mirror of
https://github.com/moparisthebest/curl
synced 2024-11-13 21:15:08 -05:00
added basic ldaps support; for now its ifdef'd with HAVE_LDAP_SSL unless we know its fully working, and available with all LDAP SDKs.
Win32 requires to have the trusted CA in local keystore - I've not found yet a way to disable the cert check.
This commit is contained in:
parent
7f7e42732d
commit
ccba0d10b6
99
lib/ldap.c
99
lib/ldap.c
@ -48,6 +48,9 @@
|
|||||||
#else
|
#else
|
||||||
#define LDAP_DEPRECATED 1 /* Be sure ldap_init() is defined. */
|
#define LDAP_DEPRECATED 1 /* Be sure ldap_init() is defined. */
|
||||||
# include <ldap.h>
|
# include <ldap.h>
|
||||||
|
#ifdef HAVE_LDAP_SSL
|
||||||
|
# include <ldap_ssl.h>
|
||||||
|
#endif /* CURL_LDAP_USE_SSL */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_UNISTD_H
|
#ifdef HAVE_UNISTD_H
|
||||||
@ -107,6 +110,15 @@ static void _ldap_free_urldesc (LDAPURLDesc *ludp);
|
|||||||
#ifndef LDAP_OPT_PROTOCOL_VERSION
|
#ifndef LDAP_OPT_PROTOCOL_VERSION
|
||||||
#define LDAP_OPT_PROTOCOL_VERSION 0x0011
|
#define LDAP_OPT_PROTOCOL_VERSION 0x0011
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef LDAP_OPT_NETWORK_TIMEOUT /* socket level timeout */
|
||||||
|
#define LDAP_OPT_NETWORK_TIMEOUT 0x5005
|
||||||
|
#endif
|
||||||
|
#ifndef LDAPSSL_VERIFY_NONE
|
||||||
|
#define LDAPSSL_VERIFY_NONE 0x00
|
||||||
|
#endif
|
||||||
|
#ifndef LDAPSSL_VERIFY_SERVER
|
||||||
|
#define LDAPSSL_VERIFY_SERVER 0x01
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef DEBUG_LDAP
|
#ifdef DEBUG_LDAP
|
||||||
#define LDAP_TRACE(x) do { \
|
#define LDAP_TRACE(x) do { \
|
||||||
@ -131,26 +143,72 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done)
|
|||||||
int num = 0;
|
int num = 0;
|
||||||
struct SessionHandle *data=conn->data;
|
struct SessionHandle *data=conn->data;
|
||||||
int ldap_proto;
|
int ldap_proto;
|
||||||
|
int ldap_ssl = 0;
|
||||||
char *val_b64;
|
char *val_b64;
|
||||||
size_t val_b64_sz;
|
size_t val_b64_sz;
|
||||||
|
struct timeval ldap_timeout = {10,0}; /* 10 sec connection/search timeout */
|
||||||
|
|
||||||
*done = TRUE; /* unconditionally */
|
*done = TRUE; /* unconditionally */
|
||||||
infof(data, "LDAP local: %s\n", data->change.url);
|
infof(data, "LDAP local: %s\n", data->change.url);
|
||||||
|
|
||||||
server = ldap_init(conn->host.name, (int)conn->port);
|
#ifndef HAVE_LDAP_URL_PARSE
|
||||||
|
rc = _ldap_url_parse(conn, &ludp);
|
||||||
|
#else
|
||||||
|
rc = ldap_url_parse(data->change.url, &ludp);
|
||||||
|
#endif
|
||||||
|
if (rc != 0) {
|
||||||
|
failf(data, "LDAP local: %s", ldap_err2string(rc));
|
||||||
|
status = CURLE_LDAP_INVALID_URL;
|
||||||
|
goto quit;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get the URL scheme ( either ldap or ldaps ) */
|
||||||
|
if (strequal(conn->protostr, "LDAPS"))
|
||||||
|
ldap_ssl = 1;
|
||||||
|
infof(data, "LDAP local: trying to establish %s connection\n",
|
||||||
|
ldap_ssl ? "encrypted" : "cleartext");
|
||||||
|
|
||||||
|
ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
|
||||||
|
ldap_proto = LDAP_VERSION3;
|
||||||
|
ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
|
||||||
|
|
||||||
|
if (ldap_ssl) {
|
||||||
|
#ifdef HAVE_LDAP_SSL
|
||||||
|
#ifdef CURL_LDAP_WIN
|
||||||
|
server = ldap_sslinit(conn->host.name, (int)conn->port, 1);
|
||||||
|
ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
|
||||||
|
#else
|
||||||
|
rc = ldapssl_client_init(NULL, /* DER encoded cert file */
|
||||||
|
NULL); /* reserved, use NULL */
|
||||||
|
if (rc != LDAP_SUCCESS) {
|
||||||
|
failf(data, "LDAP local: %s", ldap_err2string(rc));
|
||||||
|
status = CURLE_SSL_CERTPROBLEM;
|
||||||
|
goto quit;
|
||||||
|
}
|
||||||
|
rc = ldapssl_set_verify_mode(LDAPSSL_VERIFY_NONE);
|
||||||
|
if (rc != LDAP_SUCCESS) {
|
||||||
|
failf(data, "LDAP local: ldapssl_set_verify_mode error: %d", rc);
|
||||||
|
status = CURLE_SSL_CERTPROBLEM;
|
||||||
|
goto quit;
|
||||||
|
}
|
||||||
|
server = ldapssl_init(conn->host.name, (int)conn->port, 1);
|
||||||
|
#endif
|
||||||
|
#endif /* CURL_LDAP_USE_SSL */
|
||||||
|
} else {
|
||||||
|
server = ldap_init(conn->host.name, (int)conn->port);
|
||||||
|
}
|
||||||
|
|
||||||
if (server == NULL) {
|
if (server == NULL) {
|
||||||
failf(data, "LDAP local: Cannot connect to %s:%d",
|
failf(data, "LDAP local: Cannot connect to %s:%d",
|
||||||
conn->host.name, conn->port);
|
conn->host.name, conn->port);
|
||||||
status = CURLE_COULDNT_CONNECT;
|
status = CURLE_COULDNT_CONNECT;
|
||||||
goto quit;
|
goto quit;
|
||||||
}
|
}
|
||||||
|
|
||||||
ldap_proto = LDAP_VERSION3;
|
|
||||||
ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
|
|
||||||
rc = ldap_simple_bind_s(server,
|
rc = ldap_simple_bind_s(server,
|
||||||
conn->bits.user_passwd ? conn->user : NULL,
|
conn->bits.user_passwd ? conn->user : NULL,
|
||||||
conn->bits.user_passwd ? conn->passwd : NULL);
|
conn->bits.user_passwd ? conn->passwd : NULL);
|
||||||
if (rc != 0) {
|
if (!ldap_ssl && rc != 0) {
|
||||||
ldap_proto = LDAP_VERSION2;
|
ldap_proto = LDAP_VERSION2;
|
||||||
ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
|
ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
|
||||||
rc = ldap_simple_bind_s(server,
|
rc = ldap_simple_bind_s(server,
|
||||||
@ -163,18 +221,6 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done)
|
|||||||
goto quit;
|
goto quit;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef HAVE_LDAP_URL_PARSE
|
|
||||||
rc = _ldap_url_parse(conn, &ludp);
|
|
||||||
#else
|
|
||||||
rc = ldap_url_parse(data->change.url, &ludp);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (rc != 0) {
|
|
||||||
failf(data, "LDAP local: %s", ldap_err2string(rc));
|
|
||||||
status = CURLE_LDAP_INVALID_URL;
|
|
||||||
goto quit;
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope,
|
rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope,
|
||||||
ludp->lud_filter, ludp->lud_attrs, 0, &result);
|
ludp->lud_filter, ludp->lud_attrs, 0, &result);
|
||||||
|
|
||||||
@ -242,15 +288,22 @@ CURLcode Curl_ldap(struct connectdata *conn, bool *done)
|
|||||||
}
|
}
|
||||||
|
|
||||||
quit:
|
quit:
|
||||||
LDAP_TRACE (("Received %d entries\n", num));
|
if (result) {
|
||||||
|
ldap_msgfree(result);
|
||||||
|
LDAP_TRACE (("Received %d entries\n", num));
|
||||||
|
}
|
||||||
if (rc == LDAP_SIZELIMIT_EXCEEDED)
|
if (rc == LDAP_SIZELIMIT_EXCEEDED)
|
||||||
infof(data, "There are more than %d entries\n", num);
|
infof(data, "There are more than %d entries\n", num);
|
||||||
if (result)
|
|
||||||
ldap_msgfree(result);
|
|
||||||
if (ludp)
|
if (ludp)
|
||||||
ldap_free_urldesc(ludp);
|
ldap_free_urldesc(ludp);
|
||||||
if (server)
|
if (server)
|
||||||
ldap_unbind_s(server);
|
ldap_unbind_s(server);
|
||||||
|
#ifdef HAVE_LDAP_SSL
|
||||||
|
#ifndef CURL_LDAP_WIN
|
||||||
|
if (ldap_ssl)
|
||||||
|
ldapssl_client_deinit();
|
||||||
|
#endif
|
||||||
|
#endif /* CURL_LDAP_USE_SSL */
|
||||||
|
|
||||||
/* no data to transfer */
|
/* no data to transfer */
|
||||||
Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
|
Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
|
||||||
|
17
lib/url.c
17
lib/url.c
@ -3062,6 +3062,23 @@ static CURLcode setup_connection_internals(struct SessionHandle *data,
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_LDAP_SSL
|
||||||
|
else if (strequal(conn->protostr, "LDAPS")) {
|
||||||
|
#ifndef CURL_DISABLE_LDAP
|
||||||
|
conn->protocol |= PROT_LDAP|PROT_SSL;
|
||||||
|
conn->port = PORT_LDAPS;
|
||||||
|
conn->remote_port = PORT_LDAPS;
|
||||||
|
conn->curl_do = Curl_ldap;
|
||||||
|
/* no LDAP-specific done */
|
||||||
|
conn->curl_done = (Curl_done_func)ZERO_NULL;
|
||||||
|
#else
|
||||||
|
failf(data, LIBCURL_NAME
|
||||||
|
" was built with LDAP disabled!");
|
||||||
|
return CURLE_UNSUPPORTED_PROTOCOL;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
#endif /* CURL_LDAP_USE_SSL */
|
||||||
|
|
||||||
else if (strequal(conn->protostr, "FILE")) {
|
else if (strequal(conn->protostr, "FILE")) {
|
||||||
#ifndef CURL_DISABLE_FILE
|
#ifndef CURL_DISABLE_FILE
|
||||||
conn->protocol |= PROT_FILE;
|
conn->protocol |= PROT_FILE;
|
||||||
|
@ -120,6 +120,9 @@ static const char * const protocols[] = {
|
|||||||
#endif
|
#endif
|
||||||
#ifndef CURL_DISABLE_LDAP
|
#ifndef CURL_DISABLE_LDAP
|
||||||
"ldap",
|
"ldap",
|
||||||
|
#ifdef HAVE_LDAP_SSL
|
||||||
|
"ldaps",
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#ifndef CURL_DISABLE_HTTP
|
#ifndef CURL_DISABLE_HTTP
|
||||||
"http",
|
"http",
|
||||||
|
Loading…
Reference in New Issue
Block a user