";
+ result->msg = ldap_err2string(result->rc);
+ *ldap = NULL;
+ return APR_EGENERAL;
+ }
}
+#else
+ result->reason = "LDAP: SSL not yet supported by APR on this "
+ "version of the OpenLDAP toolkit";
+ return APR_ENOTIMPL;
+#endif
}
-#elif APR_HAS_MICROSOFT_LDAPSDK
- *ldap = ldap_sslinit((char *)hostname, portno, 1);
+
+ /* microsoft toolkit */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_MICROSOFT)) {
+#if APR_HAS_LDAP_SSLINIT
+ *ldap = ldap_sslinit((char *)hostname, portno, 1);
#else
+ result->reason = "LDAP: SSL not yet supported by APR on "
+ "this version of the Microsoft toolkit";
+ return APR_ENOTIMPL;
+#endif
+ }
+
+ /* sun toolkit */
+ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_SUN)) {
+ result->reason = "LDAP: SSL not yet supported by APR on "
+ "this version of the Sun toolkit";
+ return APR_ENOTIMPL;
+ }
+
/* unknown toolkit - return not implemented */
- return APR_ENOTIMPL;
-#endif /* APR_HAS_NOVELL_LDAPSDK */
+ else {
+ return APR_ENOTIMPL;
+ }
#endif /* APR_HAS_LDAP_SSL */
}
@@ -260,18 +400,9 @@
apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
*result_err = result;
-#if APR_HAS_NETSCAPE_LDAPSDK
- result->reason = "APR LDAP: Built with Netscape LDAP SDK";
-#elif APR_HAS_NOVELL_LDAPSDK
- result->reason = "APR LDAP: Built with Novell LDAP SDK";
-#elif APR_HAS_OPENLDAP_LDAPSDK
- result->reason = "APR LDAP: Built with OpenLDAP LDAP SDK";
-#elif APR_HAS_MICROSOFT_LDAPSDK
- result->reason = "APR LDAP: Built with Microsoft LDAP SDK";
-#else
- result->reason = "APR LDAP: Built with an unknown LDAP SDK";
-#endif
-
+ result->reason = "APR LDAP: Built with "
+ LDAP_VENDOR_NAME
+ " LDAP SDK";
return APR_SUCCESS;
}