From 03d2dd9b4ce4b0397a3fcf5bbd3add017a18fa7d Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Wed, 4 Aug 2004 00:04:41 +0000 Subject: [PATCH] Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104468 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 + modules/experimental/mod_auth_ldap.c | 21 +-- modules/experimental/util_ldap.c | 230 +++++---------------------- 3 files changed, 52 insertions(+), 202 deletions(-) diff --git a/CHANGES b/CHANGES index 0fed2403a6..03304556c8 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap. + [Graham Leggett] + *) Remove deprecated/removed APR_STATUS_IS_SUCCESS(). [Justin Erenkrantz] *) perchild MPM: Fix thread safety problem in the use of longjmp(). diff --git a/modules/experimental/mod_auth_ldap.c b/modules/experimental/mod_auth_ldap.c index dc5cc929b4..9002c5ac15 100644 --- a/modules/experimental/mod_auth_ldap.c +++ b/modules/experimental/mod_auth_ldap.c @@ -692,8 +692,9 @@ static const char *mod_auth_ldap_parse_url(cmd_parms *cmd, void *config, const char *url) { - int result; + int rc; apr_ldap_url_desc_t *urld; + apr_ldap_err_t *result; mod_auth_ldap_config_t *sec = config; @@ -701,20 +702,9 @@ static const char *mod_auth_ldap_parse_url(cmd_parms *cmd, cmd->server, "[%d] auth_ldap url parse: `%s'", getpid(), url); - result = apr_ldap_url_parse(url, &(urld)); - if (result != LDAP_SUCCESS) { - switch (result) { - case LDAP_URL_ERR_NOTLDAP: - return "LDAP URL does not begin with ldap://"; - case LDAP_URL_ERR_NODN: - return "LDAP URL does not have a DN"; - case LDAP_URL_ERR_BADSCOPE: - return "LDAP URL has an invalid scope"; - case LDAP_URL_ERR_MEM: - return "Out of memory parsing LDAP URL"; - default: - return "Could not parse LDAP URL"; - } + rc = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result)); + if (rc != APR_SUCCESS) { + return result->reason; } sec->url = apr_pstrdup(cmd->pool, url); @@ -801,7 +791,6 @@ static const char *mod_auth_ldap_parse_url(cmd_parms *cmd, } sec->have_ldap_url = 1; - apr_ldap_free_urldesc(urld); return NULL; } diff --git a/modules/experimental/util_ldap.c b/modules/experimental/util_ldap.c index 3b5e1c5869..7f0110cebe 100644 --- a/modules/experimental/util_ldap.c +++ b/modules/experimental/util_ldap.c @@ -254,50 +254,16 @@ LDAP_DECLARE(int) util_ldap_connection_open(request_rec *r, */ if (NULL == ldc->ldap) { - /* clear connection requested */ - if (!ldc->secure) - { - ldc->ldap = ldap_init(const_cast(ldc->host), ldc->port); - } - else /* ssl connnection requested */ - { - /* check configuration to make sure it supports SSL - */ - if (st->ssl_support) - { - #if APR_HAS_LDAP_SSL - - #if APR_HAS_NOVELL_LDAPSDK - ldc->ldap = ldapssl_init(ldc->host, ldc->port, 1); - - #elif APR_HAS_NETSCAPE_LDAPSDK - ldc->ldap = ldapssl_init(ldc->host, ldc->port, 1); - - #elif APR_HAS_OPENLDAP_LDAPSDK - ldc->ldap = ldap_init(ldc->host, ldc->port); - if (NULL != ldc->ldap) - { - int SSLmode = LDAP_OPT_X_TLS_HARD; - result = ldap_set_option(ldc->ldap, LDAP_OPT_X_TLS, &SSLmode); - if (LDAP_SUCCESS != result) - { - ldap_unbind_s(ldc->ldap); - ldc->reason = "LDAP: ldap_set_option - LDAP_OPT_X_TLS_HARD failed"; - ldc->ldap = NULL; - } - } - - #elif APR_HAS_MICROSOFT_LDAPSDK - ldc->ldap = ldap_sslinit(const_cast(ldc->host), ldc->port, 1); - - #else - ldc->reason = "LDAP: ssl connections not supported"; - #endif /* APR_HAS_NOVELL_LDAPSDK */ - - #endif /* APR_HAS_LDAP_SSL */ - } - else - ldc->reason = "LDAP: ssl connections not supported"; + apr_ldap_err_t *result = NULL; + int rc = apr_ldap_init(r->pool, + &(ldc->ldap), + ldc->host, + ldc->port, + ldc->secure, + &(result)); + + if (result != NULL) { + ldc->reason = result->reason; } if (NULL == ldc->ldap) @@ -327,7 +293,7 @@ LDAP_DECLARE(int) util_ldap_connection_open(request_rec *r, */ for (failures=0; failures<10; failures++) { - result = ldap_simple_bind_s(ldc->ldap, const_cast(ldc->binddn), const_cast(ldc->bindpw)); + result = ldap_simple_bind_s(ldc->ldap, ldc->binddn, ldc->bindpw); if (LDAP_SERVER_DOWN != result) break; } @@ -558,7 +524,7 @@ start_over: } /* search for reqdn */ - if ((result = ldap_search_ext_s(ldc->ldap, const_cast(reqdn), LDAP_SCOPE_BASE, + if ((result = ldap_search_ext_s(ldc->ldap, reqdn, LDAP_SCOPE_BASE, "(objectclass=*)", NULL, 1, NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) { ldc->reason = "DN Comparison ldap_search_ext_s() failed with server down"; @@ -690,7 +656,7 @@ start_over: return result; } - if ((result = ldap_compare_s(ldc->ldap, const_cast(dn), const_cast(attrib), const_cast(value))) + if ((result = ldap_compare_s(ldc->ldap, dn, attrib, value)) == LDAP_SERVER_DOWN) { /* connection failed - try again */ ldc->reason = "ldap_compare_s() failed with server down"; @@ -821,8 +787,8 @@ start_over: /* try do the search */ if ((result = ldap_search_ext_s(ldc->ldap, - const_cast(basedn), scope, - const_cast(filter), attrs, 0, + basedn, scope, + filter, attrs, 0, NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) { ldc->reason = "ldap_search_ext_s() for user failed with server down"; util_ldap_connection_unbind(ldc); @@ -876,7 +842,7 @@ start_over: * exists, since we just retrieved it) */ if ((result = - ldap_simple_bind_s(ldc->ldap, const_cast(*binddn), const_cast(bindpw))) == + ldap_simple_bind_s(ldc->ldap, *binddn, bindpw)) == LDAP_SERVER_DOWN) { ldc->reason = "ldap_simple_bind_s() to check user credentials failed with server down"; ldap_msgfree(res); @@ -1150,16 +1116,17 @@ void *util_ldap_create_config(apr_pool_t *p, server_rec *s) static apr_status_t util_ldap_cleanup_module(void *data) { -#if APR_HAS_LDAP_SSL && APR_HAS_NOVELL_LDAPSDK + server_rec *s = data; util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config( s->module_config, &ldap_module); - if (st->ssl_support) - ldapssl_client_deinit(); + if (st->ssl_support) { + apr_ldap_ssl_deinit(); + } -#endif return APR_SUCCESS; + } static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, @@ -1247,155 +1214,46 @@ static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, /* log the LDAP SDK used */ - #if APR_HAS_NETSCAPE_LDAPSDK - - ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, - "LDAP: Built with Netscape LDAP SDK" ); - - #elif APR_HAS_NOVELL_LDAPSDK - - ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, - "LDAP: Built with Novell LDAP SDK" ); - - #elif APR_HAS_OPENLDAP_LDAPSDK - - ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, - "LDAP: Built with OpenLDAP LDAP SDK" ); - - #elif APR_HAS_MICROSOFT_LDAPSDK - - ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, - "LDAP: Built with Microsoft LDAP SDK" ); - #else - - ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, - "LDAP: Built with unknown LDAP SDK" ); - - #endif /* APR_HAS_NETSCAPE_LDAPSDK */ - - + { + apr_ldap_err_t *result = NULL; + apr_ldap_info(&(result), p); + if (result != NULL) { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, result->reason); + } + } apr_pool_cleanup_register(p, s, util_ldap_cleanup_module, util_ldap_cleanup_module); /* initialize SSL support if requested */ - if (st->cert_auth_file) - { - #if APR_HAS_LDAP_SSL /* compiled with ssl support */ - - #if APR_HAS_NETSCAPE_LDAPSDK + if (st->cert_auth_file) { - /* Netscape sdk only supports a cert7.db file - */ - if (st->cert_file_type == LDAP_CA_TYPE_CERT7_DB) - { - rc = ldapssl_client_init(st->cert_auth_file, NULL); - } - else - { - ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, - "LDAP: Invalid LDAPTrustedCAType directive - " - "CERT7_DB_PATH type required"); - rc = -1; - } - - #elif APR_HAS_NOVELL_LDAPSDK - - /* Novell SDK supports DER or BASE64 files - */ - if (st->cert_file_type == LDAP_CA_TYPE_DER || - st->cert_file_type == LDAP_CA_TYPE_BASE64 ) - { - rc = ldapssl_client_init(NULL, NULL); - if (LDAP_SUCCESS == rc) - { - if (st->cert_file_type == LDAP_CA_TYPE_BASE64) - rc = ldapssl_add_trusted_cert(st->cert_auth_file, - LDAPSSL_CERT_FILETYPE_B64); - else - rc = ldapssl_add_trusted_cert(st->cert_auth_file, - LDAPSSL_CERT_FILETYPE_DER); - - if (LDAP_SUCCESS != rc) - ldapssl_client_deinit(); - } - } - else - { - ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, - "LDAP: Invalid LDAPTrustedCAType directive - " - "DER_FILE or BASE64_FILE type required"); - rc = -1; - } - - #elif APR_HAS_OPENLDAP_LDAPSDK - - /* OpenLDAP SDK supports BASE64 files - */ - if (st->cert_file_type == LDAP_CA_TYPE_BASE64) - { - rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, st->cert_auth_file); - } - else - { - ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, - "LDAP: Invalid LDAPTrustedCAType directive - " - "BASE64_FILE type required"); - rc = -1; - } - - - #elif APR_HAS_MICROSOFT_LDAPSDK - - /* Microsoft SDK use the registry certificate store - always - * assume support is always available - */ - rc = LDAP_SUCCESS; - - #else - rc = -1; - #endif /* APR_HAS_NETSCAPE_LDAPSDK */ + apr_ldap_err_t *result = NULL; + int rc = apr_ldap_ssl_init(p, + st->cert_auth_file, + st->cert_file_type, + &(result)); - #else /* not compiled with SSL Support */ - - ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, - "LDAP: Not built with SSL support." ); - rc = -1; - - #endif /* APR_HAS_LDAP_SSL */ - - if (LDAP_SUCCESS == rc) - { + if (LDAP_SUCCESS == rc) { st->ssl_support = 1; } - else - { - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, - "LDAP: SSL initialization failed"); + else if (NULL != result) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, result->reason); st->ssl_support = 0; } + } - /* The Microsoft SDK uses the registry certificate store - - * always assume support is available - */ - #if APR_HAS_MICROSOFT_LDAPSDK - st->ssl_support = 1; - #endif - - - /* log SSL status - If SSL isn't available it isn't necessarily - * an error because the modules asking for LDAP connections - * may not ask for SSL support - */ - if (st->ssl_support) - { + /* log SSL status - If SSL isn't available it isn't necessarily + * an error because the modules asking for LDAP connections + * may not ask for SSL support + */ + if (st->ssl_support) { ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, "LDAP: SSL support available" ); } - else - { + else { ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, "LDAP: SSL support unavailable" ); } -- 2.40.0