Implement the exported function from mod_ldap(util_ldap) as optional functions...

#include "http_log.h"

#include "http_protocol.h"

#include "http_request.h"

#include "apr_optional.h"

/* Create a set of LDAP_DECLARE macros with appropriate export 

 * and import tags for the platform

 * @deffunc int util_ldap_connection_open(request_rec *r,

 *                                        util_ldap_connection_t *ldc)

 */

LDAP_DECLARE(int) util_ldap_connection_open(request_rec *r, 

                                            util_ldap_connection_t *ldc);

APR_DECLARE_OPTIONAL_FN(int,uldap_connection_open,(request_rec *r, 

                                            util_ldap_connection_t *ldc));

/**

 * Close a connection to an LDAP server

 *      structure, using apr_ldap_open_connection().

 * @deffunc util_ldap_close_connection(util_ldap_connection_t *ldc)

 */

LDAP_DECLARE(void) util_ldap_connection_close(util_ldap_connection_t *ldc);

APR_DECLARE_OPTIONAL_FN(void,uldap_connection_close,(util_ldap_connection_t *ldc));

/**

 * Unbind a connection to an LDAP server

 *      connection back to a known state.

 * @deffunc apr_status_t util_ldap_connection_unbind(util_ldap_connection_t *ldc)

 */

LDAP_DECLARE_NONSTD(apr_status_t) util_ldap_connection_unbind(void *param);

APR_DECLARE_OPTIONAL_FN(apr_status_t,uldap_connection_unbind,(void *param));

/**

 * Cleanup a connection to an LDAP server

 *      LDAP connections when the server is finished with them.

 * @deffunc apr_status_t util_ldap_connection_cleanup(util_ldap_connection_t *ldc)

 */

LDAP_DECLARE_NONSTD(apr_status_t) util_ldap_connection_cleanup(void *param);

APR_DECLARE_OPTIONAL_FN(apr_status_t,uldap_connection_cleanup,(void *param));

/**

 * Find a connection in a list of connections

 *                                                           const char *binddn, const char *bindpw, deref_options deref,

 *                                                           int netscapessl, int starttls)

 */

LDAP_DECLARE(util_ldap_connection_t *) util_ldap_connection_find(request_rec *r, const char *host, int port,

APR_DECLARE_OPTIONAL_FN(util_ldap_connection_t *,uldap_connection_find,(request_rec *r, const char *host, int port,

                                                  const char *binddn, const char *bindpw, deref_options deref,

                                                  int secure);

                                                  int secure));

/**

 * Compare two DNs for sameness

 *                                        const char *url, const char *dn, const char *reqdn,

 *                                        int compare_dn_on_server)

 */

LDAP_DECLARE(int) util_ldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc, 

APR_DECLARE_OPTIONAL_FN(int,uldap_cache_comparedn,(request_rec *r, util_ldap_connection_t *ldc, 

                              const char *url, const char *dn, const char *reqdn, 

                              int compare_dn_on_server);

                              int compare_dn_on_server));

/**

 * A generic LDAP compare function

 * @deffunc int util_ldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,

 *                                      const char *url, const char *dn, const char *attrib, const char *value)

 */

LDAP_DECLARE(int) util_ldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,

                            const char *url, const char *dn, const char *attrib, const char *value);

APR_DECLARE_OPTIONAL_FN(int,uldap_cache_compare,(request_rec *r, util_ldap_connection_t *ldc,

                            const char *url, const char *dn, const char *attrib, const char *value));

/**

 * Checks a username/password combination by binding to the LDAP server

 *                                          char *url, const char *basedn, int scope, char **attrs,

 *                                          char *filter, char *bindpw, char **binddn, char ***retvals)

 */

LDAP_DECLARE(int) util_ldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,

APR_DECLARE_OPTIONAL_FN(int,uldap_cache_checkuserid,(request_rec *r, util_ldap_connection_t *ldc,

                              const char *url, const char *basedn, int scope, char **attrs,

                              const char *filter, const char *bindpw, const char **binddn, const char ***retvals);

                              const char *filter, const char *bindpw, const char **binddn, const char ***retvals));

/**

 * Searches for a specified user object in an LDAP directory

 *                                          char *url, const char *basedn, int scope, char **attrs,

 *                                          char *filter, char **binddn, char ***retvals)

 */

LDAP_DECLARE(int) util_ldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc,

APR_DECLARE_OPTIONAL_FN(int,uldap_cache_getuserdn,(request_rec *r, util_ldap_connection_t *ldc,

                              const char *url, const char *basedn, int scope, char **attrs,

                              const char *filter, const char **binddn, const char ***retvals);

                              const char *filter, const char **binddn, const char ***retvals));

/**

 * Checks if SSL support is available in mod_ldap

 * @deffunc int util_ldap_ssl_supported(request_rec *r)

 */

LDAP_DECLARE(int) util_ldap_ssl_supported(request_rec *r);

APR_DECLARE_OPTIONAL_FN(int,uldap_ssl_supported,(request_rec *r));

/* from apr_ldap_cache.c */

module AP_MODULE_DECLARE_DATA authnz_ldap_module;

static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close;

static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find;

static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn;

static APR_OPTIONAL_FN_TYPE(uldap_cache_compare) *util_ldap_cache_compare;

static APR_OPTIONAL_FN_TYPE(uldap_cache_checkuserid) *util_ldap_cache_checkuserid;

static APR_OPTIONAL_FN_TYPE(uldap_cache_getuserdn) *util_ldap_cache_getuserdn;

static APR_OPTIONAL_FN_TYPE(uldap_ssl_supported) *util_ldap_ssl_supported;

static apr_hash_t *charset_conversions = NULL;

static char *to_charset = NULL;           /* UTF-8 identifier derived from the charset.conv file */

    &authn_ldap_check_password,

};

static void ImportULDAPOptFn(void)

{

    util_ldap_connection_close  = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_close);

    util_ldap_connection_find   = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_find);

    util_ldap_cache_comparedn   = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_comparedn);

    util_ldap_cache_compare     = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_compare);

    util_ldap_cache_checkuserid = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_checkuserid);

    util_ldap_cache_getuserdn   = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_getuserdn);

    util_ldap_ssl_supported     = APR_RETRIEVE_OPTIONAL_FN(uldap_ssl_supported);

}

static void register_hooks(apr_pool_t *p)

{

    static const char * const aszPost[]={ "mod_authz_user.c", NULL };

    ap_hook_post_config(authnz_ldap_post_config,NULL,NULL,APR_HOOK_MIDDLE);

    ap_hook_auth_checker(authz_ldap_check_user_access, NULL, aszPost, APR_HOOK_MIDDLE);

    ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);

}

module AP_MODULE_DECLARE_DATA authnz_ldap_module =

#

FILES_nlm_exports = \

	ldap_module \

	util_ldap_connection_find \

	util_ldap_connection_close \

	util_ldap_connection_unbind \

	util_ldap_connection_cleanup \

	util_ldap_cache_checkuserid \

	util_ldap_cache_getuserdn \

	util_ldap_cache_compare \

	util_ldap_cache_comparedn \

	util_ldap_ssl_supported \

	uldap_connection_open \

	uldap_connection_find \

	uldap_connection_close \

	uldap_connection_unbind \

	uldap_connection_cleanup \

	uldap_cache_checkuserid \

	uldap_cache_getuserdn \

	uldap_cache_compare \

	uldap_cache_comparedn \

	uldap_ssl_supported \

	$(EOLIST)

#   

/*

 * Closes an LDAP connection by unlocking it. The next time

 * util_ldap_connection_find() is called this connection will be

 * uldap_connection_find() is called this connection will be

 * available for reuse.

 */

LDAP_DECLARE(void) util_ldap_connection_close(util_ldap_connection_t *ldc)

LDAP_DECLARE(void) uldap_connection_close(util_ldap_connection_t *ldc)

{

    /*

 * the LDAP server. It is used to bring the connection back to a known

 * state after an error, and during pool cleanup.

 */

LDAP_DECLARE_NONSTD(apr_status_t) util_ldap_connection_unbind(void *param)

LDAP_DECLARE_NONSTD(apr_status_t) uldap_connection_unbind(void *param)

{

    util_ldap_connection_t *ldc = param;

 * This function is registered with the pool cleanup function - causing

 * the LDAP connections to be shut down cleanly on graceful restart.

 */

LDAP_DECLARE_NONSTD(apr_status_t) util_ldap_connection_cleanup(void *param)

LDAP_DECLARE_NONSTD(apr_status_t) uldap_connection_cleanup(void *param)

{

    util_ldap_connection_t *ldc = param;

    if (ldc) {

        /* unbind and disconnect from the LDAP server */

        util_ldap_connection_unbind(ldc);

        uldap_connection_unbind(ldc);

        /* free the username and password */

        if (ldc->bindpw) {

        }

        /* unlock this entry */

        util_ldap_connection_close(ldc);

        uldap_connection_close(ldc);

    }

 *

 * Returns LDAP_SUCCESS on success; and an error code on failure

 */

LDAP_DECLARE(int) util_ldap_connection_open(request_rec *r, 

LDAP_DECLARE(int) uldap_connection_open(request_rec *r, 

                                            util_ldap_connection_t *ldc)

{

    int rc = 0;

 * ldc structure will be returned.

 */

LDAP_DECLARE(util_ldap_connection_t *)

             util_ldap_connection_find(request_rec *r,

             uldap_connection_find(request_rec *r,

                                       const char *host, int port,

                                       const char *binddn, const char *bindpw,

                                       deref_options deref, int secure) {

        /* add the cleanup to the pool */

        apr_pool_cleanup_register(l->pool, l,

                                  util_ldap_connection_cleanup,

                                  uldap_connection_cleanup,

                                  apr_pool_cleanup_null);

        if (p) {

 *

 * The lock for the ldap cache should already be acquired.

 */

LDAP_DECLARE(int) util_ldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc, 

LDAP_DECLARE(int) uldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc, 

                            const char *url, const char *dn, const char *reqdn, 

                            int compare_dn_on_server)

{

    }

    /* make a server connection */

    if (LDAP_SUCCESS != (result = util_ldap_connection_open(r, ldc))) {

    if (LDAP_SUCCESS != (result = uldap_connection_open(r, ldc))) {

	/* connect to server failed */

        return result;

    }

				    "(objectclass=*)", NULL, 1, 

				    NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {

        ldc->reason = "DN Comparison ldap_search_ext_s() failed with server down";

        util_ldap_connection_unbind(ldc);

        uldap_connection_unbind(ldc);

        goto start_over;

    }

    if (result != LDAP_SUCCESS) {

 * require user cache is owned by the 

 *

 */

LDAP_DECLARE(int) util_ldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,

LDAP_DECLARE(int) uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,

                          const char *url, const char *dn,

                          const char *attrib, const char *value)

{

        /* too many failures */

        return result;

    }

    if (LDAP_SUCCESS != (result = util_ldap_connection_open(r, ldc))) {

    if (LDAP_SUCCESS != (result = uldap_connection_open(r, ldc))) {

        /* connect failed */

        return result;

    }

                                               == LDAP_SERVER_DOWN) { 

        /* connection failed - try again */

        ldc->reason = "ldap_compare_s() failed with server down";

        util_ldap_connection_unbind(ldc);

        uldap_connection_unbind(ldc);

        goto start_over;

    }

    return result;

}

LDAP_DECLARE(int) util_ldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,

LDAP_DECLARE(int) uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,

                              const char *url, const char *basedn, int scope, char **attrs,

                              const char *filter, const char *bindpw, const char **binddn,

                              const char ***retvals)

    if (failures++ > 10) {

        return result;

    }

    if (LDAP_SUCCESS != (result = util_ldap_connection_open(r, ldc))) {

    if (LDAP_SUCCESS != (result = uldap_connection_open(r, ldc))) {

        return result;

    }

				    (char *)filter, attrs, 0, 

				    NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {

        ldc->reason = "ldap_search_ext_s() for user failed with server down";

        util_ldap_connection_unbind(ldc);

        uldap_connection_unbind(ldc);

        goto start_over;

    }

        ldc->reason = "ldap_simple_bind_s() to check user credentials "

                      "failed with server down";

        ldap_msgfree(res);

        util_ldap_connection_unbind(ldc);

        uldap_connection_unbind(ldc);

        goto start_over;

    }

    if (result != LDAP_SUCCESS) {

        ldc->reason = "ldap_simple_bind_s() to check user credentials failed";

        ldap_msgfree(res);

        util_ldap_connection_unbind(ldc);

        uldap_connection_unbind(ldc);

        return result;

    }

    else {

 * This function will return the DN of the entry matching userid.

 * It is used to get the DN in case some other module than mod_auth_ldap

 * has authenticated the user.

 * The function is basically a copy of util_ldap_cache_checkuserid

 * The function is basically a copy of uldap_cache_checkuserid

 * with password checking removed.

 */

LDAP_DECLARE(int) util_ldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc,

LDAP_DECLARE(int) uldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc,

                              const char *url, const char *basedn, int scope, char **attrs,

                              const char *filter, const char **binddn,

                              const char ***retvals)

    if (failures++ > 10) {

        return result;

    }

    if (LDAP_SUCCESS != (result = util_ldap_connection_open(r, ldc))) {

    if (LDAP_SUCCESS != (result = uldap_connection_open(r, ldc))) {

        return result;

    }

                                    (char *)filter, attrs, 0, 

				    NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {

        ldc->reason = "ldap_search_ext_s() for user failed with server down";

        util_ldap_connection_unbind(ldc);

        uldap_connection_unbind(ldc);

        goto start_over;

    }

 *

 * 1 = enabled, 0 = not enabled

 */

LDAP_DECLARE(int) util_ldap_ssl_supported(request_rec *r)

LDAP_DECLARE(int) uldap_ssl_supported(request_rec *r)

{

   util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(

                                r->server->module_config, &ldap_module);

static void util_ldap_register_hooks(apr_pool_t *p)

{

    APR_REGISTER_OPTIONAL_FN(uldap_connection_open);

    APR_REGISTER_OPTIONAL_FN(uldap_connection_close);

    APR_REGISTER_OPTIONAL_FN(uldap_connection_unbind);

    APR_REGISTER_OPTIONAL_FN(uldap_connection_cleanup);

    APR_REGISTER_OPTIONAL_FN(uldap_connection_find);

    APR_REGISTER_OPTIONAL_FN(uldap_cache_comparedn);

    APR_REGISTER_OPTIONAL_FN(uldap_cache_compare);

    APR_REGISTER_OPTIONAL_FN(uldap_cache_checkuserid);

    APR_REGISTER_OPTIONAL_FN(uldap_cache_getuserdn);

    APR_REGISTER_OPTIONAL_FN(uldap_ssl_supported);

    ap_hook_post_config(util_ldap_post_config,NULL,NULL,APR_HOOK_MIDDLE);

    ap_hook_handler(util_ldap_handler, NULL, NULL, APR_HOOK_MIDDLE);

    ap_hook_child_init(util_ldap_child_init, NULL, NULL, APR_HOOK_MIDDLE);