apr_ldap_init.h revision 251876
1251876Speter/* Licensed to the Apache Software Foundation (ASF) under one or more 2251876Speter * contributor license agreements. See the NOTICE file distributed with 3251876Speter * this work for additional information regarding copyright ownership. 4251876Speter * The ASF licenses this file to You under the Apache License, Version 2.0 5251876Speter * (the "License"); you may not use this file except in compliance with 6251876Speter * the License. You may obtain a copy of the License at 7251876Speter * 8251876Speter * http://www.apache.org/licenses/LICENSE-2.0 9251876Speter * 10251876Speter * Unless required by applicable law or agreed to in writing, software 11251876Speter * distributed under the License is distributed on an "AS IS" BASIS, 12251876Speter * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13251876Speter * See the License for the specific language governing permissions and 14251876Speter * limitations under the License. 15251876Speter */ 16251876Speter 17251876Speter/** 18251876Speter * @file apr_ldap_init.h 19251876Speter * @brief APR-UTIL LDAP ldap_init() functions 20251876Speter */ 21251876Speter#ifndef APR_LDAP_INIT_H 22251876Speter#define APR_LDAP_INIT_H 23251876Speter 24251876Speter/** 25251876Speter * @addtogroup APR_Util_LDAP 26251876Speter * @{ 27251876Speter */ 28251876Speter 29251876Speter#include "apr_ldap.h" 30251876Speter 31251876Speter#if APR_HAS_LDAP 32251876Speter 33251876Speter#ifdef __cplusplus 34251876Speterextern "C" { 35251876Speter#endif /* __cplusplus */ 36251876Speter 37251876Speter 38251876Speter/** 39251876Speter * Macro to detect security related return values. 40251876Speter */ 41251876Speter#if defined(LDAP_INSUFFICIENT_ACCESS) 42251876Speter#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS 43251876Speter#elif defined(LDAP_INSUFFICIENT_RIGHTS) 44251876Speter#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS 45251876Speter#elif defined(APR_HAS_MICROSOFT_LDAPSDK) 46251876Speter/* The macros above fail to contemplate that LDAP_RETCODE values 47251876Speter * may be represented by an enum. autoconf tests would be much 48251876Speter * more robust. 49251876Speter */ 50251876Speter#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS 51251876Speter#else 52251876Speter#error The security return codes must be added to support this LDAP toolkit. 53251876Speter#endif 54251876Speter 55251876Speter#if defined(LDAP_SECURITY_ERROR) 56251876Speter#define APU_LDAP_SECURITY_ERROR LDAP_SECURITY_ERROR 57251876Speter#else 58251876Speter#define APU_LDAP_SECURITY_ERROR(n) \ 59251876Speter (LDAP_INAPPROPRIATE_AUTH == n) ? 1 \ 60251876Speter : (LDAP_INVALID_CREDENTIALS == n) ? 1 \ 61251876Speter : (APU_LDAP_INSUFFICIENT_ACCESS == n) ? 1 \ 62251876Speter : 0 63251876Speter#endif 64251876Speter 65251876Speter 66251876Speter/** 67251876Speter * APR LDAP SSL Initialise function 68251876Speter * 69251876Speter * This function initialises SSL on the underlying LDAP toolkit 70251876Speter * if this is necessary. 71251876Speter * 72251876Speter * If a CA certificate is provided, this is set, however the setting 73251876Speter * of certificates via this method has been deprecated and will be removed in 74251876Speter * APR v2.0. 75251876Speter * 76251876Speter * The apr_ldap_set_option() function with the APR_LDAP_OPT_TLS_CERT option 77251876Speter * should be used instead to set certificates. 78251876Speter * 79251876Speter * If SSL support is not available on this platform, or a problem 80251876Speter * was encountered while trying to set the certificate, the function 81251876Speter * will return APR_EGENERAL. Further LDAP specific error information 82251876Speter * can be found in result_err. 83251876Speter * @param pool The pool to use 84251876Speter * @param cert_auth_file The name of the certificate to use, can be NULL 85251876Speter * @param cert_file_type The type of certificate specified. See the 86251876Speter * apr_ldap_set_option() APR_LDAP_OPT_TLS_CERT option for details. 87251876Speter * @param result_err The returned result 88251876Speter */ 89251876SpeterAPU_DECLARE_LDAP(int) apr_ldap_ssl_init(apr_pool_t *pool, 90251876Speter const char *cert_auth_file, 91251876Speter int cert_file_type, 92251876Speter apr_ldap_err_t **result_err); 93251876Speter 94251876Speter/** 95251876Speter * APR LDAP SSL De-Initialise function 96251876Speter * 97251876Speter * This function tears down any SSL certificate setup previously 98251876Speter * set using apr_ldap_ssl_init(). It should be called to clean 99251876Speter * up if a graceful restart of a service is attempted. 100251876Speter * @todo currently we do not check whether apr_ldap_ssl_init() 101251876Speter * has been called first - we probably should. 102251876Speter */ 103251876SpeterAPU_DECLARE_LDAP(int) apr_ldap_ssl_deinit(void); 104251876Speter 105251876Speter/** 106251876Speter * APR LDAP initialise function 107251876Speter * 108251876Speter * This function is responsible for initialising an LDAP 109251876Speter * connection in a toolkit independant way. It does the 110251876Speter * job of ldap_init() from the C api. 111251876Speter * 112251876Speter * It handles both the SSL and non-SSL case, and attempts 113251876Speter * to hide the complexity setup from the user. This function 114251876Speter * assumes that any certificate setup necessary has already 115251876Speter * been done. 116251876Speter * 117251876Speter * If SSL or STARTTLS needs to be enabled, and the underlying 118251876Speter * toolkit supports it, the following values are accepted for 119251876Speter * secure: 120251876Speter * 121251876Speter * APR_LDAP_NONE: No encryption 122251876Speter * APR_LDAP_SSL: SSL encryption (ldaps://) 123251876Speter * APR_LDAP_STARTTLS: Force STARTTLS on ldap:// 124251876Speter * @remark The Novell toolkit is only able to set the SSL mode via this 125251876Speter * function. To work around this limitation, set the SSL mode here if no 126251876Speter * per connection client certificates are present, otherwise set secure 127251876Speter * APR_LDAP_NONE here, then set the per connection client certificates, 128251876Speter * followed by setting the SSL mode via apr_ldap_set_option(). As Novell 129251876Speter * does not support per connection client certificates, this problem is 130251876Speter * worked around while still being compatible with other LDAP toolkits. 131251876Speter * @param pool The pool to use 132251876Speter * @param ldap The LDAP handle 133251876Speter * @param hostname The name of the host to connect to. This can be either a 134251876Speter * DNS name, or an IP address. 135251876Speter * @param portno The port to connect to 136251876Speter * @param secure The security mode to set 137251876Speter * @param result_err The returned result 138251876Speter */ 139251876SpeterAPU_DECLARE_LDAP(int) apr_ldap_init(apr_pool_t *pool, 140251876Speter LDAP **ldap, 141251876Speter const char *hostname, 142251876Speter int portno, 143251876Speter int secure, 144251876Speter apr_ldap_err_t **result_err); 145251876Speter 146251876Speter/** 147251876Speter * APR LDAP info function 148251876Speter * 149251876Speter * This function returns a string describing the LDAP toolkit 150251876Speter * currently in use. The string is placed inside result_err->reason. 151251876Speter * @param pool The pool to use 152251876Speter * @param result_err The returned result 153251876Speter */ 154251876SpeterAPU_DECLARE_LDAP(int) apr_ldap_info(apr_pool_t *pool, 155251876Speter apr_ldap_err_t **result_err); 156251876Speter 157251876Speter#ifdef __cplusplus 158251876Speter} 159251876Speter#endif 160251876Speter 161251876Speter#endif /* APR_HAS_LDAP */ 162251876Speter 163251876Speter/** @} */ 164251876Speter 165251876Speter#endif /* APR_LDAP_URL_H */ 166