937a200089
This is actually a fully functional build except: * All internal shared libraries are static linked to make sure there is no interference with ports (and to reduce build time). * It does not have the python/perl/etc plugin or API support. * By default, it installs as "svnlite" rather than "svn". * If WITH_SVN added in make.conf, you get "svn". * If WITHOUT_SVNLITE is in make.conf, this is completely disabled. To be absolutely clear, this is not intended for any use other than checking out freebsd source and committing, like we once did with cvs. It should be usable for small scale local repositories that don't need the python/perl plugin architecture.
236 lines
7.0 KiB
C
236 lines
7.0 KiB
C
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright ownership.
|
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
* (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
/*
|
|
* apr_ldap_init.c: LDAP v2/v3 common initialise
|
|
*
|
|
* Original code from auth_ldap module for Apache v1.3:
|
|
* Copyright 1998, 1999 Enbridge Pipelines Inc.
|
|
* Copyright 1999-2001 Dave Carrigan
|
|
*/
|
|
|
|
#include "apr.h"
|
|
#include "apu.h"
|
|
#include "apu_config.h"
|
|
|
|
#if APU_DSO_BUILD
|
|
#define APU_DSO_LDAP_BUILD
|
|
#endif
|
|
|
|
#include "apr_ldap.h"
|
|
#include "apu_internal.h"
|
|
#include "apr_errno.h"
|
|
#include "apr_pools.h"
|
|
#include "apr_strings.h"
|
|
|
|
#if APR_HAS_LDAP
|
|
|
|
/**
|
|
* APR LDAP SSL Initialise function
|
|
*
|
|
* This function initialises SSL on the underlying LDAP toolkit
|
|
* if this is necessary.
|
|
*
|
|
* If a CA certificate is provided, this is set, however the setting
|
|
* of certificates via this method has been deprecated and will be removed in
|
|
* APR v2.0.
|
|
*
|
|
* The apr_ldap_set_option() function with the APR_LDAP_OPT_TLS_CERT option
|
|
* should be used instead to set certificates.
|
|
*
|
|
* If SSL support is not available on this platform, or a problem
|
|
* was encountered while trying to set the certificate, the function
|
|
* will return APR_EGENERAL. Further LDAP specific error information
|
|
* can be found in result_err.
|
|
*/
|
|
APU_DECLARE_LDAP(int) apr_ldap_ssl_init(apr_pool_t *pool,
|
|
const char *cert_auth_file,
|
|
int cert_file_type,
|
|
apr_ldap_err_t **result_err)
|
|
{
|
|
|
|
apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
|
|
*result_err = result;
|
|
|
|
#if APR_HAS_LDAP_SSL /* compiled with ssl support */
|
|
|
|
/* Novell */
|
|
#if APR_HAS_NOVELL_LDAPSDK
|
|
ldapssl_client_init(NULL, NULL);
|
|
#endif
|
|
|
|
/* if a certificate was specified, set it */
|
|
if (cert_auth_file) {
|
|
apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t *)apr_pcalloc(pool, sizeof(apr_ldap_opt_tls_cert_t));
|
|
cert->type = cert_file_type;
|
|
cert->path = cert_auth_file;
|
|
return apr_ldap_set_option(pool, NULL, APR_LDAP_OPT_TLS_CERT, (void *)cert, result_err);
|
|
}
|
|
|
|
#else /* not compiled with SSL Support */
|
|
if (cert_auth_file) {
|
|
result->reason = "LDAP: Attempt to set certificate store failed. "
|
|
"Not built with SSL support";
|
|
result->rc = -1;
|
|
}
|
|
#endif /* APR_HAS_LDAP_SSL */
|
|
|
|
if (result->rc != -1) {
|
|
result->msg = ldap_err2string(result->rc);
|
|
}
|
|
|
|
if (LDAP_SUCCESS != result->rc) {
|
|
return APR_EGENERAL;
|
|
}
|
|
|
|
return APR_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
/**
|
|
* APR LDAP SSL De-Initialise function
|
|
*
|
|
* This function tears down any SSL certificate setup previously
|
|
* set using apr_ldap_ssl_init(). It should be called to clean
|
|
* up if a graceful restart of a service is attempted.
|
|
*
|
|
* This function only does anything on Netware.
|
|
*
|
|
* @todo currently we do not check whether apr_ldap_ssl_init()
|
|
* has been called first - should we?
|
|
*/
|
|
APU_DECLARE_LDAP(int) apr_ldap_ssl_deinit(void)
|
|
{
|
|
|
|
#if APR_HAS_LDAP_SSL && APR_HAS_LDAPSSL_CLIENT_DEINIT
|
|
ldapssl_client_deinit();
|
|
#endif
|
|
return APR_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
/**
|
|
* APR LDAP initialise function
|
|
*
|
|
* This function is responsible for initialising an LDAP
|
|
* connection in a toolkit independant way. It does the
|
|
* job of ldap_init() from the C api.
|
|
*
|
|
* It handles both the SSL and non-SSL case, and attempts
|
|
* to hide the complexity setup from the user. This function
|
|
* assumes that any certificate setup necessary has already
|
|
* been done.
|
|
*
|
|
* If SSL or STARTTLS needs to be enabled, and the underlying
|
|
* toolkit supports it, the following values are accepted for
|
|
* secure:
|
|
*
|
|
* APR_LDAP_NONE: No encryption
|
|
* APR_LDAP_SSL: SSL encryption (ldaps://)
|
|
* APR_LDAP_STARTTLS: Force STARTTLS on ldap://
|
|
*/
|
|
APU_DECLARE_LDAP(int) apr_ldap_init(apr_pool_t *pool,
|
|
LDAP **ldap,
|
|
const char *hostname,
|
|
int portno,
|
|
int secure,
|
|
apr_ldap_err_t **result_err)
|
|
{
|
|
|
|
apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
|
|
*result_err = result;
|
|
|
|
#if APR_HAS_LDAPSSL_INIT
|
|
#if APR_HAS_SOLARIS_LDAPSDK
|
|
/*
|
|
* Using the secure argument should aways be possible. But as LDAP SDKs
|
|
* tend to have different quirks and bugs, this needs to be tested for
|
|
* for each of them, first. For Solaris LDAP it works, and the method
|
|
* with ldap_set_option doesn't.
|
|
*/
|
|
*ldap = ldapssl_init(hostname, portno, secure == APR_LDAP_SSL);
|
|
#else
|
|
*ldap = ldapssl_init(hostname, portno, 0);
|
|
#endif
|
|
#elif APR_HAS_LDAP_SSLINIT
|
|
*ldap = ldap_sslinit((char *)hostname, portno, 0);
|
|
#else
|
|
*ldap = ldap_init((char *)hostname, portno);
|
|
#endif
|
|
|
|
if (*ldap != NULL) {
|
|
#if APR_HAS_SOLARIS_LDAPSDK
|
|
if (secure == APR_LDAP_SSL)
|
|
return APR_SUCCESS;
|
|
else
|
|
#endif
|
|
return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err);
|
|
}
|
|
else {
|
|
/* handle the error case */
|
|
apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
|
|
*result_err = result;
|
|
|
|
result->reason = "APR LDAP: Unable to initialize the LDAP connection";
|
|
result->rc = -1;
|
|
return APR_EGENERAL;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
/**
|
|
* APR LDAP info function
|
|
*
|
|
* This function returns a string describing the LDAP toolkit
|
|
* currently in use. The string is placed inside result_err->reason.
|
|
*/
|
|
APU_DECLARE_LDAP(int) apr_ldap_info(apr_pool_t *pool,
|
|
apr_ldap_err_t **result_err)
|
|
{
|
|
apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
|
|
*result_err = result;
|
|
|
|
result->reason = "APR LDAP: Built with "
|
|
LDAP_VENDOR_NAME
|
|
" LDAP SDK";
|
|
return APR_SUCCESS;
|
|
|
|
}
|
|
|
|
#if APU_DSO_BUILD
|
|
|
|
/* For DSO builds, export the table of entry points into the apr_ldap DSO
|
|
* See include/private/apu_internal.h for the corresponding declarations
|
|
*/
|
|
APU_MODULE_DECLARE_DATA struct apr__ldap_dso_fntable apr__ldap_fns = {
|
|
apr_ldap_info,
|
|
apr_ldap_init,
|
|
apr_ldap_ssl_init,
|
|
apr_ldap_ssl_deinit,
|
|
apr_ldap_get_option,
|
|
apr_ldap_set_option,
|
|
apr_ldap_rebind_init,
|
|
apr_ldap_rebind_add,
|
|
apr_ldap_rebind_remove
|
|
};
|
|
|
|
#endif /* APU_DSO_BUILD */
|
|
|
|
#endif /* APR_HAS_LDAP */
|