You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by bn...@apache.org on 2006/06/05 20:54:37 UTC
svn commit: r411890 - /apr/apr-util/trunk/include/apr_ldap_init.h
Author: bnicholes
Date: Mon Jun 5 11:54:37 2006
New Revision: 411890
URL: http://svn.apache.org/viewvc?rev=411890&view=rev
Log:
Since no all LDAP SDKs support the LDAP_SECURITY_ERROR macro, define the common macro APU_LDAP_SECURITY_ERROR.
Modified:
apr/apr-util/trunk/include/apr_ldap_init.h
Modified: apr/apr-util/trunk/include/apr_ldap_init.h
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/include/apr_ldap_init.h?rev=411890&r1=411889&r2=411890&view=diff
==============================================================================
--- apr/apr-util/trunk/include/apr_ldap_init.h (original)
+++ apr/apr-util/trunk/include/apr_ldap_init.h Mon Jun 5 11:54:37 2006
@@ -35,6 +35,27 @@
extern "C" {
#endif /* __cplusplus */
+
+/**
+ * Macro to detect security related return values.
+ */
+#if defined(LDAP_INSUFFICIENT_ACCESS)
+#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS
+#elif defined(LDAP_INSUFFICIENT_RIGHTS)
+#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
+#endif
+
+#if defined(LDAP_SECURITY_ERROR1)
+#define APU_LDAP_SECURITY_ERROR LDAP_SECURITY_ERROR
+#else
+#define APU_LDAP_SECURITY_ERROR(n) \
+ (LDAP_INAPPROPRIATE_AUTH == n) ? 1 \
+ : (LDAP_INVALID_CREDENTIALS == n) ? 1 \
+ : (APU_LDAP_INSUFFICIENT_ACCESS == n) ? 1 \
+ : 0
+#endif
+
+
/**
* APR LDAP SSL Initialise function
*
Re: svn commit: r411890 - /apr/apr-util/trunk/include/apr_ldap_init.h
Posted by Garrett Rooney <ro...@electricjellyfish.net>.
On 6/5/06, Brad Nicholes <BN...@novell.com> wrote:
> Yeah, but I'm not sure what a reasonable default is given that the
> actual values are coming from various LDAP SDKs. From what I have been
> able to find so far, these are the only two possible values given the
> LDAP SDKs that we support.
In that case, a #error "please add support for this LDAP SDK" seems
appropriate...
-garrett
Re: svn commit: r411890 -
/apr/apr-util/trunk/include/apr_ldap_init.h
Posted by Brad Nicholes <BN...@novell.com>.
>>> On 6/5/2006 at 1:27 PM, in message
<60...@gbiv.com>, "Roy T. Fielding"
<fi...@gbiv.com> wrote:
> On Jun 5, 2006, at 11:54 AM, bnicholes@apache.org wrote:
>
>>
======================================================================
>> ========
>> --- apr/apr-util/trunk/include/apr_ldap_init.h (original)
>> +++ apr/apr-util/trunk/include/apr_ldap_init.h Mon Jun 5 11:54:37
>> 2006
>> @@ -35,6 +35,27 @@
>> extern "C" {
>> #endif /* __cplusplus */
>>
>> +
>> +/**
>> + * Macro to detect security related return values.
>> + */
>> +#if defined(LDAP_INSUFFICIENT_ACCESS)
>> +#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS
>> +#elif defined(LDAP_INSUFFICIENT_RIGHTS)
>> +#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
>> +#endif
>
> Shouldn't that end with
>
> #else
> #define APU_LDAP_INSUFFICIENT_ACCESS (some reasonable default)
> #endif
>
> It seems odd just to leave it undefined.
>
> ....Ro
Yeah, but I'm not sure what a reasonable default is given that the
actual values are coming from various LDAP SDKs. From what I have been
able to find so far, these are the only two possible values given the
LDAP SDKs that we support.
Brad
Re: svn commit: r411890 -
/apr/apr-util/trunk/include/apr_ldap_init.h
Posted by Brad Nicholes <BN...@novell.com>.
>>> On 6/5/2006 at 4:21 PM, in message <44...@rowe-clan.net>,
"William A.
Rowe, Jr." <wr...@rowe-clan.net> wrote:
> Roy T. Fielding wrote:
>> On Jun 5, 2006, at 11:54 AM, bnicholes@apache.org wrote:
>>
>>> +/**
>>> + * Macro to detect security related return values.
>>> + */
>>> +#if defined(LDAP_INSUFFICIENT_ACCESS)
>>> +#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS
>>> +#elif defined(LDAP_INSUFFICIENT_RIGHTS)
>>> +#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
>>> +#endif
>>
>> Shouldn't that end with
>>
>> #else
>> #define APU_LDAP_INSUFFICIENT_ACCESS (some reasonable default)
>> #endif
>>
>> It seems odd just to leave it undefined.
>
> Actually, aren't we leaving out the possiblity that both symbols
exist
> with slightly different meanings?
>
> #if defined(LDAP_INSUFFICIENT_RIGHTS) and
defined(LDAP_INSUFFICIENT_RIGHTS)
> #define APU_LDAP_INSUFFICIENT_ACCESS(rc) ((rc ==
LDAP_INSUFFICIENT_ACCESS) \
> || (rc ==
LDAP_INSUFFICIENT_RIGHTS)
>
>
> We made these mistakes before in httpd which is why apr_errno.h is
now
> the way it is.
>
> Bil
Yes, that is a possibility but in this case with the small number of
LDAP SDKs that we support, I haven't found any evidence that it is
nothing more that a remote possibility. But I have found evidence that
they are two distinct #defines that share the same meaning.
Brad
Re: svn commit: r411890 - /apr/apr-util/trunk/include/apr_ldap_init.h
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Roy T. Fielding wrote:
> On Jun 5, 2006, at 11:54 AM, bnicholes@apache.org wrote:
>
>> +/**
>> + * Macro to detect security related return values.
>> + */
>> +#if defined(LDAP_INSUFFICIENT_ACCESS)
>> +#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS
>> +#elif defined(LDAP_INSUFFICIENT_RIGHTS)
>> +#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
>> +#endif
>
> Shouldn't that end with
>
> #else
> #define APU_LDAP_INSUFFICIENT_ACCESS (some reasonable default)
> #endif
>
> It seems odd just to leave it undefined.
Actually, aren't we leaving out the possiblity that both symbols exist
with slightly different meanings?
#if defined(LDAP_INSUFFICIENT_RIGHTS) and defined(LDAP_INSUFFICIENT_RIGHTS)
#define APU_LDAP_INSUFFICIENT_ACCESS(rc) ((rc == LDAP_INSUFFICIENT_ACCESS) \
|| (rc == LDAP_INSUFFICIENT_RIGHTS)
We made these mistakes before in httpd which is why apr_errno.h is now
the way it is.
Bill
Re: svn commit: r411890 - /apr/apr-util/trunk/include/apr_ldap_init.h
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Jun 5, 2006, at 11:54 AM, bnicholes@apache.org wrote:
> ======================================================================
> ========
> --- apr/apr-util/trunk/include/apr_ldap_init.h (original)
> +++ apr/apr-util/trunk/include/apr_ldap_init.h Mon Jun 5 11:54:37
> 2006
> @@ -35,6 +35,27 @@
> extern "C" {
> #endif /* __cplusplus */
>
> +
> +/**
> + * Macro to detect security related return values.
> + */
> +#if defined(LDAP_INSUFFICIENT_ACCESS)
> +#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS
> +#elif defined(LDAP_INSUFFICIENT_RIGHTS)
> +#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
> +#endif
Shouldn't that end with
#else
#define APU_LDAP_INSUFFICIENT_ACCESS (some reasonable default)
#endif
It seems odd just to leave it undefined.
....Roy