wldap32: Implement setting LDAP_OPT_CLIENT_CERTIFICATE.

Since most LDAP servers do not require mTLS, for now the callback
function is saved but not called.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=55507

dlls/wldap32/init.c

@@ -250,6 +250,7 @@ exit:
  */
 ULONG CDECL WLDAP32_ldap_connect( LDAP *ld, struct l_timeval *timeout )
 {
+    QUERYCLIENTCERT *client_cert_callback = CLIENT_CERT_CALLBACK(ld);
     VERIFYSERVERCERT *server_cert_callback = SERVER_CERT_CALLBACK(ld);
     int ret;
 
@@ -258,6 +259,9 @@ ULONG CDECL WLDAP32_ldap_connect( LDAP *ld, struct l_timeval *timeout )
     if (!ld) return WLDAP32_LDAP_PARAM_ERROR;
     if (CONNECTED(ld)) return WLDAP32_LDAP_SUCCESS;
 
+    if (client_cert_callback)
+        FIXME( "mTLS is not implemented\n" );
+
     if (timeout && (timeout->tv_sec || timeout->tv_usec)) FIXME( "ignoring timeout\n" );
     if ((ret = ldap_connect( CTX(ld) ))) return map_error( ret );
 

dlls/wldap32/option.c

@@ -341,6 +341,7 @@ ULONG CDECL ldap_set_optionA( LDAP *ld, int option, void *value )
         return ret;
     }
     case WLDAP32_LDAP_OPT_AUTO_RECONNECT:
+    case WLDAP32_LDAP_OPT_CLIENT_CERTIFICATE:
     case WLDAP32_LDAP_OPT_DEREF:
     case WLDAP32_LDAP_OPT_DESC:
     case WLDAP32_LDAP_OPT_ENCRYPT:
@@ -384,7 +385,6 @@ ULONG CDECL ldap_set_optionA( LDAP *ld, int option, void *value )
         return WLDAP32_LDAP_UNWILLING_TO_PERFORM;
 
     case WLDAP32_LDAP_OPT_AREC_EXCLUSIVE:
-    case WLDAP32_LDAP_OPT_CLIENT_CERTIFICATE:
     case WLDAP32_LDAP_OPT_DNSDOMAIN_NAME:
     case WLDAP32_LDAP_OPT_ERROR_STRING:
     case WLDAP32_LDAP_OPT_FAST_CONCURRENT_BIND:
@@ -541,6 +541,10 @@ ULONG CDECL ldap_set_optionW( LDAP *ld, int option, void *value )
         return map_error( ldap_set_option( CTX(ld), LDAP_OPT_RESTART, value ) );
     }
 
+    case WLDAP32_LDAP_OPT_CLIENT_CERTIFICATE:
+        CLIENT_CERT_CALLBACK(ld) = value;
+        return WLDAP32_LDAP_SUCCESS;
+
     case WLDAP32_LDAP_OPT_REFERRAL_HOP_LIMIT:
         return map_error( ldap_set_option( CTX(ld), LDAP_OPT_REFHOPLIMIT, value ) );
 
@@ -620,7 +624,6 @@ ULONG CDECL ldap_set_optionW( LDAP *ld, int option, void *value )
             return WLDAP32_LDAP_SUCCESS;
         /* fall through */
     case WLDAP32_LDAP_OPT_AREC_EXCLUSIVE:
-    case WLDAP32_LDAP_OPT_CLIENT_CERTIFICATE:
     case WLDAP32_LDAP_OPT_DNSDOMAIN_NAME:
     case WLDAP32_LDAP_OPT_ERROR_STRING:
     case WLDAP32_LDAP_OPT_FAST_CONCURRENT_BIND:

dlls/wldap32/winldap_private.h

@@ -23,6 +23,7 @@
 #include "winternl.h"
 #include "wincrypt.h"
 #include "winnls.h"
+#include "schannel.h"
 
 #define LDAP_NEEDS_PROTOTYPES
 #include <lber.h>
@@ -222,12 +223,14 @@ typedef struct ldap
     ULONG ld_options;
 } LDAP, *PLDAP;
 
+typedef BOOLEAN (CDECL QUERYCLIENTCERT)(LDAP *, SecPkgContext_IssuerListInfoEx *, const CERT_CONTEXT **);
 typedef BOOLEAN (CDECL VERIFYSERVERCERT)(LDAP *, const CERT_CONTEXT **);
 
 struct private_data
 {
     LDAP *ctx;
     struct berval **server_ctrls;
+    QUERYCLIENTCERT *client_cert_callback;
     VERIFYSERVERCERT *server_cert_callback;
     BOOL connected;
 };
@@ -235,6 +238,7 @@ C_ASSERT(sizeof(struct private_data) < FIELD_OFFSET(struct ld_sb, sb_naddr) - FI
 
 #define CTX(ld) (((struct private_data *)ld->ld_sb.Reserved1)->ctx)
 #define SERVER_CTRLS(ld) (((struct private_data *)ld->ld_sb.Reserved1)->server_ctrls)
+#define CLIENT_CERT_CALLBACK(ld) (((struct private_data *)ld->ld_sb.Reserved1)->client_cert_callback)
 #define SERVER_CERT_CALLBACK(ld) (((struct private_data *)ld->ld_sb.Reserved1)->server_cert_callback)
 #define CONNECTED(ld) (((struct private_data *)ld->ld_sb.Reserved1)->connected)
 

include/winldap.h

@@ -391,6 +391,7 @@ typedef struct ldap_apifeature_infoW
 
 DECL_WINELIB_TYPE_AW(LDAPAPIFeatureInfo)
 
+typedef BOOLEAN (CDECL QUERYCLIENTCERT)(LDAP*,SecPkgContext_IssuerListInfoEx*,const CERT_CONTEXT**);
 typedef BOOLEAN (CDECL VERIFYSERVERCERT)(LDAP*,const CERT_CONTEXT**);