diff options
author | minfrin <minfrin@13f79535-47bb-0310-9956-ffa450edef68> | 2005-01-05 17:47:42 +0000 |
---|---|---|
committer | minfrin <minfrin@13f79535-47bb-0310-9956-ffa450edef68> | 2005-01-05 17:47:42 +0000 |
commit | 5e338c525349e33775e24eb1e0caccd9798208a1 (patch) | |
tree | 68234a82858204121323cb954209f6860fd7ccc7 | |
parent | 5c839e06c015fde282e16bdac4a957b0c6e35663 (diff) | |
download | libapr-util-5e338c525349e33775e24eb1e0caccd9798208a1.tar.gz |
Revert the STARTTLS fixes from the v1.0.x tree
git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/branches/1.0.x@124236 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | aprutil.dsp | 4 | ||||
-rw-r--r-- | include/apr_ldap.h.in | 4 | ||||
-rw-r--r-- | include/apr_ldap.hnw | 2 | ||||
-rw-r--r-- | include/apr_ldap.hw | 2 | ||||
-rw-r--r-- | include/apr_ldap_option.h | 115 | ||||
-rw-r--r-- | ldap/apr_ldap_init.c | 60 | ||||
-rw-r--r-- | ldap/apr_ldap_option.c | 103 | ||||
-rw-r--r-- | libaprutil.dsp | 4 |
9 files changed, 13 insertions, 284 deletions
@@ -1,8 +1,5 @@ Changes with APR-util 1.0.2 - *) Teach apr_ldap_init() how to handle STARTTLS in addition to the existing - SSL support. Add apr_ldap_option API. [Graham Leggett] - *) Make install passed a shell expanded list of header files to the build/install.sh script, which can only install one file at a time. Changed to install one header file at a time. [Justin Erenkrantz, diff --git a/aprutil.dsp b/aprutil.dsp index a37635d0..c70b2120 100644 --- a/aprutil.dsp +++ b/aprutil.dsp @@ -211,10 +211,6 @@ SOURCE=.\ldap\apr_ldap_init.c SOURCE=.\ldap\apr_ldap_url.c # End Source File -# Begin Source File - -SOURCE=.\ldap\apr_ldap_option.c -# End Source File # End Group # Begin Group "misc" diff --git a/include/apr_ldap.h.in b/include/apr_ldap.h.in index ed3c4c87..0bead420 100644 --- a/include/apr_ldap.h.in +++ b/include/apr_ldap.h.in @@ -75,7 +75,9 @@ @lber_h@ @ldap_h@ +#if APR_HAS_LDAP_SSL @ldap_ssl_h@ +#endif /* @@ -130,7 +132,7 @@ typedef struct apr_ldap_err_t { #include "apr_ldap_url.h" #include "apr_ldap_init.h" -#include "apr_ldap_option.h" + /** @} */ #endif /* APR_HAS_LDAP */ diff --git a/include/apr_ldap.hnw b/include/apr_ldap.hnw index 6a3c15fa..5a280114 100644 --- a/include/apr_ldap.hnw +++ b/include/apr_ldap.hnw @@ -132,7 +132,7 @@ typedef struct apr_ldap_err_t { #include "apr_ldap_url.h" #include "apr_ldap_init.h" -#include "apr_ldap_option.h" + /** @} */ #endif /* APR_HAS_LDAP */ diff --git a/include/apr_ldap.hw b/include/apr_ldap.hw index b70b4cdb..64cf055b 100644 --- a/include/apr_ldap.hw +++ b/include/apr_ldap.hw @@ -128,7 +128,7 @@ typedef struct apr_ldap_err_t { #include "apr_ldap_url.h" #include "apr_ldap_init.h" -#include "apr_ldap_option.h" + /** @} */ #endif /* APR_HAS_LDAP */ diff --git a/include/apr_ldap_option.h b/include/apr_ldap_option.h deleted file mode 100644 index a425e5d8..00000000 --- a/include/apr_ldap_option.h +++ /dev/null @@ -1,115 +0,0 @@ -/* Copyright 2000-2004 The Apache Software Foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file apr_ldap_option.h - * @brief APR-UTIL LDAP ldap_*_option() functions - */ -#ifndef APR_LDAP_OPTION_H -#define APR_LDAP_OPTION_H - -/** - * @defgroup APR_Util_LDAP LDAP - * @ingroup APR_Util - * @{ - */ - -#include "apr_ldap.h" - -#if APR_HAS_LDAP - -/* - * The following defines handle the different TLS certificate - * options available. If these options are missing, APR will try and - * emulate support for this using the derecated ldap_start_tls_s() - * function. - */ -#ifdef LDAP_OPT_X_TLS_NEVER -#define APR_LDAP_OPT_TLS_NEVER LDAP_OPT_X_TLS_NEVER -#else -#define APR_LDAP_OPT_TLS_NEVER 0 -#endif - -#ifdef LDAP_OPT_X_TLS_HARD -#define APR_LDAP_OPT_TLS_HARD LDAP_OPT_X_TLS_HARD -#else -#define APR_LDAP_OPT_TLS_HARD 1 -#endif - -#ifdef LDAP_OPT_X_TLS_DEMAND -#define APR_LDAP_OPT_TLS_DEMAND LDAP_OPT_X_TLS_DEMAND -#else -#define APR_LDAP_OPT_TLS_DEMAND 2 -#endif - -#ifdef LDAP_OPT_X_TLS_ALLOW -#define APR_LDAP_OPT_TLS_ALLOW LDAP_OPT_X_TLS_ALLOW -#else -#define APR_LDAP_OPT_TLS_ALLOW 3 -#endif - -#ifdef LDAP_OPT_X_TLS_TRY -#define APR_LDAP_OPT_TLS_TRY LDAP_OPT_X_TLS_TRY -#else -#define APR_LDAP_OPT_TLS_TRY 4 -#endif - - -/** - * APR LDAP get option function - * - * This function gets option values from a given LDAP session if - * one was specified. It maps to the native ldap_get_option() function. - * @param pool The pool to use - * @param ldap The LDAP handle - * @param option The LDAP_OPT_* option to return - * @param outvalue The value returned (if any) - * @param result_err The apr_ldap_err_t structure contained detailed results - * of the operation. - */ -APU_DECLARE(int) apr_ldap_get_option(apr_pool_t *pool, - LDAP *ldap, - int option, - void *outvalue, - apr_ldap_err_t **result_err); - -/** - * APR LDAP set option function - * - * This function sets option values to a given LDAP session if - * one was specified. It maps to the native ldap_set_option() function. - * - * Where an option is not supported by an LDAP toolkit, this function - * will try and apply legacy functions to achieve the same effect, - * depending on the platform. - * @param pool The pool to use - * @param ldap The LDAP handle - * @param option The LDAP_OPT_* option to set - * @param invalue The value to set - * @param result_err The apr_ldap_err_t structure contained detailed results - * of the operation. - */ -APU_DECLARE(int) apr_ldap_set_option(apr_pool_t *pool, - LDAP *ldap, - int option, - const void *invalue, - apr_ldap_err_t **result_err); - -#endif /* APR_HAS_LDAP */ - -/** @} */ - -#endif /* APR_LDAP_OPTION_H */ - diff --git a/ldap/apr_ldap_init.c b/ldap/apr_ldap_init.c index e8555c6e..b4079dec 100644 --- a/ldap/apr_ldap_init.c +++ b/ldap/apr_ldap_init.c @@ -298,16 +298,6 @@ APU_DECLARE(int) apr_ldap_ssl_deinit(void) { * to hide the complexity setup from the user. This function * assumes that any certificate setup necessary has already * been done. - * - * If SSL or STARTTLS needs to be enabled, and the underlying - * toolkit supports it, the following values are accepted for - * secure: - * - * APR_LDAP_OPT_TLS_NEVER: No encryption - * APR_LDAP_OPT_TLS_HARD: SSL encryption (ldaps://) - * APR_LDAP_OPT_TLS_DEMAND: Force STARTTLS on ldap:// - * APR_LDAP_OPT_TLS_ALLOW: Allow STARTTLS on ldap:// - * APR_LDAP_OPT_TLS_TRY: Optionally try STARTLS on ldap:// */ APU_DECLARE(int) apr_ldap_init(apr_pool_t *pool, LDAP **ldap, @@ -343,20 +333,19 @@ APU_DECLARE(int) apr_ldap_init(apr_pool_t *pool, #ifdef LDAP_OPT_X_TLS *ldap = ldap_init(hostname, portno); if (NULL != *ldap) { - int SSLmode = secure; + int SSLmode = LDAP_OPT_X_TLS_HARD; result->rc = ldap_set_option(*ldap, LDAP_OPT_X_TLS, &SSLmode); if (LDAP_SUCCESS != result->rc) { ldap_unbind_s(*ldap); - result->reason = "LDAP: ldap_set_option failed, " - "could not set security mode for " - "apr_ldap_init()"; + result->reason = "LDAP: ldap_set_option - " + "LDAP_OPT_X_TLS_HARD failed"; result->msg = ldap_err2string(result->rc); *ldap = NULL; return APR_EGENERAL; } } #else - result->reason = "LDAP: SSL/TLS not yet supported by APR on this " + result->reason = "LDAP: SSL not yet supported by APR on this " "version of the OpenLDAP toolkit"; return APR_ENOTIMPL; #endif @@ -364,46 +353,13 @@ APU_DECLARE(int) apr_ldap_init(apr_pool_t *pool, /* microsoft toolkit */ else if (!strcmp(LDAP_VENDOR_NAME, APR_LDAP_VENDOR_MICROSOFT)) { - if (APR_LDAP_OPT_TLS_HARD == secure) { #if APR_HAS_LDAP_SSLINIT - *ldap = ldap_sslinit((char *)hostname, portno, 1); -#else - result->reason = "LDAP: ldap_sslinit() not yet supported by APR on " - "this version of the Microsoft toolkit"; - return APR_ENOTIMPL; -#endif - } - else { -#if APR_HAS_LDAP_START_TLS_S - if (APR_LDAP_OPT_TLS_DEMAND == secure) { - *ldap = ldap_init(hostname, portno); - if (NULL != *ldap) { - result->rc = ldap_start_tls_s(*ldap, NULL, NULL, NULL, NULL); - if (LDAP_SUCCESS != result->rc) { - ldap_unbind_s(*ldap); - result->reason = "LDAP: ldap_start_tls_s() failed, " - "could not set STARTTLS mode for " - "apr_ldap_init()"; - result->msg = ldap_err2string(result->rc); - *ldap = NULL; - return APR_EGENERAL; - } - } - } - else { - result->reason = "LDAP: APR_LDAP_OPT_TLS_ALLOW and " - "APR_LDAP_OPT_TLS_TRY are not supported " - "by APR on this version of the Microsoft " - "toolkit. Use APR_LDAP_OPT_TLS_DEMAND " - "instead to enable STARTTLS"; - return APR_ENOTIMPL; - } + *ldap = ldap_sslinit((char *)hostname, portno, 1); #else - result->reason = "LDAP: ldap_start_tls_s() not yet supported " - "by APR on this version of the Microsoft toolkit"; - return APR_ENOTIMPL; + result->reason = "LDAP: SSL not yet supported by APR on " + "this version of the Microsoft toolkit"; + return APR_ENOTIMPL; #endif - } } /* sun toolkit */ diff --git a/ldap/apr_ldap_option.c b/ldap/apr_ldap_option.c deleted file mode 100644 index a0aec2d9..00000000 --- a/ldap/apr_ldap_option.c +++ /dev/null @@ -1,103 +0,0 @@ -/* Copyright 2000-2004 The Apache Software Foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* apr_ldap_option.c -- LDAP options - * - * The LDAP SDK allows the getting and setting of options on an LDAP - * connection. - * - */ - -#include <apu.h> -#include <apr_ldap.h> -#include <apr_errno.h> -#include <apr_pools.h> -#include <apr_strings.h> - -#if APR_HAS_LDAP - -/** - * APR LDAP get option function - * - * This function gets option values from a given LDAP session if - * one was specified. - */ -APU_DECLARE(int) apr_ldap_get_option(apr_pool_t *pool, - LDAP *ldap, - int option, - void *outvalue, - apr_ldap_err_t **result_err) { - - apr_ldap_err_t *result; - - result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); - *result_err = result; - if (!result) { - return APR_ENOMEM; - } - - /* get the option specified using the native LDAP function */ - result->rc = ldap_get_option(ldap, option, outvalue); - - /* handle the error case */ - if (LDAP_SUCCESS != result->rc) { - result->msg = ldap_err2string(result-> rc); - result->reason = apr_pstrdup (pool, "LDAP: Could not get an option"); - return APR_EGENERAL; - } - - return APR_SUCCESS; - -} - -/** - * APR LDAP set option function - * - * This function sets option values to a given LDAP session if - * one was specified. - * - * Where an option is not supported by an LDAP toolkit, this function - * will try and apply legacy functions to achieve the same effect, - * depending on the platform. - */ -APU_DECLARE(int) apr_ldap_set_option(apr_pool_t *pool, - LDAP *ldap, - int option, - const void *invalue, - apr_ldap_err_t **result_err) { - - apr_ldap_err_t *result; - - result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); - *result_err = result; - if (!result) { - return APR_ENOMEM; - } - - /* set the option specified using the native LDAP function */ - result->rc = ldap_set_option(ldap, option, (void *)invalue); - - /* handle the error case */ - if (LDAP_SUCCESS != result->rc) { - result->msg = ldap_err2string(result-> rc); - result->reason = apr_pstrdup (pool, "LDAP: Could not get an option"); - return APR_EGENERAL; - } - - return APR_SUCCESS; - -} - -#endif /* APR_HAS_LDAP */ diff --git a/libaprutil.dsp b/libaprutil.dsp index fc06e3c7..ace7decc 100644 --- a/libaprutil.dsp +++ b/libaprutil.dsp @@ -217,10 +217,6 @@ SOURCE=.\ldap\apr_ldap_init.c SOURCE=.\ldap\apr_ldap_url.c # End Source File -# Begin Source File - -SOURCE=.\ldap\apr_ldap_option.c -# End Source File # End Group # Begin Group "misc" |