Bug 928141: Add a build variable NSS_PKIX_NO_LDAP to conditionally

disable the LDAP code in libpkix. r=ryan.sleevi,rrelyea.

13 files changed, 60 insertions, 10 deletions

diff --git a/lib/libpkix/include/pkix_errorstrings.h b/lib/libpkix/include/pkix_errorstrings.h
index dedf98c5b..c9910e7ab 100755
--- a/lib/libpkix/include/pkix_errorstrings.h
+++ b/lib/libpkix/include/pkix_errorstrings.h
@@ -576,7 +576,9 @@ PKIX_ERRORENTRY(INFOACCESSCREATELISTFAILED,pkix_pl_InfoAccess_CreateList failed,
 PKIX_ERRORENTRY(INFOACCESSGETLOCATIONFAILED,PKIX_PL_InfoAccess_GetLocation failed,0),
 PKIX_ERRORENTRY(INFOACCESSGETLOCATIONTYPEFAILED,PKIX_PL_InfoAccess_GetLocationType failed,0),
 PKIX_ERRORENTRY(INFOACCESSGETMETHODFAILED,PKIX_PL_InfoAccess_GetMethod failed,0),
+#ifndef NSS_PKIX_NO_LDAP
 PKIX_ERRORENTRY(INFOACCESSPARSELOCATIONFAILED,pkix_pl_InfoAccess_ParseLocation failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
+#endif
 PKIX_ERRORENTRY(INFOACCESSPARSETOKENSFAILED,pkix_pl_InfoAccess_ParseTokens failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
 PKIX_ERRORENTRY(INITIALIZECHECKERSFAILED,pkix_InitializeCheckers failed,0),
 PKIX_ERRORENTRY(INITIALIZEFAILED,PKIX_PL_Initialize failed,0),
diff --git a/lib/libpkix/include/pkix_pl_pki.h b/lib/libpkix/include/pkix_pl_pki.h
index 1157916f5..ac9deb8fd 100755
--- a/lib/libpkix/include/pkix_pl_pki.h
+++ b/lib/libpkix/include/pkix_pl_pki.h
@@ -1827,7 +1827,9 @@ PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert,
 
 #define PKIX_INFOACCESS_LOCATION_UNKNOWN 0
 #define PKIX_INFOACCESS_LOCATION_HTTP    1
+#ifndef NSS_PKIX_NO_LDAP
 #define PKIX_INFOACCESS_LOCATION_LDAP    2
+#endif
 
 /*
  * FUNCTION: PKIX_PL_InfoAccess_GetMethod
diff --git a/lib/libpkix/include/pkix_sample_modules.h b/lib/libpkix/include/pkix_sample_modules.h
index c031a1246..75d9618c5 100755
--- a/lib/libpkix/include/pkix_sample_modules.h
+++ b/lib/libpkix/include/pkix_sample_modules.h
@@ -117,6 +117,7 @@ PKIX_PL_Pk11CertStore_Create(
         PKIX_CertStore **pPk11CertStore,
         void *plContext);
 
+#ifndef NSS_PKIX_NO_LDAP
 /* PKIX_PL_LdapCertStore
  *
  * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server
@@ -249,6 +250,7 @@ PKIX_PL_LdapCertStore_Create(
         PKIX_PL_LdapClient *client,
         PKIX_CertStore **pCertStore,
         void *plContext);
+#endif /* !NSS_PKIX_NO_LDAP */
 
 /* PKIX_PL_NssContext
  *
diff --git a/lib/libpkix/pkix/top/pkix_build.h b/lib/libpkix/pkix/top/pkix_build.h
index 91916d4c8..c23f45f1d 100755
--- a/lib/libpkix/pkix/top/pkix_build.h
+++ b/lib/libpkix/pkix/top/pkix_build.h
@@ -11,7 +11,9 @@
 #ifndef _PKIX_BUILD_H
 #define _PKIX_BUILD_H
 #include "pkix_tools.h"
+#ifndef NSS_PKIX_NO_LDAP
 #include "pkix_pl_ldapt.h"
+#endif
 #include "pkix_ekuchecker.h"
 
 #ifdef __cplusplus
diff --git a/lib/libpkix/pkix_pl_nss/module/config.mk b/lib/libpkix/pkix_pl_nss/module/config.mk
index b8c03de79..2926747a2 100755
--- a/lib/libpkix/pkix_pl_nss/module/config.mk
+++ b/lib/libpkix/pkix_pl_nss/module/config.mk
@@ -13,3 +13,23 @@ SHARED_LIBRARY =
 IMPORT_LIBRARY =
 PROGRAM        =
 
+ifdef NSS_PKIX_NO_LDAP
+LDAP_HEADERS =
+LDAP_CSRCS =
+else
+LDAP_HEADERS = \
+	pkix_pl_ldapt.h \
+	pkix_pl_ldapcertstore.h \
+	pkix_pl_ldapresponse.h \
+	pkix_pl_ldaprequest.h \
+	pkix_pl_ldapdefaultclient.h \
+ 	$(NULL)
+ 
+LDAP_CSRCS = \
+	pkix_pl_ldaptemplates.c \
+	pkix_pl_ldapcertstore.c \
+	pkix_pl_ldapresponse.c \
+	pkix_pl_ldaprequest.c \
+	pkix_pl_ldapdefaultclient.c \
+ 	$(NULL)
+endif
diff --git a/lib/libpkix/pkix_pl_nss/module/manifest.mn b/lib/libpkix/pkix_pl_nss/module/manifest.mn
index 12d3ceeaf..63bfd707e 100755
--- a/lib/libpkix/pkix_pl_nss/module/manifest.mn
+++ b/lib/libpkix/pkix_pl_nss/module/manifest.mn
@@ -12,11 +12,7 @@ PRIVATE_EXPORTS = \
 	pkix_pl_colcertstore.h \
 	pkix_pl_httpcertstore.h \
 	pkix_pl_httpdefaultclient.h \
-	pkix_pl_ldapt.h \
-	pkix_pl_ldapcertstore.h \
-	pkix_pl_ldapresponse.h \
-	pkix_pl_ldaprequest.h \
-	pkix_pl_ldapdefaultclient.h \
+	$(LDAP_HEADERS) \
 	pkix_pl_nsscontext.h \
 	pkix_pl_pk11certstore.h \
 	pkix_pl_socket.h \
@@ -32,11 +28,7 @@ CSRCS = \
 	pkix_pl_colcertstore.c \
 	pkix_pl_httpcertstore.c \
 	pkix_pl_httpdefaultclient.c \
-	pkix_pl_ldaptemplates.c \
-	pkix_pl_ldapcertstore.c \
-	pkix_pl_ldapresponse.c \
-	pkix_pl_ldaprequest.c \
-	pkix_pl_ldapdefaultclient.c \
+	$(LDAP_CSRCS) \
 	pkix_pl_nsscontext.c \
 	pkix_pl_pk11certstore.c \
 	pkix_pl_socket.c \
diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
index ffbab7f25..148c2c193 100644
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
@@ -11,6 +11,7 @@
 #include "pkix_pl_aiamgr.h"
 extern PKIX_PL_HashTable *aiaConnectionCache;
 
+#ifndef NSS_PKIX_NO_LDAP
 /* --Virtual-LdapClient-Functions------------------------------------ */
 
 PKIX_Error *
@@ -51,6 +52,7 @@ cleanup:
         PKIX_RETURN(LDAPCLIENT);
 
 }
+#endif /* !NSS_PKIX_NO_LDAP */
 
 /* --Private-AIAMgr-Functions----------------------------------*/
 
@@ -81,7 +83,9 @@ pkix_pl_AIAMgr_Destroy(
         PKIX_DECREF(aiaMgr->aia);
         PKIX_DECREF(aiaMgr->location);
         PKIX_DECREF(aiaMgr->results);
+#ifndef NSS_PKIX_NO_LDAP
         PKIX_DECREF(aiaMgr->client.ldapClient);
+#endif
 
 cleanup:
 
@@ -114,6 +118,7 @@ pkix_pl_AIAMgr_RegisterSelf(void *plContext)
         PKIX_RETURN(AIAMGR);
 }
 
+#ifndef NSS_PKIX_NO_LDAP
 /*
  * FUNCTION: pkix_pl_AiaMgr_FindLDAPClient
  * DESCRIPTION:
@@ -212,6 +217,7 @@ cleanup:
 
         PKIX_RETURN(AIAMGR);
 }
+#endif /* !NSS_PKIX_NO_LDAP */
 
 PKIX_Error *
 pkix_pl_AIAMgr_GetHTTPCerts(
@@ -388,6 +394,7 @@ cleanup:
         PKIX_RETURN(AIAMGR);
 }
 
+#ifndef NSS_PKIX_NO_LDAP
 PKIX_Error *
 pkix_pl_AIAMgr_GetLDAPCerts(
         PKIX_PL_AIAMgr *aiaMgr,
@@ -496,6 +503,7 @@ cleanup:
 
         PKIX_RETURN(AIAMGR);
 }
+#endif /* !NSS_PKIX_NO_LDAP */
 
 /*
  * FUNCTION: PKIX_PL_AIAMgr_Create
@@ -632,10 +640,12 @@ PKIX_PL_AIAMgr_GetAIACerts(
 			PKIX_CHECK(pkix_pl_AIAMgr_GetHTTPCerts
 				(aiaMgr, ia, &nbio, &certs, plContext),
 				PKIX_AIAMGRGETHTTPCERTSFAILED);
+#ifndef NSS_PKIX_NO_LDAP
                 } else if (iaType == PKIX_INFOACCESS_LOCATION_LDAP) {
 			PKIX_CHECK(pkix_pl_AIAMgr_GetLDAPCerts
 				(aiaMgr, ia, &nbio, &certs, plContext),
 				PKIX_AIAMGRGETLDAPCERTSFAILED);
+#endif
                 } else {
                         /* We only support http and ldap requests. */
                         PKIX_DECREF(ia);
@@ -677,7 +687,9 @@ cleanup:
         if (PKIX_ERROR_RECEIVED) {
                 PKIX_DECREF(aiaMgr->aia);
                 PKIX_DECREF(aiaMgr->results);
+#ifndef NSS_PKIX_NO_LDAP
                 PKIX_DECREF(aiaMgr->client.ldapClient);
+#endif
         }
 
         PKIX_DECREF(certs);
diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h b/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
index 00b872f58..356c1ecdf 100644
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
@@ -27,7 +27,9 @@ struct PKIX_PL_AIAMgrStruct {
         PKIX_PL_GeneralName *location;
         PKIX_List *results;
 	union {
+#ifndef NSS_PKIX_NO_LDAP
 	        PKIX_PL_LdapClient *ldapClient;
+#endif
 		struct {
 		        const SEC_HttpClientFcn *httpClient;
 			SEC_HTTP_SERVER_SESSION serverSession;
@@ -41,6 +43,7 @@ struct PKIX_PL_AIAMgrStruct {
 
 PKIX_Error *pkix_pl_AIAMgr_RegisterSelf(void *plContext);
 
+#ifndef NSS_PKIX_NO_LDAP
 PKIX_Error *PKIX_PL_LdapClient_InitiateRequest(
         PKIX_PL_LdapClient *client,
         LDAPRequestParams *requestParams,
@@ -53,6 +56,7 @@ PKIX_Error *PKIX_PL_LdapClient_ResumeRequest(
         void **pPollDesc,
         PKIX_List **pResponse,
         void *plContext);
+#endif /* !NSS_PKIX_NO_LDAP */
 
 #ifdef __cplusplus
 }
diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
index 3ce6cbec2..9fa8e9260 100644
--- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
+++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
@@ -481,9 +481,11 @@ PKIX_PL_InfoAccess_GetLocationType(
                     PKIX_STRINGGETENCODEDFAILED);
 
                 PKIX_OID_DEBUG("\tCalling PORT_Strcmp).\n");
+#ifndef NSS_PKIX_NO_LDAP
                 if (PORT_Strncmp(location, "ldap:", 5) == 0){
                         type = PKIX_INFOACCESS_LOCATION_LDAP;
                 } else
+#endif
                 if (PORT_Strncmp(location, "http:", 5) == 0){
                         type = PKIX_INFOACCESS_LOCATION_HTTP;
                 }
@@ -499,6 +501,7 @@ cleanup:
         PKIX_RETURN(INFOACCESS);
 }
 
+#ifndef NSS_PKIX_NO_LDAP
 /*
  * FUNCTION: pkix_pl_InfoAccess_ParseTokens
  * DESCRIPTION:
@@ -868,3 +871,4 @@ cleanup:
 
         PKIX_RETURN(INFOACCESS);
 }
+#endif /* !NSS_PKIX_NO_LDAP */
diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
index f56bfe1ca..e69d7b413 100644
--- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
+++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
@@ -32,6 +32,7 @@ pkix_pl_InfoAccess_CreateList(
         PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
         void *plContext);
 
+#ifndef NSS_PKIX_NO_LDAP
 PKIX_Error *
 pkix_pl_InfoAccess_ParseLocation(
         PKIX_PL_GeneralName *generalName,
@@ -39,6 +40,7 @@ pkix_pl_InfoAccess_ParseLocation(
         LDAPRequestParams *request,
         char **pDomainName,
         void *plContext);
+#endif /* !NSS_PKIX_NO_LDAP */
 
 #ifdef __cplusplus
 }
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h b/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
index e1cb0283a..2946e07a6 100755
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
@@ -38,7 +38,9 @@
 /* private PKIX_PL_NSS system headers */
 #include "pkix_pl_object.h"
 #include "pkix_pl_string.h"
+#ifndef NSS_PKIX_NO_LDAP
 #include "pkix_pl_ldapt.h"
+#endif /* !NSS_PKIX_NO_LDAP */
 #include "pkix_pl_aiamgr.h"
 #include "pkix_pl_bigint.h"
 #include "pkix_pl_oid.h"
@@ -62,9 +64,11 @@
 #include "pkix_pl_ocspresponse.h"
 #include "pkix_pl_pk11certstore.h"
 #include "pkix_pl_socket.h"
+#ifndef NSS_PKIX_NO_LDAP
 #include "pkix_pl_ldapcertstore.h"
 #include "pkix_pl_ldaprequest.h"
 #include "pkix_pl_ldapresponse.h"
+#endif /* !NSS_PKIX_NO_LDAP */
 #include "pkix_pl_nsscontext.h"
 #include "pkix_pl_httpcertstore.h"
 #include "pkix_pl_httpdefaultclient.h"
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
index 33381e63f..6bc74b611 100755
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
@@ -204,9 +204,11 @@ PKIX_PL_Initialize(
         pkix_ForwardBuilderState_RegisterSelf(plContext);
         pkix_SignatureCheckerState_RegisterSelf(plContext);
         pkix_NameConstraintsCheckerState_RegisterSelf(plContext);
+#ifndef NSS_PKIX_NO_LDAP
         pkix_pl_LdapRequest_RegisterSelf(plContext);
         pkix_pl_LdapResponse_RegisterSelf(plContext);
         pkix_pl_LdapDefaultClient_RegisterSelf(plContext);
+#endif
         pkix_pl_Socket_RegisterSelf(plContext);
 
         pkix_ResourceLimits_RegisterSelf(plContext); /* 51-59 */
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
index 21c20333e..9660af123 100755
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
@@ -33,10 +33,12 @@
 #include "pkix_pl_crlentry.h"
 #include "pkix_pl_crl.h"
 #include "pkix_pl_colcertstore.h"
+#ifndef NSS_PKIX_NO_LDAP
 #include "pkix_pl_ldapcertstore.h"
 #include "pkix_pl_ldapdefaultclient.h"
 #include "pkix_pl_ldaprequest.h"
 #include "pkix_pl_ldapresponse.h"
+#endif /* !NSS_PKIX_NO_LDAP */
 #include "pkix_pl_socket.h"
 #include "pkix_pl_infoaccess.h"
 #include "pkix_store.h"