📄 util_ldap.c
字号:
(char *)basedn, scope, (char *)filter, attrs, 0, NULL, NULL, NULL, APR_LDAP_SIZELIMIT, &res); if (AP_LDAP_IS_SERVER_DOWN(result)) { ldc->reason = "ldap_search_ext_s() for user failed with server down"; uldap_connection_unbind(ldc); goto start_over; } /* if there is an error (including LDAP_NO_SUCH_OBJECT) return now */ if (result != LDAP_SUCCESS) { ldc->reason = "ldap_search_ext_s() for user failed"; return result; } /* * We should have found exactly one entry; to find a different * number is an error. */ count = ldap_count_entries(ldc->ldap, res); if (count != 1) { if (count == 0 ) ldc->reason = "User not found"; else ldc->reason = "User is not unique (search found two " "or more matches)"; ldap_msgfree(res); return LDAP_NO_SUCH_OBJECT; } entry = ldap_first_entry(ldc->ldap, res); /* Grab the dn, copy it into the pool, and free it again */ dn = ldap_get_dn(ldc->ldap, entry); *binddn = apr_pstrdup(r->pool, dn); ldap_memfree(dn); /* * Get values for the provided attributes. */ if (attrs) { int k = 0; int i = 0; while (attrs[k++]); vals = apr_pcalloc(r->pool, sizeof(char *) * (k+1)); numvals = k; while (attrs[i]) { char **values; int j = 0; char *str = NULL; /* get values */ values = ldap_get_values(ldc->ldap, entry, attrs[i]); while (values && values[j]) { str = str ? apr_pstrcat(r->pool, str, "; ", values[j], NULL) : apr_pstrdup(r->pool, values[j]); j++; } ldap_value_free(values); vals[i] = str; i++; } *retvals = vals; } /* * Add the new username to the search cache. */ if (curl) { LDAP_CACHE_LOCK(); the_search_node.username = filter; the_search_node.dn = *binddn; the_search_node.bindpw = NULL; the_search_node.lastbind = apr_time_now(); the_search_node.vals = vals; the_search_node.numvals = numvals; /* Search again to make sure that another thread didn't ready insert * this node into the cache before we got here. If it does exist then * update the lastbind */ search_nodep = util_ald_cache_fetch(curl->search_cache, &the_search_node); if ((search_nodep == NULL) || (strcmp(*binddn, search_nodep->dn) != 0)) { /* Nothing in cache, insert new entry */ util_ald_cache_insert(curl->search_cache, &the_search_node); } /* * Don't update lastbind on entries with bindpw because * we haven't verified that password. It's OK to update * the entry if there is no password in it. */ else if (!search_nodep->bindpw) { /* Cache entry is valid, update lastbind */ search_nodep->lastbind = the_search_node.lastbind; } LDAP_CACHE_UNLOCK(); } ldap_msgfree(res); ldc->reason = "Search successful"; return LDAP_SUCCESS;}/* * Reports if ssl support is enabled * * 1 = enabled, 0 = not enabled */static int uldap_ssl_supported(request_rec *r){ util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config( r->server->module_config, &ldap_module); return(st->ssl_supported);}/* ---------------------------------------- *//* config directives */static const char *util_ldap_set_cache_bytes(cmd_parms *cmd, void *dummy, const char *bytes){ util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, &ldap_module); const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err != NULL) { return err; } st->cache_bytes = atol(bytes); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, "[%" APR_PID_T_FMT "] ldap cache: Setting shared memory " " cache size to %" APR_SIZE_T_FMT " bytes.", getpid(), st->cache_bytes); return NULL;}static const char *util_ldap_set_cache_file(cmd_parms *cmd, void *dummy, const char *file){ util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, &ldap_module); const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err != NULL) { return err; } if (file) { st->cache_file = ap_server_root_relative(st->pool, file); } else { st->cache_file = NULL; } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, "LDAP cache: Setting shared memory cache file to %s bytes.", st->cache_file); return NULL;}static const char *util_ldap_set_cache_ttl(cmd_parms *cmd, void *dummy, const char *ttl){ util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, &ldap_module); const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err != NULL) { return err; } st->search_cache_ttl = atol(ttl) * 1000000; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, "[%" APR_PID_T_FMT "] ldap cache: Setting cache TTL to %ld microseconds.", getpid(), st->search_cache_ttl); return NULL;}static const char *util_ldap_set_cache_entries(cmd_parms *cmd, void *dummy, const char *size){ util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, &ldap_module); const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err != NULL) { return err; } st->search_cache_size = atol(size); if (st->search_cache_size < 0) { st->search_cache_size = 0; } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, "[%" APR_PID_T_FMT "] ldap cache: Setting search cache size to %ld entries.", getpid(), st->search_cache_size); return NULL;}static const char *util_ldap_set_opcache_ttl(cmd_parms *cmd, void *dummy, const char *ttl){ util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, &ldap_module); const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err != NULL) { return err; } st->compare_cache_ttl = atol(ttl) * 1000000; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, "[%" APR_PID_T_FMT "] ldap cache: Setting operation cache TTL to %ld microseconds.", getpid(), st->compare_cache_ttl); return NULL;}static const char *util_ldap_set_opcache_entries(cmd_parms *cmd, void *dummy, const char *size){ util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, &ldap_module); const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err != NULL) { return err; } st->compare_cache_size = atol(size); if (st->compare_cache_size < 0) { st->compare_cache_size = 0; } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, "[%" APR_PID_T_FMT "] ldap cache: Setting operation cache size to %ld " "entries.", getpid(), st->compare_cache_size); return NULL;}/** * Parse the certificate type. * * The type can be one of the following: * CA_DER, CA_BASE64, CA_CERT7_DB, CA_SECMOD, CERT_DER, CERT_BASE64, * CERT_KEY3_DB, CERT_NICKNAME, KEY_DER, KEY_BASE64 * * If no matches are found, APR_LDAP_CA_TYPE_UNKNOWN is returned. */static int util_ldap_parse_cert_type(const char *type){ /* Authority file in binary DER format */ if (0 == strcasecmp("CA_DER", type)) { return APR_LDAP_CA_TYPE_DER; } /* Authority file in Base64 format */ else if (0 == strcasecmp("CA_BASE64", type)) { return APR_LDAP_CA_TYPE_BASE64; } /* Netscape certificate database file/directory */ else if (0 == strcasecmp("CA_CERT7_DB", type)) { return APR_LDAP_CA_TYPE_CERT7_DB; } /* Netscape secmod file/directory */ else if (0 == strcasecmp("CA_SECMOD", type)) { return APR_LDAP_CA_TYPE_SECMOD; } /* Client cert file in DER format */ else if (0 == strcasecmp("CERT_DER", type)) { return APR_LDAP_CERT_TYPE_DER; } /* Client cert file in Base64 format */ else if (0 == strcasecmp("CERT_BASE64", type)) { return APR_LDAP_CERT_TYPE_BASE64; } /* Client cert file in PKCS#12 format */ else if (0 == strcasecmp("CERT_PFX", type)) { return APR_LDAP_CERT_TYPE_PFX; } /* Netscape client cert database file/directory */ else if (0 == strcasecmp("CERT_KEY3_DB", type)) { return APR_LDAP_CERT_TYPE_KEY3_DB; } /* Netscape client cert nickname */ else if (0 == strcasecmp("CERT_NICKNAME", type)) { return APR_LDAP_CERT_TYPE_NICKNAME; } /* Client cert key file in DER format */ else if (0 == strcasecmp("KEY_DER", type)) { return APR_LDAP_KEY_TYPE_DER; } /* Client cert key file in Base64 format */ else if (0 == strcasecmp("KEY_BASE64", type)) { return APR_LDAP_KEY_TYPE_BASE64; } /* Client cert key file in PKCS#12 format */ else if (0 == strcasecmp("KEY_PFX", type)) { return APR_LDAP_KEY_TYPE_PFX; } else { return APR_LDAP_CA_TYPE_UNKNOWN; }}/** * Set LDAPTrustedGlobalCert. * * This directive takes either two or three arguments: * - certificate type * - certificate file / directory / nickname * - certificate password (optional) * * This directive may only be used globally. */static const char *util_ldap_set_trusted_global_cert(cmd_parms *cmd, void *dummy, const char *type, const char *file, const char *password){ util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, &ldap_module); const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); apr_finfo_t finfo; apr_status_t rv; int cert_type = 0; apr_ldap_opt_tls_cert_t *cert; if (err != NULL) { return err; } /* handle the certificate type */ if (type) { cert_type = util_ldap_parse_cert_type(type); if (APR_LDAP_CA_TYPE_UNKNOWN == cert_type) { return apr_psprintf(cmd->pool, "The certificate type %s is " "not recognised. It should be one " "of CA_DER, CA_BASE64, CA_CERT7_DB, " "CA_SECMOD, CERT_DER, CERT_BASE64, " "CERT_KEY3_DB, CERT_NICKNAME, " "KEY_DER, KEY_BASE64", type); } } else { return "Certificate type was not specified."; } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, "LDAP: SSL trusted global cert - %s (type %s)", file, type); /* add the certificate to the global array */ cert = (apr_ldap_opt_tls_cert_t *)apr_array_push(st->global_certs); cert->type = cert_type; cert->path = file; cert->password = password; /* if file is a file or path, fix the path */ if (cert_type != APR_LDAP_CA_TYPE_UNKNOWN && cert_type != APR_LDAP_CERT_TYPE_NICKNAME) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -