freebsd-nq/contrib/apr-util/include/apr_ldap_init.h
Peter Wemm 937a200089 Introduce svnlite so that we can check out our source code again.
This is actually a fully functional build except:
* All internal shared libraries are static linked to make sure there
  is no interference with ports (and to reduce build time).
* It does not have the python/perl/etc plugin or API support.
* By default, it installs as "svnlite" rather than "svn".
* If WITH_SVN added in make.conf, you get "svn".
* If WITHOUT_SVNLITE is in make.conf, this is completely disabled.

To be absolutely clear, this is not intended for any use other than
checking out freebsd source and committing, like we once did with cvs.

It should be usable for small scale local repositories that don't
need the python/perl plugin architecture.
2013-06-18 02:53:45 +00:00

166 lines
5.6 KiB
C

/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file apr_ldap_init.h
* @brief APR-UTIL LDAP ldap_init() functions
*/
#ifndef APR_LDAP_INIT_H
#define APR_LDAP_INIT_H
/**
* @addtogroup APR_Util_LDAP
* @{
*/
#include "apr_ldap.h"
#if APR_HAS_LDAP
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/**
* Macro to detect security related return values.
*/
#if defined(LDAP_INSUFFICIENT_ACCESS)
#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS
#elif defined(LDAP_INSUFFICIENT_RIGHTS)
#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
#elif defined(APR_HAS_MICROSOFT_LDAPSDK)
/* The macros above fail to contemplate that LDAP_RETCODE values
* may be represented by an enum. autoconf tests would be much
* more robust.
*/
#define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
#else
#error The security return codes must be added to support this LDAP toolkit.
#endif
#if defined(LDAP_SECURITY_ERROR)
#define APU_LDAP_SECURITY_ERROR LDAP_SECURITY_ERROR
#else
#define APU_LDAP_SECURITY_ERROR(n) \
(LDAP_INAPPROPRIATE_AUTH == n) ? 1 \
: (LDAP_INVALID_CREDENTIALS == n) ? 1 \
: (APU_LDAP_INSUFFICIENT_ACCESS == n) ? 1 \
: 0
#endif
/**
* APR LDAP SSL Initialise function
*
* This function initialises SSL on the underlying LDAP toolkit
* if this is necessary.
*
* If a CA certificate is provided, this is set, however the setting
* of certificates via this method has been deprecated and will be removed in
* APR v2.0.
*
* The apr_ldap_set_option() function with the APR_LDAP_OPT_TLS_CERT option
* should be used instead to set certificates.
*
* If SSL support is not available on this platform, or a problem
* was encountered while trying to set the certificate, the function
* will return APR_EGENERAL. Further LDAP specific error information
* can be found in result_err.
* @param pool The pool to use
* @param cert_auth_file The name of the certificate to use, can be NULL
* @param cert_file_type The type of certificate specified. See the
* apr_ldap_set_option() APR_LDAP_OPT_TLS_CERT option for details.
* @param result_err The returned result
*/
APU_DECLARE_LDAP(int) apr_ldap_ssl_init(apr_pool_t *pool,
const char *cert_auth_file,
int cert_file_type,
apr_ldap_err_t **result_err);
/**
* APR LDAP SSL De-Initialise function
*
* This function tears down any SSL certificate setup previously
* set using apr_ldap_ssl_init(). It should be called to clean
* up if a graceful restart of a service is attempted.
* @todo currently we do not check whether apr_ldap_ssl_init()
* has been called first - we probably should.
*/
APU_DECLARE_LDAP(int) apr_ldap_ssl_deinit(void);
/**
* APR LDAP initialise function
*
* This function is responsible for initialising an LDAP
* connection in a toolkit independant way. It does the
* job of ldap_init() from the C api.
*
* It handles both the SSL and non-SSL case, and attempts
* to hide the complexity setup from the user. This function
* assumes that any certificate setup necessary has already
* been done.
*
* If SSL or STARTTLS needs to be enabled, and the underlying
* toolkit supports it, the following values are accepted for
* secure:
*
* APR_LDAP_NONE: No encryption
* APR_LDAP_SSL: SSL encryption (ldaps://)
* APR_LDAP_STARTTLS: Force STARTTLS on ldap://
* @remark The Novell toolkit is only able to set the SSL mode via this
* function. To work around this limitation, set the SSL mode here if no
* per connection client certificates are present, otherwise set secure
* APR_LDAP_NONE here, then set the per connection client certificates,
* followed by setting the SSL mode via apr_ldap_set_option(). As Novell
* does not support per connection client certificates, this problem is
* worked around while still being compatible with other LDAP toolkits.
* @param pool The pool to use
* @param ldap The LDAP handle
* @param hostname The name of the host to connect to. This can be either a
* DNS name, or an IP address.
* @param portno The port to connect to
* @param secure The security mode to set
* @param result_err The returned result
*/
APU_DECLARE_LDAP(int) apr_ldap_init(apr_pool_t *pool,
LDAP **ldap,
const char *hostname,
int portno,
int secure,
apr_ldap_err_t **result_err);
/**
* APR LDAP info function
*
* This function returns a string describing the LDAP toolkit
* currently in use. The string is placed inside result_err->reason.
* @param pool The pool to use
* @param result_err The returned result
*/
APU_DECLARE_LDAP(int) apr_ldap_info(apr_pool_t *pool,
apr_ldap_err_t **result_err);
#ifdef __cplusplus
}
#endif
#endif /* APR_HAS_LDAP */
/** @} */
#endif /* APR_LDAP_URL_H */