diff options
Diffstat (limited to 'ldap')
-rw-r--r-- | ldap/NWGNUmakefile | 263 | ||||
-rw-r--r-- | ldap/apr_ldap.dsp | 227 | ||||
-rw-r--r-- | ldap/apr_ldap_init.c | 219 | ||||
-rw-r--r-- | ldap/apr_ldap_option.c | 652 | ||||
-rw-r--r-- | ldap/apr_ldap_rebind.c | 351 | ||||
-rw-r--r-- | ldap/apr_ldap_stub.c | 145 | ||||
-rw-r--r-- | ldap/apr_ldap_url.c | 694 |
7 files changed, 0 insertions, 2551 deletions
diff --git a/ldap/NWGNUmakefile b/ldap/NWGNUmakefile deleted file mode 100644 index 967a9f1f..00000000 --- a/ldap/NWGNUmakefile +++ /dev/null @@ -1,263 +0,0 @@ -# -# Declare the sub-directories to be built here -# - -SUBDIRS = \ - $(EOLIST) - -# -# Get the 'head' of the build environment. This includes default targets and -# paths to tools -# - -include $(APR_WORK)\build\NWGNUhead.inc - -# -# build this level's files - -# -# Make sure all needed macro's are defined -# - -# -# These directories will be at the beginning of the include list, followed by -# INCDIRS -# -XINCDIRS += \ - $(APR)/include \ - $(APR)/include/arch/NetWare \ - $(APRUTIL)/include \ - $(APRUTIL)/include/private \ - $(LDAPSDK)/inc \ - $(EOLIST) - -# -# These flags will come after CFLAGS -# -XCFLAGS += \ - $(EOLIST) - -# -# These defines will come after DEFINES -# -XDEFINES += \ - $(EOLIST) - -# -#LDAP client requires the use of Winsock -# -ifdef USE_STDSOCKETS -XDEFINES += -DUSE_WINSOCK \ - $(EOLIST) -endif - -# -# These flags will be added to the link.opt file -# -XLFLAGS += \ - $(EOLIST) - -# -# These values will be appended to the correct variables based on the value of -# RELEASE -# -ifeq "$(RELEASE)" "debug" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "noopt" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "release" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -# -# These are used by the link target if an NLM is being generated -# This is used by the link 'name' directive to name the nlm. If left blank -# TARGET_nlm (see below) will be used. -# -NLM_NAME = - -# -# This is used by the link '-desc ' directive. -# If left blank, NLM_NAME will be used. -# -NLM_DESCRIPTION = - -# -# This is used by the '-threadname' directive. If left blank, -# NLM_NAME Thread will be used. -# -NLM_THREAD_NAME = -# -# If this is specified, it will override VERSION value in -# $(APR_WORK)\build\NWGNUenvironment.inc -# -NLM_VERSION = - -# -# If this is specified, it will override the default of 64K -# -NLM_STACK_SIZE = - -# -# If this is specified it will be used by the link '-entry' directive -# -NLM_ENTRY_SYM = - -# -# If this is specified it will be used by the link '-exit' directive -# -NLM_EXIT_SYM = - -# -# If this is specified it will be used by the link '-check' directive -# -NLM_CHECK_SYM = - -# -# If this is specified it will be used by the link '-flags' directive -# -NLM_FLAGS = - -# -# If this is specified it will be linked in with the XDCData option in the def -# file instead of the default of $(APR)/misc/netware/apache.xdc. XDCData can -# be disabled by setting APACHE_UNIPROC in the environment -# -XDCDATA = - -# -# Declare all target files (you must add your files here) -# - -# -# If there is an NLM target, put it here -# -TARGET_nlm = \ - $(EOLIST) - -# -# If there is an LIB target, put it here -# -TARGET_lib = \ - $(OBJDIR)/apuldap.lib \ - $(EOLIST) - -# -# These are the OBJ files needed to create the NLM target above. -# Paths must all use the '/' character -# -FILES_nlm_objs = \ - $(EOLIST) - -# -# These are the LIB files needed to create the NLM target above. -# These will be added as a library command in the link.opt file. -# -FILES_nlm_libs = \ - $(EOLIST) - -# -# These are the modules that the above NLM target depends on to load. -# These will be added as a module command in the link.opt file. -# -FILES_nlm_modules = \ - $(EOLIST) - -# -# If the nlm has a msg file, put it's path here -# -FILE_nlm_msg = - -# -# If the nlm has a hlp file put it's path here -# -FILE_nlm_hlp = - -# -# If this is specified, it will override the default copyright. -# -FILE_nlm_copyright = - -# -# Any additional imports go here -# -FILES_nlm_Ximports = \ - $(EOLIST) - -# -# Any symbols exported to here -# -FILES_nlm_exports = \ - $(EOLIST) - -# -# These are the OBJ files needed to create the LIB target above. -# Paths must all use the '/' character -# -FILES_lib_objs = \ - $(OBJDIR)/apr_ldap_init.o \ - $(OBJDIR)/apr_ldap_option.o \ - $(OBJDIR)/apr_ldap_url.o \ - $(OBJDIR)/apr_ldap_rebind.o \ - $(OBJDIR)/apr_ldap_stub.o \ - $(EOLIST) - -# -# implement targets and dependancies (leave this section alone) -# - -libs :: $(OBJDIR) $(TARGET_lib) - -nlms :: libs $(TARGET_nlm) - -# -# Updated this target to create necessary directories and copy files to the -# correct place. (See $(APR_WORK)\build\NWGNUhead.inc for examples) -# -install :: nlms FORCE - -# -# Any specialized rules here -# - -# -# Include the 'tail' makefile that has targets that depend on variables defined -# in this makefile -# - -include $(APR_WORK)\build\NWGNUtail.inc - diff --git a/ldap/apr_ldap.dsp b/ldap/apr_ldap.dsp deleted file mode 100644 index 095e3af5..00000000 --- a/ldap/apr_ldap.dsp +++ /dev/null @@ -1,227 +0,0 @@ -# Microsoft Developer Studio Project File - Name="apr_ldap" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 - -CFG=apr_ldap - Win32 Release -!MESSAGE This is not a valid makefile. To build this project using NMAKE, -!MESSAGE use the Export Makefile command and run -!MESSAGE -!MESSAGE NMAKE /f "apr_ldap.mak". -!MESSAGE -!MESSAGE You can specify a configuration when running NMAKE -!MESSAGE by defining the macro CFG on the command line. For example: -!MESSAGE -!MESSAGE NMAKE /f "apr_ldap.mak" CFG="apr_ldap - Win32 Release" -!MESSAGE -!MESSAGE Possible choices for configuration are: -!MESSAGE -!MESSAGE "apr_ldap - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "apr_ldap - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "apr_ldap - x64 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "apr_ldap - x64 Debug" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE - -# Begin Project -# PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName "" -# PROP Scc_LocalPath "" -CPP=cl.exe -MTL=midl.exe -RSC=rc.exe - -!IF "$(CFG)" == "apr_ldap - Win32 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "Release" -# PROP BASE Intermediate_Dir "Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "Release" -# PROP Intermediate_Dir "Release" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /Zi /O2 /Oy- /I "../include" /I "../../apr/include" /I "../include/private" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fo"$(INTDIR)\" /Fd"$(INTDIR)\apr_ldap_src" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /fo"Release/apr_ldap-1.res" /d DLL_NAME="apr_ldap" /d "NDEBUG" /d "APU_VERSION_ONLY" /I "../include" /I "../../apr/include" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib ole32.lib /nologo /base:"0x6EEB0000" /subsystem:windows /dll /incremental:no /debug /opt:ref -# ADD LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib ole32.lib /nologo /base:"0x6EEB0000" /subsystem:windows /dll /incremental:no /debug /out:"Release\apr_ldap-1.dll" /pdb:"Release\apr_ldap-1.pdb" /implib:"Release\apr_ldap-1.lib" /MACHINE:X86 /opt:ref -# Begin Special Build Tool -TargetPath=Release\apr_ldap-1.dll -SOURCE="$(InputPath)" -PostBuild_Desc=Embed .manifest -PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2 -# End Special Build Tool - -!ELSEIF "$(CFG)" == "apr_ldap - Win32 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "Debug" -# PROP BASE Intermediate_Dir "Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "Debug" -# PROP Intermediate_Dir "Debug" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MDd /W3 /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /EHsc /c -# ADD CPP /nologo /MDd /W3 /Zi /Od /I "../include" /I "../../apr/include" /I "../include/private" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fo"$(INTDIR)\" /Fd"$(INTDIR)\apr_ldap_src" /FD /EHsc /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /fo"Debug/apr_ldap-1.res" /d DLL_NAME="apr_ldap" /d "_DEBUG" /d "APU_VERSION_ONLY" /I "../include" /I "../../apr/include" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib ole32.lib /nologo /base:"0x6EEB0000" /subsystem:windows /dll /incremental:no /debug -# ADD LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib ole32.lib /nologo /base:"0x6EEB0000" /subsystem:windows /dll /incremental:no /debug /out:"Debug\apr_ldap-1.dll" /pdb:"Debug\apr_ldap-1.pdb" /implib:"Debug\apr_ldap-1.lib" /MACHINE:X86 -# Begin Special Build Tool -TargetPath=Debug\apr_ldap-1.dll -SOURCE="$(InputPath)" -PostBuild_Desc=Embed .manifest -PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2 -# End Special Build Tool - -!ELSEIF "$(CFG)" == "apr_ldap - x64 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "x64\Release" -# PROP BASE Intermediate_Dir "x64\Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "x64\Release" -# PROP Intermediate_Dir "x64\Release" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /Zi /O2 /Oy- /I "../include" /I "../../apr/include" /I "../include/private" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fo"$(INTDIR)\" /Fd"$(INTDIR)\apr_ldap_src" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /fo"x64/Release/apr_ldap-1.res" /d DLL_NAME="apr_ldap" /d "NDEBUG" /d "APU_VERSION_ONLY" /I "../include" /I "../../apr/include" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib ole32.lib /nologo /base:"0x6EEB0000" /subsystem:windows /dll /incremental:no /debug /opt:ref -# ADD LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib ole32.lib /nologo /base:"0x6EEB0000" /subsystem:windows /dll /incremental:no /debug /out:"x64\Release\apr_ldap-1.dll" /pdb:"x64\Release\apr_ldap-1.pdb" /implib:"x64\Release\apr_ldap-1.lib" /MACHINE:X64 /opt:ref -# Begin Special Build Tool -TargetPath=x64\Release\apr_ldap-1.dll -SOURCE="$(InputPath)" -PostBuild_Desc=Embed .manifest -PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2 -# End Special Build Tool - -!ELSEIF "$(CFG)" == "apr_ldap - x64 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "x64\Debug" -# PROP BASE Intermediate_Dir "x64\Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "x64\Debug" -# PROP Intermediate_Dir "x64\Debug" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MDd /W3 /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /EHsc /c -# ADD CPP /nologo /MDd /W3 /Zi /Od /I "../include" /I "../../apr/include" /I "../include/private" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fo"$(INTDIR)\" /Fd"$(INTDIR)\apr_ldap_src" /FD /EHsc /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /fo"x64/Debug/apr_ldap-1.res" /d DLL_NAME="apr_ldap" /d "_DEBUG" /d "APU_VERSION_ONLY" /I "../include" /I "../../apr/include" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib ole32.lib /nologo /base:"0x6EEB0000" /subsystem:windows /dll /incremental:no /debug -# ADD LINK32 kernel32.lib advapi32.lib ws2_32.lib mswsock.lib wldap32.lib ole32.lib /nologo /base:"0x6EEB0000" /subsystem:windows /dll /incremental:no /debug /out:"x64\Debug\apr_ldap-1.dll" /pdb:"x64\Debug\apr_ldap-1.pdb" /implib:"x64\Debug\apr_ldap-1.lib" /MACHINE:X64 -# Begin Special Build Tool -TargetPath=x64\Debug\apr_ldap-1.dll -SOURCE="$(InputPath)" -PostBuild_Desc=Embed .manifest -PostBuild_Cmds=if exist $(TargetPath).manifest mt.exe -manifest $(TargetPath).manifest -outputresource:$(TargetPath);2 -# End Special Build Tool - -!ENDIF - -# Begin Target - -# Name "apr_ldap - Win32 Release" -# Name "apr_ldap - Win32 Debug" -# Name "apr_ldap - x64 Release" -# Name "apr_ldap - x64 Debug" -# Begin Group "Source Files" - -# PROP Default_Filter "" -# Begin Source File - -SOURCE=.\apr_ldap_init.c -# End Source File -# Begin Source File - -SOURCE=.\apr_ldap_option.c -# End Source File -# Begin Source File - -SOURCE=.\apr_ldap_rebind.c -# End Source File -# End Group -# Begin Group "Public Header Files" - -# PROP Default_Filter "" -# Begin Source File - -SOURCE=..\include\apr_ldap.h -# End Source File -# Begin Source File - -SOURCE=..\include\apr_ldap_init.h -# End Source File -# Begin Source File - -SOURCE=..\include\apr_ldap_option.h -# End Source File -# Begin Source File - -SOURCE=..\include\apr_ldap_rebind.h -# End Source File -# Begin Source File - -SOURCE=..\include\apr_ldap_url.h -# End Source File -# End Group -# Begin Group "Internal Header Files" - -# PROP Default_Filter "" -# Begin Source File - -SOURCE=..\include\private\apu_config.h -# End Source File -# Begin Source File - -SOURCE=..\include\private\apu_internal.h -# End Source File -# End Group -# Begin Source File - -SOURCE=..\libaprutil.rc -# End Source File -# End Target -# End Project diff --git a/ldap/apr_ldap_init.c b/ldap/apr_ldap_init.c deleted file mode 100644 index 458f281b..00000000 --- a/ldap/apr_ldap_init.c +++ /dev/null @@ -1,219 +0,0 @@ -/* Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * apr_ldap_init.c: LDAP v2/v3 common initialise - * - * Original code from auth_ldap module for Apache v1.3: - * Copyright 1998, 1999 Enbridge Pipelines Inc. - * Copyright 1999-2001 Dave Carrigan - */ - -#include "apr.h" -#include "apu.h" -#include "apu_config.h" - -#if APU_DSO_BUILD -#define APU_DSO_LDAP_BUILD -#endif - -#include "apr_ldap.h" -#include "apu_internal.h" -#include "apr_errno.h" -#include "apr_pools.h" -#include "apr_strings.h" - -#if APR_HAS_LDAP - -/** - * APR LDAP SSL Initialise function - * - * This function initialises SSL on the underlying LDAP toolkit - * if this is necessary. - * - * If a CA certificate is provided, this is set, however the setting - * of certificates via this method has been deprecated and will be removed in - * APR v2.0. - * - * The apr_ldap_set_option() function with the APR_LDAP_OPT_TLS_CERT option - * should be used instead to set certificates. - * - * If SSL support is not available on this platform, or a problem - * was encountered while trying to set the certificate, the function - * will return APR_EGENERAL. Further LDAP specific error information - * can be found in result_err. - */ -APU_DECLARE_LDAP(int) apr_ldap_ssl_init(apr_pool_t *pool, - const char *cert_auth_file, - int cert_file_type, - apr_ldap_err_t **result_err) -{ - - apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); - *result_err = result; - -#if APR_HAS_LDAP_SSL /* compiled with ssl support */ - - /* Novell */ -#if APR_HAS_NOVELL_LDAPSDK - ldapssl_client_init(NULL, NULL); -#endif - - /* if a certificate was specified, set it */ - if (cert_auth_file) { - apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t *)apr_pcalloc(pool, sizeof(apr_ldap_opt_tls_cert_t)); - cert->type = cert_file_type; - cert->path = cert_auth_file; - return apr_ldap_set_option(pool, NULL, APR_LDAP_OPT_TLS_CERT, (void *)cert, result_err); - } - -#else /* not compiled with SSL Support */ - if (cert_auth_file) { - result->reason = "LDAP: Attempt to set certificate store failed. " - "Not built with SSL support"; - result->rc = -1; - } -#endif /* APR_HAS_LDAP_SSL */ - - if (result->rc != -1) { - result->msg = ldap_err2string(result->rc); - } - - if (LDAP_SUCCESS != result->rc) { - return APR_EGENERAL; - } - - return APR_SUCCESS; - -} - - -/** - * APR LDAP SSL De-Initialise function - * - * This function tears down any SSL certificate setup previously - * set using apr_ldap_ssl_init(). It should be called to clean - * up if a graceful restart of a service is attempted. - * - * This function only does anything on Netware. - * - * @todo currently we do not check whether apr_ldap_ssl_init() - * has been called first - should we? - */ -APU_DECLARE_LDAP(int) apr_ldap_ssl_deinit(void) -{ - -#if APR_HAS_LDAP_SSL && APR_HAS_LDAPSSL_CLIENT_DEINIT - ldapssl_client_deinit(); -#endif - return APR_SUCCESS; - -} - - -/** - * APR LDAP initialise function - * - * This function is responsible for initialising an LDAP - * connection in a toolkit independant way. It does the - * job of ldap_init() from the C api. - * - * It handles both the SSL and non-SSL case, and attempts - * to hide the complexity setup from the user. This function - * assumes that any certificate setup necessary has already - * been done. - * - * If SSL or STARTTLS needs to be enabled, and the underlying - * toolkit supports it, the following values are accepted for - * secure: - * - * APR_LDAP_NONE: No encryption - * APR_LDAP_SSL: SSL encryption (ldaps://) - * APR_LDAP_STARTTLS: Force STARTTLS on ldap:// - */ -APU_DECLARE_LDAP(int) apr_ldap_init(apr_pool_t *pool, - LDAP **ldap, - const char *hostname, - int portno, - int secure, - apr_ldap_err_t **result_err) -{ - - apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); - *result_err = result; - -#if APR_HAS_LDAPSSL_INIT - *ldap = ldapssl_init(hostname, portno, 0); -#elif APR_HAS_LDAP_SSLINIT - *ldap = ldap_sslinit((char *)hostname, portno, 0); -#else - *ldap = ldap_init((char *)hostname, portno); -#endif - if (*ldap != NULL) { - return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err); - } - else { - /* handle the error case */ - apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); - *result_err = result; - - result->reason = "APR LDAP: Unable to initialize the LDAP connection"; - result->rc = -1; - return APR_EGENERAL; - } - -} - - -/** - * APR LDAP info function - * - * This function returns a string describing the LDAP toolkit - * currently in use. The string is placed inside result_err->reason. - */ -APU_DECLARE_LDAP(int) apr_ldap_info(apr_pool_t *pool, - apr_ldap_err_t **result_err) -{ - apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); - *result_err = result; - - result->reason = "APR LDAP: Built with " - LDAP_VENDOR_NAME - " LDAP SDK"; - return APR_SUCCESS; - -} - -#if APU_DSO_BUILD - -/* For DSO builds, export the table of entry points into the apr_ldap DSO - * See include/private/apu_internal.h for the corresponding declarations - */ -APU_MODULE_DECLARE_DATA struct apr__ldap_dso_fntable apr__ldap_fns = { - apr_ldap_info, - apr_ldap_init, - apr_ldap_ssl_init, - apr_ldap_ssl_deinit, - apr_ldap_get_option, - apr_ldap_set_option, - apr_ldap_rebind_init, - apr_ldap_rebind_add, - apr_ldap_rebind_remove -}; - -#endif /* APU_DSO_BUILD */ - -#endif /* APR_HAS_LDAP */ diff --git a/ldap/apr_ldap_option.c b/ldap/apr_ldap_option.c deleted file mode 100644 index 0c055b4e..00000000 --- a/ldap/apr_ldap_option.c +++ /dev/null @@ -1,652 +0,0 @@ -/* Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* apr_ldap_option.c -- LDAP options - * - * The LDAP SDK allows the getting and setting of options on an LDAP - * connection. - * - */ - -#include "apr.h" -#include "apu.h" -#include "apu_config.h" - -#if APU_DSO_BUILD -#define APU_DSO_LDAP_BUILD -#endif - -#include "apr_ldap.h" -#include "apr_errno.h" -#include "apr_pools.h" -#include "apr_strings.h" -#include "apr_tables.h" - -#if APR_HAS_LDAP - -static void option_set_cert(apr_pool_t *pool, LDAP *ldap, const void *invalue, - apr_ldap_err_t *result); -static void option_set_tls(apr_pool_t *pool, LDAP *ldap, const void *invalue, - apr_ldap_err_t *result); - -/** - * APR LDAP get option function - * - * This function gets option values from a given LDAP session if - * one was specified. - */ -APU_DECLARE_LDAP(int) apr_ldap_get_option(apr_pool_t *pool, - LDAP *ldap, - int option, - void *outvalue, - apr_ldap_err_t **result_err) -{ - apr_ldap_err_t *result; - - result = apr_pcalloc(pool, sizeof(apr_ldap_err_t)); - *result_err = result; - if (!result) { - return APR_ENOMEM; - } - - /* get the option specified using the native LDAP function */ - result->rc = ldap_get_option(ldap, option, outvalue); - - /* handle the error case */ - if (result->rc != LDAP_SUCCESS) { - result->msg = ldap_err2string(result-> rc); - result->reason = apr_pstrdup(pool, "LDAP: Could not get an option"); - return APR_EGENERAL; - } - - return APR_SUCCESS; - -} - -/** - * APR LDAP set option function - * - * This function sets option values to a given LDAP session if - * one was specified. - * - * Where an option is not supported by an LDAP toolkit, this function - * will try and apply legacy functions to achieve the same effect, - * depending on the platform. - */ -APU_DECLARE_LDAP(int) apr_ldap_set_option(apr_pool_t *pool, - LDAP *ldap, - int option, - const void *invalue, - apr_ldap_err_t **result_err) -{ - apr_ldap_err_t *result; - - result = apr_pcalloc(pool, sizeof(apr_ldap_err_t)); - *result_err = result; - if (!result) { - return APR_ENOMEM; - } - - switch (option) { - case APR_LDAP_OPT_TLS_CERT: - option_set_cert(pool, ldap, invalue, result); - break; - - case APR_LDAP_OPT_TLS: - option_set_tls(pool, ldap, invalue, result); - break; - - case APR_LDAP_OPT_VERIFY_CERT: -#if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK - result->reason = "LDAP: Verify certificate not yet supported by APR on the " - "Netscape, Solaris or Mozilla LDAP SDKs"; - result->rc = -1; - return APR_EGENERAL; -#endif -#if APR_HAS_NOVELL_LDAPSDK - if (*((int*)invalue)) { - result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_SERVER); - } - else { - result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE); - } -#endif -#if APR_HAS_OPENLDAP_LDAPSDK -#ifdef LDAP_OPT_X_TLS - /* This is not a per-connection setting so just pass NULL for the - Ldap connection handle */ - if (*((int*)invalue)) { - int i = LDAP_OPT_X_TLS_DEMAND; - result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i); - } - else { - int i = LDAP_OPT_X_TLS_NEVER; - result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i); - } -#else - result->reason = "LDAP: SSL/TLS not yet supported by APR on this " - "version of the OpenLDAP toolkit"; - result->rc = -1; - return APR_EGENERAL; -#endif -#endif - - /* handle the error case */ - if (result->rc != LDAP_SUCCESS) { - result->msg = ldap_err2string(result->rc); - result->reason = "LDAP: Could not set verify mode"; - } - break; - - case APR_LDAP_OPT_REFERRALS: - /* Setting this option is supported on at least TIVOLI_SDK and OpenLDAP. Folks - * who know the NOVELL, NETSCAPE, MOZILLA, and SOLARIS SDKs should note here if - * the SDK at least tolerates this option being set, or add an elif to handle - * special cases (i.e. different LDAP_OPT_X value). - */ - result->rc = ldap_set_option(ldap, LDAP_OPT_REFERRALS, (void *)invalue); - - if (result->rc != LDAP_SUCCESS) { - result->reason = "Unable to set LDAP_OPT_REFERRALS."; - return(result->rc); - } - break; - - case APR_LDAP_OPT_REFHOPLIMIT: -#if !defined(LDAP_OPT_REFHOPLIMIT) || APR_HAS_NOVELL_LDAPSDK - /* If the LDAP_OPT_REFHOPLIMIT symbol is missing, assume that the - * particular LDAP library has a reasonable default. So far certain - * versions of the OpenLDAP SDK miss this symbol (but default to 5), - * and the Microsoft SDK misses the symbol (the default is not known). - */ - result->rc = LDAP_SUCCESS; -#else - /* Setting this option is supported on at least TIVOLI_SDK. Folks who know - * the NOVELL, NETSCAPE, MOZILLA, and SOLARIS SDKs should note here if - * the SDK at least tolerates this option being set, or add an elif to handle - * special cases so an error isn't returned if there is a perfectly good - * default value that just can't be changed (like openLDAP). - */ - result->rc = ldap_set_option(ldap, LDAP_OPT_REFHOPLIMIT, (void *)invalue); -#endif - - if (result->rc != LDAP_SUCCESS) { - result->reason = "Unable to set LDAP_OPT_REFHOPLIMIT."; - return(result->rc); - } - break; - - default: - /* set the option specified using the native LDAP function */ - result->rc = ldap_set_option(ldap, option, (void *)invalue); - - /* handle the error case */ - if (result->rc != LDAP_SUCCESS) { - result->msg = ldap_err2string(result->rc); - result->reason = "LDAP: Could not set an option"; - } - break; - } - - /* handle the error case */ - if (result->rc != LDAP_SUCCESS) { - return APR_EGENERAL; - } - - return APR_SUCCESS; - -} - -/** - * Handle APR_LDAP_OPT_TLS - * - * This function sets the type of TLS to be applied to this connection. - * The options are: - * APR_LDAP_NONE: no encryption - * APR_LDAP_SSL: SSL encryption (ldaps://) - * APR_LDAP_STARTTLS: STARTTLS encryption - * APR_LDAP_STOPTLS: Stop existing TLS connecttion - */ -static void option_set_tls(apr_pool_t *pool, LDAP *ldap, const void *invalue, - apr_ldap_err_t *result) -{ -#if APR_HAS_LDAP_SSL /* compiled with ssl support */ - - int tls = * (const int *)invalue; - - /* Netscape/Mozilla/Solaris SDK */ -#if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK -#if APR_HAS_LDAPSSL_INSTALL_ROUTINES - if (tls == APR_LDAP_SSL) { - result->rc = ldapssl_install_routines(ldap); -#ifdef LDAP_OPT_SSL - /* apparently Netscape and Mozilla need this too, Solaris doesn't */ - if (result->rc == LDAP_SUCCESS) { - result->rc = ldap_set_option(ldap, LDAP_OPT_SSL, LDAP_OPT_ON); - } -#endif - if (result->rc != LDAP_SUCCESS) { - result->msg = ldap_err2string(result->rc); - result->reason = "LDAP: Could not switch SSL on for this " - "connection."; - } - } - else if (tls == APR_LDAP_STARTTLS) { - result->reason = "LDAP: STARTTLS is not supported by the " - "Netscape/Mozilla/Solaris SDK"; - result->rc = -1; - } - else if (tls == APR_LDAP_STOPTLS) { - result->reason = "LDAP: STOPTLS is not supported by the " - "Netscape/Mozilla/Solaris SDK"; - result->rc = -1; - } -#else - if (tls != APR_LDAP_NONE) { - result->reason = "LDAP: SSL/TLS is not supported by this version " - "of the Netscape/Mozilla/Solaris SDK"; - result->rc = -1; - } -#endif -#endif - - /* Novell SDK */ -#if APR_HAS_NOVELL_LDAPSDK - /* ldapssl_install_routines(ldap) - * Behavior is unpredictable when other LDAP functions are called - * between the ldap_init function and the ldapssl_install_routines - * function. - * - * STARTTLS is supported by the ldap_start_tls_s() method - */ - if (tls == APR_LDAP_SSL) { - result->rc = ldapssl_install_routines(ldap); - if (result->rc != LDAP_SUCCESS) { - result->msg = ldap_err2string(result->rc); - result->reason = "LDAP: Could not switch SSL on for this " - "connection."; - } - } - if (tls == APR_LDAP_STARTTLS) { - result->rc = ldapssl_start_tls(ldap); - if (result->rc != LDAP_SUCCESS) { - result->msg = ldap_err2string(result->rc); - result->reason = "LDAP: Could not start TLS on this connection"; - } - } - else if (tls == APR_LDAP_STOPTLS) { - result->rc = ldapssl_stop_tls(ldap); - if (result->rc != LDAP_SUCCESS) { - result->msg = ldap_err2string(result->rc); - result->reason = "LDAP: Could not stop TLS on this connection"; - } - } -#endif - - /* OpenLDAP SDK */ -#if APR_HAS_OPENLDAP_LDAPSDK -#ifdef LDAP_OPT_X_TLS - if (tls == APR_LDAP_SSL) { - int SSLmode = LDAP_OPT_X_TLS_HARD; - result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS, &SSLmode); - if (result->rc != LDAP_SUCCESS) { - result->reason = "LDAP: ldap_set_option failed. " - "Could not set LDAP_OPT_X_TLS to " - "LDAP_OPT_X_TLS_HARD"; - result->msg = ldap_err2string(result->rc); - } - } - else if (tls == APR_LDAP_STARTTLS) { - result->rc = ldap_start_tls_s(ldap, NULL, NULL); - if (result->rc != LDAP_SUCCESS) { - result->reason = "LDAP: ldap_start_tls_s() failed"; - result->msg = ldap_err2string(result->rc); - } - } - else if (tls == APR_LDAP_STOPTLS) { - result->reason = "LDAP: STOPTLS is not supported by the " - "OpenLDAP SDK"; - result->rc = -1; - } -#else - if (tls != APR_LDAP_NONE) { - result->reason = "LDAP: SSL/TLS not yet supported by APR on this " - "version of the OpenLDAP toolkit"; - result->rc = -1; - } -#endif -#endif - - /* Microsoft SDK */ -#if APR_HAS_MICROSOFT_LDAPSDK - if (tls == APR_LDAP_NONE) { - ULONG ul = (ULONG) LDAP_OPT_OFF; - result->rc = ldap_set_option(ldap, LDAP_OPT_SSL, &ul); - if (result->rc != LDAP_SUCCESS) { - result->reason = "LDAP: an attempt to set LDAP_OPT_SSL off " - "failed."; - result->msg = ldap_err2string(result->rc); - } - } - else if (tls == APR_LDAP_SSL) { - ULONG ul = (ULONG) LDAP_OPT_ON; - result->rc = ldap_set_option(ldap, LDAP_OPT_SSL, &ul); - if (result->rc != LDAP_SUCCESS) { - result->reason = "LDAP: an attempt to set LDAP_OPT_SSL on " - "failed."; - result->msg = ldap_err2string(result->rc); - } - } -#if APR_HAS_LDAP_START_TLS_S - else if (tls == APR_LDAP_STARTTLS) { - result->rc = ldap_start_tls_s(ldap, NULL, NULL, NULL, NULL); - if (result->rc != LDAP_SUCCESS) { - result->reason = "LDAP: ldap_start_tls_s() failed"; - result->msg = ldap_err2string(result->rc); - } - } - else if (tls == APR_LDAP_STOPTLS) { - result->rc = ldap_stop_tls_s(ldap); - if (result->rc != LDAP_SUCCESS) { - result->reason = "LDAP: ldap_stop_tls_s() failed"; - result->msg = ldap_err2string(result->rc); - } - } -#endif -#endif - -#if APR_HAS_OTHER_LDAPSDK - if (tls != APR_LDAP_NONE) { - result->reason = "LDAP: SSL/TLS is currently not supported by " - "APR on this LDAP SDK"; - result->rc = -1; - } -#endif - -#endif /* APR_HAS_LDAP_SSL */ - -} - -/** - * Handle APR_LDAP_OPT_TLS_CACERTFILE - * - * This function sets the CA certificate for further SSL/TLS connections. - * - * The file provided are in different formats depending on the toolkit used: - * - * Netscape: cert7.db file - * Novell: PEM or DER - * OpenLDAP: PEM (others supported?) - * Microsoft: unknown - * Solaris: unknown - */ -static void option_set_cert(apr_pool_t *pool, LDAP *ldap, - const void *invalue, apr_ldap_err_t *result) -{ -#if APR_HAS_LDAP_SSL -#if APR_HAS_LDAPSSL_CLIENT_INIT || APR_HAS_OPENLDAP_LDAPSDK - apr_array_header_t *certs = (apr_array_header_t *)invalue; - struct apr_ldap_opt_tls_cert_t *ents = (struct apr_ldap_opt_tls_cert_t *)certs->elts; - int i = 0; -#endif - - /* Netscape/Mozilla/Solaris SDK */ -#if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSDK -#if APR_HAS_LDAPSSL_CLIENT_INIT - const char *nickname = NULL; - const char *secmod = NULL; - const char *key3db = NULL; - const char *cert7db = NULL; - const char *password = NULL; - - /* set up cert7.db, key3.db and secmod parameters */ - for (i = 0; i < certs->nelts; i++) { - switch (ents[i].type) { - case APR_LDAP_CA_TYPE_CERT7_DB: - cert7db = ents[i].path; - break; - case APR_LDAP_CA_TYPE_SECMOD: - secmod = ents[i].path; - break; - case APR_LDAP_CERT_TYPE_KEY3_DB: - key3db = ents[i].path; - break; - case APR_LDAP_CERT_TYPE_NICKNAME: - nickname = ents[i].path; - password = ents[i].password; - break; - default: - result->rc = -1; - result->reason = "LDAP: The Netscape/Mozilla LDAP SDK only " - "understands the CERT7, KEY3 and SECMOD " - "file types."; - break; - } - if (result->rc != LDAP_SUCCESS) { - break; - } - } - - /* actually set the certificate parameters */ - if (result->rc == LDAP_SUCCESS) { - if (nickname) { - result->rc = ldapssl_enable_clientauth(ldap, "", - (char *)password, - (char *)nickname); - if (result->rc != LDAP_SUCCESS) { - result->reason = "LDAP: could not set client certificate: " - "ldapssl_enable_clientauth() failed."; - result->msg = ldap_err2string(result->rc); - } - } - else if (secmod) { - result->rc = ldapssl_advclientauth_init(cert7db, NULL, - key3db ? 1 : 0, key3db, NULL, - 1, secmod, LDAPSSL_AUTH_CNCHECK); - if (result->rc != LDAP_SUCCESS) { - result->reason = "LDAP: ldapssl_advclientauth_init() failed."; - result->msg = ldap_err2string(result->rc); - } - } - else if (key3db) { - result->rc = ldapssl_clientauth_init(cert7db, NULL, - 1, key3db, NULL); - if (result->rc != LDAP_SUCCESS) { - result->reason = "LDAP: ldapssl_clientauth_init() failed."; - result->msg = ldap_err2string(result->rc); - } - } - else { - result->rc = ldapssl_client_init(cert7db, NULL); - if (result->rc != LDAP_SUCCESS) { - result->reason = "LDAP: ldapssl_client_init() failed."; - result->msg = ldap_err2string(result->rc); - } - } - } -#else - result->reason = "LDAP: SSL/TLS ldapssl_client_init() function not " - "supported by this Netscape/Mozilla/Solaris SDK. " - "Certificate authority file not set"; - result->rc = -1; -#endif -#endif - - /* Novell SDK */ -#if APR_HAS_NOVELL_LDAPSDK -#if APR_HAS_LDAPSSL_CLIENT_INIT && APR_HAS_LDAPSSL_ADD_TRUSTED_CERT && APR_HAS_LDAPSSL_CLIENT_DEINIT - /* The Novell library cannot support per connection certificates. Error - * out if the ldap handle is provided. - */ - if (ldap) { - result->rc = -1; - result->reason = "LDAP: The Novell LDAP SDK cannot support the setting " - "of certificates or keys on a per connection basis."; - } - /* Novell's library needs to be initialised first */ - else { - result->rc = ldapssl_client_init(NULL, NULL); - if (result->rc != LDAP_SUCCESS) { - result->msg = ldap_err2string(result-> rc); - result->reason = apr_pstrdup(pool, "LDAP: Could not " - "initialize SSL"); - } - } - /* set one or more certificates */ - for (i = 0; LDAP_SUCCESS == result->rc && i < certs->nelts; i++) { - /* Novell SDK supports DER or BASE64 files. */ - switch (ents[i].type) { - case APR_LDAP_CA_TYPE_DER: - result->rc = ldapssl_add_trusted_cert((void *)ents[i].path, - LDAPSSL_CERT_FILETYPE_DER); - result->msg = ldap_err2string(result->rc); - break; - case APR_LDAP_CA_TYPE_BASE64: - result->rc = ldapssl_add_trusted_cert((void *)ents[i].path, - LDAPSSL_CERT_FILETYPE_B64); - result->msg = ldap_err2string(result->rc); - break; - case APR_LDAP_CERT_TYPE_DER: - result->rc = ldapssl_set_client_cert((void *)ents[i].path, - LDAPSSL_CERT_FILETYPE_DER, - (void*)ents[i].password); - result->msg = ldap_err2string(result->rc); - break; - case APR_LDAP_CERT_TYPE_BASE64: - result->rc = ldapssl_set_client_cert((void *)ents[i].path, - LDAPSSL_CERT_FILETYPE_B64, - (void*)ents[i].password); - result->msg = ldap_err2string(result->rc); - break; - case APR_LDAP_CERT_TYPE_PFX: - result->rc = ldapssl_set_client_cert((void *)ents[i].path, - LDAPSSL_FILETYPE_P12, - (void*)ents[i].password); - result->msg = ldap_err2string(result->rc); - break; - case APR_LDAP_KEY_TYPE_DER: - result->rc = ldapssl_set_client_private_key((void *)ents[i].path, - LDAPSSL_CERT_FILETYPE_DER, - (void*)ents[i].password); - result->msg = ldap_err2string(result->rc); - break; - case APR_LDAP_KEY_TYPE_BASE64: - result->rc = ldapssl_set_client_private_key((void *)ents[i].path, - LDAPSSL_CERT_FILETYPE_B64, - (void*)ents[i].password); - result->msg = ldap_err2string(result->rc); - break; - case APR_LDAP_KEY_TYPE_PFX: - result->rc = ldapssl_set_client_private_key((void *)ents[i].path, - LDAPSSL_FILETYPE_P12, - (void*)ents[i].password); - result->msg = ldap_err2string(result->rc); - break; - default: - result->rc = -1; - result->reason = "LDAP: The Novell LDAP SDK only understands the " - "DER and PEM (BASE64) file types."; - break; - } - if (result->rc != LDAP_SUCCESS) { - break; - } - } -#else - result->reason = "LDAP: ldapssl_client_init(), " - "ldapssl_add_trusted_cert() or " - "ldapssl_client_deinit() functions not supported " - "by this Novell SDK. Certificate authority file " - "not set"; - result->rc = -1; -#endif -#endif - - /* OpenLDAP SDK */ -#if APR_HAS_OPENLDAP_LDAPSDK -#ifdef LDAP_OPT_X_TLS_CACERTFILE - /* set one or more certificates */ - /* FIXME: make it support setting directories as well as files */ - for (i = 0; i < certs->nelts; i++) { - /* OpenLDAP SDK supports BASE64 files. */ - switch (ents[i].type) { - case APR_LDAP_CA_TYPE_BASE64: - result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS_CACERTFILE, - (void *)ents[i].path); - result->msg = ldap_err2string(result->rc); - break; - case APR_LDAP_CERT_TYPE_BASE64: - result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS_CERTFILE, - (void *)ents[i].path); - result->msg = ldap_err2string(result->rc); - break; - case APR_LDAP_KEY_TYPE_BASE64: - result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS_KEYFILE, - (void *)ents[i].path); - result->msg = ldap_err2string(result->rc); - break; -#ifdef LDAP_OPT_X_TLS_CACERTDIR - case APR_LDAP_CA_TYPE_CACERTDIR_BASE64: - result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS_CACERTDIR, - (void *)ents[i].path); - result->msg = ldap_err2string(result->rc); - break; -#endif - default: - result->rc = -1; - result->reason = "LDAP: The OpenLDAP SDK only understands the " - "PEM (BASE64) file type."; - break; - } - if (result->rc != LDAP_SUCCESS) { - break; - } - } -#else - result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not " - "defined by this OpenLDAP SDK. Certificate " - "authority file not set"; - result->rc = -1; -#endif -#endif - - /* Microsoft SDK */ -#if APR_HAS_MICROSOFT_LDAPSDK - /* Microsoft SDK use the registry certificate store - error out - * here with a message explaining this. */ - result->reason = "LDAP: CA certificates cannot be set using this method, " - "as they are stored in the registry instead."; - result->rc = -1; -#endif - - /* SDK not recognised */ -#if APR_HAS_OTHER_LDAPSDK - result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not " - "defined by this LDAP SDK. Certificate " - "authority file not set"; - result->rc = -1; -#endif - -#else /* not compiled with SSL Support */ - result->reason = "LDAP: Attempt to set certificate(s) failed. " - "Not built with SSL support"; - result->rc = -1; -#endif /* APR_HAS_LDAP_SSL */ - -} - -#endif /* APR_HAS_LDAP */ - diff --git a/ldap/apr_ldap_rebind.c b/ldap/apr_ldap_rebind.c deleted file mode 100644 index 4818d05c..00000000 --- a/ldap/apr_ldap_rebind.c +++ /dev/null @@ -1,351 +0,0 @@ -/* Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* apr_ldap_rebind.c -- LDAP rebind callbacks for referrals - * - * The LDAP SDK allows a callback to be set to enable rebinding - * for referral processing. - * - */ - -#include "apr.h" -#include "apu.h" -#include "apu_config.h" - -#if APU_DSO_BUILD -#define APU_DSO_LDAP_BUILD -#endif - -#include "apr_ldap.h" -#include "apr_errno.h" -#include "apr_strings.h" -#include "apr_ldap_rebind.h" - -#include "stdio.h" - -#if APR_HAS_LDAP - -/* Used to store information about connections for use in the referral rebind callback. */ -struct apr_ldap_rebind_entry { - apr_pool_t *pool; - LDAP *index; - const char *bindDN; - const char *bindPW; - struct apr_ldap_rebind_entry *next; -}; -typedef struct apr_ldap_rebind_entry apr_ldap_rebind_entry_t; - - -#ifdef NETWARE -#include "apr_private.h" -#define get_apd APP_DATA* apd = (APP_DATA*)get_app_data(gLibId); -#define apr_ldap_xref_lock ((apr_thread_mutex_t *)(apd->gs_ldap_xref_lock)) -#define xref_head ((apr_ldap_rebind_entry_t *)(apd->gs_xref_head)) -#else -#if APR_HAS_THREADS -static apr_thread_mutex_t *apr_ldap_xref_lock = NULL; -#endif -static apr_ldap_rebind_entry_t *xref_head = NULL; -#endif - -static int apr_ldap_rebind_set_callback(LDAP *ld); -static apr_status_t apr_ldap_rebind_remove_helper(void *data); - -/* APR utility routine used to create the xref_lock. */ -APU_DECLARE_LDAP(apr_status_t) apr_ldap_rebind_init(apr_pool_t *pool) -{ - apr_status_t retcode = APR_SUCCESS; - -#ifdef NETWARE - get_apd -#endif - -#if APR_HAS_THREADS - if (apr_ldap_xref_lock == NULL) { - retcode = apr_thread_mutex_create(&apr_ldap_xref_lock, APR_THREAD_MUTEX_DEFAULT, pool); - } -#endif - - return(retcode); -} - - -APU_DECLARE_LDAP(apr_status_t) apr_ldap_rebind_add(apr_pool_t *pool, - LDAP *ld, - const char *bindDN, - const char *bindPW) -{ - apr_status_t retcode = APR_SUCCESS; - apr_ldap_rebind_entry_t *new_xref; - -#ifdef NETWARE - get_apd -#endif - - new_xref = (apr_ldap_rebind_entry_t *)apr_pcalloc(pool, sizeof(apr_ldap_rebind_entry_t)); - if (new_xref) { - new_xref->pool = pool; - new_xref->index = ld; - if (bindDN) { - new_xref->bindDN = apr_pstrdup(pool, bindDN); - } - if (bindPW) { - new_xref->bindPW = apr_pstrdup(pool, bindPW); - } - -#if APR_HAS_THREADS - apr_thread_mutex_lock(apr_ldap_xref_lock); -#endif - - new_xref->next = xref_head; - xref_head = new_xref; - -#if APR_HAS_THREADS - apr_thread_mutex_unlock(apr_ldap_xref_lock); -#endif - } - else { - return(APR_ENOMEM); - } - - retcode = apr_ldap_rebind_set_callback(ld); - if (APR_SUCCESS != retcode) { - apr_ldap_rebind_remove(ld); - return retcode; - } - - apr_pool_cleanup_register(pool, ld, - apr_ldap_rebind_remove_helper, - apr_pool_cleanup_null); - - return(APR_SUCCESS); -} - - -APU_DECLARE_LDAP(apr_status_t) apr_ldap_rebind_remove(LDAP *ld) -{ - apr_ldap_rebind_entry_t *tmp_xref, *prev = NULL; - -#ifdef NETWARE - get_apd -#endif - -#if APR_HAS_THREADS - apr_thread_mutex_lock(apr_ldap_xref_lock); -#endif - tmp_xref = xref_head; - - while ((tmp_xref) && (tmp_xref->index != ld)) { - prev = tmp_xref; - tmp_xref = tmp_xref->next; - } - - if (tmp_xref) { - if (tmp_xref == xref_head) { - xref_head = xref_head->next; - } - else { - prev->next = tmp_xref->next; - } - - /* tmp_xref and its contents were pool allocated so they don't need to be freed here. */ - - /* remove the cleanup, just in case this was done manually */ - apr_pool_cleanup_kill(tmp_xref->pool, tmp_xref->index, - apr_ldap_rebind_remove_helper); - } - -#if APR_HAS_THREADS - apr_thread_mutex_unlock(apr_ldap_xref_lock); -#endif - return APR_SUCCESS; -} - - -static apr_status_t apr_ldap_rebind_remove_helper(void *data) -{ - LDAP *ld = (LDAP *)data; - apr_ldap_rebind_remove(ld); - return APR_SUCCESS; -} - -#if APR_HAS_TIVOLI_LDAPSDK || APR_HAS_OPENLDAP_LDAPSDK || APR_HAS_NOVELL_LDAPSDK -static apr_ldap_rebind_entry_t *apr_ldap_rebind_lookup(LDAP *ld) -{ - apr_ldap_rebind_entry_t *tmp_xref, *match = NULL; - -#ifdef NETWARE - get_apd -#endif - -#if APR_HAS_THREADS - apr_thread_mutex_lock(apr_ldap_xref_lock); -#endif - tmp_xref = xref_head; - - while (tmp_xref) { - if (tmp_xref->index == ld) { - match = tmp_xref; - tmp_xref = NULL; - } - else { - tmp_xref = tmp_xref->next; - } - } - -#if APR_HAS_THREADS - apr_thread_mutex_unlock(apr_ldap_xref_lock); -#endif - - return (match); -} -#endif - -#if APR_HAS_TIVOLI_LDAPSDK - -/* LDAP_rebindproc() Tivoli LDAP style - * Rebind callback function. Called when chasing referrals. See API docs. - * ON ENTRY: - * ld Pointer to an LDAP control structure. (input only) - * binddnp Pointer to an Application DName used for binding (in *or* out) - * passwdp Pointer to the password associated with the DName (in *or* out) - * methodp Pointer to the Auth method (output only) - * freeit Flag to indicate if this is a lookup or a free request (input only) - */ -static int LDAP_rebindproc(LDAP *ld, char **binddnp, char **passwdp, int *methodp, int freeit) -{ - if (!freeit) { - apr_ldap_rebind_entry_t *my_conn; - - *methodp = LDAP_AUTH_SIMPLE; - my_conn = apr_ldap_rebind_lookup(ld); - - if ((my_conn) && (my_conn->bindDN != NULL)) { - *binddnp = strdup(my_conn->bindDN); - *passwdp = strdup(my_conn->bindPW); - } else { - *binddnp = NULL; - *passwdp = NULL; - } - } else { - if (*binddnp) { - free(*binddnp); - } - if (*passwdp) { - free(*passwdp); - } - } - - return LDAP_SUCCESS; -} - -static int apr_ldap_rebind_set_callback(LDAP *ld) -{ - ldap_set_rebind_proc(ld, (LDAPRebindProc)LDAP_rebindproc); - return APR_SUCCESS; -} - -#elif APR_HAS_OPENLDAP_LDAPSDK - -/* LDAP_rebindproc() openLDAP V3 style - * ON ENTRY: - * ld Pointer to an LDAP control structure. (input only) - * url Unused in this routine - * request Unused in this routine - * msgid Unused in this routine - * params Unused in this routine - * - * or - * - * ld Pointer to an LDAP control structure. (input only) - * url Unused in this routine - * request Unused in this routine - * msgid Unused in this routine - */ -#if defined(LDAP_SET_REBIND_PROC_THREE) -static int LDAP_rebindproc(LDAP *ld, LDAP_CONST char *url, ber_tag_t request, - ber_int_t msgid, void *params) -#else -static int LDAP_rebindproc(LDAP *ld, LDAP_CONST char *url, int request, - ber_int_t msgid) -#endif -{ - apr_ldap_rebind_entry_t *my_conn; - const char *bindDN = NULL; - const char *bindPW = NULL; - - my_conn = apr_ldap_rebind_lookup(ld); - - if ((my_conn) && (my_conn->bindDN != NULL)) { - bindDN = my_conn->bindDN; - bindPW = my_conn->bindPW; - } - - return (ldap_bind_s(ld, bindDN, bindPW, LDAP_AUTH_SIMPLE)); -} - -static int apr_ldap_rebind_set_callback(LDAP *ld) -{ -#if defined(LDAP_SET_REBIND_PROC_THREE) - ldap_set_rebind_proc(ld, LDAP_rebindproc, NULL); -#else - ldap_set_rebind_proc(ld, LDAP_rebindproc); -#endif - return APR_SUCCESS; -} - -#elif APR_HAS_NOVELL_LDAPSDK - -/* LDAP_rebindproc() openLDAP V3 style - * ON ENTRY: - * ld Pointer to an LDAP control structure. (input only) - * url Unused in this routine - * request Unused in this routine - * msgid Unused in this routine - */ -static int LDAP_rebindproc(LDAP *ld, LDAP_CONST char *url, int request, ber_int_t msgid) -{ - - apr_ldap_rebind_entry_t *my_conn; - const char *bindDN = NULL; - const char *bindPW = NULL; - - my_conn = apr_ldap_rebind_lookup(ld); - - if ((my_conn) && (my_conn->bindDN != NULL)) { - bindDN = my_conn->bindDN; - bindPW = my_conn->bindPW; - } - - return (ldap_bind_s(ld, bindDN, bindPW, LDAP_AUTH_SIMPLE)); -} - -static int apr_ldap_rebind_set_callback(LDAP *ld) -{ - ldap_set_rebind_proc(ld, LDAP_rebindproc); - return APR_SUCCESS; -} - -#else /* Implementation not recognised */ - -static int apr_ldap_rebind_set_callback(LDAP *ld) -{ - return APR_ENOTIMPL; -} - -#endif - -#endif /* APR_HAS_LDAP */ diff --git a/ldap/apr_ldap_stub.c b/ldap/apr_ldap_stub.c deleted file mode 100644 index 97c15514..00000000 --- a/ldap/apr_ldap_stub.c +++ /dev/null @@ -1,145 +0,0 @@ -/* Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "apr.h" -#include "apu.h" -#include "apu_config.h" -#include "apr_ldap.h" -#include "apu_internal.h" -#include "apr_dso.h" -#include "apr_errno.h" -#include "apr_pools.h" -#include "apr_strings.h" -#include "apu_version.h" - -#if APR_HAS_LDAP - -#if APU_DSO_BUILD - -static struct apr__ldap_dso_fntable *lfn = NULL; - -static apr_status_t load_ldap(apr_pool_t *pool) -{ - char *modname; - apr_dso_handle_sym_t symbol; - apr_status_t rv; - - /* deprecate in 2.0 - permit implicit initialization */ - apu_dso_init(pool); - - rv = apu_dso_mutex_lock(); - if (rv) { - return rv; - } - -#if defined(WIN32) - modname = "apr_ldap-" APU_STRINGIFY(APU_MAJOR_VERSION) ".dll"; -#else - modname = "apr_ldap-" APU_STRINGIFY(APU_MAJOR_VERSION) ".so"; -#endif - rv = apu_dso_load(NULL, &symbol, modname, "apr__ldap_fns", pool); - if (rv == APR_SUCCESS) { - lfn = symbol; - } - apu_dso_mutex_unlock(); - - return rv; -} - -#define LOAD_LDAP_STUB(pool, failres) \ - if (!lfn && (load_ldap(pool) != APR_SUCCESS)) \ - return failres; - -APU_DECLARE_LDAP(int) apr_ldap_info(apr_pool_t *pool, - apr_ldap_err_t **result_err) -{ - LOAD_LDAP_STUB(pool, -1); - return lfn->info(pool, result_err); -} - -APU_DECLARE_LDAP(int) apr_ldap_init(apr_pool_t *pool, - LDAP **ldap, - const char *hostname, - int portno, - int secure, - apr_ldap_err_t **result_err) -{ - LOAD_LDAP_STUB(pool, -1); - return lfn->init(pool, ldap, hostname, portno, secure, result_err); -} - -APU_DECLARE_LDAP(int) apr_ldap_ssl_init(apr_pool_t *pool, - const char *cert_auth_file, - int cert_file_type, - apr_ldap_err_t **result_err) -{ - LOAD_LDAP_STUB(pool, -1); - return lfn->ssl_init(pool, cert_auth_file, cert_file_type, result_err); -} - -APU_DECLARE_LDAP(int) apr_ldap_ssl_deinit(void) -{ - if (!lfn) - return -1; - return lfn->ssl_deinit(); -} - -APU_DECLARE_LDAP(int) apr_ldap_get_option(apr_pool_t *pool, - LDAP *ldap, - int option, - void *outvalue, - apr_ldap_err_t **result_err) -{ - LOAD_LDAP_STUB(pool, -1); - return lfn->get_option(pool, ldap, option, outvalue, result_err); -} - -APU_DECLARE_LDAP(int) apr_ldap_set_option(apr_pool_t *pool, - LDAP *ldap, - int option, - const void *invalue, - apr_ldap_err_t **result_err) -{ - LOAD_LDAP_STUB(pool, -1); - return lfn->set_option(pool, ldap, option, invalue, result_err); -} - -APU_DECLARE_LDAP(apr_status_t) apr_ldap_rebind_init(apr_pool_t *pool) -{ - LOAD_LDAP_STUB(pool, APR_EGENERAL); - return lfn->rebind_init(pool); -} - -APU_DECLARE_LDAP(apr_status_t) apr_ldap_rebind_add(apr_pool_t *pool, - LDAP *ld, - const char *bindDN, - const char *bindPW) -{ - LOAD_LDAP_STUB(pool, APR_EGENERAL); - return lfn->rebind_add(pool, ld, bindDN, bindPW); -} - -APU_DECLARE_LDAP(apr_status_t) apr_ldap_rebind_remove(LDAP *ld) -{ - if (!lfn) - return APR_EGENERAL; - return lfn->rebind_remove(ld); -} - -#endif /* APU_DSO_BUILD */ - -#endif /* APR_HAS_LDAP */ - diff --git a/ldap/apr_ldap_url.c b/ldap/apr_ldap_url.c deleted file mode 100644 index 52e37b25..00000000 --- a/ldap/apr_ldap_url.c +++ /dev/null @@ -1,694 +0,0 @@ -/* Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* Portions Copyright 1998-2002 The OpenLDAP Foundation - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted only as authorized by the OpenLDAP - * Public License. A copy of this license is available at - * http://www.OpenLDAP.org/license.html or in file LICENSE in the - * top-level directory of the distribution. - * - * OpenLDAP is a registered trademark of the OpenLDAP Foundation. - * - * Individual files and/or contributed packages may be copyright by - * other parties and subject to additional restrictions. - * - * This work is derived from the University of Michigan LDAP v3.3 - * distribution. Information concerning this software is available - * at: http://www.umich.edu/~dirsvcs/ldap/ - * - * This work also contains materials derived from public sources. - * - * Additional information about OpenLDAP can be obtained at: - * http://www.openldap.org/ - */ - -/* - * Portions Copyright (c) 1992-1996 Regents of the University of Michigan. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted - * provided that this notice is preserved and that due credit is given - * to the University of Michigan at Ann Arbor. The name of the University - * may not be used to endorse or promote products derived from this - * software without specific prior written permission. This software - * is provided ``as is'' without express or implied warranty. - */ - -/* apr_ldap_url.c -- LDAP URL (RFC 2255) related routines - * - * Win32 and perhaps other non-OpenLDAP based ldap libraries may be - * missing ldap_url_* APIs. We focus here on the one significant - * aspect, which is parsing. We have [for the time being] omitted - * the ldap_url_search APIs. - * - * LDAP URLs look like this: - * ldap[is]://host:port[/[dn[?[attributes][?[scope][?[filter][?exts]]]]]] - * - * where: - * attributes is a comma separated list - * scope is one of these three strings: base one sub (default=base) - * filter is an string-represented filter as in RFC 2254 - * - * e.g., ldap://host:port/dc=com?o,cn?base?o=openldap?extension - * - * Tolerates URLs that look like: <ldapurl> and <URL:ldapurl> - */ - -#include "apu.h" -#include "apr_pools.h" -#include "apr_general.h" -#include "apr_strings.h" -#include "apr_ldap.h" - -#if APR_HAS_LDAP - -#if APR_HAVE_STDLIB_H -#include <stdlib.h> -#endif - -#ifndef LDAPS_PORT -#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */ -#endif - -#define APR_LDAP_URL_PREFIX "ldap://" -#define APR_LDAP_URL_PREFIX_LEN (sizeof(APR_LDAP_URL_PREFIX)-1) -#define APR_LDAPS_URL_PREFIX "ldaps://" -#define APR_LDAPS_URL_PREFIX_LEN (sizeof(APR_LDAPS_URL_PREFIX)-1) -#define APR_LDAPI_URL_PREFIX "ldapi://" -#define APR_LDAPI_URL_PREFIX_LEN (sizeof(APR_LDAPI_URL_PREFIX)-1) -#define APR_LDAP_URL_URLCOLON "URL:" -#define APR_LDAP_URL_URLCOLON_LEN (sizeof(APR_LDAP_URL_URLCOLON)-1) - - -/* local functions */ -static const char* skip_url_prefix(const char *url, - int *enclosedp, - const char **scheme); - -static void apr_ldap_pvt_hex_unescape(char *s); - -static int apr_ldap_pvt_unhex(int c); - -static char **apr_ldap_str2charray(apr_pool_t *pool, - const char *str, - const char *brkstr); - - -/** - * Is this URL an ldap url? - * - */ -APU_DECLARE(int) apr_ldap_is_ldap_url(const char *url) -{ - int enclosed; - const char * scheme; - - if( url == NULL ) { - return 0; - } - - if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) { - return 0; - } - - return 1; -} - -/** - * Is this URL a secure ldap url? - * - */ -APU_DECLARE(int) apr_ldap_is_ldaps_url(const char *url) -{ - int enclosed; - const char * scheme; - - if( url == NULL ) { - return 0; - } - - if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) { - return 0; - } - - return strcmp(scheme, "ldaps") == 0; -} - -/** - * Is this URL an ldap socket url? - * - */ -APU_DECLARE(int) apr_ldap_is_ldapi_url(const char *url) -{ - int enclosed; - const char * scheme; - - if( url == NULL ) { - return 0; - } - - if( skip_url_prefix( url, &enclosed, &scheme ) == NULL ) { - return 0; - } - - return strcmp(scheme, "ldapi") == 0; -} - - -static const char *skip_url_prefix(const char *url, int *enclosedp, - const char **scheme) -{ - /* - * return non-zero if this looks like a LDAP URL; zero if not - * if non-zero returned, *urlp will be moved past "ldap://" part of URL - */ - const char *p; - - if ( url == NULL ) { - return( NULL ); - } - - p = url; - - /* skip leading '<' (if any) */ - if ( *p == '<' ) { - *enclosedp = 1; - ++p; - } else { - *enclosedp = 0; - } - - /* skip leading "URL:" (if any) */ - if ( strncasecmp( p, APR_LDAP_URL_URLCOLON, APR_LDAP_URL_URLCOLON_LEN ) == 0 ) { - p += APR_LDAP_URL_URLCOLON_LEN; - } - - /* check for "ldap://" prefix */ - if ( strncasecmp( p, APR_LDAP_URL_PREFIX, APR_LDAP_URL_PREFIX_LEN ) == 0 ) { - /* skip over "ldap://" prefix and return success */ - p += APR_LDAP_URL_PREFIX_LEN; - *scheme = "ldap"; - return( p ); - } - - /* check for "ldaps://" prefix */ - if ( strncasecmp( p, APR_LDAPS_URL_PREFIX, APR_LDAPS_URL_PREFIX_LEN ) == 0 ) { - /* skip over "ldaps://" prefix and return success */ - p += APR_LDAPS_URL_PREFIX_LEN; - *scheme = "ldaps"; - return( p ); - } - - /* check for "ldapi://" prefix */ - if ( strncasecmp( p, APR_LDAPI_URL_PREFIX, APR_LDAPI_URL_PREFIX_LEN ) == 0 ) { - /* skip over "ldapi://" prefix and return success */ - p += APR_LDAPI_URL_PREFIX_LEN; - *scheme = "ldapi"; - return( p ); - } - - return( NULL ); -} - - -static int str2scope(const char *p) -{ - if ( strcasecmp( p, "one" ) == 0 ) { - return LDAP_SCOPE_ONELEVEL; - - } else if ( strcasecmp( p, "onetree" ) == 0 ) { - return LDAP_SCOPE_ONELEVEL; - - } else if ( strcasecmp( p, "base" ) == 0 ) { - return LDAP_SCOPE_BASE; - - } else if ( strcasecmp( p, "sub" ) == 0 ) { - return LDAP_SCOPE_SUBTREE; - - } else if ( strcasecmp( p, "subtree" ) == 0 ) { - return LDAP_SCOPE_SUBTREE; - } - - return( -1 ); -} - - -/** - * Parse the URL provided into an apr_ldap_url_desc_t object. - * - * APR_SUCCESS is returned on success, APR_EGENERAL on failure. - * The LDAP result code and reason string is returned in the - * apr_ldap_err_t structure. - */ -APU_DECLARE(int) apr_ldap_url_parse_ext(apr_pool_t *pool, - const char *url_in, - apr_ldap_url_desc_t **ludpp, - apr_ldap_err_t **result_err) -{ - apr_ldap_url_desc_t *ludp; - char *p, *q, *r; - int i, enclosed; - const char *scheme = NULL; - const char *url_tmp; - char *url; - - apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); - *result_err = result; - - /* sanity check our parameters */ - if( url_in == NULL || ludpp == NULL ) { - result->reason = "Either the LDAP URL, or the URL structure was NULL. Oops."; - result->rc = APR_LDAP_URL_ERR_PARAM; - return APR_EGENERAL; - } - - *ludpp = NULL; /* pessimistic */ - - url_tmp = skip_url_prefix( url_in, &enclosed, &scheme ); - if ( url_tmp == NULL ) { - result->reason = "The scheme was not recognised as a valid LDAP URL scheme."; - result->rc = APR_LDAP_URL_ERR_BADSCHEME; - return APR_EGENERAL; - } - - /* make working copy of the remainder of the URL */ - url = (char *)apr_pstrdup(pool, url_tmp); - if ( url == NULL ) { - result->reason = "Out of memory parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_MEM; - return APR_EGENERAL; - } - - if ( enclosed ) { - p = &url[strlen(url)-1]; - - if( *p != '>' ) { - result->reason = "Bad enclosure error while parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_BADENCLOSURE; - return APR_EGENERAL; - } - - *p = '\0'; - } - - /* allocate return struct */ - ludp = (apr_ldap_url_desc_t *)apr_pcalloc(pool, sizeof(apr_ldap_url_desc_t)); - if ( ludp == NULL ) { - result->reason = "Out of memory parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_MEM; - return APR_EGENERAL; - } - - ludp->lud_next = NULL; - ludp->lud_host = NULL; - ludp->lud_port = LDAP_PORT; - ludp->lud_dn = NULL; - ludp->lud_attrs = NULL; - ludp->lud_filter = NULL; - ludp->lud_scope = -1; - ludp->lud_filter = NULL; - ludp->lud_exts = NULL; - - ludp->lud_scheme = (char *)apr_pstrdup(pool, scheme); - if ( ludp->lud_scheme == NULL ) { - result->reason = "Out of memory parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_MEM; - return APR_EGENERAL; - } - - if( strcasecmp( ludp->lud_scheme, "ldaps" ) == 0 ) { - ludp->lud_port = LDAPS_PORT; - } - - /* scan forward for '/' that marks end of hostport and begin. of dn */ - p = strchr( url, '/' ); - - if( p != NULL ) { - /* terminate hostport; point to start of dn */ - *p++ = '\0'; - } - - /* IPv6 syntax with [ip address]:port */ - if ( *url == '[' ) { - r = strchr( url, ']' ); - if ( r == NULL ) { - result->reason = "Bad LDAP URL while parsing IPV6 syntax."; - result->rc = APR_LDAP_URL_ERR_BADURL; - return APR_EGENERAL; - } - *r++ = '\0'; - q = strrchr( r, ':' ); - } else { - q = strrchr( url, ':' ); - } - - if ( q != NULL ) { - apr_ldap_pvt_hex_unescape( ++q ); - - if( *q == '\0' ) { - result->reason = "Bad LDAP URL while parsing."; - result->rc = APR_LDAP_URL_ERR_BADURL; - return APR_EGENERAL; - } - - ludp->lud_port = atoi( q ); - } - - apr_ldap_pvt_hex_unescape( url ); - - /* If [ip address]:port syntax, url is [ip and we skip the [ */ - ludp->lud_host = (char *)apr_pstrdup(pool, url + ( *url == '[' )); - if( ludp->lud_host == NULL ) { - result->reason = "Out of memory parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_MEM; - return APR_EGENERAL; - } - - /* - * Kludge. ldap://111.222.333.444:389??cn=abc,o=company - * - * On early Novell releases, search references/referrals were returned - * in this format, i.e., the dn was kind of in the scope position, - * but the required slash is missing. The whole thing is illegal syntax, - * but we need to account for it. Fortunately it can't be confused with - * anything real. - */ - if( (p == NULL) && (q != NULL) && ((q = strchr( q, '?')) != NULL)) { - q++; - /* ? immediately followed by question */ - if( *q == '?') { - q++; - if( *q != '\0' ) { - /* parse dn part */ - apr_ldap_pvt_hex_unescape( q ); - ludp->lud_dn = (char *)apr_pstrdup(pool, q); - } else { - ludp->lud_dn = (char *)apr_pstrdup(pool, ""); - } - - if( ludp->lud_dn == NULL ) { - result->reason = "Out of memory parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_MEM; - return APR_EGENERAL; - } - } - } - - if( p == NULL ) { - *ludpp = ludp; - return APR_SUCCESS; - } - - /* scan forward for '?' that may marks end of dn */ - q = strchr( p, '?' ); - - if( q != NULL ) { - /* terminate dn part */ - *q++ = '\0'; - } - - if( *p != '\0' ) { - /* parse dn part */ - apr_ldap_pvt_hex_unescape( p ); - ludp->lud_dn = (char *)apr_pstrdup(pool, p); - } else { - ludp->lud_dn = (char *)apr_pstrdup(pool, ""); - } - - if( ludp->lud_dn == NULL ) { - result->reason = "Out of memory parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_MEM; - return APR_EGENERAL; - } - - if( q == NULL ) { - /* no more */ - *ludpp = ludp; - return APR_SUCCESS; - } - - /* scan forward for '?' that may marks end of attributes */ - p = q; - q = strchr( p, '?' ); - - if( q != NULL ) { - /* terminate attributes part */ - *q++ = '\0'; - } - - if( *p != '\0' ) { - /* parse attributes */ - apr_ldap_pvt_hex_unescape( p ); - ludp->lud_attrs = apr_ldap_str2charray(pool, p, ","); - - if( ludp->lud_attrs == NULL ) { - result->reason = "Bad attributes encountered while parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_BADATTRS; - return APR_EGENERAL; - } - } - - if ( q == NULL ) { - /* no more */ - *ludpp = ludp; - return APR_SUCCESS; - } - - /* scan forward for '?' that may marks end of scope */ - p = q; - q = strchr( p, '?' ); - - if( q != NULL ) { - /* terminate the scope part */ - *q++ = '\0'; - } - - if( *p != '\0' ) { - /* parse the scope */ - apr_ldap_pvt_hex_unescape( p ); - ludp->lud_scope = str2scope( p ); - - if( ludp->lud_scope == -1 ) { - result->reason = "Bad scope encountered while parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_BADSCOPE; - return APR_EGENERAL; - } - } - - if ( q == NULL ) { - /* no more */ - *ludpp = ludp; - return APR_SUCCESS; - } - - /* scan forward for '?' that may marks end of filter */ - p = q; - q = strchr( p, '?' ); - - if( q != NULL ) { - /* terminate the filter part */ - *q++ = '\0'; - } - - if( *p != '\0' ) { - /* parse the filter */ - apr_ldap_pvt_hex_unescape( p ); - - if( ! *p ) { - /* missing filter */ - result->reason = "Bad filter encountered while parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_BADFILTER; - return APR_EGENERAL; - } - - ludp->lud_filter = (char *)apr_pstrdup(pool, p); - if( ludp->lud_filter == NULL ) { - result->reason = "Out of memory parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_MEM; - return APR_EGENERAL; - } - } - - if ( q == NULL ) { - /* no more */ - *ludpp = ludp; - return APR_SUCCESS; - } - - /* scan forward for '?' that may marks end of extensions */ - p = q; - q = strchr( p, '?' ); - - if( q != NULL ) { - /* extra '?' */ - result->reason = "Bad URL encountered while parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_BADURL; - return APR_EGENERAL; - } - - /* parse the extensions */ - ludp->lud_exts = apr_ldap_str2charray(pool, p, ","); - if( ludp->lud_exts == NULL ) { - result->reason = "Bad extensions encountered while parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_BADEXTS; - return APR_EGENERAL; - } - - for( i=0; ludp->lud_exts[i] != NULL; i++ ) { - apr_ldap_pvt_hex_unescape( ludp->lud_exts[i] ); - - if( *ludp->lud_exts[i] == '!' ) { - /* count the number of critical extensions */ - ludp->lud_crit_exts++; - } - } - - if( i == 0 ) { - /* must have 1 or more */ - result->reason = "Bad extensions encountered while parsing LDAP URL."; - result->rc = APR_LDAP_URL_ERR_BADEXTS; - return APR_EGENERAL; - } - - /* no more */ - *ludpp = ludp; - return APR_SUCCESS; -} - - -/** - * Parse the URL provided into an apr_ldap_url_desc_t object. - * - * APR_SUCCESS is returned on success, APR_EGENERAL on failure. - * The LDAP result code and reason string is returned in the - * apr_ldap_err_t structure. - */ -APU_DECLARE(int) apr_ldap_url_parse(apr_pool_t *pool, - const char *url_in, - apr_ldap_url_desc_t **ludpp, - apr_ldap_err_t **result_err) -{ - - int rc = apr_ldap_url_parse_ext(pool, url_in, ludpp, result_err); - if( rc != APR_SUCCESS ) { - return rc; - } - - if ((*ludpp)->lud_scope == -1) { - (*ludpp)->lud_scope = LDAP_SCOPE_BASE; - } - - if ((*ludpp)->lud_host != NULL && *(*ludpp)->lud_host == '\0') { - (*ludpp)->lud_host = NULL; - } - - return rc; - -} - - -static void apr_ldap_pvt_hex_unescape(char *s) -{ - /* - * Remove URL hex escapes from s... done in place. The basic concept for - * this routine is borrowed from the WWW library HTUnEscape() routine. - */ - char *p; - - for ( p = s; *s != '\0'; ++s ) { - if ( *s == '%' ) { - if ( *++s == '\0' ) { - break; - } - *p = apr_ldap_pvt_unhex( *s ) << 4; - if ( *++s == '\0' ) { - break; - } - *p++ += apr_ldap_pvt_unhex( *s ); - } else { - *p++ = *s; - } - } - - *p = '\0'; -} - - -static int apr_ldap_pvt_unhex(int c) -{ - return( c >= '0' && c <= '9' ? c - '0' - : c >= 'A' && c <= 'F' ? c - 'A' + 10 - : c - 'a' + 10 ); -} - - -/** - * Convert a string to a character array - */ -static char **apr_ldap_str2charray(apr_pool_t *pool, - const char *str_in, - const char *brkstr) -{ - char **res; - char *str, *s; - char *lasts; - int i; - - /* protect the input string from strtok */ - str = (char *)apr_pstrdup(pool, str_in); - if( str == NULL ) { - return NULL; - } - - i = 1; - for ( s = str; *s; s++ ) { - /* Warning: this strchr was previously ldap_utf8_strchr(), check - * whether this particular code has any charset issues. - */ - if ( strchr( brkstr, *s ) != NULL ) { - i++; - } - } - - res = (char **) apr_pcalloc(pool, (i + 1) * sizeof(char *)); - if( res == NULL ) { - return NULL; - } - - i = 0; - - for ( s = (char *)apr_strtok( str, brkstr, &lasts ); - s != NULL; - s = (char *)apr_strtok( NULL, brkstr, &lasts ) ) { - - res[i] = (char *)apr_pstrdup(pool, s); - if(res[i] == NULL) { - return NULL; - } - - i++; - } - - res[i] = NULL; - - return( res ); - -} - -#endif /* APR_HAS_LDAP */ |