View | Details | Raw Unified | Return to bug 26538
Collapse All | Expand All

(-)httpd-2.0.63-orig/apr-util/include/apr_ldap.h.in (-1 / +2 lines)
Lines 159-166 Link Here
159
 */
159
 */
160
#define const_cast(conststr) APR_LDAP_UNCONST(conststr)
160
#define const_cast(conststr) APR_LDAP_UNCONST(conststr)
161
#endif
161
#endif
162
   
162
163
#include "apr_ldap_url.h"
163
#include "apr_ldap_url.h"
164
#include "apr_ldap_rebind.h"
164
165
165
/* Define some errors that are mysteriously gone from OpenLDAP 2.x */
166
/* Define some errors that are mysteriously gone from OpenLDAP 2.x */
166
#ifndef LDAP_URL_ERR_NOTLDAP
167
#ifndef LDAP_URL_ERR_NOTLDAP
(-)httpd-2.0.63-orig/apr-util/include/apr_ldap_rebind.h (+89 lines)
Line 0 Link Here
1
/* Licensed to the Apache Software Foundation (ASF) under one or more
2
 * contributor license agreements.  See the NOTICE file distributed with
3
 * this work for additional information regarding copyright ownership.
4
 * The ASF licenses this file to You under the Apache License, Version 2.0
5
 * (the "License"); you may not use this file except in compliance with
6
 * the License.  You may obtain a copy of the License at
7
 *
8
 *     http://www.apache.org/licenses/LICENSE-2.0
9
 *
10
 * Unless required by applicable law or agreed to in writing, software
11
 * distributed under the License is distributed on an "AS IS" BASIS,
12
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
 * See the License for the specific language governing permissions and
14
 * limitations under the License.
15
 */
16
17
/**
18
 * The APR LDAP rebind functions provide an implementation of
19
 * a rebind procedure that can be used to allow clients to chase referrals,
20
 * using the same credentials used to log in originally.
21
 *
22
 * Use of this implementation is optional.
23
 *
24
 * @file apu_ldap_rebind.h
25
 * @brief Apache LDAP library
26
 */
27
28
#ifndef APU_LDAP_REBIND_H
29
#define APU_LDAP_REBIND_H
30
31
#include "apr_errno.h"  /* for apr_status_t */
32
#include "apr_pools.h"  /* for apr_pool_t   */
33
34
#include "apu.h"        /* for APU_DECLARE  */
35
36
#if APR_HAS_LDAP
37
38
/**
39
 * APR LDAP initialize rebind lock
40
 *
41
 * This function creates the lock for controlling access to the xref list..
42
 * @param pool Pool to use when creating the xref_lock.
43
 */
44
APU_DECLARE(apr_status_t) apr_ldap_rebind_init(apr_pool_t *pool);
45
46
47
/**
48
 * APR LDAP rebind_add function
49
 *
50
 * This function creates a cross reference entry for the specified ldap
51
 * connection. The rebind callback function will look up this ldap 
52
 * connection so it can retrieve the bindDN and bindPW for use in any 
53
 * binds while referrals are being chased.
54
 *
55
 * This function will add the callback to the LDAP handle passed in.
56
 *
57
 * A cleanup is registered within the pool provided to remove this
58
 * entry when the pool is removed. Alternatively apr_ldap_rebind_remove()
59
 * can be called to explicitly remove the entry at will.
60
 *
61
 * @param pool The pool to use
62
 * @param ld The LDAP connectionhandle
63
 * @param bindDN The bind DN to be used for any binds while chasing 
64
 *               referrals on this ldap connection.
65
 * @param bindPW The bind Password to be used for any binds while 
66
 *               chasing referrals on this ldap connection.
67
 */
68
APU_DECLARE(apr_status_t) apr_ldap_rebind_add(apr_pool_t *pool,
69
                                              LDAP *ld,
70
                                              const char *bindDN,
71
                                              const char *bindPW);
72
73
/**
74
 * APR LDAP rebind_remove function
75
 *
76
 * This function removes the rebind cross reference entry for the
77
 * specified ldap connection.
78
 *
79
 * If not explicitly removed, this function will be called automatically
80
 * when the pool is cleaned up.
81
 *
82
 * @param ld The LDAP connectionhandle
83
 */
84
APU_DECLARE(apr_status_t) apr_ldap_rebind_remove(LDAP *ld);
85
86
#endif /* APR_HAS_LDAP */
87
88
#endif /* APU_LDAP_REBIND_H */
89
(-)httpd-2.0.63-orig/apr-util/ldap/Makefile.in (-1 / +1 lines)
Lines 2-8 Link Here
2
2
3
INCLUDES = @APRUTIL_PRIV_INCLUDES@ @APR_INCLUDES@ @APRUTIL_INCLUDES@
3
INCLUDES = @APRUTIL_PRIV_INCLUDES@ @APR_INCLUDES@ @APRUTIL_INCLUDES@
4
4
5
TARGETS = apr_ldap_compat.lo apr_ldap_url.lo
5
TARGETS = apr_ldap_compat.lo apr_ldap_url.lo apr_ldap_rebind.lo
6
6
7
# bring in rules.mk for standard functionality
7
# bring in rules.mk for standard functionality
8
@INCLUDE_RULES@
8
@INCLUDE_RULES@
(-)httpd-2.0.63-orig/apr-util/ldap/apr_ldap_rebind.c (+254 lines)
Line 0 Link Here
1
/* Licensed to the Apache Software Foundation (ASF) under one or more
2
 * contributor license agreements.  See the NOTICE file distributed with
3
 * this work for additional information regarding copyright ownership.
4
 * The ASF licenses this file to You under the Apache License, Version 2.0
5
 * (the "License"); you may not use this file except in compliance with
6
 * the License.  You may obtain a copy of the License at
7
 *
8
 *     http://www.apache.org/licenses/LICENSE-2.0
9
 *
10
 * Unless required by applicable law or agreed to in writing, software
11
 * distributed under the License is distributed on an "AS IS" BASIS,
12
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
 * See the License for the specific language governing permissions and
14
 * limitations under the License.
15
 */
16
17
/*  apr_ldap_rebind.c -- LDAP rebind callbacks for referrals
18
 *
19
 *  The LDAP SDK allows a callback to be set to enable rebinding
20
 *  for referral processing.
21
 *
22
 */
23
24
#include "apr.h"
25
#include "apu.h"
26
#include "apr_ldap.h"
27
#include "apr_errno.h"
28
#include "apr_strings.h"
29
#include "apr_ldap_rebind.h"
30
31
#include "stdio.h"
32
33
#if APR_HAS_LDAP
34
35
#if APR_HAS_THREADS
36
static apr_thread_mutex_t *apr_ldap_xref_lock = NULL;
37
#endif
38
39
/* Used to store information about connections for use in the referral rebind callback. */
40
struct apr_ldap_rebind_entry {
41
    LDAP *index;
42
    const char *bindDN;
43
    const char *bindPW;
44
    struct apr_ldap_rebind_entry *next;
45
};
46
typedef struct apr_ldap_rebind_entry apr_ldap_rebind_entry_t;
47
48
static apr_ldap_rebind_entry_t *xref_head = NULL;
49
50
static int apr_ldap_rebind_set_callback(LDAP *ld);
51
static apr_status_t apr_ldap_rebind_remove_helper(void *data);
52
53
/* APR utility routine used to create the xref_lock. */
54
APU_DECLARE(apr_status_t) apr_ldap_rebind_init(apr_pool_t *pool)
55
{
56
    apr_status_t retcode = APR_SUCCESS;
57
58
#if APR_HAS_THREADS
59
    if (apr_ldap_xref_lock == NULL) {
60
        retcode = apr_thread_mutex_create(&apr_ldap_xref_lock, APR_THREAD_MUTEX_DEFAULT, pool);
61
    }
62
#endif
63
64
    return(retcode);
65
}
66
67
68
/*************************************************************************************/
69
APU_DECLARE(apr_status_t) apr_ldap_rebind_add(apr_pool_t *pool, LDAP *ld, const char *bindDN, const char *bindPW)
70
{
71
    apr_status_t retcode = APR_SUCCESS;
72
    apr_ldap_rebind_entry_t *new_xref;
73
74
    new_xref = (apr_ldap_rebind_entry_t *)apr_pcalloc(pool, sizeof(apr_ldap_rebind_entry_t));
75
    if (new_xref) {
76
        new_xref->index = ld;
77
        if (bindDN) {
78
            new_xref->bindDN = apr_pstrdup(pool, bindDN);
79
        }
80
        if (bindPW) {
81
            new_xref->bindPW = apr_pstrdup(pool, bindPW);
82
        }
83
    
84
#if APR_HAS_THREADS
85
       apr_thread_mutex_lock(apr_ldap_xref_lock);
86
#endif
87
    
88
        new_xref->next = xref_head;
89
        xref_head = new_xref;
90
    
91
#if APR_HAS_THREADS
92
        apr_thread_mutex_unlock(apr_ldap_xref_lock);
93
#endif
94
    }
95
    else {
96
        return(APR_ENOMEM);
97
    }
98
99
    retcode = apr_ldap_rebind_set_callback(ld);
100
    if (APR_SUCCESS != retcode) {
101
        apr_ldap_rebind_remove(ld);
102
        return retcode;
103
    }
104
105
    apr_pool_cleanup_register(pool, ld,
106
                              apr_ldap_rebind_remove_helper,
107
                              apr_pool_cleanup_null);
108
109
    return(APR_SUCCESS);
110
}
111
112
/*************************************************************************************/
113
APU_DECLARE(apr_status_t) apr_ldap_rebind_remove(LDAP *ld)
114
{
115
    apr_ldap_rebind_entry_t *tmp_xref, *prev = NULL;
116
117
#if APR_HAS_THREADS
118
    apr_thread_mutex_lock(apr_ldap_xref_lock);
119
#endif
120
    tmp_xref = xref_head;
121
122
    while ((tmp_xref) && (tmp_xref->index != ld)) {
123
        prev = tmp_xref;
124
        tmp_xref = tmp_xref->next;
125
    }
126
127
    if (tmp_xref) {
128
        if (tmp_xref == xref_head) {
129
            xref_head = xref_head->next;
130
        }
131
        else {
132
            prev->next = tmp_xref->next;
133
        }
134
        /* tmp_xref and its contents were pool allocated so they don't need to be freed here. */
135
    }
136
137
#if APR_HAS_THREADS
138
    apr_thread_mutex_unlock(apr_ldap_xref_lock);
139
#endif
140
    return APR_SUCCESS;
141
}
142
143
static apr_status_t apr_ldap_rebind_remove_helper(void *data)
144
{
145
    LDAP *ld = (LDAP *)data;
146
    apr_ldap_rebind_remove(ld);
147
    return APR_SUCCESS;
148
}
149
150
/*************************************************************************************/
151
static apr_ldap_rebind_entry_t *apr_ldap_rebind_lookup(LDAP *ld)
152
{
153
    apr_ldap_rebind_entry_t *tmp_xref, *match = NULL;
154
155
#if APR_HAS_THREADS
156
    apr_thread_mutex_lock(apr_ldap_xref_lock);
157
#endif
158
    tmp_xref = xref_head;
159
160
    while (tmp_xref) {
161
        if (tmp_xref->index == ld) {
162
            match = tmp_xref;
163
            tmp_xref = NULL;
164
        }
165
        else {
166
            tmp_xref = tmp_xref->next;
167
        }
168
    }
169
170
#if APR_HAS_THREADS
171
    apr_thread_mutex_unlock(apr_ldap_xref_lock);
172
#endif
173
174
    return (match);
175
}
176
177
/* LDAP_rebindproc() ITDS style
178
 *     Rebind callback function. Called when chasing referrals. See API docs.
179
 * ON ENTRY:
180
 *     ld       Pointer to an LDAP control structure. (input only)
181
 *     binddnp  Pointer to an Application DName used for binding (in *or* out)
182
 *     passwdp  Pointer to the password associated with the DName (in *or* out)
183
 *     methodp  Pointer to the Auth method (output only)
184
 *     freeit   Flag to indicate if this is a lookup or a free request (input only)
185
 */
186
#if APR_HAS_TIVOLI_LDAPSDK
187
static int LDAP_rebindproc(LDAP *ld, char **binddnp, char **passwdp, int *methodp, int freeit)
188
{
189
    if (!freeit) {
190
        apr_ldap_rebind_entry_t *my_conn;
191
192
        *methodp = LDAP_AUTH_SIMPLE;
193
        my_conn = apr_ldap_xref_lookup(ld);
194
195
        if ((my_conn) && (my_conn->bindDN != NULL)) {
196
            *binddnp = strdup(my_conn->bindDN);
197
            *passwdp = strdup(my_conn->bindPW);
198
        } else {
199
            *binddnp = NULL;
200
            *passwdp = NULL;
201
        }
202
    } else {
203
        if (*binddnp) {
204
            free(*binddnp);
205
        }
206
        if (*passwdp) {
207
            free(*passwdp);
208
        }
209
    }
210
211
    return LDAP_SUCCESS;
212
}
213
214
static int apr_ldap_rebind_set_callback(LDAP *ld)
215
{
216
    ldap_set_rebind_proc(ld, (LDAPRebindProc)LDAP_rebindproc);
217
    return APR_SUCCESS;
218
}
219
220
#elif APR_HAS_OPENLDAP_LDAPSDK
221
222
/* LDAP_rebindproc() openLDAP V3 style */
223
static int LDAP_rebindproc(LDAP *ld, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params)
224
{
225
    apr_ldap_rebind_entry_t *my_conn;
226
    const char *bindDN = NULL;
227
    const char *bindPW = NULL;
228
229
    my_conn = apr_ldap_rebind_lookup(ld);
230
231
    if ((my_conn) && (my_conn->bindDN != NULL)) {
232
        bindDN = my_conn->bindDN;
233
        bindPW = my_conn->bindPW;
234
    }
235
236
    return (ldap_bind_s(ld, bindDN, bindPW, LDAP_AUTH_SIMPLE));
237
}
238
239
static int apr_ldap_rebind_set_callback(LDAP *ld)
240
{
241
    ldap_set_rebind_proc(ld, LDAP_rebindproc, NULL);
242
    return APR_SUCCESS;
243
}
244
245
#else         /* Implementation not recognised */
246
247
static int apr_ldap_rebind_set_callback(LDAP *ld)
248
{
249
    return APR_ENOTIMPL;
250
}
251
252
#endif
253
254
#endif /* APR_HAS_LDAP */

Return to bug 26538