From: Ralf Haferkamp Date: Mon, 15 Feb 2010 17:17:42 +0000 (+0000) Subject: New class "TlsOptions" to handle TLS/SSL related settings X-Git-Tag: MIGRATION_CVS2GIT~696 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=ad93b706a9679faa1c66aedf6a77b35bafcdb38f;p=openldap New class "TlsOptions" to handle TLS/SSL related settings --- diff --git a/contrib/ldapc++/src/TlsOptions.cpp b/contrib/ldapc++/src/TlsOptions.cpp new file mode 100644 index 0000000000..0cba46ea18 --- /dev/null +++ b/contrib/ldapc++/src/TlsOptions.cpp @@ -0,0 +1,106 @@ +// $OpenLDAP$ +/* + * Copyright 2010, OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ + +#include "TlsOptions.h" +#include "LDAPException.h" + +enum opttype { + INT=0, + STRING, + OTHER +}; + +typedef struct tls_optmap { + int optval; + opttype type; +} tls_optmap_t; + +static tls_optmap_t optmap[] = { + { LDAP_OPT_X_TLS_CACERTFILE, STRING }, + { LDAP_OPT_X_TLS_CACERTDIR, STRING }, + { LDAP_OPT_X_TLS_CERTFILE, STRING }, + { LDAP_OPT_X_TLS_KEYFILE, STRING }, + { LDAP_OPT_X_TLS_REQUIRE_CERT, INT }, + { LDAP_OPT_X_TLS_PROTOCOL_MIN, INT }, + { LDAP_OPT_X_TLS_CIPHER_SUITE, STRING }, + { LDAP_OPT_X_TLS_RANDOM_FILE, STRING }, + { LDAP_OPT_X_TLS_CRLCHECK, INT }, + { LDAP_OPT_X_TLS_DHFILE, STRING }, + { LDAP_OPT_X_TLS_NEWCTX, INT } +}; +#if 0 /* not implemented currently */ + static const int TLS_CRLFILE /* GNUtls only */ + static const int TLS_SSL_CTX /* OpenSSL SSL* */ + static const int TLS_CONNECT_CB + static const int TLS_CONNECT_ARG +#endif + +void checkOpt( TlsOptions::tls_option opt, opttype type ){ + if ( opt >= sizeof(optmap) ){ + throw( LDAPException( LDAP_PARAM_ERROR, "unknown Option" ) ); + } + + if ( optmap[opt].type != type ){ + throw( LDAPException( LDAP_PARAM_ERROR, "not a string option" ) ); + } +} + +TlsOptions::TlsOptions( LDAP* ld ): m_ld(ld) { } + +void TlsOptions::setOption( tls_option opt, const std::string& value ) { + checkOpt(opt, STRING); + this->setOption( opt, (void*) value.c_str()); +} + +void TlsOptions::setOption( tls_option opt, int value ) { + checkOpt(opt, INT); + this->setOption( opt, (void*) &value); +} + +void TlsOptions::setOption( tls_option opt, void *value ) { + int ret = ldap_set_option( m_ld, optmap[opt].optval, value); + if ( ret != LDAP_OPT_SUCCESS ) + { + if ( ret != LDAP_OPT_ERROR ){ + throw( LDAPException( ret )); + } else { + throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) ); + } + } +} + +void TlsOptions::getOption( tls_option opt, void* value ){ + int ret = ldap_get_option( m_ld, optmap[opt].optval, value); + if ( ret != LDAP_OPT_SUCCESS ) + { + if ( ret != LDAP_OPT_ERROR ){ + throw( LDAPException( ret )); + } else { + throw( LDAPException( LDAP_PARAM_ERROR, "error while reading TLS option" ) ); + } + } +} + +int TlsOptions::getIntOption( tls_option opt ) const { + int value; + checkOpt(opt, INT); + ldap_get_option( m_ld, optmap[opt].optval, (void*) &value); + return value; +} + +std::string TlsOptions::getStringOption( tls_option opt ) const { + char *value; + checkOpt(opt, STRING); + ldap_get_option( m_ld, optmap[opt].optval, (void*) &value); + std::string strval; + if (value) + { + strval=std::string(value); + ldap_memfree(value); + } + return strval; +} + diff --git a/contrib/ldapc++/src/TlsOptions.h b/contrib/ldapc++/src/TlsOptions.h new file mode 100644 index 0000000000..573b4f95c8 --- /dev/null +++ b/contrib/ldapc++/src/TlsOptions.h @@ -0,0 +1,54 @@ +// $OpenLDAP$ +/* + * Copyright 2010, OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ +#ifndef TLS_OPTIONS_H +#define TLS_OPTIONS_H +#include +#include + +class TlsOptions { + public: + enum tls_option { + CACERTFILE=0, + CACERTDIR, + CERTFILE, + KEYFILE, + REQUIRE_CERT, + PROTOCOL_MIN, + CIPHER_SUITE, + RANDOM_FILE, + CRLCHECK, + DHFILE, + NEWCTX + }; + + TlsOptions( LDAP* ld=NULL ); + void setOption(tls_option opt, const std::string& value); + void setOption(tls_option opt, int value); + void setOption(tls_option opt, void *value); + + int getIntOption(tls_option opt) const; + std::string getStringOption(tls_option opt) const; + void getOption(tls_option opt, void *value ); + + enum verifyMode { + NEVER=0, + HARD, + DEMAND, + ALLOW, + TRY + }; + + enum crlMode { + CRL_NONE=0, + CRL_PEER, + CRL_ALL + }; + + private: + LDAP *m_ld; +}; + +#endif /* TLS_OPTIONS_H */