| /* Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| /** |
| * @file ap_ldap_init.h |
| * @brief AP-UTIL LDAP ldap_init() functions |
| */ |
| #ifndef AP_LDAP_INIT_H |
| #define AP_LDAP_INIT_H |
| |
| /** |
| * @addtogroup AP_Util_LDAP |
| * @{ |
| */ |
| |
| #include "ap_ldap.h" |
| |
| #if AP_HAS_LDAP |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif /* __cplusplus */ |
| |
| |
| /** |
| * Macro to detect security related return values. |
| */ |
| #if defined(LDAP_INSUFFICIENT_ACCESS) |
| #define AP_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS |
| #elif defined(LDAP_INSUFFICIENT_RIGHTS) |
| #define AP_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS |
| #elif defined(AP_HAS_MICROSOFT_LDAPSDK) |
| /* The macros above fail to contemplate that LDAP_RETCODE values |
| * may be represented by an enum. autoconf tests would be much |
| * more robust. |
| */ |
| #define AP_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS |
| #else |
| #error The security return codes must be added to support this LDAP toolkit. |
| #endif |
| |
| #if defined(LDAP_SECURITY_ERROR) |
| #define AP_LDAP_SECURITY_ERROR LDAP_SECURITY_ERROR |
| #else |
| #define AP_LDAP_SECURITY_ERROR(n) \ |
| (LDAP_INAPPROPRIATE_AUTH == n) ? 1 \ |
| : (LDAP_INVALID_CREDENTIALS == n) ? 1 \ |
| : (AP_LDAP_INSUFFICIENT_ACCESS == n) ? 1 \ |
| : 0 |
| #endif |
| |
| |
| /** |
| * MODLDAP SSL Initialise function |
| * |
| * This function initialises SSL on the underlying LDAP toolkit |
| * if this is necessary. |
| * |
| * @bug ??? If a CA certificate is provided, this is set, however the setting |
| * of certificates via this method has been deprecated and will be removed in |
| * APR v2.0 ??? |
| * |
| * The ap_ldap_set_option() function with the AP_LDAP_OPT_TLS_CERT option |
| * should be used instead to set certificates. |
| * |
| * If SSL support is not available on this platform, or a problem |
| * was encountered while trying to set the certificate, the function |
| * will return APR_EGENERAL. Further LDAP specific error information |
| * can be found in result_err. |
| * @param pool The pool to use |
| * @param cert_auth_file The name of the certificate to use, can be NULL |
| * @param cert_file_type The type of certificate specified. See the |
| * ap_ldap_set_option() AP_LDAP_OPT_TLS_CERT option for details. |
| * @param result_err The returned result |
| */ |
| MODLDAP_DECLARE(int) ap_ldap_ssl_init(apr_pool_t *pool, |
| const char *cert_auth_file, |
| int cert_file_type, |
| ap_ldap_err_t **result_err); |
| |
| /** |
| * MODLDAP SSL De-Initialise function |
| * |
| * This function tears down any SSL certificate setup previously |
| * set using ap_ldap_ssl_init(). It should be called to clean |
| * up if a graceful restart of a service is attempted. |
| * @todo currently we do not check whether ap_ldap_ssl_init() |
| * has been called first - we probably should. |
| */ |
| MODLDAP_DECLARE(int) ap_ldap_ssl_deinit(void); |
| |
| /** |
| * MODLDAP initialise function |
| * |
| * This function is responsible for initialising an LDAP |
| * connection in a toolkit independant way. It does the |
| * job of ldap_init() from the C api. |
| * |
| * It handles both the SSL and non-SSL case, and attempts |
| * to hide the complexity setup from the user. This function |
| * assumes that any certificate setup necessary has already |
| * been done. |
| * |
| * If SSL or STARTTLS needs to be enabled, and the underlying |
| * toolkit supports it, the following values are accepted for |
| * secure: |
| * |
| * AP_LDAP_NONE: No encryption |
| * AP_LDAP_SSL: SSL encryption (ldaps://) |
| * AP_LDAP_STARTTLS: Force STARTTLS on ldap:// |
| * @remark The Novell toolkit is only able to set the SSL mode via this |
| * function. To work around this limitation, set the SSL mode here if no |
| * per connection client certificates are present, otherwise set secure |
| * AP_LDAP_NONE here, then set the per connection client certificates, |
| * followed by setting the SSL mode via ap_ldap_set_option(). As Novell |
| * does not support per connection client certificates, this problem is |
| * worked around while still being compatible with other LDAP toolkits. |
| * @param pool The pool to use |
| * @param ldap The LDAP handle |
| * @param hostname The name of the host to connect to. This can be either a |
| * DNS name, or an IP address. |
| * @param portno The port to connect to |
| * @param secure The security mode to set |
| * @param result_err The returned result |
| */ |
| MODLDAP_DECLARE(int) ap_ldap_init(apr_pool_t *pool, |
| LDAP **ldap, |
| const char *hostname, |
| int portno, |
| int secure, |
| ap_ldap_err_t **result_err); |
| |
| /** |
| * MODLDAP info function |
| * |
| * This function returns a string describing the LDAP toolkit |
| * currently in use. The string is placed inside result_err->reason. |
| * @param pool The pool to use |
| * @param result_err The returned result |
| */ |
| MODLDAP_DECLARE(int) ap_ldap_info(apr_pool_t *pool, |
| ap_ldap_err_t **result_err); |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* AP_HAS_LDAP */ |
| |
| /** @} */ |
| |
| #endif /* AP_LDAP_URL_H */ |
