ap_ldap_option.c revision 328106dab4706c964329eb20ad8173e1dbd2d32a
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* ap_ldap_option.c -- LDAP options
*
* The LDAP SDK allows the getting and setting of options on an LDAP
* connection.
*
*/
#include "apr.h"
#include "apu.h"
#include "ap_config.h"
#include "ap_ldap.h"
#include "apr_errno.h"
#include "apr_pools.h"
#include "apr_strings.h"
#include "apr_tables.h"
#if AP_HAS_LDAP
/**
* MODLDAP get option function
*
* This function gets option values from a given LDAP session if
* one was specified.
*/
int option,
void *outvalue,
{
*result_err = result;
if (!result) {
return APR_ENOMEM;
}
/* get the option specified using the native LDAP function */
/* handle the error case */
return APR_EGENERAL;
}
return APR_SUCCESS;
}
/**
* MODLDAP set option function
*
* This function sets option values to a given LDAP session if
* one was specified.
*
* Where an option is not supported by an LDAP toolkit, this function
* will try and apply legacy functions to achieve the same effect,
* depending on the platform.
*/
int option,
const void *invalue,
{
*result_err = result;
if (!result) {
return APR_ENOMEM;
}
switch (option) {
case AP_LDAP_OPT_TLS_CERT:
break;
case AP_LDAP_OPT_TLS:
break;
case AP_LDAP_OPT_VERIFY_CERT:
"Netscape, Solaris or Mozilla LDAP SDKs";
return APR_EGENERAL;
#endif
if (*((int*)invalue)) {
}
else {
}
#endif
#ifdef LDAP_OPT_X_TLS
/* This is not a per-connection setting so just pass NULL for the
Ldap connection handle */
if (*((int*)invalue)) {
int i = LDAP_OPT_X_TLS_DEMAND;
}
else {
int i = LDAP_OPT_X_TLS_NEVER;
}
#else
"version of the OpenLDAP toolkit";
return APR_EGENERAL;
#endif
#endif
/* handle the error case */
}
break;
case AP_LDAP_OPT_REFERRALS:
/* Setting this option is supported on at least TIVOLI_SDK and OpenLDAP. Folks
* who know the NOVELL, NETSCAPE, MOZILLA, and SOLARIS SDKs should note here if
* the SDK at least tolerates this option being set, or add an elif to handle
* special cases (i.e. different LDAP_OPT_X value).
*/
}
break;
case AP_LDAP_OPT_REFHOPLIMIT:
#if !defined(LDAP_OPT_REFHOPLIMIT) || AP_HAS_NOVELL_LDAPSDK
/* If the LDAP_OPT_REFHOPLIMIT symbol is missing, assume that the
* particular LDAP library has a reasonable default. So far certain
* versions of the OpenLDAP SDK miss this symbol (but default to 5),
* and the Microsoft SDK misses the symbol (the default is not known).
*/
#else
/* Setting this option is supported on at least TIVOLI_SDK. Folks who know
* the NOVELL, NETSCAPE, MOZILLA, and SOLARIS SDKs should note here if
* the SDK at least tolerates this option being set, or add an elif to handle
* special cases so an error isn't returned if there is a perfectly good
* default value that just can't be changed (like openLDAP).
*/
#endif
}
break;
default:
/* set the option specified using the native LDAP function */
/* handle the error case */
}
break;
}
/* handle the error case */
return APR_EGENERAL;
}
return APR_SUCCESS;
}
/**
* Handle AP_LDAP_OPT_TLS
*
* This function sets the type of TLS to be applied to this connection.
* The options are:
* AP_LDAP_NONE: no encryption
* AP_LDAP_SSL: SSL encryption (ldaps://)
* AP_LDAP_STARTTLS: STARTTLS encryption
* AP_LDAP_STOPTLS: Stop existing TLS connecttion
*/
{
#if AP_HAS_LDAP_SSL /* compiled with ssl support */
if (tls == AP_LDAP_SSL) {
#ifdef LDAP_OPT_SSL
/* apparently Netscape and Mozilla need this too, Solaris doesn't */
}
#endif
"connection.";
}
}
else if (tls == AP_LDAP_STARTTLS) {
}
else if (tls == AP_LDAP_STOPTLS) {
}
#else
if (tls != AP_LDAP_NONE) {
}
#endif
#endif
/* Novell SDK */
/* ldapssl_install_routines(ldap)
* Behavior is unpredictable when other LDAP functions are called
* between the ldap_init function and the ldapssl_install_routines
* function.
*
* STARTTLS is supported by the ldap_start_tls_s() method
*/
if (tls == AP_LDAP_SSL) {
"connection.";
}
}
if (tls == AP_LDAP_STARTTLS) {
}
}
else if (tls == AP_LDAP_STOPTLS) {
}
}
#endif
/* OpenLDAP SDK */
#ifdef LDAP_OPT_X_TLS
if (tls == AP_LDAP_SSL) {
int SSLmode = LDAP_OPT_X_TLS_HARD;
"Could not set LDAP_OPT_X_TLS to "
"LDAP_OPT_X_TLS_HARD";
}
}
else if (tls == AP_LDAP_STARTTLS) {
}
}
else if (tls == AP_LDAP_STOPTLS) {
"OpenLDAP SDK";
}
#else
if (tls != AP_LDAP_NONE) {
"version of the OpenLDAP toolkit";
}
#endif
#endif
/* Microsoft SDK */
if (tls == AP_LDAP_NONE) {
"failed.";
}
}
else if (tls == AP_LDAP_SSL) {
"failed.";
}
}
else if (tls == AP_LDAP_STARTTLS) {
}
}
else if (tls == AP_LDAP_STOPTLS) {
}
}
#endif
#endif
if (tls != AP_LDAP_NONE) {
"on this LDAP SDK";
}
#endif
#endif /* AP_HAS_LDAP_SSL */
}
/**
* Handle AP_LDAP_OPT_TLS_CACERTFILE
*
*
* The file provided are in different formats depending on the toolkit used:
*
* Netscape: cert7.db file
* Novell: PEM or DER
* OpenLDAP: PEM (others supported?)
* Microsoft: unknown
* Solaris: unknown
*/
{
#if AP_HAS_LDAP_SSL
int i = 0;
#endif
/* set up cert7.db, key3.db and secmod parameters */
case AP_LDAP_CA_TYPE_CERT7_DB:
break;
case AP_LDAP_CA_TYPE_SECMOD:
break;
break;
break;
default:
"understands the CERT7, KEY3 and SECMOD "
"file types.";
break;
}
break;
}
}
/* actually set the certificate parameters */
if (nickname) {
(char *)password,
(char *)nickname);
"ldapssl_enable_clientauth() failed.";
}
}
else if (secmod) {
}
}
else if (key3db) {
}
}
else {
}
}
}
#else
"Certificate authority file not set";
#endif
#endif
/* Novell SDK */
/* The Novell library cannot support per connection certificates. Error
* out if the ldap handle is provided.
*/
if (ldap) {
"of certificates or keys on a per connection basis.";
}
/* Novell's library needs to be initialised first */
else {
"initialize SSL");
}
}
/* set one or more certificates */
/* Novell SDK supports DER or BASE64 files. */
case AP_LDAP_CA_TYPE_DER:
break;
case AP_LDAP_CA_TYPE_BASE64:
break;
case AP_LDAP_CERT_TYPE_DER:
break;
case AP_LDAP_CERT_TYPE_BASE64:
break;
case AP_LDAP_CERT_TYPE_PFX:
break;
case AP_LDAP_KEY_TYPE_DER:
break;
case AP_LDAP_KEY_TYPE_BASE64:
break;
case AP_LDAP_KEY_TYPE_PFX:
break;
default:
"DER and PEM (BASE64) file types.";
break;
}
break;
}
}
#else
"ldapssl_add_trusted_cert() or "
"ldapssl_client_deinit() functions not supported "
"by this Novell SDK. Certificate authority file "
"not set";
#endif
#endif
/* OpenLDAP SDK */
#ifdef LDAP_OPT_X_TLS_CACERTFILE
#ifndef LDAP_OPT_X_TLS_NEWCTX
if (ldap) {
"of certificates or keys on a per connection basis.";
return;
}
#endif
/* set one or more certificates */
/* FIXME: make it support setting directories as well as files */
/* OpenLDAP SDK supports BASE64 files. */
case AP_LDAP_CA_TYPE_BASE64:
break;
case AP_LDAP_CERT_TYPE_BASE64:
break;
case AP_LDAP_KEY_TYPE_BASE64:
break;
#ifdef LDAP_OPT_X_TLS_CACERTDIR
break;
#endif
default:
"PEM (BASE64) file type.";
break;
}
break;
}
}
#ifdef LDAP_OPT_X_TLS_NEWCTX
/* Certificate settings are now configured, but we also need a new
* TLS context to be created. This applies to both gnuTLS and openssl
*/
int IS_SERVER = 0;
}
#endif
#else
"defined by this OpenLDAP SDK. Certificate "
"authority file not set";
#endif
#endif
/* Microsoft SDK */
/* Microsoft SDK use the registry certificate store - error out
* here with a message explaining this. */
"as they are stored in the registry instead.";
#endif
/* SDK not recognised */
"defined by this LDAP SDK. Certificate "
"authority file not set";
#endif
#else /* not compiled with SSL Support */
"Not built with SSL support";
#endif /* AP_HAS_LDAP_SSL */
}
#endif /* AP_HAS_LDAP */