Attachment #21197 for bug #41352

View | Details | Raw Unified | Return to bug 41352
Collapse All | Expand All

Lines 110-115 Link Here

(-)ldap/apr_ldap_init.c (+13 lines)
110	#if APR_HAS_LDAP_SSL && APR_HAS_LDAPSSL_CLIENT_DEINIT	110	#if APR_HAS_LDAP_SSL && APR_HAS_LDAPSSL_CLIENT_DEINIT
111	ldapssl_client_deinit();	111	ldapssl_client_deinit();
112	#endif	112	#endif
		113	#if APR_HAS_LDAP_SSL && APR_HAS_LDAP_SSL_CLIENT_DEINIT
		114	ldap_ssl_client_deinit();
		115	#endif
113	return APR_SUCCESS;	116	return APR_SUCCESS;
114		117
115	}	118	}
Lines 149-154 Link Here
149	*ldap = ldapssl_init(hostname, portno, 0);	152	*ldap = ldapssl_init(hostname, portno, 0);
150	#elif APR_HAS_LDAP_SSLINIT	153	#elif APR_HAS_LDAP_SSLINIT
151	ldap = ldap_sslinit((char )hostname, portno, 0);	154	ldap = ldap_sslinit((char )hostname, portno, 0);
		155	#elif APR_HAS_LDAP_SSL_INIT
		156	/* Tivoli: Third parameter is null, default CA list provided
		157	* with SDK is used.
		158	*/
		159	if (secure == APR_LDAP_SSL) {
		160	ldap = ldap_ssl_init((char )hostname, portno, NULL);
		161	}
		162	else {
		163	ldap = ldap_init((char )hostname, portno);
		164	}
152	#else	165	#else
153	ldap = ldap_init((char )hostname, portno);	166	ldap = ldap_init((char )hostname, portno);
154	#endif	167	#endif




#endif
#endif

    /* Tivoli SDK */
#if APR_HAS_TIVOLI_LDAPSDK
    if (tls == APR_LDAP_SSL) {
        result->reason = "LDAP: SSL can only be set at connection "
                         "initialisation by APR on this version of "
                         "the Tivoli toolkit";
        result->rc = -1;
    }
#if APR_HAS_LDAP_START_TLS_S_NP
    else if (tls == APR_LDAP_STARTTLS) {
        result->rc = ldap_start_tls_s_np(ldap, NULL);
        if (result->rc != LDAP_SUCCESS) {
            result->reason = "LDAP: ldap_start_tls_s_np() failed";
            result->msg = ldap_err2string(result->rc);
        }
    }
    else if (tls == APR_LDAP_STOPTLS) {
        result->rc = ldap_stop_tls_s_np(ldap);
        if (result->rc != LDAP_SUCCESS) {
            result->reason = "LDAP: ldap_stop_tls_s_np() failed";
            result->msg = ldap_err2string(result->rc);
        }
    }
#else   
    else if (tls != APR_LDAP_NONE) {
        result->reason = "LDAP: TLS not yet supported by APR on this "
                         "version of the Tivoli toolkit";
        result->rc = -1;
    }
#endif
#endif

#if APR_HAS_OTHER_LDAPSDK
    if (tls != APR_LDAP_NONE) {
        result->reason = "LDAP: SSL/TLS is currently not supported by "

}

/**
 * Handle APR_LDAP_OPT_TLS_CERT
 *
 * This function sets the CA certificate for further SSL/TLS connections.
 *

 * OpenLDAP: PEM (others supported?)
 * Microsoft: unknown
 * Solaris: unknown
 * Tivoli: CMS database file
 */
static void option_set_cert(apr_pool_t *pool, LDAP *ldap,
                           const void *invalue, apr_ldap_err_t *result)

    result->rc = -1;
#endif

    /* Tivoli SDK */
#if APR_HAS_TIVOLI_LDAPSDK
    /* Tivoli accepts a KDB file with both CAs and private keys
     * during one-time initialization and takes a certificate label
     * during ldap_ssl_init.
     */
    if (ldap) {
        result->rc = -1;
        result->reason = "LDAP: The Tivoli LDAP SDK cannot support the setting "
                         "of certificates or keys on a per connection basis.";
    }
    /* Tivoli's library needs to be initialised first */
    else {
        for (i = 0; i < certs->nelts; i++) {
            /* Tivoli SDK supports CMS files. */
            switch (ents[i].type) {
            case APR_LDAP_CA_TYPE_CMS:
                ldap_ssl_client_init((const char *)ents[i].path,
                                     (const char *)ents[i].password,
                                     0, &result->rc);
                result->msg = ldap_err2string(result->rc);
                break;
            default:
                result->rc = -1;
                result->reason = "LDAP: The Tivoli SDK only understands the "
                                 "CMS database file type.";
                break;
            }
            if (result->rc != LDAP_SUCCESS) {
                break;
            }
        }
    }
#endif

    /* SDK not recognised */
#if APR_HAS_OTHER_LDAPSDK
    result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not "




 * Detected standard functions
 */
#define APR_HAS_LDAPSSL_CLIENT_INIT @apu_has_ldapssl_client_init@
#define APR_HAS_LDAP_SSL_CLIENT_INIT @apu_has_ldap_ssl_client_init@
#define APR_HAS_LDAPSSL_CLIENT_DEINIT @apu_has_ldapssl_client_deinit@
#define APR_HAS_LDAP_SSL_CLIENT_DEINIT @apu_has_ldap_ssl_client_deinit@
#define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT @apu_has_ldapssl_add_trusted_cert@
#define APR_HAS_LDAP_START_TLS_S @apu_has_ldap_start_tls_s@
#define APR_HAS_LDAP_SSLINIT @apu_has_ldap_sslinit@
#define APR_HAS_LDAPSSL_INIT @apu_has_ldapssl_init@
#define APR_HAS_LDAP_SSL_INIT @apu_has_ldap_ssl_init@
#define APR_HAS_LDAPSSL_INSTALL_ROUTINES @apu_has_ldapssl_install_routines@
#define APR_HAS_LDAP_START_TLS_S_NP @apu_has_ldap_start_tls_s_np@

/*
 * Make sure the secure LDAP port is defined

Lines 137-142 Link Here

(-)include/apr_ldap_option.h (+2 lines)
137	#define APR_LDAP_CERT_TYPE_PFX 13	137	#define APR_LDAP_CERT_TYPE_PFX 13
138	/** PKCS#12 encoded private key */	138	/** PKCS#12 encoded private key */
139	#define APR_LDAP_KEY_TYPE_PFX 14	139	#define APR_LDAP_KEY_TYPE_PFX 14
		140	/** CMS Key Database with private key and cert chain */
		141	#define APR_LDAP_CA_TYPE_CMS 15
140		142
141	/**	143	/**
142	* Certificate structure.	144	* Certificate structure.




        APR_ADDTO(APRUTIL_EXPORT_LIBS,[-l${ldaplib} ${extralib}])
        APR_ADDTO(APRUTIL_LIBS,[-l${ldaplib} ${extralib}])
        AC_CHECK_LIB(${ldaplib}, ldapssl_client_init, apu_has_ldapssl_client_init="1", , ${extralib})
        AC_CHECK_LIB(${ldaplib}, ldap_ssl_client_init, apu_has_ldap_ssl_client_init="1", , ${extralib})
        AC_CHECK_LIB(${ldaplib}, ldapssl_client_deinit, apu_has_ldapssl_client_deinit="1", , ${extralib})
        AC_CHECK_LIB(${ldaplib}, ldap_ssl_client_deinit, apu_has_ldap_ssl_client_deinit="1", , ${extralib})
        AC_CHECK_LIB(${ldaplib}, ldapssl_add_trusted_cert, apu_has_ldapssl_add_trusted_cert="1", , ${extralib})
        AC_CHECK_LIB(${ldaplib}, ldap_start_tls_s, apu_has_ldap_start_tls_s="1", , ${extralib})
        AC_CHECK_LIB(${ldaplib}, ldap_sslinit, apu_has_ldap_sslinit="1", , ${extralib})
        AC_CHECK_LIB(${ldaplib}, ldapssl_init, apu_has_ldapssl_init="1", , ${extralib})
        AC_CHECK_LIB(${ldaplib}, ldap_ssl_init, apu_has_ldap_ssl_init="1", , ${extralib})
        AC_CHECK_LIB(${ldaplib}, ldapssl_install_routines, apu_has_ldapssl_install_routines="1", , ${extralib})
        AC_CHECK_LIB(${ldaplib}, ldap_start_tls_s_np, apu_has_ldap_start_tls_s_np="1", , ${extralib})
        apu_has_ldap="1";
      ], , ${extralib})
  fi


apu_has_ldap="0";
apu_has_ldapssl_client_init="0"
apu_has_ldap_ssl_client_init="0"
apu_has_ldapssl_client_deinit="0"
apu_has_ldap_ssl_client_deinit="0"
apu_has_ldapssl_add_trusted_cert="0"
apu_has_ldap_start_tls_s="0"
apu_has_ldapssl_init="0"
apu_has_ldap_ssl_init="0"
apu_has_ldap_sslinit="0"
apu_has_ldapssl_install_routines="0"
apu_has_ldap_start_tls_s_np="0"
apu_has_ldap_openldap="0"
apu_has_ldap_solaris="0"
apu_has_ldap_novell="0"

          esac
        fi
        if test "x$apr_cv_ldap_toolkit" = "x"; then
          AC_EGREP_CPP([International Business Machines], [$lber_h
                       $ldap_h
                       LDAP_VENDOR_NAME], [apu_has_ldap_tivoli="1"
                                           apr_cv_ldap_toolkit="Tivoli"])
        fi

        if test "x$apr_cv_ldap_toolkit" = "x"; then
          apu_has_ldap_other="1"
          apr_cv_ldap_toolkit="unknown"
        fi

AC_SUBST(lber_h)
AC_SUBST(ldap_ssl_h)
AC_SUBST(apu_has_ldapssl_client_init)
AC_SUBST(apu_has_ldap_ssl_client_init)
AC_SUBST(apu_has_ldapssl_client_deinit)
AC_SUBST(apu_has_ldap_ssl_client_deinit)
AC_SUBST(apu_has_ldapssl_add_trusted_cert)
AC_SUBST(apu_has_ldap_start_tls_s)
AC_SUBST(apu_has_ldapssl_init)
AC_SUBST(apu_has_ldap_ssl_init)
AC_SUBST(apu_has_ldap_sslinit)
AC_SUBST(apu_has_ldapssl_install_routines)
AC_SUBST(apu_has_ldap_start_tls_s_np)
AC_SUBST(apu_has_ldap)
AC_SUBST(apu_has_ldap_openldap)
AC_SUBST(apu_has_ldap_solaris)

Return to bug 41352

Lines 322-327 Link Here

(-)ldap/apr_ldap_option.c (-1 / +69 lines)
322	#endif	322	#endif
323	#endif	323	#endif
324		324
		325	/* Tivoli SDK */
		326	#if APR_HAS_TIVOLI_LDAPSDK
		327	if (tls == APR_LDAP_SSL) {
		328	result->reason = "LDAP: SSL can only be set at connection "
		329	"initialisation by APR on this version of "
		330	"the Tivoli toolkit";
		331	result->rc = -1;
		332	}
		333	#if APR_HAS_LDAP_START_TLS_S_NP
		334	else if (tls == APR_LDAP_STARTTLS) {
		335	result->rc = ldap_start_tls_s_np(ldap, NULL);
		336	if (result->rc != LDAP_SUCCESS) {
		337	result->reason = "LDAP: ldap_start_tls_s_np() failed";
		338	result->msg = ldap_err2string(result->rc);
		339	}
		340	}
		341	else if (tls == APR_LDAP_STOPTLS) {
		342	result->rc = ldap_stop_tls_s_np(ldap);
		343	if (result->rc != LDAP_SUCCESS) {
		344	result->reason = "LDAP: ldap_stop_tls_s_np() failed";
		345	result->msg = ldap_err2string(result->rc);
		346	}
		347	}
		348	#else
		349	else if (tls != APR_LDAP_NONE) {
		350	result->reason = "LDAP: TLS not yet supported by APR on this "
		351	"version of the Tivoli toolkit";
		352	result->rc = -1;
		353	}
		354	#endif
		355	#endif
		356
325	#if APR_HAS_OTHER_LDAPSDK	357	#if APR_HAS_OTHER_LDAPSDK
326	if (tls != APR_LDAP_NONE) {	358	if (tls != APR_LDAP_NONE) {
327	result->reason = "LDAP: SSL/TLS is currently not supported by "	359	result->reason = "LDAP: SSL/TLS is currently not supported by "
Lines 335-341 Link Here
335	}	367	}
336		368
337	/**	369	/**
338	* Handle APR_LDAP_OPT_TLS_CACERTFILE	370	* Handle APR_LDAP_OPT_TLS_CERT
339	*	371	*
340	* This function sets the CA certificate for further SSL/TLS connections.	372	* This function sets the CA certificate for further SSL/TLS connections.
341	*	373	*
Lines 346-351 Link Here
346	* OpenLDAP: PEM (others supported?)	378	* OpenLDAP: PEM (others supported?)
347	* Microsoft: unknown	379	* Microsoft: unknown
348	* Solaris: unknown	380	* Solaris: unknown
		381	* Tivoli: CMS database file
349	*/	382	*/
350	static void option_set_cert(apr_pool_t pool, LDAP ldap,	383	static void option_set_cert(apr_pool_t pool, LDAP ldap,
351	const void invalue, apr_ldap_err_t result)	384	const void invalue, apr_ldap_err_t result)
Lines 577-582 Link Here
577	result->rc = -1;	610	result->rc = -1;
578	#endif	611	#endif
579		612
		613	/* Tivoli SDK */
		614	#if APR_HAS_TIVOLI_LDAPSDK
		615	/* Tivoli accepts a KDB file with both CAs and private keys
		616	* during one-time initialization and takes a certificate label
		617	* during ldap_ssl_init.
		618	*/
		619	if (ldap) {
		620	result->rc = -1;
		621	result->reason = "LDAP: The Tivoli LDAP SDK cannot support the setting "
		622	"of certificates or keys on a per connection basis.";
		623	}
		624	/* Tivoli's library needs to be initialised first */
		625	else {
		626	for (i = 0; i < certs->nelts; i++) {
		627	/* Tivoli SDK supports CMS files. */
		628	switch (ents[i].type) {
		629	case APR_LDAP_CA_TYPE_CMS:
		630	ldap_ssl_client_init((const char *)ents[i].path,
		631	(const char *)ents[i].password,
		632	0, &result->rc);
		633	result->msg = ldap_err2string(result->rc);
		634	break;
		635	default:
		636	result->rc = -1;
		637	result->reason = "LDAP: The Tivoli SDK only understands the "
		638	"CMS database file type.";
		639	break;
		640	}
		641	if (result->rc != LDAP_SUCCESS) {
		642	break;
		643	}
		644	}
		645	}
		646	#endif
		647
580	/* SDK not recognised */	648	/* SDK not recognised */
581	#if APR_HAS_OTHER_LDAPSDK	649	#if APR_HAS_OTHER_LDAPSDK
582	result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not "	650	result->reason = "LDAP: LDAP_OPT_X_TLS_CACERTFILE not "

Lines 85-96 Link Here

(-)include/apr_ldap.h.in (+4 lines)
85	* Detected standard functions	85	* Detected standard functions
86	*/	86	*/
87	#define APR_HAS_LDAPSSL_CLIENT_INIT @apu_has_ldapssl_client_init@	87	#define APR_HAS_LDAPSSL_CLIENT_INIT @apu_has_ldapssl_client_init@
		88	#define APR_HAS_LDAP_SSL_CLIENT_INIT @apu_has_ldap_ssl_client_init@
88	#define APR_HAS_LDAPSSL_CLIENT_DEINIT @apu_has_ldapssl_client_deinit@	89	#define APR_HAS_LDAPSSL_CLIENT_DEINIT @apu_has_ldapssl_client_deinit@
		90	#define APR_HAS_LDAP_SSL_CLIENT_DEINIT @apu_has_ldap_ssl_client_deinit@
89	#define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT @apu_has_ldapssl_add_trusted_cert@	91	#define APR_HAS_LDAPSSL_ADD_TRUSTED_CERT @apu_has_ldapssl_add_trusted_cert@
90	#define APR_HAS_LDAP_START_TLS_S @apu_has_ldap_start_tls_s@	92	#define APR_HAS_LDAP_START_TLS_S @apu_has_ldap_start_tls_s@
91	#define APR_HAS_LDAP_SSLINIT @apu_has_ldap_sslinit@	93	#define APR_HAS_LDAP_SSLINIT @apu_has_ldap_sslinit@
92	#define APR_HAS_LDAPSSL_INIT @apu_has_ldapssl_init@	94	#define APR_HAS_LDAPSSL_INIT @apu_has_ldapssl_init@
		95	#define APR_HAS_LDAP_SSL_INIT @apu_has_ldap_ssl_init@
93	#define APR_HAS_LDAPSSL_INSTALL_ROUTINES @apu_has_ldapssl_install_routines@	96	#define APR_HAS_LDAPSSL_INSTALL_ROUTINES @apu_has_ldapssl_install_routines@
		97	#define APR_HAS_LDAP_START_TLS_S_NP @apu_has_ldap_start_tls_s_np@
94		98
95	/*	99	/*
96	* Make sure the secure LDAP port is defined	100	* Make sure the secure LDAP port is defined

Lines 194-205 Link Here

(-)build/apu-conf.m4 (+19 lines)
194	APR_ADDTO(APRUTIL_EXPORT_LIBS,[-l${ldaplib} ${extralib}])	194	APR_ADDTO(APRUTIL_EXPORT_LIBS,[-l${ldaplib} ${extralib}])
195	APR_ADDTO(APRUTIL_LIBS,[-l${ldaplib} ${extralib}])	195	APR_ADDTO(APRUTIL_LIBS,[-l${ldaplib} ${extralib}])
196	AC_CHECK_LIB(${ldaplib}, ldapssl_client_init, apu_has_ldapssl_client_init="1", , ${extralib})	196	AC_CHECK_LIB(${ldaplib}, ldapssl_client_init, apu_has_ldapssl_client_init="1", , ${extralib})
		197	AC_CHECK_LIB(${ldaplib}, ldap_ssl_client_init, apu_has_ldap_ssl_client_init="1", , ${extralib})
197	AC_CHECK_LIB(${ldaplib}, ldapssl_client_deinit, apu_has_ldapssl_client_deinit="1", , ${extralib})	198	AC_CHECK_LIB(${ldaplib}, ldapssl_client_deinit, apu_has_ldapssl_client_deinit="1", , ${extralib})
		199	AC_CHECK_LIB(${ldaplib}, ldap_ssl_client_deinit, apu_has_ldap_ssl_client_deinit="1", , ${extralib})
198	AC_CHECK_LIB(${ldaplib}, ldapssl_add_trusted_cert, apu_has_ldapssl_add_trusted_cert="1", , ${extralib})	200	AC_CHECK_LIB(${ldaplib}, ldapssl_add_trusted_cert, apu_has_ldapssl_add_trusted_cert="1", , ${extralib})
199	AC_CHECK_LIB(${ldaplib}, ldap_start_tls_s, apu_has_ldap_start_tls_s="1", , ${extralib})	201	AC_CHECK_LIB(${ldaplib}, ldap_start_tls_s, apu_has_ldap_start_tls_s="1", , ${extralib})
200	AC_CHECK_LIB(${ldaplib}, ldap_sslinit, apu_has_ldap_sslinit="1", , ${extralib})	202	AC_CHECK_LIB(${ldaplib}, ldap_sslinit, apu_has_ldap_sslinit="1", , ${extralib})
201	AC_CHECK_LIB(${ldaplib}, ldapssl_init, apu_has_ldapssl_init="1", , ${extralib})	203	AC_CHECK_LIB(${ldaplib}, ldapssl_init, apu_has_ldapssl_init="1", , ${extralib})
		204	AC_CHECK_LIB(${ldaplib}, ldap_ssl_init, apu_has_ldap_ssl_init="1", , ${extralib})
202	AC_CHECK_LIB(${ldaplib}, ldapssl_install_routines, apu_has_ldapssl_install_routines="1", , ${extralib})	205	AC_CHECK_LIB(${ldaplib}, ldapssl_install_routines, apu_has_ldapssl_install_routines="1", , ${extralib})
		206	AC_CHECK_LIB(${ldaplib}, ldap_start_tls_s_np, apu_has_ldap_start_tls_s_np="1", , ${extralib})
203	apu_has_ldap="1";	207	apu_has_ldap="1";
204	], , ${extralib})	208	], , ${extralib})
205	fi	209	fi
Lines 215-226 Link Here
215		219
216	apu_has_ldap="0";	220	apu_has_ldap="0";
217	apu_has_ldapssl_client_init="0"	221	apu_has_ldapssl_client_init="0"
		222	apu_has_ldap_ssl_client_init="0"
218	apu_has_ldapssl_client_deinit="0"	223	apu_has_ldapssl_client_deinit="0"
		224	apu_has_ldap_ssl_client_deinit="0"
219	apu_has_ldapssl_add_trusted_cert="0"	225	apu_has_ldapssl_add_trusted_cert="0"
220	apu_has_ldap_start_tls_s="0"	226	apu_has_ldap_start_tls_s="0"
221	apu_has_ldapssl_init="0"	227	apu_has_ldapssl_init="0"
		228	apu_has_ldap_ssl_init="0"
222	apu_has_ldap_sslinit="0"	229	apu_has_ldap_sslinit="0"
223	apu_has_ldapssl_install_routines="0"	230	apu_has_ldapssl_install_routines="0"
		231	apu_has_ldap_start_tls_s_np="0"
224	apu_has_ldap_openldap="0"	232	apu_has_ldap_openldap="0"
225	apu_has_ldap_solaris="0"	233	apu_has_ldap_solaris="0"
226	apu_has_ldap_novell="0"	234	apu_has_ldap_novell="0"
Lines 345-350 Link Here
345	esac	353	esac
346	fi	354	fi
347	if test "x$apr_cv_ldap_toolkit" = "x"; then	355	if test "x$apr_cv_ldap_toolkit" = "x"; then
		356	AC_EGREP_CPP([International Business Machines], [$lber_h
		357	$ldap_h
		358	LDAP_VENDOR_NAME], [apu_has_ldap_tivoli="1"
		359	apr_cv_ldap_toolkit="Tivoli"])
		360	fi
		361
		362	if test "x$apr_cv_ldap_toolkit" = "x"; then
348	apu_has_ldap_other="1"	363	apu_has_ldap_other="1"
349	apr_cv_ldap_toolkit="unknown"	364	apr_cv_ldap_toolkit="unknown"
350	fi	365	fi
Lines 360-371 Link Here
360	AC_SUBST(lber_h)	375	AC_SUBST(lber_h)
361	AC_SUBST(ldap_ssl_h)	376	AC_SUBST(ldap_ssl_h)
362	AC_SUBST(apu_has_ldapssl_client_init)	377	AC_SUBST(apu_has_ldapssl_client_init)
		378	AC_SUBST(apu_has_ldap_ssl_client_init)
363	AC_SUBST(apu_has_ldapssl_client_deinit)	379	AC_SUBST(apu_has_ldapssl_client_deinit)
		380	AC_SUBST(apu_has_ldap_ssl_client_deinit)
364	AC_SUBST(apu_has_ldapssl_add_trusted_cert)	381	AC_SUBST(apu_has_ldapssl_add_trusted_cert)
365	AC_SUBST(apu_has_ldap_start_tls_s)	382	AC_SUBST(apu_has_ldap_start_tls_s)
366	AC_SUBST(apu_has_ldapssl_init)	383	AC_SUBST(apu_has_ldapssl_init)
		384	AC_SUBST(apu_has_ldap_ssl_init)
367	AC_SUBST(apu_has_ldap_sslinit)	385	AC_SUBST(apu_has_ldap_sslinit)
368	AC_SUBST(apu_has_ldapssl_install_routines)	386	AC_SUBST(apu_has_ldapssl_install_routines)
		387	AC_SUBST(apu_has_ldap_start_tls_s_np)
369	AC_SUBST(apu_has_ldap)	388	AC_SUBST(apu_has_ldap)
370	AC_SUBST(apu_has_ldap_openldap)	389	AC_SUBST(apu_has_ldap_openldap)
371	AC_SUBST(apu_has_ldap_solaris)	390	AC_SUBST(apu_has_ldap_solaris)