/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file apr_ldap_option.h
* @brief APR-UTIL LDAP ldap_*_option() functions
*/
#ifndef APR_LDAP_OPTION_H
#define APR_LDAP_OPTION_H
/**
* @addtogroup APR_Util_LDAP
* @{
*/
#include "apr_ldap.h"
#if APR_HAS_LDAP
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/*
* The following defines handle the different TLS certificate
* options available. If these options are missing, APR will try and
* emulate support for this using the deprecated ldap_start_tls_s()
* function.
*/
/**
* Set SSL mode to one of APR_LDAP_NONE, APR_LDAP_SSL, APR_LDAP_STARTTLS
* or APR_LDAP_STOPTLS.
*/
#define APR_LDAP_OPT_TLS 0x6fff
/**
* Set zero or more CA certificates, client certificates or private
* keys globally, or per connection (where supported).
*/
#define APR_LDAP_OPT_TLS_CERT 0x6ffe
/**
* Set the LDAP library to no verify the server certificate. This means
* all servers are considered trusted.
*/
#define APR_LDAP_OPT_VERIFY_CERT 0x6ffd
/**
* Set the LDAP library to indicate if referrals should be chased during
* LDAP searches.
*/
#define APR_LDAP_OPT_REFERRALS 0x6ffc
/**
* Set the LDAP library to indicate a maximum number of referral hops to
* chase before giving up on the search.
*/
#define APR_LDAP_OPT_REFHOPLIMIT 0x6ffb
/**
* Structures for the apr_set_option() cases
*/
/**
* APR_LDAP_OPT_TLS_CERT
*
* This structure includes possible options to set certificates on
* system initialisation. Different SDKs have different certificate
* requirements, and to achieve this multiple certificates must be
* specified at once passed as an (apr_array_header_t *).
*
* Netscape:
* Needs the CA cert database (cert7.db), the client cert database (key3.db)
* and the security module file (secmod.db) set at the system initialisation
* time. Three types are supported: APR_LDAP_CERT7_DB, APR_LDAP_KEY3_DB and
* APR_LDAP_SECMOD.
*
* To specify a client cert connection, a certificate nickname needs to be
* provided with a type of APR_LDAP_CERT.
* int ldapssl_enable_clientauth( LDAP *ld, char *keynickname,
* char *keypasswd, char *certnickname );
* keynickname is currently not used, and should be set to ""
*
* Novell:
* Needs CA certificates and client certificates set at system initialisation
* time. Three types are supported: APR_LDAP_CA*, APR_LDAP_CERT* and
* APR_LDAP_KEY*.
*
* Certificates cannot be specified per connection.
*
* The functions used are:
* ldapssl_add_trusted_cert(serverTrustedRoot, serverTrustedRootEncoding);
* Clients certs and keys are set at system initialisation time with
* int ldapssl_set_client_cert (
* void *cert,
* int type
* void *password);
* type can be LDAPSSL_CERT_FILETYPE_B64 or LDAPSSL_CERT_FILETYPE_DER
* ldapssl_set_client_private_key(clientPrivateKey,
* clientPrivateKeyEncoding,
* clientPrivateKeyPassword);
*
* OpenSSL:
* Needs one or more CA certificates to be set at system initialisation time
* with a type of APR_LDAP_CA*.
*
* May have one or more client certificates set per connection with a type of
* APR_LDAP_CERT*, and keys with APR_LDAP_KEY*.
*/
/** CA certificate type unknown */
#define APR_LDAP_CA_TYPE_UNKNOWN 0
/** binary DER encoded CA certificate */
#define APR_LDAP_CA_TYPE_DER 1
/** PEM encoded CA certificate */
#define APR_LDAP_CA_TYPE_BASE64 2
/** Netscape/Mozilla cert7.db CA certificate database */
#define APR_LDAP_CA_TYPE_CERT7_DB 3
/** Netscape/Mozilla secmod file */
#define APR_LDAP_CA_TYPE_SECMOD 4
/** Client certificate type unknown */
#define APR_LDAP_CERT_TYPE_UNKNOWN 5
/** binary DER encoded client certificate */
#define APR_LDAP_CERT_TYPE_DER 6
/** PEM encoded client certificate */
#define APR_LDAP_CERT_TYPE_BASE64 7
/** Netscape/Mozilla key3.db client certificate database */
#define APR_LDAP_CERT_TYPE_KEY3_DB 8
/** Netscape/Mozilla client certificate nickname */
#define APR_LDAP_CERT_TYPE_NICKNAME 9
/** Private key type unknown */
#define APR_LDAP_KEY_TYPE_UNKNOWN 10
/** binary DER encoded private key */
#define APR_LDAP_KEY_TYPE_DER 11
/** PEM encoded private key */
#define APR_LDAP_KEY_TYPE_BASE64 12
/** PKCS#12 encoded client certificate */
#define APR_LDAP_CERT_TYPE_PFX 13
/** PKCS#12 encoded private key */
#define APR_LDAP_KEY_TYPE_PFX 14
/** Openldap directory full of base64-encoded cert
* authorities with hashes in corresponding .0 directory
*/
#define APR_LDAP_CA_TYPE_CACERTDIR_BASE64 15
/**
* Certificate structure.
*
* This structure is used to store certificate details. An array of
* these structures is passed to apr_ldap_set_option() to set CA
* and client certificates.
* @param type Type of certificate APR_LDAP_*_TYPE_*
* @param path Path, file or nickname of the certificate
* @param password Optional password, can be NULL
*/
typedef struct apr_ldap_opt_tls_cert_t apr_ldap_opt_tls_cert_t;
struct apr_ldap_opt_tls_cert_t {
int type;
const char *path;
const char *password;
};
/**
* APR_LDAP_OPT_TLS
*
* This sets the SSL level on the LDAP handle.
*
* Netscape/Mozilla:
* Supports SSL, but not STARTTLS
* SSL is enabled by calling ldapssl_install_routines().
*
* Novell:
* Supports SSL and STARTTLS.
* SSL is enabled by calling ldapssl_install_routines(). Note that calling
* other ldap functions before ldapssl_install_routines() may cause this
* function to fail.
* STARTTLS is enabled by calling ldapssl_start_tls_s() after calling
* ldapssl_install_routines() (check this).
*
* OpenLDAP:
* Supports SSL and supports STARTTLS, but none of this is documented:
* http://www.openldap.org/lists/openldap-software/200409/msg00618.html
* Documentation for both SSL support and STARTTLS has been deleted from
* the OpenLDAP documentation and website.
*/
/** No encryption */
#define APR_LDAP_NONE 0
/** SSL encryption (ldaps://) */
#define APR_LDAP_SSL 1
/** TLS encryption (STARTTLS) */
#define APR_LDAP_STARTTLS 2
/** end TLS encryption (STOPTLS) */
#define APR_LDAP_STOPTLS 3
/**
* APR LDAP get option function
*
* This function gets option values from a given LDAP session if
* one was specified. It maps to the native ldap_get_option() function.
* @param pool The pool to use
* @param ldap The LDAP handle
* @param option The LDAP_OPT_* option to return
* @param outvalue The value returned (if any)
* @param result_err The apr_ldap_err_t structure contained detailed results
* of the operation.
*/
APU_DECLARE_LDAP(int) apr_ldap_get_option(apr_pool_t *pool,
LDAP *ldap,
int option,
void *outvalue,
apr_ldap_err_t **result_err);
/**
* APR LDAP set option function
*
* This function sets option values to a given LDAP session if
* one was specified. It maps to the native ldap_set_option() function.
*
* Where an option is not supported by an LDAP toolkit, this function
* will try and apply legacy functions to achieve the same effect,
* depending on the platform.
* @param pool The pool to use
* @param ldap The LDAP handle
* @param option The LDAP_OPT_* option to set
* @param invalue The value to set
* @param result_err The apr_ldap_err_t structure contained detailed results
* of the operation.
*/
APU_DECLARE_LDAP(int) apr_ldap_set_option(apr_pool_t *pool,
LDAP *ldap,
int option,
const void *invalue,
apr_ldap_err_t **result_err);
#ifdef __cplusplus
}
#endif
#endif /* APR_HAS_LDAP */
/** @} */
#endif /* APR_LDAP_OPTION_H */
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| apr-x86_64.h | File | 17.89 KB | 0644 |
|
| apr.h | File | 636 B | 0644 |
|
| apr_allocator.h | File | 6.07 KB | 0644 |
|
| apr_anylock.h | File | 4.93 KB | 0644 |
|
| apr_atomic.h | File | 6.04 KB | 0644 |
|
| apr_base64.h | File | 3.75 KB | 0644 |
|
| apr_buckets.h | File | 63.15 KB | 0644 |
|
| apr_crypto.h | File | 19.68 KB | 0644 |
|
| apr_cstr.h | File | 11.13 KB | 0644 |
|
| apr_date.h | File | 3.47 KB | 0644 |
|
| apr_dbd.h | File | 23.35 KB | 0644 |
|
| apr_dbm.h | File | 8.4 KB | 0644 |
|
| apr_dso.h | File | 2.64 KB | 0644 |
|
| apr_encode.h | File | 30.35 KB | 0644 |
|
| apr_env.h | File | 2.06 KB | 0644 |
|
| apr_errno.h | File | 53.77 KB | 0644 |
|
| apr_escape.h | File | 17.23 KB | 0644 |
|
| apr_file_info.h | File | 17.17 KB | 0644 |
|
| apr_file_io.h | File | 42.88 KB | 0644 |
|
| apr_fnmatch.h | File | 6.08 KB | 0644 |
|
| apr_general.h | File | 7.34 KB | 0644 |
|
| apr_getopt.h | File | 5.84 KB | 0644 |
|
| apr_global_mutex.h | File | 7.19 KB | 0644 |
|
| apr_hash.h | File | 10.08 KB | 0644 |
|
| apr_hooks.h | File | 12.36 KB | 0644 |
|
| apr_inherit.h | File | 2.09 KB | 0644 |
|
| apr_ldap.h | File | 5.57 KB | 0644 |
|
| apr_ldap_init.h | File | 5.64 KB | 0644 |
|
| apr_ldap_option.h | File | 8.4 KB | 0644 |
|
| apr_ldap_rebind.h | File | 3.09 KB | 0644 |
|
| apr_ldap_url.h | File | 3.71 KB | 0644 |
|
| apr_lib.h | File | 8.23 KB | 0644 |
|
| apr_md4.h | File | 4.42 KB | 0644 |
|
| apr_md5.h | File | 6.2 KB | 0644 |
|
| apr_memcache.h | File | 16.82 KB | 0644 |
|
| apr_mmap.h | File | 5.01 KB | 0644 |
|
| apr_network_io.h | File | 36.02 KB | 0644 |
|
| apr_optional.h | File | 2.71 KB | 0644 |
|
| apr_optional_hooks.h | File | 3.78 KB | 0644 |
|
| apr_perms_set.h | File | 1.86 KB | 0644 |
|
| apr_poll.h | File | 20.6 KB | 0644 |
|
| apr_pools.h | File | 30.94 KB | 0644 |
|
| apr_portable.h | File | 20.02 KB | 0644 |
|
| apr_proc_mutex.h | File | 6.85 KB | 0644 |
|
| apr_queue.h | File | 3.98 KB | 0644 |
|
| apr_random.h | File | 4.92 KB | 0644 |
|
| apr_redis.h | File | 15.62 KB | 0644 |
|
| apr_reslist.h | File | 7.01 KB | 0644 |
|
| apr_ring.h | File | 18.78 KB | 0644 |
|
| apr_rmm.h | File | 4.67 KB | 0644 |
|
| apr_sdbm.h | File | 5.97 KB | 0644 |
|
| apr_sha1.h | File | 3.79 KB | 0644 |
|
| apr_shm.h | File | 9.26 KB | 0644 |
|
| apr_signal.h | File | 2.7 KB | 0644 |
|
| apr_siphash.h | File | 6.01 KB | 0644 |
|
| apr_skiplist.h | File | 14.19 KB | 0644 |
|
| apr_strings.h | File | 14.55 KB | 0644 |
|
| apr_strmatch.h | File | 2.61 KB | 0644 |
|
| apr_support.h | File | 1.6 KB | 0644 |
|
| apr_tables.h | File | 18.9 KB | 0644 |
|
| apr_thread_cond.h | File | 5.4 KB | 0644 |
|
| apr_thread_mutex.h | File | 4.39 KB | 0644 |
|
| apr_thread_pool.h | File | 10.84 KB | 0644 |
|
| apr_thread_proc.h | File | 36.8 KB | 0644 |
|
| apr_thread_rwlock.h | File | 4.65 KB | 0644 |
|
| apr_time.h | File | 7.39 KB | 0644 |
|
| apr_uri.h | File | 6.43 KB | 0644 |
|
| apr_user.h | File | 5.19 KB | 0644 |
|
| apr_uuid.h | File | 2.05 KB | 0644 |
|
| apr_version.h | File | 5.22 KB | 0644 |
|
| apr_want.h | File | 2.89 KB | 0644 |
|
| apr_xlate.h | File | 6.26 KB | 0644 |
|
| apr_xml.h | File | 12.19 KB | 0644 |
|
| apu.h | File | 4.22 KB | 0644 |
|
| apu_errno.h | File | 5.32 KB | 0644 |
|
| apu_version.h | File | 4.2 KB | 0644 |
|
| apu_want.h | File | 1.45 KB | 0644 |
|