| blob | 43eb8d090ec9d35073188a7e9e91a6627f1f29bd |
1 /* Copyright 2000-2005 The Apache Software Foundation or its licensors, as
2 * applicable.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
17 /* apr_ldap_option.c -- LDAP options
18 *
19 * The LDAP SDK allows the getting and setting of options on an LDAP
20 * connection.
21 *
22 */
32 #if APR_HAS_LDAP
39 /**
40 * APR LDAP get option function
41 *
42 * This function gets option values from a given LDAP session if
43 * one was specified.
44 */
50 {
57 }
59 /* get the option specified using the native LDAP function */
62 /* handle the error case */
67 }
71 }
73 /**
74 * APR LDAP set option function
75 *
76 * This function sets option values to a given LDAP session if
77 * one was specified.
78 *
79 * Where an option is not supported by an LDAP toolkit, this function
80 * will try and apply legacy functions to achieve the same effect,
81 * depending on the platform.
82 */
88 {
95 }
107 #if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK
112 #endif
113 #if APR_HAS_NOVELL_LDAPSDK
116 }
119 }
120 #endif
121 #if APR_HAS_OPENLDAP_LDAPSDK
122 #ifdef LDAP_OPT_X_TLS
123 /* This is not a per-connection setting so just pass NULL for the
124 Ldap connection handle */
128 }
132 }
133 #else
138 #endif
139 #endif
141 /* handle the error case */
145 }
149 /* set the option specified using the native LDAP function */
152 /* handle the error case */
156 }
158 }
160 /* handle the error case */
163 }
167 }
169 /**
170 * Handle APR_LDAP_OPT_TLS
171 *
172 * This function sets the type of TLS to be applied to this connection.
173 * The options are:
174 * APR_LDAP_NONE: no encryption
175 * APR_LDAP_SSL: SSL encryption (ldaps://)
176 * APR_LDAP_STARTTLS: STARTTLS encryption
177 * APR_LDAP_STOPTLS: Stop existing TLS connecttion
178 */
181 {
186 /* Netscape/Mozilla/Solaris SDK */
187 #if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSK
188 #if APR_HAS_LDAPSSL_INSTALL_ROUTINES
191 #ifdef LDAP_OPT_SSL
192 /* apparently Netscape and Mozilla need this too, Solaris doesn't */
195 }
196 #endif
201 }
202 }
207 }
212 }
213 #else
218 }
219 #endif
220 #endif
222 /* Novell SDK */
223 #if APR_HAS_NOVELL_LDAPSDK
224 /* ldapssl_install_routines(ldap)
225 * Behavior is unpredictable when other LDAP functions are called
226 * between the ldap_init function and the ldapssl_install_routines
227 * function.
228 *
229 * STARTTLS is supported by the ldap_start_tls_s() method
230 */
237 }
238 }
244 }
245 }
251 }
252 }
253 #endif
255 /* OpenLDAP SDK */
256 #if APR_HAS_OPENLDAP_LDAPSDK
257 #ifdef LDAP_OPT_X_TLS
263 "Could not set LDAP_OPT_X_TLS to "
266 }
267 }
273 }
274 }
279 }
280 #else
285 }
286 #endif
287 #endif
289 /* Microsoft SDK */
290 #if APR_HAS_MICROSOFT_LDAPSDK
297 }
298 }
305 }
306 }
307 #if APR_HAS_LDAP_START_TLS_S
313 }
314 }
320 }
321 }
322 #endif
323 #endif
325 #if APR_HAS_OTHER_LDAPSDK
330 }
331 #endif
335 }
337 /**
338 * Handle APR_LDAP_OPT_TLS_CACERTFILE
339 *
340 * This function sets the CA certificate for further SSL/TLS connections.
341 *
342 * The file provided are in different formats depending on the toolkit used:
343 *
344 * Netscape: cert7.db file
345 * Novell: PEM or DER
346 * OpenLDAP: PEM (others supported?)
347 * Microsoft: unknown
348 * Solaris: unknown
349 */
352 {
357 #if APR_HAS_LDAP_SSL
359 /* Netscape/Mozilla/Solaris SDK */
360 #if APR_HAS_NETSCAPE_LDAPSDK || APR_HAS_SOLARIS_LDAPSDK || APR_HAS_MOZILLA_LDAPSDK
361 #if APR_HAS_LDAPSSL_CLIENT_INIT
368 /* set up cert7.db, key3.db and secmod parameters */
387 "understands the CERT7, KEY3 and SECMOD "
390 }
393 }
394 }
396 /* actually set the certificate parameters */
406 }
407 }
415 }
416 }
423 }
424 }
430 }
431 }
432 }
433 #else
435 "supported by this Netscape/Mozilla/Solaris SDK. "
438 #endif
439 #endif
441 /* Novell SDK */
442 #if APR_HAS_NOVELL_LDAPSDK
443 #if APR_HAS_LDAPSSL_CLIENT_INIT && APR_HAS_LDAPSSL_ADD_TRUSTED_CERT && APR_HAS_LDAPSSL_CLIENT_DEINIT
444 /* The Novell library cannot support per connection certificates. Error
445 * out if the ldap handle is provided.
446 */
451 }
452 /* Novell's library needs to be initialised first */
459 }
460 }
461 /* set one or more certificates */
463 /* Novell SDK supports DER or BASE64 files. */
467 LDAPSSL_CERT_FILETYPE_DER);
472 LDAPSSL_CERT_FILETYPE_B64);
477 LDAPSSL_CERT_FILETYPE_DER,
483 LDAPSSL_CERT_FILETYPE_B64,
489 LDAPSSL_FILETYPE_P12,
495 LDAPSSL_CERT_FILETYPE_DER,
501 LDAPSSL_CERT_FILETYPE_B64,
507 LDAPSSL_FILETYPE_P12,
516 }
519 }
520 }
521 #else
523 "ldapssl_add_trusted_cert() or "
524 "ldapssl_client_deinit() functions not supported "
525 "by this Novell SDK. Certificate authority file "
528 #endif
529 #endif
531 /* OpenLDAP SDK */
532 #if APR_HAS_OPENLDAP_LDAPSDK
533 #ifdef LDAP_OPT_X_TLS_CACERTFILE
534 /* set one or more certificates */
535 /* FIXME: make it support setting directories as well as files */
537 /* OpenLDAP SDK supports BASE64 files. */
559 }
562 }
563 }
564 #else
566 "defined by this OpenLDAP SDK. Certificate "
569 #endif
570 #endif
572 /* Microsoft SDK */
573 #if APR_HAS_MICROSOFT_LDAPSDK
574 /* Microsoft SDK use the registry certificate store - error out
575 * here with a message explaining this. */
579 #endif
581 /* SDK not recognised */
582 #if APR_HAS_OTHER_LDAPSDK
584 "defined by this LDAP SDK. Certificate "
587 #endif
595 }