Apache2
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
util_ldap.h
Go to the documentation of this file.
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
22 #ifndef UTIL_LDAP_H
23 #define UTIL_LDAP_H
24 
25 /* APR header files */
26 #include "apr.h"
27 #include "apr_thread_mutex.h"
28 #include "apr_thread_rwlock.h"
29 #include "apr_tables.h"
30 #include "apr_time.h"
31 #include "apr_version.h"
32 #if APR_MAJOR_VERSION < 2
33 /* The LDAP API is currently only present in APR 1.x */
34 #include "apr_ldap.h"
35 #include "apr_ldap_rebind.h"
36 #else
37 #define APR_HAS_LDAP 0
38 #endif
39 
40 #if APR_HAS_SHARED_MEMORY
41 #include "apr_rmm.h"
42 #include "apr_shm.h"
43 #endif
44 
45 /* this whole thing disappears if LDAP is not enabled */
46 #if APR_HAS_LDAP
47 
48 #if defined(LDAP_UNAVAILABLE) || APR_HAS_MICROSOFT_LDAPSDK
49 #define AP_LDAP_IS_SERVER_DOWN(s) ((s) == LDAP_SERVER_DOWN \
50  ||(s) == LDAP_UNAVAILABLE)
51 #else
52 #define AP_LDAP_IS_SERVER_DOWN(s) ((s) == LDAP_SERVER_DOWN)
53 #endif
54 
55 /* Apache header files */
56 #include "ap_config.h"
57 #include "httpd.h"
58 #include "http_config.h"
59 #include "http_core.h"
60 #include "http_log.h"
61 #include "http_protocol.h"
62 #include "http_request.h"
63 #include "apr_optional.h"
64 
65 /* Create a set of LDAP_DECLARE macros with appropriate export
66  * and import tags for the platform
67  */
68 #if !defined(WIN32)
69 #define LDAP_DECLARE(type) type
70 #define LDAP_DECLARE_NONSTD(type) type
71 #define LDAP_DECLARE_DATA
72 #elif defined(LDAP_DECLARE_STATIC)
73 #define LDAP_DECLARE(type) type __stdcall
74 #define LDAP_DECLARE_NONSTD(type) type
75 #define LDAP_DECLARE_DATA
76 #elif defined(LDAP_DECLARE_EXPORT)
77 #define LDAP_DECLARE(type) __declspec(dllexport) type __stdcall
78 #define LDAP_DECLARE_NONSTD(type) __declspec(dllexport) type
79 #define LDAP_DECLARE_DATA __declspec(dllexport)
80 #else
81 #define LDAP_DECLARE(type) __declspec(dllimport) type __stdcall
82 #define LDAP_DECLARE_NONSTD(type) __declspec(dllimport) type
83 #define LDAP_DECLARE_DATA __declspec(dllimport)
84 #endif
85 
86 #if APR_HAS_MICROSOFT_LDAPSDK
87 #define timeval l_timeval
88 #endif
89 
90 #ifdef __cplusplus
91 extern "C" {
92 #endif
93 
94 /*
95  * LDAP Connections
96  */
97 
98 /* Values that the deref member can have */
99 typedef enum {
100  never=LDAP_DEREF_NEVER,
101  searching=LDAP_DEREF_SEARCHING,
102  finding=LDAP_DEREF_FINDING,
103  always=LDAP_DEREF_ALWAYS
104 } deref_options;
105 
106 /* Structure representing an LDAP connection */
107 typedef struct util_ldap_connection_t {
108  LDAP *ldap;
109  apr_pool_t *pool; /* Pool from which this connection is created */
110 #if APR_HAS_THREADS
111  apr_thread_mutex_t *lock; /* Lock to indicate this connection is in use */
112 #endif
113 
114  const char *host; /* Name of the LDAP server (or space separated list) */
115  int port; /* Port of the LDAP server */
116  deref_options deref; /* how to handle alias dereferening */
117 
118  const char *binddn; /* DN to bind to server (can be NULL) */
119  const char *bindpw; /* Password to bind to server (can be NULL) */
120 
121  int bound; /* Flag to indicate whether this connection is bound yet */
122 
123  int secure; /* SSL/TLS mode of the connection */
124  apr_array_header_t *client_certs; /* Client certificates on this connection */
125 
126  const char *reason; /* Reason for an error failure */
127 
128  struct util_ldap_connection_t *next;
129  struct util_ldap_state_t *st; /* The LDAP vhost config this connection belongs to */
130  int keep; /* Will this connection be kept when it's unlocked */
131 
132  int ChaseReferrals; /* [on|off] (default = AP_LDAP_CHASEREFERRALS_ON)*/
133  int ReferralHopLimit; /* # of referral hops to follow (default = AP_LDAP_DEFAULT_HOPLIMIT) */
134  apr_time_t freed; /* the time this conn was placed back in the pool */
135  apr_pool_t *rebind_pool; /* frequently cleared pool for rebind data */
136  int must_rebind; /* The connection was last bound with other then binddn/bindpw */
137  request_rec *r; /* request_rec used to find this util_ldap_connection_t */
138  apr_time_t last_backend_conn; /* the approximate time of the last backend LDAP requst */
139 } util_ldap_connection_t;
140 
141 typedef struct util_ldap_config_t {
142  int ChaseReferrals;
143  int ReferralHopLimit;
144  apr_array_header_t *client_certs; /* Client certificates */
145 } util_ldap_config_t;
146 
147 /* LDAP cache state information */
148 typedef struct util_ldap_state_t {
149  apr_pool_t *pool; /* pool from which this state is allocated */
150 #if APR_HAS_THREADS
151  apr_thread_mutex_t *mutex; /* mutex lock for the connection list */
152 #endif
153  apr_global_mutex_t *util_ldap_cache_lock;
154 
155  apr_size_t cache_bytes; /* Size (in bytes) of shared memory cache */
156  char *cache_file; /* filename for shm */
157  long search_cache_ttl; /* TTL for search cache */
158  long search_cache_size; /* Size (in entries) of search cache */
159  long compare_cache_ttl; /* TTL for compare cache */
160  long compare_cache_size; /* Size (in entries) of compare cache */
161 
162  struct util_ldap_connection_t *connections;
163  apr_array_header_t *global_certs; /* Global CA certificates */
164  int ssl_supported;
165  int secure;
166  int secure_set;
167  int verify_svr_cert;
168 
169 #if APR_HAS_SHARED_MEMORY
170  apr_shm_t *cache_shm;
171  apr_rmm_t *cache_rmm;
172 #endif
173 
174  /* cache ald */
175  void *util_ldap_cache;
176 
177  long connectionTimeout;
178  struct timeval *opTimeout;
179 
180  int debug_level; /* SDK debug level */
181  apr_interval_time_t connection_pool_ttl;
182  int retries; /* number of retries for failed bind/search/compare */
183  apr_interval_time_t retry_delay; /* delay between retries of failed bind/search/compare */
184 } util_ldap_state_t;
185 
186 /* Used to store arrays of attribute labels/values. */
187 struct mod_auth_ldap_groupattr_entry_t {
188  char *name;
189 };
190 
203 APR_DECLARE_OPTIONAL_FN(int,uldap_connection_open,(request_rec *r,
204  util_ldap_connection_t *ldc));
205 
215 APR_DECLARE_OPTIONAL_FN(void,uldap_connection_close,(util_ldap_connection_t *ldc));
216 
226 APR_DECLARE_OPTIONAL_FN(apr_status_t,uldap_connection_unbind,(void *param));
227 
245 APR_DECLARE_OPTIONAL_FN(util_ldap_connection_t *,uldap_connection_find,(request_rec *r, const char *host, int port,
246  const char *binddn, const char *bindpw, deref_options deref,
247  int secure));
248 
267 APR_DECLARE_OPTIONAL_FN(int,uldap_cache_comparedn,(request_rec *r, util_ldap_connection_t *ldc,
268  const char *url, const char *dn, const char *reqdn,
269  int compare_dn_on_server));
270 
285 APR_DECLARE_OPTIONAL_FN(int,uldap_cache_compare,(request_rec *r, util_ldap_connection_t *ldc,
286  const char *url, const char *dn, const char *attrib, const char *value));
287 
313 APR_DECLARE_OPTIONAL_FN(int,uldap_cache_check_subgroups,(request_rec *r, util_ldap_connection_t *ldc,
314  const char *url, const char *dn, const char *attrib, const char *value,
315  char **subgroupAttrs, apr_array_header_t *subgroupclasses,
316  int cur_subgroup_depth, int max_subgroup_depth));
317 
337 APR_DECLARE_OPTIONAL_FN(int,uldap_cache_checkuserid,(request_rec *r, util_ldap_connection_t *ldc,
338  const char *url, const char *basedn, int scope, char **attrs,
339  const char *filter, const char *bindpw, const char **binddn, const char ***retvals));
340 
359 APR_DECLARE_OPTIONAL_FN(int,uldap_cache_getuserdn,(request_rec *r, util_ldap_connection_t *ldc,
360  const char *url, const char *basedn, int scope, char **attrs,
361  const char *filter, const char **binddn, const char ***retvals));
362 
367 APR_DECLARE_OPTIONAL_FN(int,uldap_ssl_supported,(request_rec *r));
368 
369 /* from apr_ldap_cache.c */
370 
382 apr_status_t util_ldap_cache_init(apr_pool_t *pool, util_ldap_state_t *st);
383 
384 /* from apr_ldap_cache_mgr.c */
385 
393 char *util_ald_cache_display(request_rec *r, util_ldap_state_t *st);
394 #ifdef __cplusplus
395 }
396 #endif
397 #endif /* APR_HAS_LDAP */
398 #endif /* UTIL_LDAP_H */
size_t apr_size_t
Definition: apr.h:375
Apache Configuration.
APR Reader/Writer Lock Routines.
Definition: apr_arch_thread_mutex.h:28
Definition: apr_tables.h:62
apr_bucket_brigade request_rec apr_pool_t * pool
Definition: mod_dav.h:552
Definition: apr_arch_shm.h:61
CORE HTTP Daemon.
struct apr_rmm_t apr_rmm_t
Definition: apr_rmm.h:40
APR Thread Mutex Routines.
apr_int64_t apr_interval_time_t
Definition: apr_time.h:55
APR-UTIL registration of functions exported by modules.
Symbol export macros and hook functions.
Definition: apr_arch_global_mutex.h:23
Apache Logging library.
APR Versioning Interface.
apr_int64_t apr_time_t
Definition: apr_time.h:45
HTTP Daemon routines.
APR-UTIL Relocatable Memory Management Routines.
APR Table library.
APR Shared Memory Routines.
proxy_worker proxy_server_conf char * url
Definition: mod_proxy.h:611
APR Platform Definitions.
HTTP protocol handling.
Apache Request library.
A structure that represents the current request.
Definition: httpd.h:806
const char * name
Definition: mod_dav.h:726
struct apr_pool_t apr_pool_t
Definition: apr_pools.h:60
int apr_status_t
Definition: apr_errno.h:44
request_rec * r
Definition: mod_dav.h:515
#define APR_DECLARE_OPTIONAL_FN(ret, name, args)
Definition: apr_optional.h:50
APR Time Library.