| blob | 1d31e026ce02dcd268c4d1a2ceafdb47e9ff61ad |
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
17 /* apr_ldap_option.c -- LDAP options
18 *
19 * The LDAP SDK allows the getting and setting of options on an LDAP
20 * connection.
21 *
22 */
32 #if APR_HAS_LDAP
39 /**
40 * APR LDAP get option function
41 *
42 * This function gets option values from a given LDAP session if
43 * one was specified.
44 */
50 {
57 }
59 /* get the option specified using the native LDAP function */
62 /* handle the error case */
67 }
71 }
73 /**
74 * APR LDAP set option function
75 *
76 * This function sets option values to a given LDAP session if
77 * one was specified.
78 *
79 * Where an option is not supported by an LDAP toolkit, this function
80 * will try and apply legacy functions to achieve the same effect,
81 * depending on the platform.
82 */
88 {
95 }
107 #if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK
112 #endif
113 #if APR_HAS_NOVELL_LDAPSDK
116 }
119 }
120 #endif
121 #if APR_HAS_OPENLDAP_LDAPSDK
122 #ifdef LDAP_OPT_X_TLS
123 /* This is not a per-connection setting so just pass NULL for the
124 Ldap connection handle */
128 }
132 }
133 #else
138 #endif
139 #endif
141 /* handle the error case */
145 }
149 /* Setting this option is supported on at least TIVOLI_SDK and OpenLDAP. Folks
150 * who know the NOVELL, NETSCAPE, MOZILLA, and SOLARIS SDKs should note here if
151 * the SDK at least tolerates this option being set, or add an elif to handle
152 * special cases (i.e. different LDAP_OPT_X value).
153 */
159 }
163 #if !defined(LDAP_OPT_REFHOPLIMIT) || defined(APR_HAS_NOVELL_LDAPSDK)
164 /* If the LDAP_OPT_REFHOPLIMIT symbol is missing, assume that the
165 * particular LDAP library has a reasonable default. So far certain
166 * versions of the OpenLDAP SDK miss this symbol (but default to 5),
167 * and the Microsoft SDK misses the symbol (the default is not known).
168 */
170 #else
171 /* Setting this option is supported on at least TIVOLI_SDK. Folks who know
172 * the NOVELL, NETSCAPE, MOZILLA, and SOLARIS SDKs should note here if
173 * the SDK at least tolerates this option being set, or add an elif to handle
174 * special cases so an error isn't returned if there is a perfectly good
175 * default value that just can't be changed (like openLDAP).
176 */
178 #endif
183 }
187 /* set the option specified using the native LDAP function */
190 /* handle the error case */
194 }
196 }
198 /* handle the error case */
201 }
205 }
207 /**
208 * Handle APR_LDAP_OPT_TLS
209 *
210 * This function sets the type of TLS to be applied to this connection.
211 * The options are:
212 * APR_LDAP_NONE: no encryption
213 * APR_LDAP_SSL: SSL encryption (ldaps://)
214 * APR_LDAP_STARTTLS: STARTTLS encryption
215 * APR_LDAP_STOPTLS: Stop existing TLS connecttion
216 */
219 {
224 /* Netscape/Mozilla/Solaris SDK */
225 #if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK
226 #if APR_HAS_LDAPSSL_INSTALL_ROUTINES
229 #ifdef LDAP_OPT_SSL
230 /* apparently Netscape and Mozilla need this too, Solaris doesn't */
233 }
234 #endif
239 }
240 }
245 }
250 }
251 #else
256 }
257 #endif
258 #endif
260 /* Novell SDK */
261 #if APR_HAS_NOVELL_LDAPSDK
262 /* ldapssl_install_routines(ldap)
263 * Behavior is unpredictable when other LDAP functions are called
264 * between the ldap_init function and the ldapssl_install_routines
265 * function.
266 *
267 * STARTTLS is supported by the ldap_start_tls_s() method
268 */
275 }
276 }
282 }
283 }
289 }
290 }
291 #endif
293 /* OpenLDAP SDK */
294 #if APR_HAS_OPENLDAP_LDAPSDK
295 #ifdef LDAP_OPT_X_TLS
301 "Could not set LDAP_OPT_X_TLS to "
304 }
305 }
311 }
312 }
317 }
318 #else
323 }
324 #endif
325 #endif
327 /* Microsoft SDK */
328 #if APR_HAS_MICROSOFT_LDAPSDK
336 }
337 }
345 }
346 }
347 #if APR_HAS_LDAP_START_TLS_S
353 }
354 }
360 }
361 }
362 #endif
363 #endif
365 #if APR_HAS_OTHER_LDAPSDK
370 }
371 #endif
375 }
377 /**
378 * Handle APR_LDAP_OPT_TLS_CACERTFILE
379 *
380 * This function sets the CA certificate for further SSL/TLS connections.
381 *
382 * The file provided are in different formats depending on the toolkit used:
383 *
384 * Netscape: cert7.db file
385 * Novell: PEM or DER
386 * OpenLDAP: PEM (others supported?)
387 * Microsoft: unknown
388 * Solaris: unknown
389 */
392 {
393 #if APR_HAS_LDAP_SSL
398 /* Netscape/Mozilla/Solaris SDK */
399 #if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSDK
400 #if APR_HAS_LDAPSSL_CLIENT_INIT
407 /* set up cert7.db, key3.db and secmod parameters */
426 "understands the CERT7, KEY3 and SECMOD "
429 }
432 }
433 }
435 /* actually set the certificate parameters */
445 }
446 }
454 }
455 }
462 }
463 }
469 }
470 }
471 }
472 #else
474 "supported by this Netscape/Mozilla/Solaris SDK. "
477 #endif
478 #endif
480 /* Novell SDK */
481 #if APR_HAS_NOVELL_LDAPSDK
482 #if APR_HAS_LDAPSSL_CLIENT_INIT && APR_HAS_LDAPSSL_ADD_TRUSTED_CERT && APR_HAS_LDAPSSL_CLIENT_DEINIT
483 /* The Novell library cannot support per connection certificates. Error
484 * out if the ldap handle is provided.
485 */
490 }
491 /* Novell's library needs to be initialised first */
498 }
499 }
500 /* set one or more certificates */
502 /* Novell SDK supports DER or BASE64 files. */
506 LDAPSSL_CERT_FILETYPE_DER);
511 LDAPSSL_CERT_FILETYPE_B64);
516 LDAPSSL_CERT_FILETYPE_DER,
522 LDAPSSL_CERT_FILETYPE_B64,
528 LDAPSSL_FILETYPE_P12,
534 LDAPSSL_CERT_FILETYPE_DER,
540 LDAPSSL_CERT_FILETYPE_B64,
546 LDAPSSL_FILETYPE_P12,
555 }
558 }
559 }
560 #else
562 "ldapssl_add_trusted_cert() or "
563 "ldapssl_client_deinit() functions not supported "
564 "by this Novell SDK. Certificate authority file "
567 #endif
568 #endif
570 /* OpenLDAP SDK */
571 #if APR_HAS_OPENLDAP_LDAPSDK
572 #ifdef LDAP_OPT_X_TLS_CACERTFILE
573 /* set one or more certificates */
574 /* FIXME: make it support setting directories as well as files */
576 /* OpenLDAP SDK supports BASE64 files. */
593 #ifdef LDAP_OPT_X_TLS_CACERTDIR
599 #endif
605 }
608 }
609 }
610 #else
612 "defined by this OpenLDAP SDK. Certificate "
615 #endif
616 #endif
618 /* Microsoft SDK */
619 #if APR_HAS_MICROSOFT_LDAPSDK
620 /* Microsoft SDK use the registry certificate store - error out
621 * here with a message explaining this. */
625 #endif
627 /* SDK not recognised */
628 #if APR_HAS_OTHER_LDAPSDK
630 "defined by this LDAP SDK. Certificate "
633 #endif
641 }