Lines 211-241
Link Here
|
211 |
{ |
211 |
{ |
212 |
int rc = 0, ldap_option = 0; |
212 |
int rc = 0, ldap_option = 0; |
213 |
int version = LDAP_VERSION3; |
213 |
int version = LDAP_VERSION3; |
214 |
apr_ldap_err_t *result = NULL; |
214 |
apr_ldap_err_t *result = NULL; |
215 |
#ifdef LDAP_OPT_NETWORK_TIMEOUT |
215 |
#ifdef LDAP_OPT_NETWORK_TIMEOUT |
216 |
struct timeval timeOut = {10,0}; /* 10 second connection timeout */ |
216 |
struct timeval timeOut = {10,0}; /* 10 second connection timeout */ |
217 |
#endif |
217 |
#endif |
218 |
util_ldap_state_t *st = |
218 |
util_ldap_state_t *st = |
219 |
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, |
219 |
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, |
220 |
&ldap_module); |
220 |
&ldap_module); |
|
|
221 |
int have_client_certs = !apr_is_empty_array(ldc->client_certs); |
221 |
|
222 |
|
222 |
/* Since the host will include a port if the default port is not used, |
223 |
/* Since the host will include a port if the default port is not used, |
223 |
* always specify the default ports for the port parameter. This will |
224 |
* always specify the default ports for the port parameter. This will |
224 |
* allow a host string that contains multiple hosts the ability to mix |
225 |
* allow a host string that contains multiple hosts the ability to mix |
225 |
* some hosts with ports and some without. All hosts which do not |
226 |
* some hosts with ports and some without. All hosts which do not |
226 |
* specify a port will use the default port. |
227 |
* specify a port will use the default port. |
227 |
*/ |
228 |
*/ |
228 |
apr_ldap_init(r->pool, &(ldc->ldap), |
229 |
apr_ldap_init(r->pool, &(ldc->ldap), |
229 |
ldc->host, |
230 |
ldc->host, |
230 |
APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT, |
231 |
APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT, |
231 |
APR_LDAP_NONE, |
232 |
have_client_certs ? APR_LDAP_NONE : ldc->secure, |
232 |
&(result)); |
233 |
&(result)); |
233 |
|
234 |
|
234 |
|
235 |
|
235 |
if (NULL == result) { |
236 |
if (NULL == result) { |
236 |
/* something really bad happened */ |
237 |
/* something really bad happened */ |
237 |
ldc->bound = 0; |
238 |
ldc->bound = 0; |
238 |
if (NULL == ldc->reason) { |
239 |
if (NULL == ldc->reason) { |
239 |
ldc->reason = "LDAP: ldap initialization failed"; |
240 |
ldc->reason = "LDAP: ldap initialization failed"; |
240 |
} |
241 |
} |
241 |
return(APR_EGENERAL); |
242 |
return(APR_EGENERAL); |
Lines 254-285
Link Here
|
254 |
else { |
255 |
else { |
255 |
ldc->reason = result->reason; |
256 |
ldc->reason = result->reason; |
256 |
} |
257 |
} |
257 |
return(result->rc); |
258 |
return(result->rc); |
258 |
} |
259 |
} |
259 |
|
260 |
|
260 |
/* always default to LDAP V3 */ |
261 |
/* always default to LDAP V3 */ |
261 |
ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); |
262 |
ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); |
262 |
|
263 |
|
263 |
/* set client certificates */ |
264 |
/* set client certificates */ |
264 |
if (!apr_is_empty_array(ldc->client_certs)) { |
265 |
if (!have_client_certs) { |
265 |
apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT, |
266 |
apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT, |
266 |
ldc->client_certs, &(result)); |
267 |
ldc->client_certs, &(result)); |
267 |
if (LDAP_SUCCESS != result->rc) { |
268 |
if (LDAP_SUCCESS != result->rc) { |
268 |
uldap_connection_unbind( ldc ); |
269 |
uldap_connection_unbind( ldc ); |
269 |
ldc->reason = result->reason; |
270 |
ldc->reason = result->reason; |
270 |
return(result->rc); |
271 |
return(result->rc); |
271 |
} |
272 |
} |
272 |
} |
273 |
} |
273 |
|
274 |
|
274 |
/* switch on SSL/TLS */ |
275 |
/* switch on SSL/TLS */ |
275 |
if (APR_LDAP_NONE != ldc->secure) { |
276 |
if (have_client_certs && APR_LDAP_NONE != ldc->secure) { |
276 |
apr_ldap_set_option(r->pool, ldc->ldap, |
277 |
apr_ldap_set_option(r->pool, ldc->ldap, |
277 |
APR_LDAP_OPT_TLS, &ldc->secure, &(result)); |
278 |
APR_LDAP_OPT_TLS, &ldc->secure, &(result)); |
278 |
if (LDAP_SUCCESS != result->rc) { |
279 |
if (LDAP_SUCCESS != result->rc) { |
279 |
uldap_connection_unbind( ldc ); |
280 |
uldap_connection_unbind( ldc ); |
280 |
ldc->reason = result->reason; |
281 |
ldc->reason = result->reason; |
281 |
return(result->rc); |
282 |
return(result->rc); |
282 |
} |
283 |
} |
283 |
} |
284 |
} |
284 |
|
285 |
|
285 |
/* Set the alias dereferencing option */ |
286 |
/* Set the alias dereferencing option */ |