Apache Portable Runtime
apr_ldap_internal.h
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef APR_LDAP_INTERNAL_H
18 #define APR_LDAP_INTERNAL_H
19 
20 #include "apr_private.h"
21 #include "apr_ldap.h"
22 #include "apr_skiplist.h"
23 
24 #ifdef __cplusplus
25 extern "C" {
26 #endif
27 
28 #if APR_HAS_LDAP
29 
30 /*
31  * Include the standard LDAP header files.
32  */
33 
34 #if APR_HAS_MICROSOFT_LDAPSDK
35 #include <winldap.h>
36 #else
37 #include <lber.h>
38 #include <ldap.h>
39 #endif
40 
41 
42 /*
43  * Make sure the secure LDAP port is defined
44  */
45 #ifndef LDAPS_PORT
46 #define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
47 #endif
48 
49 /*
50  * For ldap function calls that input a size limit on the number of returned elements
51  * Some SDKs do not have the define for LDAP_DEFAULT_LIMIT (-1) or LDAP_NO_LIMIT (0)
52  * LDAP_DEFAULT_LIMIT is preferred as it allows inheritance from whatever the SDK
53  * or process is configured for.
54  */
55 #ifdef LDAP_DEFAULT_LIMIT
56 #define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
57 #else
58 #ifdef LDAP_NO_LIMIT
59 #define APR_LDAP_SIZELIMIT LDAP_NO_LIMIT
60 #endif
61 #endif
62 
63 #ifndef APR_LDAP_SIZELIMIT
64 #define APR_LDAP_SIZELIMIT 0 /* equivalent to LDAP_NO_LIMIT, and what goes on the wire */
65 #endif
66 
67 /*
68  * z/OS is missing some defines
69  */
70 #ifndef LDAP_VERSION_MAX
71 #define LDAP_VERSION_MAX LDAP_VERSION
72 #endif
73 #if APR_HAS_ZOS_LDAPSDK
74 #define LDAP_VENDOR_NAME "IBM z/OS"
75 #endif
76 
77 /*
78  * LDAP v2.0 is history.
79  */
80 #if LDAP_VERSION_MAX <= 2
81 #error Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit.
82 #endif
83 
84 
85 
86 /* The MS SDK returns LDAP_UNAVAILABLE when the backend has closed the connection
87  * between LDAP calls. Protect with APR_HAS_MICROSOFT_LDAPSDK in case someone
88  * manually chooses another SDK on Windows
89  */
90 #if APR_HAS_MICROSOFT_LDAPSDK
91 #define APR_LDAP_IS_SERVER_DOWN(s) ((s) == LDAP_SERVER_DOWN \
92  || (s) == LDAP_UNAVAILABLE)
93 #else
94 #define APR_LDAP_IS_SERVER_DOWN(s) ((s) == LDAP_SERVER_DOWN)
95 #endif
96 
97 
98 
99 /**
100  * Macro to detect security related return values.
101  */
102 #if defined(LDAP_INSUFFICIENT_ACCESS)
103 #define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_ACCESS
104 #elif defined(LDAP_INSUFFICIENT_RIGHTS)
105 #define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
106 #elif defined(APR_HAS_MICROSOFT_LDAPSDK)
107 /* The macros above fail to contemplate that LDAP_RETCODE values
108  * may be represented by an enum. autoconf tests would be much
109  * more robust.
110  */
111 #define APU_LDAP_INSUFFICIENT_ACCESS LDAP_INSUFFICIENT_RIGHTS
112 #else
113 #error The security return codes must be added to support this LDAP toolkit.
114 #endif
115 
116 #if defined(LDAP_SECURITY_ERROR)
117 #define APU_LDAP_SECURITY_ERROR LDAP_SECURITY_ERROR
118 #else
119 #define APU_LDAP_SECURITY_ERROR(n) \
120  (LDAP_INAPPROPRIATE_AUTH == n) ? 1 \
121  : (LDAP_INVALID_CREDENTIALS == n) ? 1 \
122  : (APU_LDAP_INSUFFICIENT_ACCESS == n) ? 1 \
123  : 0
124 #endif
125 
126 
127 typedef struct apr_ldap_t {
128  apr_pool_t *pool;
129  LDAP *ld;
130  apr_socket_t *socket;
131  apr_skiplist *results;
132  apr_array_header_t *abandons;
133  apr_array_header_t *prepares;
134  LDAPControl **serverctrls;
135  LDAPControl **clientctrls;
136  apu_err_t err;
137  apr_status_t status;
138 } apr_ldap_t;
139 
140 
141 typedef struct apr_ldap_prepare_t {
142  apr_pool_t *pool;
144  void *ctx;
145 } apr_ldap_prepare_t;
146 
147 
148 
149 typedef struct apr_ldap_result_t {
150  apr_pool_t *pool;
151  apr_ldap_t *ld;
152  const char *mech;
153  const char *rmech;
154  LDAPMessage *message;
155  int msgid;
156  int msgtype;
157  union {
158  apr_ldap_bind_cb bind;
159  apr_ldap_compare_cb compare;
161  } cb;
162  union {
164  } entry_cb;
165  void *ctx;
166  apr_size_t nentries;
167 } apr_ldap_result_t;
168 
169 
170 
171 APU_DECLARE_LDAP(apr_status_t) apr_ldap_status(int rc, apr_status_t status);
172 
173 APU_DECLARE_LDAP(void) apr_ldap_result_add(apr_pool_t *pool,
174  apr_ldap_t *ldap,
175  apr_ldap_result_t *res,
176  int msgid)
177  __attribute__((nonnull(1,2,3)));
178 
179 
180 
181 
182 #if APR_HAVE_MODULAR_DSO
183 
184 /* For LDAP internal builds, wrap our LDAP namespace */
185 
186 struct apr__ldap_dso_fntable {
187  int (*info)(apr_pool_t *pool, apu_err_t **err);
188  apr_status_t (*initialise)(apr_pool_t *pool, apr_ldap_t **ldap,
189  apu_err_t *err);
190  apr_status_t (*option_get)(apr_pool_t *pool, apr_ldap_t *ldap, int option,
191  apr_ldap_opt_t *outvalue, apu_err_t *err);
192  apr_status_t (*option_set)(apr_pool_t *pool, apr_ldap_t *ldap, int option,
193  const apr_ldap_opt_t *invalue, apu_err_t *err);
194  apr_status_t (*connect)(apr_pool_t *pool, apr_ldap_t *ldap,
195  apr_interval_time_t timeout, apu_err_t *err);
196  apr_status_t (*prepare)(apr_pool_t *pool, apr_ldap_t *ldap,
197  apr_ldap_prepare_cb prepare_cb,
198  void *prepare_ctx);
199  apr_status_t (*process)(apr_pool_t *pool, apr_ldap_t *ldap,
200  apr_interval_time_t timeout, apu_err_t *err);
201  apr_status_t (*result)(apr_pool_t *pool, apr_ldap_t *ldap,
202  apr_interval_time_t timeout, apu_err_t *err);
203  apr_status_t (*poll)(apr_pool_t *pool, apr_ldap_t *ldap, apr_pollcb_t *poll,
204  apr_interval_time_t timeout, apu_err_t *err);
205  apr_status_t (*bind)(apr_pool_t *pool, apr_ldap_t *ldap,
206  const char *mech, apr_ldap_bind_interact_cb *interact_cb,
207  void *interact_ctx, apr_interval_time_t timeout,
208  apr_ldap_bind_cb bind_cb, void *bind_ctx,
209  apu_err_t *err);
210  apr_status_t (*compare)(apr_pool_t *pool, apr_ldap_t *ldap,
211  const char *dn, const char *attr,
212  const apr_buffer_t *bval,
213  apr_ldap_control_t **serverctrls,
214  apr_ldap_control_t **clientctrls,
215  apr_interval_time_t timeout,
216  apr_ldap_compare_cb compare_cb, void *ctx, apu_err_t *err);
217  apr_status_t (*search)(apr_pool_t *pool, apr_ldap_t *ldap, const char *dn,
218  apr_ldap_search_scope_e scope, const char *filter,
219  const char **attrs, apr_ldap_switch_e attrsonly,
220  apr_ldap_control_t **serverctrls,
221  apr_ldap_control_t **clientctrls,
222  apr_interval_time_t timeout, apr_ssize_t sizelimit,
223  apr_ldap_search_result_cb search_result_cb,
224  apr_ldap_search_entry_cb search_entry_cb,
225  void *search_ctx, apu_err_t *err);
226  apr_status_t (*unbind)(apr_ldap_t *ldap, apr_ldap_control_t **serverctrls,
227  apr_ldap_control_t **clientctrls, apu_err_t *err);
228 };
229 
230 #endif /* APR_HAVE_MODULAR_DSO */
231 
232 
233 #endif
234 
235 #ifdef __cplusplus
236 }
237 #endif
238 
239 #endif
240 
APR-UTIL LDAP routines.
APR skip list implementation.
apr_status_t(* apr_ldap_search_result_cb)(apr_ldap_t *ldap, apr_status_t status, apr_size_t count, const char *matcheddn, apr_ldap_control_t **serverctrls, void *ctx, apu_err_t *err)
Definition: apr_ldap.h:1349
#define APU_DECLARE_LDAP(type)
Definition: apr_ldap.h:246
apr_status_t(* apr_ldap_search_entry_cb)(apr_ldap_t *ldap, const char *dn, int eidx, int nattrs, int aidx, const char *attr, int nvals, int vidx, apr_buffer_t *val, int binary, void *ctx, apu_err_t *err)
Definition: apr_ldap.h:1367
apr_ldap_search_scope_e
Definition: apr_ldap.h:1314
apr_status_t() apr_ldap_bind_interact_cb(apr_ldap_t *ld, unsigned int flags, apr_ldap_bind_interact_t *interact, void *ctx)
Definition: apr_ldap.h:911
apr_status_t(* apr_ldap_compare_cb)(apr_ldap_t *ldap, apr_status_t status, const char *matcheddn, apr_ldap_control_t **serverctrls, void *ctx, apu_err_t *err)
Definition: apr_ldap.h:1242
struct apr_ldap_t apr_ldap_t
Definition: apr_ldap.h:303
apr_status_t(* apr_ldap_bind_cb)(apr_ldap_t *ldap, apr_status_t status, const char *matcheddn, apr_ldap_control_t **serverctrls, void *ctx, apu_err_t *err)
Definition: apr_ldap.h:1123
apr_status_t(* apr_ldap_prepare_cb)(apr_ldap_t *ldap, apr_status_t status, void *ctx, apu_err_t *err)
Definition: apr_ldap.h:984
struct apr_ldap_control_t apr_ldap_control_t
Definition: apr_ldap.h:943
apr_ldap_switch_e
Definition: apr_ldap.h:433
int apr_status_t
Definition: apr_errno.h:44
struct apr_socket_t apr_socket_t
Definition: apr_network_io.h:219
struct apr_pollcb_t apr_pollcb_t
Definition: apr_poll.h:318
struct apr_pool_t apr_pool_t
Definition: apr_pools.h:60
struct apr_skiplist apr_skiplist
Definition: apr_skiplist.h:56
apr_int64_t apr_interval_time_t
Definition: apr_time.h:55
Definition: apr_tables.h:62
Definition: apr_buffer.h:69
Definition: apu_errno.h:289
Definition: apr_ldap.h:708