1 files changed, 235 insertions, 0 deletions
diff --git a/ldap/apr_ldap_init.c b/ldap/apr_ldap_init.c
new file mode 100644
index 0000000..8aacb2a
--- /dev/null
+++ b/ldap/apr_ldap_init.c
@@ -0,0 +1,235 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * apr_ldap_init.c: LDAP v2/v3 common initialise
+ * 
+ * Original code from auth_ldap module for Apache v1.3:
+ * Copyright 1998, 1999 Enbridge Pipelines Inc. 
+ * Copyright 1999-2001 Dave Carrigan
+ */
+
+#include "apr.h"
+#include "apu.h"
+#include "apu_config.h"
+
+#if APU_DSO_BUILD
+#define APU_DSO_LDAP_BUILD
+#endif
+
+#include "apr_ldap.h"
+#include "apu_internal.h"
+#include "apr_errno.h"
+#include "apr_pools.h"
+#include "apr_strings.h"
+
+#if APR_HAS_LDAP
+
+/**
+ * APR LDAP SSL Initialise function
+ *
+ * This function initialises SSL on the underlying LDAP toolkit
+ * if this is necessary.
+ *
+ * If a CA certificate is provided, this is set, however the setting
+ * of certificates via this method has been deprecated and will be removed in
+ * APR v2.0.
+ *
+ * The apr_ldap_set_option() function with the APR_LDAP_OPT_TLS_CERT option
+ * should be used instead to set certificates.
+ *
+ * If SSL support is not available on this platform, or a problem
+ * was encountered while trying to set the certificate, the function
+ * will return APR_EGENERAL. Further LDAP specific error information
+ * can be found in result_err.
+ */
+APU_DECLARE_LDAP(int) apr_ldap_ssl_init(apr_pool_t *pool,
+                                        const char *cert_auth_file,
+                                        int cert_file_type,
+                                        apr_ldap_err_t **result_err)
+{
+
+    apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
+    *result_err = result;
+
+#if APR_HAS_LDAP_SSL /* compiled with ssl support */
+
+    /* Novell */
+#if APR_HAS_NOVELL_LDAPSDK
+    ldapssl_client_init(NULL, NULL);
+#endif
+
+    /* if a certificate was specified, set it */
+    if (cert_auth_file) {
+        apr_ldap_opt_tls_cert_t *cert = (apr_ldap_opt_tls_cert_t *)apr_pcalloc(pool, sizeof(apr_ldap_opt_tls_cert_t));
+        cert->type = cert_file_type;
+        cert->path = cert_auth_file;
+        return apr_ldap_set_option(pool, NULL, APR_LDAP_OPT_TLS_CERT, (void *)cert, result_err);
+    }
+
+#else  /* not compiled with SSL Support */
+    if (cert_auth_file) {
+        result->reason = "LDAP: Attempt to set certificate store failed. "
+                         "Not built with SSL support";
+        result->rc = -1;
+    }
+#endif /* APR_HAS_LDAP_SSL */
+
+    if (result->rc != -1) {
+        result->msg = ldap_err2string(result->rc);
+    }
+
+    if (LDAP_SUCCESS != result->rc) {
+        return APR_EGENERAL;
+    }
+
+    return APR_SUCCESS;
+
+} 
+
+
+/**
+ * APR LDAP SSL De-Initialise function
+ *
+ * This function tears down any SSL certificate setup previously
+ * set using apr_ldap_ssl_init(). It should be called to clean
+ * up if a graceful restart of a service is attempted.
+ *
+ * This function only does anything on Netware.
+ *
+ * @todo currently we do not check whether apr_ldap_ssl_init()
+ * has been called first - should we?
+ */
+APU_DECLARE_LDAP(int) apr_ldap_ssl_deinit(void)
+{
+
+#if APR_HAS_LDAP_SSL && APR_HAS_LDAPSSL_CLIENT_DEINIT
+    ldapssl_client_deinit();
+#endif
+    return APR_SUCCESS;
+
+}
+
+
+/**
+ * APR LDAP initialise function
+ *
+ * This function is responsible for initialising an LDAP
+ * connection in a toolkit independant way. It does the
+ * job of ldap_init() from the C api.
+ *
+ * It handles both the SSL and non-SSL case, and attempts
+ * to hide the complexity setup from the user. This function
+ * assumes that any certificate setup necessary has already
+ * been done.
+ *
+ * If SSL or STARTTLS needs to be enabled, and the underlying
+ * toolkit supports it, the following values are accepted for
+ * secure:
+ *
+ * APR_LDAP_NONE: No encryption
+ * APR_LDAP_SSL: SSL encryption (ldaps://)
+ * APR_LDAP_STARTTLS: Force STARTTLS on ldap://
+ */
+APU_DECLARE_LDAP(int) apr_ldap_init(apr_pool_t *pool,
+                                    LDAP **ldap,
+                                    const char *hostname,
+                                    int portno,
+                                    int secure,
+                                    apr_ldap_err_t **result_err)
+{
+
+    apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
+    *result_err = result;
+
+#if APR_HAS_LDAPSSL_INIT
+#if APR_HAS_SOLARIS_LDAPSDK
+    /*
+     * Using the secure argument should aways be possible.  But as LDAP SDKs
+     * tend to have different quirks and bugs, this needs to be tested for
+     * for each of them, first. For Solaris LDAP it works, and the method
+     * with ldap_set_option doesn't.
+     */
+    *ldap = ldapssl_init(hostname, portno, secure == APR_LDAP_SSL);
+#else
+    *ldap = ldapssl_init(hostname, portno, 0);
+#endif
+#elif APR_HAS_LDAP_SSLINIT
+    *ldap = ldap_sslinit((char *)hostname, portno, 0);
+#else
+    *ldap = ldap_init((char *)hostname, portno);
+#endif
+
+    if (*ldap != NULL) {
+#if APR_HAS_SOLARIS_LDAPSDK
+        if (secure == APR_LDAP_SSL)
+            return APR_SUCCESS;
+        else
+#endif
+        return apr_ldap_set_option(pool, *ldap, APR_LDAP_OPT_TLS, &secure, result_err);
+    }
+    else {
+        /* handle the error case */
+        apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
+        *result_err = result;
+
+        result->reason = "APR LDAP: Unable to initialize the LDAP connection";
+        result->rc = -1;
+        return APR_EGENERAL;
+    }
+
+}
+
+
+/**
+ * APR LDAP info function
+ *
+ * This function returns a string describing the LDAP toolkit
+ * currently in use. The string is placed inside result_err->reason.
+ */
+APU_DECLARE_LDAP(int) apr_ldap_info(apr_pool_t *pool,
+                                    apr_ldap_err_t **result_err)
+{
+    apr_ldap_err_t *result = (apr_ldap_err_t *)apr_pcalloc(pool, sizeof(apr_ldap_err_t));
+    *result_err = result;
+
+    result->reason = "APR LDAP: Built with "
+                     LDAP_VENDOR_NAME
+                     " LDAP SDK";
+    return APR_SUCCESS;
+    
+}
+
+#if APU_DSO_BUILD
+
+/* For DSO builds, export the table of entry points into the apr_ldap DSO
+ * See include/private/apu_internal.h for the corresponding declarations
+ */
+APU_MODULE_DECLARE_DATA struct apr__ldap_dso_fntable apr__ldap_fns = {
+    apr_ldap_info,
+    apr_ldap_init,
+    apr_ldap_ssl_init,
+    apr_ldap_ssl_deinit,
+    apr_ldap_get_option,
+    apr_ldap_set_option,
+    apr_ldap_rebind_init,
+    apr_ldap_rebind_add,
+    apr_ldap_rebind_remove
+};
+
+#endif /* APU_DSO_BUILD */
+
+#endif /* APR_HAS_LDAP */