Attachment 73491 Details for Bug 113464 – apache2.patch-2.0.55.diff

[patch] apache2.patch-2.0.55.diff

apache2.patch.new (text/plain), 6.87 KB, created by Benjamin Smee (strerror) (RETIRED) on 2005-11-24 06:06:44 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Benjamin Smee (strerror) (RETIRED)

Created: 2005-11-24 06:06:44 UTC

Size: 6.87 KB

patch

obsolete

>--- modules/experimental/util_ldap.c.orig	2005-09-23 09:20:22.000000000 -0500
>+++ modules/experimental/util_ldap.c	2005-11-21 12:11:33.000000000 -0600
>@@ -247,6 +247,7 @@
>     int failures = 0;
>     int version  = LDAP_VERSION3;
>     int rc = LDAP_SUCCESS;
>+    int tls_rc;
>     struct timeval timeOut = {10,0};    /* 10 second connection timeout */
> 
>     util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(
>@@ -310,6 +311,23 @@
>                 ldc->reason = "LDAP: ssl connections not supported";
>         }
> 
>+
>+        /* Set the alias dereferencing option */
>+        ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
>+
>+        /* always default to LDAP V3 */
>+        ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
>+
>+        #if APR_HAS_OPENLDAP_LDAPSDK & APR_HAS_LDAP_SSL
>+        if (st->ssl_support && st->start_tls) {
>+            tls_rc = ldap_start_tls_s(ldc->ldap, NULL, NULL);
>+            if (tls_rc) {
>+               ldc->reason = sprintf("LDAP: tls failure: %s", ldap_err2string(tls_rc));
>+               ldc->ldap = NULL;
>+            }
>+        }
>+        #endif /* APR_HAS_OPENLDAP_LDAPSDK & APR_HAS_LDAP_SSL */
>+
>         if (NULL == ldc->ldap)
>         {
>             ldc->bound = 0;
>@@ -318,12 +336,6 @@
>             return(-1);
>         }
> 
>-        /* Set the alias dereferencing option */
>-        ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
>-
>-        /* always default to LDAP V3 */
>-        ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
>-
> #ifdef LDAP_OPT_NETWORK_TIMEOUT
>         if (st->connectionTimeout > 0) {
>             timeOut.tv_sec = st->connectionTimeout;
>@@ -1327,6 +1339,84 @@
>     return(NULL);
> }
> 
>+static const char *util_ldap_set_cert_key(cmd_parms *cmd, void *dummy, const char *file)
>+{
>+    util_ldap_state_t *st = 
>+        (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, 
>+						  &ldap_module);
>+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
>+    apr_finfo_t finfo;
>+    apr_status_t rv;
>+
>+    if (err != NULL) {
>+        return err;
>+    }
>+
>+    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, 
>+                      "LDAP: SSL certificate key file - %s", 
>+                       file);
>+
>+    st->cert_key_file = ap_server_root_relative(cmd->pool, file);
>+
>+    if (st->cert_key_file && 
>+        ((rv = apr_stat (&finfo, st->cert_key_file, APR_FINFO_MIN, cmd->pool)) != APR_SUCCESS))
>+    {
>+        ap_log_error(APLOG_MARK, APLOG_ERR, rv, cmd->server, 
>+                     "LDAP: Could not open SSL trusted certificate authority file - %s", 
>+                     st->cert_key_file == NULL ? file : st->cert_key_file);
>+        return "Invalid file path";
>+    }
>+
>+    return(NULL);
>+}
>+
>+static const char *util_ldap_set_cert(cmd_parms *cmd, void *dummy, const char *file)
>+{
>+    util_ldap_state_t *st = 
>+        (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, 
>+						  &ldap_module);
>+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
>+    apr_finfo_t finfo;
>+    apr_status_t rv;
>+
>+    if (err != NULL) {
>+        return err;
>+    }
>+
>+    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, 
>+                      "LDAP: SSL certificate file - %s", file);
>+
>+    st->cert_file = ap_server_root_relative(cmd->pool, file);
>+
>+    if (st->cert_file && 
>+        ((rv = apr_stat (&finfo, st->cert_file, APR_FINFO_MIN, cmd->pool)) != APR_SUCCESS))
>+    {
>+        ap_log_error(APLOG_MARK, APLOG_ERR, rv, cmd->server, 
>+                     "LDAP: Could not open SSL trusted certificate authority file - %s", 
>+                     st->cert_file == NULL ? file : st->cert_file);
>+        return "Invalid file path";
>+    }
>+
>+    return(NULL);
>+}
>+
>+static const char *util_ldap_set_start_tls(cmd_parms *cmd, void *dummy, int flag)
>+{
>+    util_ldap_state_t *st = 
>+        (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, 
>+						  &ldap_module);
>+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
>+
>+    if (err != NULL) {
>+        return err;
>+    }
>+
>+    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, 
>+                      "LDAP: Start TLS is: %s", (flag)?"on":"off");
>+
>+    st->start_tls = flag;
>+    return(NULL);
>+}
> 
> static const char *util_ldap_set_cert_type(cmd_parms *cmd, void *dummy, const char *Type)
> {
>@@ -1395,6 +1485,9 @@
>     st->compare_cache_ttl = 600000000;
>     st->compare_cache_size = 1024;
>     st->connections = NULL;
>+    st->start_tls = 0;
>+    st->cert_key_file = NULL;
>+    st->cert_file = NULL;
>     st->cert_auth_file = NULL;
>     st->cert_file_type = LDAP_CA_TYPE_UNKNOWN;
>     st->ssl_support = 0;
>@@ -1600,6 +1693,20 @@
>             if (st->cert_file_type == LDAP_CA_TYPE_BASE64)
>             {
>                 rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, st->cert_auth_file);
>+                ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, 
>+                             "CACERTFILE: %s", st->cert_auth_file);
>+
>+                if (LDAP_SUCCESS == rc && st->cert_file != NULL) {
>+                  rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, st->cert_file);
>+                  ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, 
>+                               "CERTFILE: %s", st->cert_file);
>+                }
>+
>+                if (LDAP_SUCCESS == rc && st->cert_key_file != NULL) {
>+                  rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, st->cert_key_file);
>+                  ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, 
>+                               "CERTKEYFILE: %s", st->cert_key_file);
>+                }
>             }
>             else
>             {
>@@ -1734,6 +1841,17 @@
>                   "Specifies the LDAP socket connection timeout in seconds. "
>                   "Default is 10 seconds. "),
> 
>+    AP_INIT_TAKE1("LDAPCertificateKey", util_ldap_set_cert_key, NULL, RSRC_CONF,
>+                  "Sets the file containing the trusted key certificate. "
>+                  "Used to validate the LDAP server certificate for SSL connections."),
>+ 
>+    AP_INIT_TAKE1("LDAPCertificate", util_ldap_set_cert, NULL, RSRC_CONF,
>+                  "Sets the file containing the trusted certificate. "
>+                  "Used to validate the LDAP server certificate for SSL connections."),
>+
>+    AP_INIT_FLAG("LDAPStartTLS", util_ldap_set_start_tls, NULL, RSRC_CONF,
>+                 "Set to 'on' if you want to use Start TLS to connect to your LDAP server."),
>+
>     {NULL}
> };
> 
>--- include/util_ldap.h.orig	2005-04-09 14:00:18.000000000 -0500
>+++ include/util_ldap.h	2005-11-21 11:56:01.000000000 -0600
>@@ -114,6 +114,9 @@
>     long compare_cache_size;    /* Size (in entries) of compare cache */
> 
>     struct util_ldap_connection_t *connections;
>+    int   start_tls;
>+    char *cert_key_file; 
>+    char *cert_file; 
>     char *cert_auth_file; 
>     int   cert_file_type;
>     int   ssl_support;

Actions: View | Diff

Attachments on bug 113464: 73491