📄 apr_ldap_option.c
字号:
/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. *//* apr_ldap_option.c -- LDAP options * * The LDAP SDK allows the getting and setting of options on an LDAP * connection. * */#include "apr.h"#include "apu.h"#include "apu_config.h"#if APU_DSO_BUILD#define APU_DSO_LDAP_BUILD#endif#include "apr_ldap.h"#include "apr_errno.h"#include "apr_pools.h"#include "apr_strings.h"#include "apr_tables.h"#if APR_HAS_LDAPstatic void option_set_cert(apr_pool_t *pool, LDAP *ldap, const void *invalue, apr_ldap_err_t *result);static void option_set_tls(apr_pool_t *pool, LDAP *ldap, const void *invalue, apr_ldap_err_t *result);/** * APR LDAP get option function * * This function gets option values from a given LDAP session if * one was specified. */APU_DECLARE_LDAP(int) apr_ldap_get_option(apr_pool_t *pool, LDAP *ldap, int option, void *outvalue, apr_ldap_err_t **result_err){ apr_ldap_err_t *result; result = apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; if (!result) { return APR_ENOMEM; } /* get the option specified using the native LDAP function */ result->rc = ldap_get_option(ldap, option, outvalue); /* handle the error case */ if (result->rc != LDAP_SUCCESS) { result->msg = ldap_err2string(result-> rc); result->reason = apr_pstrdup(pool, "LDAP: Could not get an option"); return APR_EGENERAL; } return APR_SUCCESS;} /** * APR LDAP set option function * * This function sets option values to a given LDAP session if * one was specified. * * Where an option is not supported by an LDAP toolkit, this function * will try and apply legacy functions to achieve the same effect, * depending on the platform. */APU_DECLARE_LDAP(int) apr_ldap_set_option(apr_pool_t *pool, LDAP *ldap, int option, const void *invalue, apr_ldap_err_t **result_err){ apr_ldap_err_t *result; result = apr_pcalloc(pool, sizeof(apr_ldap_err_t)); *result_err = result; if (!result) { return APR_ENOMEM; } switch (option) { case APR_LDAP_OPT_TLS_CERT: option_set_cert(pool, ldap, invalue, result); break; case APR_LDAP_OPT_TLS: option_set_tls(pool, ldap, invalue, result); break; case APR_LDAP_OPT_VERIFY_CERT:#if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK result->reason = "LDAP: Verify certificate not yet supported by APR on the " "Netscape, Solaris or Mozilla LDAP SDKs"; result->rc = -1; return APR_EGENERAL;#endif#if APR_HAS_NOVELL_LDAPSDK if (*((int*)invalue)) { result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_SERVER); } else { result->rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE); }#endif#if APR_HAS_OPENLDAP_LDAPSDK#ifdef LDAP_OPT_X_TLS /* This is not a per-connection setting so just pass NULL for the Ldap connection handle */ if (*((int*)invalue)) { int i = LDAP_OPT_X_TLS_DEMAND; result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i); } else { int i = LDAP_OPT_X_TLS_NEVER; result->rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &i); }#else result->reason = "LDAP: SSL/TLS not yet supported by APR on this " "version of the OpenLDAP toolkit"; result->rc = -1; return APR_EGENERAL;#endif#endif /* handle the error case */ if (result->rc != LDAP_SUCCESS) { result->msg = ldap_err2string(result->rc); result->reason = "LDAP: Could not set verify mode"; } break; case APR_LDAP_OPT_REFERRALS: /* Setting this option is supported on at least TIVOLI_SDK and OpenLDAP. Folks * who know the NOVELL, NETSCAPE, MOZILLA, and SOLARIS SDKs should note here if * the SDK at least tolerates this option being set, or add an elif to handle * special cases (i.e. different LDAP_OPT_X value). */ result->rc = ldap_set_option(ldap, LDAP_OPT_REFERRALS, (void *)invalue); if (result->rc != LDAP_SUCCESS) { result->reason = "Unable to set LDAP_OPT_REFERRALS."; return(result->rc); } break; case APR_LDAP_OPT_REFHOPLIMIT:#if !defined(LDAP_OPT_REFHOPLIMIT) || APR_HAS_NOVELL_LDAPSDK /* If the LDAP_OPT_REFHOPLIMIT symbol is missing, assume that the * particular LDAP library has a reasonable default. So far certain * versions of the OpenLDAP SDK miss this symbol (but default to 5), * and the Microsoft SDK misses the symbol (the default is not known). */ result->rc = LDAP_SUCCESS;#else /* Setting this option is supported on at least TIVOLI_SDK. Folks who know * the NOVELL, NETSCAPE, MOZILLA, and SOLARIS SDKs should note here if * the SDK at least tolerates this option being set, or add an elif to handle * special cases so an error isn't returned if there is a perfectly good * default value that just can't be changed (like openLDAP). */ result->rc = ldap_set_option(ldap, LDAP_OPT_REFHOPLIMIT, (void *)invalue);#endif if (result->rc != LDAP_SUCCESS) { result->reason = "Unable to set LDAP_OPT_REFHOPLIMIT."; return(result->rc); } break; default: /* set the option specified using the native LDAP function */ result->rc = ldap_set_option(ldap, option, (void *)invalue); /* handle the error case */ if (result->rc != LDAP_SUCCESS) { result->msg = ldap_err2string(result->rc); result->reason = "LDAP: Could not set an option"; } break; } /* handle the error case */ if (result->rc != LDAP_SUCCESS) { return APR_EGENERAL; } return APR_SUCCESS;}/** * Handle APR_LDAP_OPT_TLS * * This function sets the type of TLS to be applied to this connection. * The options are: * APR_LDAP_NONE: no encryption * APR_LDAP_SSL: SSL encryption (ldaps://) * APR_LDAP_STARTTLS: STARTTLS encryption * APR_LDAP_STOPTLS: Stop existing TLS connecttion */static void option_set_tls(apr_pool_t *pool, LDAP *ldap, const void *invalue, apr_ldap_err_t *result){#if APR_HAS_LDAP_SSL /* compiled with ssl support */ int tls = * (const int *)invalue; /* Netscape/Mozilla/Solaris SDK */#if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK#if APR_HAS_LDAPSSL_INSTALL_ROUTINES if (tls == APR_LDAP_SSL) { result->rc = ldapssl_install_routines(ldap);#ifdef LDAP_OPT_SSL /* apparently Netscape and Mozilla need this too, Solaris doesn't */ if (result->rc == LDAP_SUCCESS) { result->rc = ldap_set_option(ldap, LDAP_OPT_SSL, LDAP_OPT_ON); }#endif if (result->rc != LDAP_SUCCESS) { result->msg = ldap_err2string(result->rc); result->reason = "LDAP: Could not switch SSL on for this " "connection."; } } else if (tls == APR_LDAP_STARTTLS) { result->reason = "LDAP: STARTTLS is not supported by the " "Netscape/Mozilla/Solaris SDK"; result->rc = -1; } else if (tls == APR_LDAP_STOPTLS) { result->reason = "LDAP: STOPTLS is not supported by the " "Netscape/Mozilla/Solaris SDK"; result->rc = -1; }#else if (tls != APR_LDAP_NONE) { result->reason = "LDAP: SSL/TLS is not supported by this version " "of the Netscape/Mozilla/Solaris SDK"; result->rc = -1; }#endif#endif /* Novell SDK */#if APR_HAS_NOVELL_LDAPSDK /* ldapssl_install_routines(ldap) * Behavior is unpredictable when other LDAP functions are called * between the ldap_init function and the ldapssl_install_routines * function. * * STARTTLS is supported by the ldap_start_tls_s() method */ if (tls == APR_LDAP_SSL) { result->rc = ldapssl_install_routines(ldap); if (result->rc != LDAP_SUCCESS) { result->msg = ldap_err2string(result->rc); result->reason = "LDAP: Could not switch SSL on for this " "connection."; } } if (tls == APR_LDAP_STARTTLS) { result->rc = ldapssl_start_tls(ldap); if (result->rc != LDAP_SUCCESS) { result->msg = ldap_err2string(result->rc); result->reason = "LDAP: Could not start TLS on this connection"; } } else if (tls == APR_LDAP_STOPTLS) { result->rc = ldapssl_stop_tls(ldap); if (result->rc != LDAP_SUCCESS) { result->msg = ldap_err2string(result->rc); result->reason = "LDAP: Could not stop TLS on this connection"; } }#endif /* OpenLDAP SDK */#if APR_HAS_OPENLDAP_LDAPSDK#ifdef LDAP_OPT_X_TLS if (tls == APR_LDAP_SSL) { int SSLmode = LDAP_OPT_X_TLS_HARD; result->rc = ldap_set_option(ldap, LDAP_OPT_X_TLS, &SSLmode); if (result->rc != LDAP_SUCCESS) { result->reason = "LDAP: ldap_set_option failed. " "Could not set LDAP_OPT_X_TLS to " "LDAP_OPT_X_TLS_HARD"; result->msg = ldap_err2string(result->rc); } } else if (tls == APR_LDAP_STARTTLS) { result->rc = ldap_start_tls_s(ldap, NULL, NULL); if (result->rc != LDAP_SUCCESS) { result->reason = "LDAP: ldap_start_tls_s() failed"; result->msg = ldap_err2string(result->rc); } } else if (tls == APR_LDAP_STOPTLS) { result->reason = "LDAP: STOPTLS is not supported by the " "OpenLDAP SDK"; result->rc = -1; }#else if (tls != APR_LDAP_NONE) { result->reason = "LDAP: SSL/TLS not yet supported by APR on this " "version of the OpenLDAP toolkit";⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -