| blob | 2dd8398964ffac8c27649767b0210dd990b99999 |
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
17 /* apr_ldap_option.c -- LDAP options
18 *
19 * The LDAP SDK allows the getting and setting of options on an LDAP
20 * connection.
21 *
22 */
32 #if APR_HAS_LDAP
39 /**
40 * APR LDAP get option function
41 *
42 * This function gets option values from a given LDAP session if
43 * one was specified.
44 */
50 {
57 }
59 /* get the option specified using the native LDAP function */
62 /* handle the error case */
67 }
71 }
73 /**
74 * APR LDAP set option function
75 *
76 * This function sets option values to a given LDAP session if
77 * one was specified.
78 *
79 * Where an option is not supported by an LDAP toolkit, this function
80 * will try and apply legacy functions to achieve the same effect,
81 * depending on the platform.
82 */
88 {
95 }
107 #if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK
112 #endif
113 #if APR_HAS_NOVELL_LDAPSDK
116 }
119 }
120 #endif
121 #if APR_HAS_OPENLDAP_LDAPSDK
122 #ifdef LDAP_OPT_X_TLS
123 /* This is not a per-connection setting so just pass NULL for the
124 Ldap connection handle */
128 }
132 }
133 #else
138 #endif
139 #endif
141 /* handle the error case */
145 }
149 /* set the option specified using the native LDAP function */
152 /* handle the error case */
156 }
158 }
160 /* handle the error case */
163 }
167 }
169 /**
170 * Handle APR_LDAP_OPT_TLS
171 *
172 * This function sets the type of TLS to be applied to this connection.
173 * The options are:
174 * APR_LDAP_NONE: no encryption
175 * APR_LDAP_SSL: SSL encryption (ldaps://)
176 * APR_LDAP_STARTTLS: STARTTLS encryption
177 * APR_LDAP_STOPTLS: Stop existing TLS connecttion
178 */
181 {
186 /* Netscape/Mozilla/Solaris SDK */
187 #if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK
188 #if APR_HAS_LDAPSSL_INSTALL_ROUTINES
191 #ifdef LDAP_OPT_SSL
192 /* apparently Netscape and Mozilla need this too, Solaris doesn't */
195 }
196 #endif
201 }
202 }
207 }
212 }
213 #else
218 }
219 #endif
220 #endif
222 /* Novell SDK */
223 #if APR_HAS_NOVELL_LDAPSDK
224 /* ldapssl_install_routines(ldap)
225 * Behavior is unpredictable when other LDAP functions are called
226 * between the ldap_init function and the ldapssl_install_routines
227 * function.
228 *
229 * STARTTLS is supported by the ldap_start_tls_s() method
230 */
237 }
238 }
244 }
245 }
251 }
252 }
253 #endif
255 /* OpenLDAP SDK */
256 #if APR_HAS_OPENLDAP_LDAPSDK
257 #ifdef LDAP_OPT_X_TLS
263 "Could not set LDAP_OPT_X_TLS to "
266 }
267 }
273 }
274 }
279 }
280 #else
285 }
286 #endif
287 #endif
289 /* Microsoft SDK */
290 #if APR_HAS_MICROSOFT_LDAPSDK
297 }
298 }
305 }
306 }
307 #if APR_HAS_LDAP_START_TLS_S
313 }
314 }
320 }
321 }
322 #endif
323 #endif
325 #if APR_HAS_OTHER_LDAPSDK
330 }
331 #endif
335 }
337 /**
338 * Handle APR_LDAP_OPT_TLS_CACERTFILE
339 *
340 * This function sets the CA certificate for further SSL/TLS connections.
341 *
342 * The file provided are in different formats depending on the toolkit used:
343 *
344 * Netscape: cert7.db file
345 * Novell: PEM or DER
346 * OpenLDAP: PEM (others supported?)
347 * Microsoft: unknown
348 * Solaris: unknown
349 */
352 {
353 #if APR_HAS_LDAP_SSL
358 /* Netscape/Mozilla/Solaris SDK */
359 #if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSDK
360 #if APR_HAS_LDAPSSL_CLIENT_INIT
367 /* set up cert7.db, key3.db and secmod parameters */
386 "understands the CERT7, KEY3 and SECMOD "
389 }
392 }
393 }
395 /* actually set the certificate parameters */
405 }
406 }
414 }
415 }
422 }
423 }
429 }
430 }
431 }
432 #else
434 "supported by this Netscape/Mozilla/Solaris SDK. "
437 #endif
438 #endif
440 /* Novell SDK */
441 #if APR_HAS_NOVELL_LDAPSDK
442 #if APR_HAS_LDAPSSL_CLIENT_INIT && APR_HAS_LDAPSSL_ADD_TRUSTED_CERT && APR_HAS_LDAPSSL_CLIENT_DEINIT
443 /* The Novell library cannot support per connection certificates. Error
444 * out if the ldap handle is provided.
445 */
450 }
451 /* Novell's library needs to be initialised first */
458 }
459 }
460 /* set one or more certificates */
462 /* Novell SDK supports DER or BASE64 files. */
466 LDAPSSL_CERT_FILETYPE_DER);
471 LDAPSSL_CERT_FILETYPE_B64);
476 LDAPSSL_CERT_FILETYPE_DER,
482 LDAPSSL_CERT_FILETYPE_B64,
488 LDAPSSL_FILETYPE_P12,
494 LDAPSSL_CERT_FILETYPE_DER,
500 LDAPSSL_CERT_FILETYPE_B64,
506 LDAPSSL_FILETYPE_P12,
515 }
518 }
519 }
520 #else
522 "ldapssl_add_trusted_cert() or "
523 "ldapssl_client_deinit() functions not supported "
524 "by this Novell SDK. Certificate authority file "
527 #endif
528 #endif
530 /* OpenLDAP SDK */
531 #if APR_HAS_OPENLDAP_LDAPSDK
532 #ifdef LDAP_OPT_X_TLS_CACERTFILE
533 /* set one or more certificates */
534 /* FIXME: make it support setting directories as well as files */
536 /* OpenLDAP SDK supports BASE64 files. */
558 }
561 }
562 }
563 #else
565 "defined by this OpenLDAP SDK. Certificate "
568 #endif
569 #endif
571 /* Microsoft SDK */
572 #if APR_HAS_MICROSOFT_LDAPSDK
573 /* Microsoft SDK use the registry certificate store - error out
574 * here with a message explaining this. */
578 #endif
580 /* SDK not recognised */
581 #if APR_HAS_OTHER_LDAPSDK
583 "defined by this LDAP SDK. Certificate "
586 #endif
594 }