summaryrefslogtreecommitdiffstats
path: root/include/apr_ldap_init.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/apr_ldap_init.h')
-rw-r--r--include/apr_ldap_init.h165
1 files changed, 165 insertions, 0 deletions
diff --git a/include/apr_ldap_init.h b/include/apr_ldap_init.h
new file mode 100644
index 0000000..aeb6d9b
--- /dev/null
+++ b/include/apr_ldap_init.h
@@ -0,0 +1,165 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file apr_ldap_init.h
+ * @brief APR-UTIL LDAP ldap_init() functions
+ */
+#ifndef APR_LDAP_INIT_H
+#define APR_LDAP_INIT_H
+
+/**
+ * @addtogroup APR_Util_LDAP
+ * @{
+ */
+
+#include "apr_ldap.h"
+
+#if APR_HAS_LDAP
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+
+/**
+ * Macro to detect security related return values.
+ */
+#if defined(LDAP_INSUFFICIENT_ACCESS)
+#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS
+#elif defined(LDAP_INSUFFICIENT_RIGHTS)
+#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
+#elif defined(APR_HAS_MICROSOFT_LDAPSDK)
+/* The macros above fail to contemplate that LDAP_RETCODE values
+ * may be represented by an enum. autoconf tests would be much
+ * more robust.
+ */
+#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
+#else
+#error The security return codes must be added to support this LDAP toolkit.
+#endif
+
+#if defined(LDAP_SECURITY_ERROR)
+#define APU_LDAP_SECURITY_ERROR LDAP_SECURITY_ERROR
+#else
+#define APU_LDAP_SECURITY_ERROR(n) \
+ (LDAP_INAPPROPRIATE_AUTH == n) ? 1 \
+ : (LDAP_INVALID_CREDENTIALS == n) ? 1 \
+ : (APU_LDAP_INSUFFICIENT_ACCESS == n) ? 1 \
+ : 0
+#endif
+
+
+/**
+ * APR LDAP SSL Initialise function
+ *
+ * This function initialises SSL on the underlying LDAP toolkit
+ * if this is necessary.
+ *
+ * If a CA certificate is provided, this is set, however the setting
+ * of certificates via this method has been deprecated and will be removed in
+ * APR v2.0.
+ *
+ * The apr_ldap_set_option() function with the APR_LDAP_OPT_TLS_CERT option
+ * should be used instead to set certificates.
+ *
+ * If SSL support is not available on this platform, or a problem
+ * was encountered while trying to set the certificate, the function
+ * will return APR_EGENERAL. Further LDAP specific error information
+ * can be found in result_err.
+ * @param pool The pool to use
+ * @param cert_auth_file The name of the certificate to use, can be NULL
+ * @param cert_file_type The type of certificate specified. See the
+ * apr_ldap_set_option() APR_LDAP_OPT_TLS_CERT option for details.
+ * @param result_err The returned result
+ */
+APU_DECLARE_LDAP(int) apr_ldap_ssl_init(apr_pool_t *pool,
+ const char *cert_auth_file,
+ int cert_file_type,
+ apr_ldap_err_t **result_err);
+
+/**
+ * APR LDAP SSL De-Initialise function
+ *
+ * This function tears down any SSL certificate setup previously
+ * set using apr_ldap_ssl_init(). It should be called to clean
+ * up if a graceful restart of a service is attempted.
+ * @todo currently we do not check whether apr_ldap_ssl_init()
+ * has been called first - we probably should.
+ */
+APU_DECLARE_LDAP(int) apr_ldap_ssl_deinit(void);
+
+/**
+ * APR LDAP initialise function
+ *
+ * This function is responsible for initialising an LDAP
+ * connection in a toolkit independant way. It does the
+ * job of ldap_init() from the C api.
+ *
+ * It handles both the SSL and non-SSL case, and attempts
+ * to hide the complexity setup from the user. This function
+ * assumes that any certificate setup necessary has already
+ * been done.
+ *
+ * If SSL or STARTTLS needs to be enabled, and the underlying
+ * toolkit supports it, the following values are accepted for
+ * secure:
+ *
+ * APR_LDAP_NONE: No encryption
+ * APR_LDAP_SSL: SSL encryption (ldaps://)
+ * APR_LDAP_STARTTLS: Force STARTTLS on ldap://
+ * @remark The Novell toolkit is only able to set the SSL mode via this
+ * function. To work around this limitation, set the SSL mode here if no
+ * per connection client certificates are present, otherwise set secure
+ * APR_LDAP_NONE here, then set the per connection client certificates,
+ * followed by setting the SSL mode via apr_ldap_set_option(). As Novell
+ * does not support per connection client certificates, this problem is
+ * worked around while still being compatible with other LDAP toolkits.
+ * @param pool The pool to use
+ * @param ldap The LDAP handle
+ * @param hostname The name of the host to connect to. This can be either a
+ * DNS name, or an IP address.
+ * @param portno The port to connect to
+ * @param secure The security mode to set
+ * @param result_err The returned result
+ */
+APU_DECLARE_LDAP(int) apr_ldap_init(apr_pool_t *pool,
+ LDAP **ldap,
+ const char *hostname,
+ int portno,
+ int secure,
+ apr_ldap_err_t **result_err);
+
+/**
+ * APR LDAP info function
+ *
+ * This function returns a string describing the LDAP toolkit
+ * currently in use. The string is placed inside result_err->reason.
+ * @param pool The pool to use
+ * @param result_err The returned result
+ */
+APU_DECLARE_LDAP(int) apr_ldap_info(apr_pool_t *pool,
+ apr_ldap_err_t **result_err);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* APR_HAS_LDAP */
+
+/** @} */
+
+#endif /* APR_LDAP_URL_H */