Attachment #25969 for bug #42682

View | Details | Raw Unified | Return to bug 42682
Collapse All | Expand All




                                    const char *hostname,
                                    int portno,
                                    int secure,
                                    apr_ldap_err_t **result_err)
{

    apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
    *result_err = result;

#if APR_HAS_LDAPSSL_INIT
    *ldap = ldapssl_init(hostname, portno, secure == APR_LDAP_SSL);
#elif APR_HAS_LDAP_SSLINIT
    *ldap = ldap_sslinit((char *)hostname, portno, secure == APR_LDAP_SSL);
#else
    *ldap = ldap_init((char *)hostname, portno);
#endif
    if (*ldap != NULL) {
        if (secure != APR_LDAP_SSL)
            return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err);
        else
            return APR_SUCCESS;
    }
    else {
        /* handle the error case */
        apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
        *result_err = result;

        result->reason = "APR LDAP: Unable to initialize the LDAP connection";
        result->rc = -1;
        return APR_EGENERAL;
    }




{
    int rc = 0, ldap_option = 0;
    int version  = LDAP_VERSION3;
    apr_ldap_err_t *result = NULL;
#ifdef LDAP_OPT_NETWORK_TIMEOUT
    struct timeval timeOut = {10,0};    /* 10 second connection timeout */
#endif
    util_ldap_state_t *st =
        (util_ldap_state_t *)ap_get_module_config(r->server->module_config,
        &ldap_module);
    int have_client_certs = !apr_is_empty_array(ldc->client_certs);

    /* Since the host will include a port if the default port is not used,
     * always specify the default ports for the port parameter.  This will
     * allow a host string that contains multiple hosts the ability to mix
     * some hosts with ports and some without. All hosts which do not
     * specify a port will use the default port.
     */
    apr_ldap_init(r->pool, &(ldc->ldap),
                  ldc->host,
                  APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT,
                  have_client_certs ? APR_LDAP_NONE : ldc->secure,
                  &(result));


    if (NULL == result) {
        /* something really bad happened */
        ldc->bound = 0;
        if (NULL == ldc->reason) {
            ldc->reason = "LDAP: ldap initialization failed";
        }
        return(APR_EGENERAL);

        else {
            ldc->reason = result->reason;
        }
        return(result->rc);
    }

    /* always default to LDAP V3 */
    ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);

    /* set client certificates */
    if (!have_client_certs) {
        apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
                            ldc->client_certs, &(result));
        if (LDAP_SUCCESS != result->rc) {
            uldap_connection_unbind( ldc );
            ldc->reason = result->reason;
            return(result->rc);
        }
    }

    /* switch on SSL/TLS */
    if (have_client_certs && APR_LDAP_NONE != ldc->secure) {
        apr_ldap_set_option(r->pool, ldc->ldap,
                            APR_LDAP_OPT_TLS, &ldc->secure, &(result));
        if (LDAP_SUCCESS != result->rc) {
            uldap_connection_unbind( ldc );
            ldc->reason = result->reason;
            return(result->rc);
        }
    }

    /* Set the alias dereferencing option */

Return to bug 42682

Lines 149-176 Link Here

(-)apr-util-1.3.9/ldap/apr_ldap_init.c.dist (-3 / +6 lines)
149	const char *hostname,	149	const char *hostname,
150	int portno,	150	int portno,
151	int secure,	151	int secure,
152	apr_ldap_err_t **result_err)	152	apr_ldap_err_t **result_err)
153	{	153	{
154		154
155	apr_ldap_err_t result = (apr_ldap_err_t )apr_pcalloc(pool, sizeof(apr_ldap_err_t));	155	apr_ldap_err_t result = (apr_ldap_err_t )apr_pcalloc(pool, sizeof(apr_ldap_err_t));
156	*result_err = result;	156	*result_err = result;
157		157
158	#if APR_HAS_LDAPSSL_INIT	158	#if APR_HAS_LDAPSSL_INIT
159	*ldap = ldapssl_init(hostname, portno, 0);	159	*ldap = ldapssl_init(hostname, portno, secure == APR_LDAP_SSL);
160	#elif APR_HAS_LDAP_SSLINIT	160	#elif APR_HAS_LDAP_SSLINIT
161	ldap = ldap_sslinit((char )hostname, portno, 0);	161	ldap = ldap_sslinit((char )hostname, portno, secure == APR_LDAP_SSL);
162	#else	162	#else
163	ldap = ldap_init((char )hostname, portno);	163	ldap = ldap_init((char )hostname, portno);
164	#endif	164	#endif
165	if (*ldap != NULL) {	165	if (*ldap != NULL) {
166	return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err);	166	if (secure != APR_LDAP_SSL)
		167	return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err);
		168	else
		169	return APR_SUCCESS;
167	}	170	}
168	else {	171	else {
169	/* handle the error case */	172	/* handle the error case */
170	apr_ldap_err_t result = (apr_ldap_err_t )apr_pcalloc(pool, sizeof(apr_ldap_err_t));	173	apr_ldap_err_t result = (apr_ldap_err_t )apr_pcalloc(pool, sizeof(apr_ldap_err_t));
171	*result_err = result;	174	*result_err = result;
172		175
173	result->reason = "APR LDAP: Unable to initialize the LDAP connection";	176	result->reason = "APR LDAP: Unable to initialize the LDAP connection";
174	result->rc = -1;	177	result->rc = -1;
175	return APR_EGENERAL;	178	return APR_EGENERAL;
176	}	179	}

Lines 211-241 Link Here

(-)httpd-2.2.14/modules/ldap/util_ldap.c.dist (-3 / +4 lines)
211	{	211	{
212	int rc = 0, ldap_option = 0;	212	int rc = 0, ldap_option = 0;
213	int version = LDAP_VERSION3;	213	int version = LDAP_VERSION3;
214	apr_ldap_err_t *result = NULL;	214	apr_ldap_err_t *result = NULL;
215	#ifdef LDAP_OPT_NETWORK_TIMEOUT	215	#ifdef LDAP_OPT_NETWORK_TIMEOUT
216	struct timeval timeOut = {10,0}; /* 10 second connection timeout */	216	struct timeval timeOut = {10,0}; /* 10 second connection timeout */
217	#endif	217	#endif
218	util_ldap_state_t *st =	218	util_ldap_state_t *st =
219	(util_ldap_state_t *)ap_get_module_config(r->server->module_config,	219	(util_ldap_state_t *)ap_get_module_config(r->server->module_config,
220	&ldap_module);	220	&ldap_module);
		221	int have_client_certs = !apr_is_empty_array(ldc->client_certs);
221		222
222	/* Since the host will include a port if the default port is not used,	223	/* Since the host will include a port if the default port is not used,
223	* always specify the default ports for the port parameter. This will	224	* always specify the default ports for the port parameter. This will
224	* allow a host string that contains multiple hosts the ability to mix	225	* allow a host string that contains multiple hosts the ability to mix
225	* some hosts with ports and some without. All hosts which do not	226	* some hosts with ports and some without. All hosts which do not
226	* specify a port will use the default port.	227	* specify a port will use the default port.
227	*/	228	*/
228	apr_ldap_init(r->pool, &(ldc->ldap),	229	apr_ldap_init(r->pool, &(ldc->ldap),
229	ldc->host,	230	ldc->host,
230	APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT,	231	APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT,
231	APR_LDAP_NONE,	232	have_client_certs ? APR_LDAP_NONE : ldc->secure,
232	&(result));	233	&(result));
233		234
234		235
235	if (NULL == result) {	236	if (NULL == result) {
236	/* something really bad happened */	237	/* something really bad happened */
237	ldc->bound = 0;	238	ldc->bound = 0;
238	if (NULL == ldc->reason) {	239	if (NULL == ldc->reason) {
239	ldc->reason = "LDAP: ldap initialization failed";	240	ldc->reason = "LDAP: ldap initialization failed";
240	}	241	}
241	return(APR_EGENERAL);	242	return(APR_EGENERAL);
Lines 254-285 Link Here
254	else {	255	else {
255	ldc->reason = result->reason;	256	ldc->reason = result->reason;
256	}	257	}
257	return(result->rc);	258	return(result->rc);
258	}	259	}
259		260
260	/* always default to LDAP V3 */	261	/* always default to LDAP V3 */
261	ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);	262	ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
262		263
263	/* set client certificates */	264	/* set client certificates */
264	if (!apr_is_empty_array(ldc->client_certs)) {	265	if (!have_client_certs) {
265	apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,	266	apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
266	ldc->client_certs, &(result));	267	ldc->client_certs, &(result));
267	if (LDAP_SUCCESS != result->rc) {	268	if (LDAP_SUCCESS != result->rc) {
268	uldap_connection_unbind( ldc );	269	uldap_connection_unbind( ldc );
269	ldc->reason = result->reason;	270	ldc->reason = result->reason;
270	return(result->rc);	271	return(result->rc);
271	}	272	}
272	}	273	}
273		274
274	/* switch on SSL/TLS */	275	/* switch on SSL/TLS */
275	if (APR_LDAP_NONE != ldc->secure) {	276	if (have_client_certs && APR_LDAP_NONE != ldc->secure) {
276	apr_ldap_set_option(r->pool, ldc->ldap,	277	apr_ldap_set_option(r->pool, ldc->ldap,
277	APR_LDAP_OPT_TLS, &ldc->secure, &(result));	278	APR_LDAP_OPT_TLS, &ldc->secure, &(result));
278	if (LDAP_SUCCESS != result->rc) {	279	if (LDAP_SUCCESS != result->rc) {
279	uldap_connection_unbind( ldc );	280	uldap_connection_unbind( ldc );
280	ldc->reason = result->reason;	281	ldc->reason = result->reason;
281	return(result->rc);	282	return(result->rc);
282	}	283	}
283	}	284	}
284		285
285	/* Set the alias dereferencing option */	286	/* Set the alias dereferencing option */