/** * APR LDAP initialise function * * This function is responsible for initialising an LDAP * connection in a toolkit independant way. It does the * job of ldap_init() from the C api. * * It handles both the SSL and non-SSL case, and attempts * to hide the complexity setup from the user. This function * assumes that any certificate setup necessary has already * been done. * * If SSL or STARTTLS needs to be enabled, and the underlying * toolkit supports it, the following values are accepted for * secure: * * APR_LDAP_NONE: No encryption * APR_LDAP_SSL: SSL encryption (ldaps://) * APR_LDAP_STARTTLS: Force STARTTLS on ldap:// */ APU_DECLARE_LDAP(int) apr_ldap_init(apr_pool_t *pool, LDAP **ldap, const char *hostname, int portno, int secure, apr_ldap_err_t **result_err) { apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; #if APR_HAS_LDAPSSL_INIT *ldap = ldapssl_init(hostname, portno, 0); #elif APR_HAS_LDAP_SSLINIT *ldap = ldap_sslinit((char *)hostname, portno, 0); #else *ldap = ldap_init((char *)hostname, portno); #endif if (*ldap != NULL) { return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err); } else { /* handle the error case */ apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; result->reason = "APR LDAP: Unable to initialize the LDAP connection"; result->rc = -1; return APR_EGENERAL; } }
static int add_ldap_certs(abts_case *tc) { apr_status_t status; apr_dir_t *thedir; apr_finfo_t dirent; apr_ldap_err_t *result = NULL; if ((status = apr_dir_open(&thedir, DIRNAME, p)) == APR_SUCCESS) { apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t *)apr_pcalloc(p, sizeof(apr_ldap_opt_tls_cert_t)); do { status = apr_dir_read(&dirent, APR_FINFO_MIN | APR_FINFO_NAME, thedir); if (APR_STATUS_IS_INCOMPLETE(status)) { continue; /* ignore un-stat()able files */ } else if (status != APR_SUCCESS) { break; } if (strstr(dirent.name, ".der")) { cert->type = APR_LDAP_CA_TYPE_DER; cert->path = apr_pstrcat (p, DIRNAME, "/", dirent.name, NULL); apr_ldap_set_option(p, NULL, APR_LDAP_OPT_TLS_CERT, (void *)cert, &result); ABTS_TRUE(tc, result->rc == LDAP_SUCCESS); } if (strstr(dirent.name, ".b64")) { cert->type = APR_LDAP_CA_TYPE_BASE64; cert->path = apr_pstrcat (p, DIRNAME, "/", dirent.name, NULL); apr_ldap_set_option(p, NULL, APR_LDAP_OPT_TLS_CERT, (void *)cert, &result); ABTS_TRUE(tc, result->rc == LDAP_SUCCESS); } } while (1); apr_dir_close(thedir); } return 0; }
/** * APR LDAP initialise function * * This function is responsible for initialising an LDAP * connection in a toolkit independant way. It does the * job of ldap_init() from the C api. * * It handles both the SSL and non-SSL case, and attempts * to hide the complexity setup from the user. This function * assumes that any certificate setup necessary has already * been done. * * If SSL or STARTTLS needs to be enabled, and the underlying * toolkit supports it, the following values are accepted for * secure: * * APR_LDAP_NONE: No encryption * APR_LDAP_SSL: SSL encryption (ldaps://) * APR_LDAP_STARTTLS: Force STARTTLS on ldap:// */ APU_DECLARE_LDAP(int) apr_ldap_init(apr_pool_t *pool, LDAP **ldap, const char *hostname, int portno, int secure, apr_ldap_err_t **result_err) { apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; #if APR_HAS_LDAPSSL_INIT #if APR_HAS_SOLARIS_LDAPSDK /* * Using the secure argument should aways be possible. But as LDAP SDKs * tend to have different quirks and bugs, this needs to be tested for * for each of them, first. For Solaris LDAP it works, and the method * with ldap_set_option doesn't. */ *ldap = ldapssl_init(hostname, portno, secure == APR_LDAP_SSL); #else *ldap = ldapssl_init(hostname, portno, 0); #endif #elif APR_HAS_LDAP_SSLINIT *ldap = ldap_sslinit((char *)hostname, portno, 0); #else *ldap = ldap_init((char *)hostname, portno); #endif if (*ldap != NULL) { #if APR_HAS_SOLARIS_LDAPSDK if (secure == APR_LDAP_SSL) return APR_SUCCESS; else #endif return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err); } else { /* handle the error case */ apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; result->reason = "APR LDAP: Unable to initialize the LDAP connection"; result->rc = -1; return APR_EGENERAL; } }
/** * APR LDAP SSL Initialise function * * This function initialises SSL on the underlying LDAP toolkit * if this is necessary. * * If a CA certificate is provided, this is set, however the setting * of certificates via this method has been deprecated and will be removed in * APR v2.0. * * The apr_ldap_set_option() function with the APR_LDAP_OPT_TLS_CERT option * should be used instead to set certificates. * * If SSL support is not available on this platform, or a problem * was encountered while trying to set the certificate, the function * will return APR_EGENERAL. Further LDAP specific error information * can be found in result_err. */ APU_DECLARE_LDAP(int) apr_ldap_ssl_init(apr_pool_t *pool, const char *cert_auth_file, int cert_file_type, apr_ldap_err_t **result_err) { apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; #if APR_HAS_LDAP_SSL /* compiled with ssl support */ /* Novell */ #if APR_HAS_NOVELL_LDAPSDK ldapssl_client_init(NULL, NULL); #endif /* if a certificate was specified, set it */ if (cert_auth_file) { apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t *)apr_pcalloc(pool, sizeof(apr_ldap_opt_tls_cert_t)); cert->type = cert_file_type; cert->path = cert_auth_file; return apr_ldap_set_option(pool, NULL, APR_LDAP_OPT_TLS_CERT, (void *)cert, result_err); } #else /* not compiled with SSL Support */ if (cert_auth_file) { result->reason = "LDAP: Attempt to set certificate store failed. " "Not built with SSL support"; result->rc = -1; } #endif /* APR_HAS_LDAP_SSL */ if (result->rc != -1) { result->msg = ldap_err2string(result->rc); } if (LDAP_SUCCESS != result->rc) { return APR_EGENERAL; } return APR_SUCCESS; }
static int lua_apr_ldap_option_set(lua_State *L) { lua_apr_ldap_object *object; apr_ldap_err_t *error = NULL; struct timeval time; apr_status_t status; int optidx, type, intval; void *value; object = check_ldap_connection(L, 1); optidx = check_ldap_option(L, 2); /* Convert the Lua value to an LDAP C API value. */ type = ldap_option_type(optidx); if (type == LUA_APR_LDAP_TB) { /* Boolean. */ value = lua_toboolean(L, 3) ? LDAP_OPT_ON : LDAP_OPT_OFF; } else if (type == LUA_APR_LDAP_TI) { /* Integer. */ intval = luaL_checkint(L, 3); value = &intval; } else if (type == LUA_APR_LDAP_TT) { /* Time (fractional number of seconds). */ luaL_checktype(L, 3, LUA_TNUMBER); value = number_to_time(L, 3, &time); } else if (type == LUA_APR_LDAP_TS) { /* String. */ value = (void*)luaL_optstring(L, 3, NULL); } else assert(0); /* Set the option value. */ status = apr_ldap_set_option(object->pool, object->ldap, ldap_option_value(optidx), value, &error); if (status != APR_SUCCESS) return push_ldap_error(L, status, error); lua_pushboolean(L, 1); return 1; }