Apache Portable Runtime
usr
include
apr-1
apr_ldap_option.h
Go to the documentation of this file.
1
/* Licensed to the Apache Software Foundation (ASF) under one or more
2
* contributor license agreements. See the NOTICE file distributed with
3
* this work for additional information regarding copyright ownership.
4
* The ASF licenses this file to You under the Apache License, Version 2.0
5
* (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
*
8
* http://www.apache.org/licenses/LICENSE-2.0
9
*
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
15
*/
16
17
/**
18
* @file apr_ldap_option.h
19
* @brief APR-UTIL LDAP ldap_*_option() functions
20
*/
21
#ifndef APR_LDAP_OPTION_H
22
#define APR_LDAP_OPTION_H
23
24
/**
25
* @addtogroup APR_Util_LDAP
26
* @{
27
*/
28
29
#include "
apr_ldap.h
"
30
31
#if APR_HAS_LDAP
32
33
#ifdef __cplusplus
34
extern
"C"
{
35
#endif
/* __cplusplus */
36
37
/*
38
* The following defines handle the different TLS certificate
39
* options available. If these options are missing, APR will try and
40
* emulate support for this using the deprecated ldap_start_tls_s()
41
* function.
42
*/
43
/**
44
* Set SSL mode to one of APR_LDAP_NONE, APR_LDAP_SSL, APR_LDAP_STARTTLS
45
* or APR_LDAP_STOPTLS.
46
*/
47
#define APR_LDAP_OPT_TLS 0x6fff
48
/**
49
* Set zero or more CA certificates, client certificates or private
50
* keys globally, or per connection (where supported).
51
*/
52
#define APR_LDAP_OPT_TLS_CERT 0x6ffe
53
/**
54
* Set the LDAP library to no verify the server certificate. This means
55
* all servers are considered trusted.
56
*/
57
#define APR_LDAP_OPT_VERIFY_CERT 0x6ffd
58
/**
59
* Set the LDAP library to indicate if referrals should be chased during
60
* LDAP searches.
61
*/
62
#define APR_LDAP_OPT_REFERRALS 0x6ffc
63
/**
64
* Set the LDAP library to indicate a maximum number of referral hops to
65
* chase before giving up on the search.
66
*/
67
#define APR_LDAP_OPT_REFHOPLIMIT 0x6ffb
68
69
/**
70
* Structures for the apr_set_option() cases
71
*/
72
73
/**
74
* APR_LDAP_OPT_TLS_CERT
75
*
76
* This structure includes possible options to set certificates on
77
* system initialisation. Different SDKs have different certificate
78
* requirements, and to achieve this multiple certificates must be
79
* specified at once passed as an (apr_array_header_t *).
80
*
81
* Netscape:
82
* Needs the CA cert database (cert7.db), the client cert database (key3.db)
83
* and the security module file (secmod.db) set at the system initialisation
84
* time. Three types are supported: APR_LDAP_CERT7_DB, APR_LDAP_KEY3_DB and
85
* APR_LDAP_SECMOD.
86
*
87
* To specify a client cert connection, a certificate nickname needs to be
88
* provided with a type of APR_LDAP_CERT.
89
* int ldapssl_enable_clientauth( LDAP *ld, char *keynickname,
90
* char *keypasswd, char *certnickname );
91
* keynickname is currently not used, and should be set to ""
92
*
93
* Novell:
94
* Needs CA certificates and client certificates set at system initialisation
95
* time. Three types are supported: APR_LDAP_CA*, APR_LDAP_CERT* and
96
* APR_LDAP_KEY*.
97
*
98
* Certificates cannot be specified per connection.
99
*
100
* The functions used are:
101
* ldapssl_add_trusted_cert(serverTrustedRoot, serverTrustedRootEncoding);
102
* Clients certs and keys are set at system initialisation time with
103
* int ldapssl_set_client_cert (
104
* void *cert,
105
* int type
106
* void *password);
107
* type can be LDAPSSL_CERT_FILETYPE_B64 or LDAPSSL_CERT_FILETYPE_DER
108
* ldapssl_set_client_private_key(clientPrivateKey,
109
* clientPrivateKeyEncoding,
110
* clientPrivateKeyPassword);
111
*
112
* OpenSSL:
113
* Needs one or more CA certificates to be set at system initialisation time
114
* with a type of APR_LDAP_CA*.
115
*
116
* May have one or more client certificates set per connection with a type of
117
* APR_LDAP_CERT*, and keys with APR_LDAP_KEY*.
118
*/
119
/** CA certificate type unknown */
120
#define APR_LDAP_CA_TYPE_UNKNOWN 0
121
/** binary DER encoded CA certificate */
122
#define APR_LDAP_CA_TYPE_DER 1
123
/** PEM encoded CA certificate */
124
#define APR_LDAP_CA_TYPE_BASE64 2
125
/** Netscape/Mozilla cert7.db CA certificate database */
126
#define APR_LDAP_CA_TYPE_CERT7_DB 3
127
/** Netscape/Mozilla secmod file */
128
#define APR_LDAP_CA_TYPE_SECMOD 4
129
/** Client certificate type unknown */
130
#define APR_LDAP_CERT_TYPE_UNKNOWN 5
131
/** binary DER encoded client certificate */
132
#define APR_LDAP_CERT_TYPE_DER 6
133
/** PEM encoded client certificate */
134
#define APR_LDAP_CERT_TYPE_BASE64 7
135
/** Netscape/Mozilla key3.db client certificate database */
136
#define APR_LDAP_CERT_TYPE_KEY3_DB 8
137
/** Netscape/Mozilla client certificate nickname */
138
#define APR_LDAP_CERT_TYPE_NICKNAME 9
139
/** Private key type unknown */
140
#define APR_LDAP_KEY_TYPE_UNKNOWN 10
141
/** binary DER encoded private key */
142
#define APR_LDAP_KEY_TYPE_DER 11
143
/** PEM encoded private key */
144
#define APR_LDAP_KEY_TYPE_BASE64 12
145
/** PKCS#12 encoded client certificate */
146
#define APR_LDAP_CERT_TYPE_PFX 13
147
/** PKCS#12 encoded private key */
148
#define APR_LDAP_KEY_TYPE_PFX 14
149
/** Openldap directory full of base64-encoded cert
150
* authorities with hashes in corresponding .0 directory
151
*/
152
#define APR_LDAP_CA_TYPE_CACERTDIR_BASE64 15
153
154
155
/**
156
* Certificate structure.
157
*
158
* This structure is used to store certificate details. An array of
159
* these structures is passed to apr_ldap_set_option() to set CA
160
* and client certificates.
161
* @param type Type of certificate APR_LDAP_*_TYPE_*
162
* @param path Path, file or nickname of the certificate
163
* @param password Optional password, can be NULL
164
*/
165
typedef
struct
apr_ldap_opt_tls_cert_t
apr_ldap_opt_tls_cert_t
;
166
struct
apr_ldap_opt_tls_cert_t
{
167
int
type;
168
const
char
*path;
169
const
char
*password;
170
};
171
172
/**
173
* APR_LDAP_OPT_TLS
174
*
175
* This sets the SSL level on the LDAP handle.
176
*
177
* Netscape/Mozilla:
178
* Supports SSL, but not STARTTLS
179
* SSL is enabled by calling ldapssl_install_routines().
180
*
181
* Novell:
182
* Supports SSL and STARTTLS.
183
* SSL is enabled by calling ldapssl_install_routines(). Note that calling
184
* other ldap functions before ldapssl_install_routines() may cause this
185
* function to fail.
186
* STARTTLS is enabled by calling ldapssl_start_tls_s() after calling
187
* ldapssl_install_routines() (check this).
188
*
189
* OpenLDAP:
190
* Supports SSL and supports STARTTLS, but none of this is documented:
191
* http://www.openldap.org/lists/openldap-software/200409/msg00618.html
192
* Documentation for both SSL support and STARTTLS has been deleted from
193
* the OpenLDAP documentation and website.
194
*/
195
196
/** No encryption */
197
#define APR_LDAP_NONE 0
198
/** SSL encryption (ldaps://) */
199
#define APR_LDAP_SSL 1
200
/** TLS encryption (STARTTLS) */
201
#define APR_LDAP_STARTTLS 2
202
/** end TLS encryption (STOPTLS) */
203
#define APR_LDAP_STOPTLS 3
204
205
/**
206
* APR LDAP get option function
207
*
208
* This function gets option values from a given LDAP session if
209
* one was specified. It maps to the native ldap_get_option() function.
210
* @param pool The pool to use
211
* @param ldap The LDAP handle
212
* @param option The LDAP_OPT_* option to return
213
* @param outvalue The value returned (if any)
214
* @param result_err The apr_ldap_err_t structure contained detailed results
215
* of the operation.
216
*/
217
APU_DECLARE_LDAP(
int
)
apr_ldap_get_option
(
apr_pool_t
*pool,
218
LDAP *ldap,
219
int
option,
220
void
*outvalue,
221
apr_ldap_err_t
**result_err);
222
223
/**
224
* APR LDAP set option function
225
*
226
* This function sets option values to a given LDAP session if
227
* one was specified. It maps to the native ldap_set_option() function.
228
*
229
* Where an option is not supported by an LDAP toolkit, this function
230
* will try and apply legacy functions to achieve the same effect,
231
* depending on the platform.
232
* @param pool The pool to use
233
* @param ldap The LDAP handle
234
* @param option The LDAP_OPT_* option to set
235
* @param invalue The value to set
236
* @param result_err The apr_ldap_err_t structure contained detailed results
237
* of the operation.
238
*/
239
APU_DECLARE_LDAP(
int
)
apr_ldap_set_option
(
apr_pool_t
*pool,
240
LDAP *ldap,
241
int
option,
242
const
void
*invalue,
243
apr_ldap_err_t
**result_err);
244
245
#ifdef __cplusplus
246
}
247
#endif
248
249
#endif
/* APR_HAS_LDAP */
250
251
/** @} */
252
253
#endif
/* APR_LDAP_OPTION_H */
254
apr_ldap_err_t
Definition:
apr_ldap.h:148
apr_ldap_opt_tls_cert_t
Definition:
apr_ldap_option.h:166
apr_ldap_set_option
int apr_ldap_set_option(apr_pool_t *pool, LDAP *ldap, int option, const void *invalue, apr_ldap_err_t **result_err)
apr_ldap_get_option
int apr_ldap_get_option(apr_pool_t *pool, LDAP *ldap, int option, void *outvalue, apr_ldap_err_t **result_err)
apr_ldap.h
APR-UTIL LDAP.
apr_pool_t
struct apr_pool_t apr_pool_t
Definition:
apr_pools.h:60
Generated by
1.8.17