ap_ldap_init.h revision 70fa390b2e3c5cad908ed38289ace42b5c894610
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file ap_ldap_init.h
* @brief AP-UTIL LDAP ldap_init() functions
*/
#ifndef AP_LDAP_INIT_H
#define AP_LDAP_INIT_H
/**
* @addtogroup AP_Util_LDAP
* @{
*/
#if AP_HAS_LDAP
#include "ap_ldap.h"
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/**
* Macro to detect security related return values.
*/
#if defined(LDAP_INSUFFICIENT_ACCESS)
#define AP_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS
#elif defined(LDAP_INSUFFICIENT_RIGHTS)
#define AP_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
#elif defined(AP_HAS_MICROSOFT_LDAPSDK)
/* The macros above fail to contemplate that LDAP_RETCODE values
* may be represented by an enum. autoconf tests would be much
* more robust.
*/
#define AP_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
#else
#error The security return codes must be added to support this LDAP toolkit.
#endif
#if defined(LDAP_SECURITY_ERROR)
#define AP_LDAP_SECURITY_ERROR LDAP_SECURITY_ERROR
#else
#define AP_LDAP_SECURITY_ERROR(n) \
(LDAP_INAPPROPRIATE_AUTH == n) ? 1 \
: (LDAP_INVALID_CREDENTIALS == n) ? 1 \
: (AP_LDAP_INSUFFICIENT_ACCESS == n) ? 1 \
: 0
#endif
/**
* LDAP SSL Initialise function
*
* This function initialises SSL on the underlying LDAP toolkit
* if this is necessary.
*
* @bug ??? If a CA certificate is provided, this is set, however the setting
* of certificates via this method has been deprecated and will be removed in
* APR v2.0 ???
*
* The ap_ldap_set_option() function with the AP_LDAP_OPT_TLS_CERT option
* should be used instead to set certificates.
*
* If SSL support is not available on this platform, or a problem
* was encountered while trying to set the certificate, the function
* will return APR_EGENERAL. Further LDAP specific error information
* can be found in result_err.
* @param pool The pool to use
* @param cert_auth_file The name of the certificate to use, can be NULL
* @param cert_file_type The type of certificate specified. See the
* ap_ldap_set_option() AP_LDAP_OPT_TLS_CERT option for details.
* @param result_err The returned result
*/
LDAP_DECLARE(int) ap_ldap_ssl_init(apr_pool_t *pool,
const char *cert_auth_file,
int cert_file_type,
ap_ldap_err_t **result_err);
/**
* LDAP SSL De-Initialise function
*
* This function tears down any SSL certificate setup previously
* set using ap_ldap_ssl_init(). It should be called to clean
* up if a graceful restart of a service is attempted.
* @todo currently we do not check whether ap_ldap_ssl_init()
* has been called first - we probably should.
*/
LDAP_DECLARE(int) ap_ldap_ssl_deinit(void);
/**
* LDAP initialise function
*
* This function is responsible for initialising an LDAP
* connection in a toolkit independant way. It does the
* job of ldap_init() from the C api.
*
* It handles both the SSL and non-SSL case, and attempts
* to hide the complexity setup from the user. This function
* assumes that any certificate setup necessary has already
* been done.
*
* If SSL or STARTTLS needs to be enabled, and the underlying
* toolkit supports it, the following values are accepted for
* secure:
*
* AP_LDAP_NONE: No encryption
* AP_LDAP_SSL: SSL encryption (ldaps://)
* AP_LDAP_STARTTLS: Force STARTTLS on ldap://
* @remark The Novell toolkit is only able to set the SSL mode via this
* function. To work around this limitation, set the SSL mode here if no
* per connection client certificates are present, otherwise set secure
* AP_LDAP_NONE here, then set the per connection client certificates,
* followed by setting the SSL mode via ap_ldap_set_option(). As Novell
* does not support per connection client certificates, this problem is
* worked around while still being compatible with other LDAP toolkits.
* @param pool The pool to use
* @param ldap The LDAP handle
* @param hostname The name of the host to connect to. This can be either a
* DNS name, or an IP address.
* @param portno The port to connect to
* @param secure The security mode to set
* @param result_err The returned result
*/
LDAP_DECLARE(int) ap_ldap_init(apr_pool_t *pool,
LDAP **ldap,
const char *hostname,
int portno,
int secure,
ap_ldap_err_t **result_err);
/**
* LDAP info function
*
* This function returns a string describing the LDAP toolkit
* currently in use. The string is placed inside result_err->reason.
* @param pool The pool to use
* @param result_err The returned result
*/
LDAP_DECLARE(int) ap_ldap_info(apr_pool_t *pool,
ap_ldap_err_t **result_err);
#ifdef __cplusplus
}
#endif
#endif /* AP_HAS_LDAP */
/** @} */
#endif /* AP_LDAP_URL_H */