Back to index

openldap  2.4.31
TlsOptions.cpp
Go to the documentation of this file.
00001 // $OpenLDAP$
00002 /*
00003  * Copyright 2010-2012 The OpenLDAP Foundation, All Rights Reserved.
00004  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
00005  */
00006 
00007 #include "TlsOptions.h"
00008 #include "LDAPException.h"
00009 
00010 enum opttype {
00011     INT=0,
00012     STRING,
00013     OTHER
00014 };
00015 
00016 typedef struct tls_optmap {
00017     int optval;
00018     opttype type;
00019 } tls_optmap_t;
00020 
00021 static tls_optmap_t optmap[] = {
00022     { LDAP_OPT_X_TLS_CACERTFILE, STRING },
00023     { LDAP_OPT_X_TLS_CACERTDIR, STRING },
00024     { LDAP_OPT_X_TLS_CERTFILE, STRING },
00025     { LDAP_OPT_X_TLS_KEYFILE, STRING },
00026     { LDAP_OPT_X_TLS_REQUIRE_CERT, INT },
00027     { LDAP_OPT_X_TLS_PROTOCOL_MIN, INT },
00028     { LDAP_OPT_X_TLS_CIPHER_SUITE, STRING },
00029     { LDAP_OPT_X_TLS_RANDOM_FILE, STRING },
00030     { LDAP_OPT_X_TLS_CRLCHECK, INT },
00031     { LDAP_OPT_X_TLS_DHFILE, STRING },
00032     { LDAP_OPT_X_TLS_NEWCTX, INT }
00033 };
00034 #if 0 /* not implemented currently */
00035         static const int TLS_CRLFILE /* GNUtls only */
00036         static const int TLS_SSL_CTX  /* OpenSSL SSL* */
00037         static const int TLS_CONNECT_CB
00038         static const int TLS_CONNECT_ARG
00039 #endif 
00040 
00041 static void checkOpt( TlsOptions::tls_option opt, opttype type ) {
00042     if ( opt < TlsOptions::CACERTFILE || opt >= TlsOptions::LASTOPT ){
00043         throw( LDAPException( LDAP_PARAM_ERROR, "unknown Option" ) );
00044     }
00045 
00046     if ( optmap[opt].type != type ){
00047         throw( LDAPException( LDAP_PARAM_ERROR, "not a string option" ) );
00048     }
00049 }
00050 
00051 TlsOptions::TlsOptions() : m_ld(NULL) {}
00052 
00053 TlsOptions::TlsOptions( LDAP* ld ): m_ld(ld) { }
00054 
00055 void TlsOptions::setOption( tls_option opt, const std::string& value ) const {
00056     checkOpt(opt, STRING);
00057     this->setOption( opt, value.empty() ? NULL : (void*) value.c_str() );
00058 }
00059 
00060 void TlsOptions::setOption( tls_option opt, int value ) const {
00061     checkOpt(opt, INT);
00062     this->setOption( opt, (void*) &value);
00063 }
00064 
00065 void TlsOptions::setOption( tls_option opt, void *value ) const {
00066     int ret = ldap_set_option( m_ld, optmap[opt].optval, value);
00067     if ( ret != LDAP_OPT_SUCCESS )
00068     {
00069         if ( ret != LDAP_OPT_ERROR ){
00070             throw( LDAPException( ret ));
00071         } else {
00072             throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) );
00073         }
00074     }
00075     this->newCtx();
00076 }
00077 
00078 void TlsOptions::getOption( tls_option opt, void* value ) const {
00079     int ret = ldap_get_option( m_ld, optmap[opt].optval, value);
00080     if ( ret != LDAP_OPT_SUCCESS )
00081     {
00082         if ( ret != LDAP_OPT_ERROR ){
00083             throw( LDAPException( ret ));
00084         } else {
00085             throw( LDAPException( LDAP_PARAM_ERROR, "error while reading TLS option" ) );
00086         }
00087     }
00088 }
00089 
00090 int TlsOptions::getIntOption( tls_option opt ) const {
00091     int value;
00092     checkOpt(opt, INT);
00093     ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
00094     return value;
00095 }
00096 
00097 std::string TlsOptions::getStringOption( tls_option opt ) const {
00098     char *value;
00099     checkOpt(opt, STRING);
00100     ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
00101     std::string strval;
00102     if (value)
00103     {
00104         strval=std::string(value);
00105         ldap_memfree(value);
00106     }
00107     return strval;
00108 }
00109 
00110 void TlsOptions::newCtx() const {
00111     int val = 0;
00112     int ret = ldap_set_option( m_ld, LDAP_OPT_X_TLS_NEWCTX, &val);
00113     if ( ret != LDAP_OPT_SUCCESS )
00114     {
00115         if ( ret != LDAP_OPT_ERROR ){
00116             throw( LDAPException( ret ));
00117         } else {
00118             throw( LDAPException( LDAP_LOCAL_ERROR, "error while renewing TLS context" ) );
00119         }
00120     }
00121 }