Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

3257 lines
96 KiB

  1. /*++
  2. Copyright (c) 1996-1999 Microsoft Corporation
  3. Module Name:
  4. winldap.h LDAP client 32 API header file
  5. Abstract:
  6. This module is the header file for the 32 bit LDAP client API for
  7. Windows NT and Windows 95. This API is based on RFC 1823 with some
  8. enhancements for LDAP v3.
  9. Notes about Unicode support :
  10. If you have UNICODE defined at compile time, you'll pull in the unicode
  11. versions of the calls. Note that your executable may then not work with
  12. other implementations of the LDAP API that don't support Unicode. If
  13. UNICODE is not defined, then we define the LDAP calls without the trailing
  14. 'A' (as in ldap_bind rather than ldap_bindA) so that your app may work
  15. with other implementations that don't support Unicode.
  16. The import library has all three forms of the call present... ldap_bindW,
  17. ldap_bindA, and ldap_bind. ldap_bindA simply calls ldap_bind. ldap_bind
  18. simply converts the arguments to unicode and calls ldap_bindW. The
  19. reason this is done is because we have to put UTF-8 on the wire, so if
  20. we converted from Unicode to single byte, we'd loose information. Since
  21. all core processing is done in Unicode, nothing is lost.
  22. Updates :
  23. 11/01/96 Modified for new API RFC draft.
  24. Environments :
  25. Win32 user mode
  26. --*/
  27. //
  28. // Only pull in this header file once... controlled by LDAP_CLIENT_DEFINED
  29. // variable.
  30. //
  31. #ifndef LDAP_CLIENT_DEFINED
  32. #define LDAP_CLIENT_DEFINED
  33. #if _MSC_VER > 1000
  34. #pragma once
  35. #endif
  36. #ifdef __cplusplus
  37. extern "C" {
  38. #endif
  39. #ifndef BASETYPES
  40. #include <windef.h>
  41. #endif
  42. #ifndef _SCHNLSP_H_
  43. #include <schnlsp.h>
  44. #endif
  45. #if !defined(_WINLDAP_)
  46. #define WINLDAPAPI DECLSPEC_IMPORT
  47. #else
  48. //#define WINLDAPAPI __declspec(dllexport)
  49. #define WINLDAPAPI
  50. #endif
  51. #ifndef LDAPAPI
  52. #define LDAPAPI __cdecl
  53. #endif
  54. //
  55. // The #define LDAP_UNICODE controls if we map the undecorated calls to
  56. // their unicode counterparts or just leave them defined as the normal
  57. // single byte entry points.
  58. //
  59. // If you want to write a UNICODE enabled application, you'd normally
  60. // just have UNICODE defined and then we'll default to using all LDAP
  61. // Unicode calls.
  62. //
  63. #ifndef LDAP_UNICODE
  64. #ifdef UNICODE
  65. #define LDAP_UNICODE 1
  66. #else
  67. #define LDAP_UNICODE 0
  68. #endif
  69. #endif
  70. //
  71. // Global constants
  72. //
  73. #define LDAP_PORT 389
  74. #define LDAP_SSL_PORT 636
  75. #define LDAP_GC_PORT 3268
  76. #define LDAP_SSL_GC_PORT 3269
  77. //
  78. // The default version of the API is 2. If required, the user MUST set the
  79. // version to 3 using the LDAP_OPT_VERSION option.
  80. //
  81. #define LDAP_VERSION1 1
  82. #define LDAP_VERSION2 2
  83. #define LDAP_VERSION3 3
  84. #define LDAP_VERSION LDAP_VERSION2
  85. //
  86. // All tags are CCFTTTTT.
  87. // CC Tag Class 00 = universal
  88. // 01 = application wide
  89. // 10 = context specific
  90. // 11 = private use
  91. //
  92. // F Form 0 primitive
  93. // 1 constructed
  94. //
  95. // TTTTT Tag Number
  96. //
  97. //
  98. // LDAP v2 & v3 commands.
  99. //
  100. #define LDAP_BIND_CMD 0x60L // application + constructed
  101. #define LDAP_UNBIND_CMD 0x42L // application + primitive
  102. #define LDAP_SEARCH_CMD 0x63L // application + constructed
  103. #define LDAP_MODIFY_CMD 0x66L // application + constructed
  104. #define LDAP_ADD_CMD 0x68L // application + constructed
  105. #define LDAP_DELETE_CMD 0x4aL // application + primitive
  106. #define LDAP_MODRDN_CMD 0x6cL // application + constructed
  107. #define LDAP_COMPARE_CMD 0x6eL // application + constructed
  108. #define LDAP_ABANDON_CMD 0x50L // application + primitive
  109. #define LDAP_SESSION_CMD 0x71L // not in base LDAP protocol
  110. #define LDAP_EXTENDED_CMD 0x77L // application + constructed
  111. //
  112. // Responses/Results for LDAP v2 & v3
  113. //
  114. #define LDAP_RES_BIND 0x61L // application + constructed
  115. #define LDAP_RES_SEARCH_ENTRY 0x64L // application + constructed
  116. #define LDAP_RES_SEARCH_RESULT 0x65L // application + constructed
  117. #define LDAP_RES_MODIFY 0x67L // application + constructed
  118. #define LDAP_RES_ADD 0x69L // application + constructed
  119. #define LDAP_RES_DELETE 0x6bL // application + constructed
  120. #define LDAP_RES_MODRDN 0x6dL // application + constructed
  121. #define LDAP_RES_COMPARE 0x6fL // application + constructed
  122. #define LDAP_RES_SESSION 0x72L // not in base LDAP protocol
  123. #define LDAP_RES_REFERRAL 0x73L // application + constructed
  124. #define LDAP_RES_EXTENDED 0x78L // application + constructed
  125. #define LDAP_RES_ANY (-1L)
  126. #define LDAP_INVALID_CMD 0xff
  127. #define LDAP_INVALID_RES 0xff
  128. //
  129. // We'll make the error codes compatible with reference implementation
  130. //
  131. typedef enum {
  132. LDAP_SUCCESS = 0x00,
  133. LDAP_OPERATIONS_ERROR = 0x01,
  134. LDAP_PROTOCOL_ERROR = 0x02,
  135. LDAP_TIMELIMIT_EXCEEDED = 0x03,
  136. LDAP_SIZELIMIT_EXCEEDED = 0x04,
  137. LDAP_COMPARE_FALSE = 0x05,
  138. LDAP_COMPARE_TRUE = 0x06,
  139. LDAP_AUTH_METHOD_NOT_SUPPORTED = 0x07,
  140. LDAP_STRONG_AUTH_REQUIRED = 0x08,
  141. LDAP_REFERRAL_V2 = 0x09,
  142. LDAP_PARTIAL_RESULTS = 0x09,
  143. LDAP_REFERRAL = 0x0a,
  144. LDAP_ADMIN_LIMIT_EXCEEDED = 0x0b,
  145. LDAP_UNAVAILABLE_CRIT_EXTENSION = 0x0c,
  146. LDAP_CONFIDENTIALITY_REQUIRED = 0x0d,
  147. LDAP_SASL_BIND_IN_PROGRESS = 0x0e,
  148. LDAP_NO_SUCH_ATTRIBUTE = 0x10,
  149. LDAP_UNDEFINED_TYPE = 0x11,
  150. LDAP_INAPPROPRIATE_MATCHING = 0x12,
  151. LDAP_CONSTRAINT_VIOLATION = 0x13,
  152. LDAP_ATTRIBUTE_OR_VALUE_EXISTS = 0x14,
  153. LDAP_INVALID_SYNTAX = 0x15,
  154. LDAP_NO_SUCH_OBJECT = 0x20,
  155. LDAP_ALIAS_PROBLEM = 0x21,
  156. LDAP_INVALID_DN_SYNTAX = 0x22,
  157. LDAP_IS_LEAF = 0x23,
  158. LDAP_ALIAS_DEREF_PROBLEM = 0x24,
  159. LDAP_INAPPROPRIATE_AUTH = 0x30,
  160. LDAP_INVALID_CREDENTIALS = 0x31,
  161. LDAP_INSUFFICIENT_RIGHTS = 0x32,
  162. LDAP_BUSY = 0x33,
  163. LDAP_UNAVAILABLE = 0x34,
  164. LDAP_UNWILLING_TO_PERFORM = 0x35,
  165. LDAP_LOOP_DETECT = 0x36,
  166. LDAP_SORT_CONTROL_MISSING = 0x3C,
  167. LDAP_OFFSET_RANGE_ERROR = 0x3D,
  168. LDAP_NAMING_VIOLATION = 0x40,
  169. LDAP_OBJECT_CLASS_VIOLATION = 0x41,
  170. LDAP_NOT_ALLOWED_ON_NONLEAF = 0x42,
  171. LDAP_NOT_ALLOWED_ON_RDN = 0x43,
  172. LDAP_ALREADY_EXISTS = 0x44,
  173. LDAP_NO_OBJECT_CLASS_MODS = 0x45,
  174. LDAP_RESULTS_TOO_LARGE = 0x46,
  175. LDAP_AFFECTS_MULTIPLE_DSAS = 0x47,
  176. LDAP_OTHER = 0x50,
  177. LDAP_SERVER_DOWN = 0x51,
  178. LDAP_LOCAL_ERROR = 0x52,
  179. LDAP_ENCODING_ERROR = 0x53,
  180. LDAP_DECODING_ERROR = 0x54,
  181. LDAP_TIMEOUT = 0x55,
  182. LDAP_AUTH_UNKNOWN = 0x56,
  183. LDAP_FILTER_ERROR = 0x57,
  184. LDAP_USER_CANCELLED = 0x58,
  185. LDAP_PARAM_ERROR = 0x59,
  186. LDAP_NO_MEMORY = 0x5a,
  187. LDAP_CONNECT_ERROR = 0x5b,
  188. LDAP_NOT_SUPPORTED = 0x5c,
  189. LDAP_NO_RESULTS_RETURNED = 0x5e,
  190. LDAP_CONTROL_NOT_FOUND = 0x5d,
  191. LDAP_MORE_RESULTS_TO_RETURN = 0x5f,
  192. LDAP_CLIENT_LOOP = 0x60,
  193. LDAP_REFERRAL_LIMIT_EXCEEDED = 0x61
  194. } LDAP_RETCODE;
  195. //
  196. // Bind methods. We support the following methods :
  197. //
  198. // Simple Clear text password... try not to use as it's not secure.
  199. //
  200. // MSN MSN (Microsoft Network) authentication. This package
  201. // may bring up UI to prompt the user for MSN credentials.
  202. //
  203. // DPA Normandy authentication... new MSN authentication. Same
  204. // usage as MSN.
  205. //
  206. // NTLM NT domain authentication. Use NULL credentials and
  207. // we'll try to use default logged in user credentials.
  208. //
  209. // Sicily Negotiate with the server for any of: MSN, DPA, NTLM
  210. // Should be used for LDAPv2 servers only.
  211. //
  212. // Negotiate Use GSSAPI Negotiate package to negotiate security
  213. // package of either Kerberos v5 or NTLM (or any other
  214. // package the client and server negotiate). Pass in
  215. // NULL credentials to specify default logged in user.
  216. // If Negotiate package is not installed on server or
  217. // client, this will fall back to Sicily negotiation.
  218. //
  219. // For all bind methods except for Simple, you may pass in a
  220. // SEC_WINNT_AUTH_IDENTITY_W (defined in rpcdce.h) or the newer
  221. // SEC_WINNT_AUTH_IDENTITY_EXW (defined in secext.h) to specify alternate
  222. // credentials.
  223. //
  224. // All bind methods other than simple are synchronous only calls.
  225. // Calling the asynchronous bind call for any of these messages will
  226. // return LDAP_PARAM_ERROR.
  227. //
  228. // Using any other method besides simple will cause WLDAP32 to pull in
  229. // the SSPI security DLLs (SECURITY.DLL etc).
  230. //
  231. // On non-Simple methods, if you specify NULL credentials, we'll attempt to use
  232. // the default logged in user.
  233. //
  234. #define LDAP_AUTH_SIMPLE 0x80L
  235. #define LDAP_AUTH_SASL 0x83L // don't use... should go away
  236. #define LDAP_AUTH_OTHERKIND 0x86L
  237. // The SICILY type covers package negotiation to MSN servers.
  238. // Each of the supported types can also be specified without
  239. // doing the package negotiation, assuming the caller knows
  240. // what the server supports.
  241. #define LDAP_AUTH_SICILY (LDAP_AUTH_OTHERKIND | 0x0200)
  242. #define LDAP_AUTH_MSN (LDAP_AUTH_OTHERKIND | 0x0800)
  243. #define LDAP_AUTH_NTLM (LDAP_AUTH_OTHERKIND | 0x1000)
  244. #define LDAP_AUTH_DPA (LDAP_AUTH_OTHERKIND | 0x2000)
  245. // This will cause the client to use the GSSAPI negotiation
  246. // package to determine the most appropriate authentication type.
  247. // This type should be used when talking to NT5.
  248. #define LDAP_AUTH_NEGOTIATE (LDAP_AUTH_OTHERKIND | 0x0400)
  249. // backward compatible #define for older constant name.
  250. #define LDAP_AUTH_SSPI LDAP_AUTH_NEGOTIATE
  251. //
  252. // uses the DIGEST-MD5 mechanism.
  253. //
  254. #define LDAP_AUTH_DIGEST (LDAP_AUTH_OTHERKIND | 0x4000)
  255. // The external auth mechanism is used upon setting up an SSL/TLS connection
  256. // to denote that the server must use the client cert credentials presented
  257. // at the outset of the SSL/TLS connection.
  258. #define LDAP_AUTH_EXTERNAL (LDAP_AUTH_OTHERKIND | 0x0020)
  259. //
  260. // Client applications typically don't have to encode/decode LDAP filters,
  261. // but if they do, we define the operators here.
  262. //
  263. // Filter types.
  264. #define LDAP_FILTER_AND 0xa0 // context specific + constructed - SET OF Filters.
  265. #define LDAP_FILTER_OR 0xa1 // context specific + constructed - SET OF Filters.
  266. #define LDAP_FILTER_NOT 0xa2 // context specific + constructed - Filter
  267. #define LDAP_FILTER_EQUALITY 0xa3 // context specific + constructed - AttributeValueAssertion.
  268. #define LDAP_FILTER_SUBSTRINGS 0xa4 // context specific + constructed - SubstringFilter
  269. #define LDAP_FILTER_GE 0xa5 // context specific + constructed - AttributeValueAssertion.
  270. #define LDAP_FILTER_LE 0xa6 // context specific + constructed - AttributeValueAssertion.
  271. #define LDAP_FILTER_PRESENT 0x87 // context specific + primitive - AttributeType.
  272. #define LDAP_FILTER_APPROX 0xa8 // context specific + constructed - AttributeValueAssertion.
  273. #define LDAP_FILTER_EXTENSIBLE 0xa9 // context specific + constructed - MatchingRuleAssertion.
  274. // Substring filter types
  275. #define LDAP_SUBSTRING_INITIAL 0x80L // class context specific
  276. #define LDAP_SUBSTRING_ANY 0x81L // class context specific
  277. #define LDAP_SUBSTRING_FINAL 0x82L // class context specific
  278. //
  279. // Possible values for ld_deref field.
  280. // "Never" - never deref aliases. return only the alias.
  281. // "Searching" - only deref aliases when searching, not when locating
  282. // the base object of a search.
  283. // "Finding" - dereference the alias when locating the base object but
  284. // not during a search.
  285. // "Always" - always dereference aliases.
  286. //
  287. #define LDAP_DEREF_NEVER 0
  288. #define LDAP_DEREF_SEARCHING 1
  289. #define LDAP_DEREF_FINDING 2
  290. #define LDAP_DEREF_ALWAYS 3
  291. // Special values for ld_sizelimit :
  292. #define LDAP_NO_LIMIT 0
  293. // Flags for ld_options field :
  294. #define LDAP_OPT_DNS 0x00000001 // utilize DN & DNS
  295. #define LDAP_OPT_CHASE_REFERRALS 0x00000002 // chase referrals
  296. #define LDAP_OPT_RETURN_REFS 0x00000004 // return referrals to calling app
  297. //
  298. // LDAP structure per connection
  299. //
  300. #if !defined(_WIN64)
  301. #pragma pack(push, 4)
  302. #endif
  303. typedef struct ldap {
  304. struct {
  305. UINT_PTR sb_sd;
  306. UCHAR Reserved1[(10*sizeof(ULONG))+1];
  307. ULONG_PTR sb_naddr; // notzero implies CLDAP available
  308. UCHAR Reserved2[(6*sizeof(ULONG))];
  309. } ld_sb;
  310. //
  311. // Following parameters MAY match up to reference implementation of LDAP
  312. //
  313. PCHAR ld_host;
  314. ULONG ld_version;
  315. UCHAR ld_lberoptions;
  316. //
  317. // Safe to assume that these parameters are in same location as
  318. // reference implementation of LDAP API.
  319. //
  320. ULONG ld_deref;
  321. ULONG ld_timelimit;
  322. ULONG ld_sizelimit;
  323. ULONG ld_errno;
  324. PCHAR ld_matched;
  325. PCHAR ld_error;
  326. ULONG ld_msgid;
  327. UCHAR Reserved3[(6*sizeof(ULONG))+1];
  328. //
  329. // Following parameters may match up to reference implementation of LDAP API.
  330. //
  331. ULONG ld_cldaptries;
  332. ULONG ld_cldaptimeout;
  333. ULONG ld_refhoplimit;
  334. ULONG ld_options;
  335. } LDAP, * PLDAP;
  336. //
  337. // Our timeval structure is a bit different from the reference implementation
  338. // since Win32 defines a _timeval structure that is different from the LDAP
  339. // one.
  340. //
  341. typedef struct l_timeval {
  342. LONG tv_sec;
  343. LONG tv_usec;
  344. } LDAP_TIMEVAL, * PLDAP_TIMEVAL;
  345. //
  346. // The berval structure is used to pass in any arbitrary octet string. It
  347. // is useful for attributes that cannot be represented using a null
  348. // terminated string.
  349. //
  350. typedef struct berval {
  351. ULONG bv_len;
  352. PCHAR bv_val;
  353. } LDAP_BERVAL, * PLDAP_BERVAL, BERVAL, * PBERVAL, BerValue;
  354. //
  355. // The following structure has to be compatible with reference implementation.
  356. //
  357. typedef struct ldapmsg {
  358. ULONG lm_msgid; // message number for given connection
  359. ULONG lm_msgtype; // message type of the form LDAP_RES_xxx
  360. PVOID lm_ber; // ber form of message
  361. struct ldapmsg *lm_chain; // pointer to next result value
  362. struct ldapmsg *lm_next; // pointer to next message
  363. ULONG lm_time;
  364. //
  365. // new fields below not in reference implementation
  366. //
  367. PLDAP Connection; // connection from which we received response
  368. PVOID Request; // owning request (opaque structure)
  369. ULONG lm_returncode; // server's return code
  370. USHORT lm_referral; // index of referral within ref table
  371. BOOLEAN lm_chased; // has referral been chased already?
  372. BOOLEAN lm_eom; // is this the last entry for this message?
  373. BOOLEAN ConnectionReferenced; // is the Connection still valid?
  374. } LDAPMessage, *PLDAPMessage;
  375. //
  376. // Controls... there are three types :
  377. //
  378. // 1) those passed to the server
  379. // 2) those passed to the client and handled by the client API
  380. // 3) those returned by the server
  381. //
  382. typedef struct ldapcontrolA {
  383. PCHAR ldctl_oid;
  384. struct berval ldctl_value;
  385. BOOLEAN ldctl_iscritical;
  386. } LDAPControlA, *PLDAPControlA;
  387. typedef struct ldapcontrolW {
  388. PWCHAR ldctl_oid;
  389. struct berval ldctl_value;
  390. BOOLEAN ldctl_iscritical;
  391. } LDAPControlW, *PLDAPControlW;
  392. #if LDAP_UNICODE
  393. #define LDAPControl LDAPControlW
  394. #define PLDAPControl PLDAPControlW
  395. #else
  396. #define LDAPControl LDAPControlA
  397. #define PLDAPControl PLDAPControlA
  398. #endif
  399. //
  400. // Client controls section : these are the client controls that wldap32.dll
  401. // supports.
  402. //
  403. // If you specify LDAP_CONTROL_REFERRALS in a control, the value field should
  404. // point to a ULONG of the following flags :
  405. //
  406. // LDAP_CHASE_SUBORDINATE_REFERRALS
  407. // LDAP_CHASE_EXTERNAL_REFERRALS
  408. //
  409. #define LDAP_CONTROL_REFERRALS_W L"1.2.840.113556.1.4.616"
  410. #define LDAP_CONTROL_REFERRALS "1.2.840.113556.1.4.616"
  411. //
  412. // Values required for Modification command These are options for the
  413. // mod_op field of LDAPMod structure
  414. //
  415. #define LDAP_MOD_ADD 0x00
  416. #define LDAP_MOD_DELETE 0x01
  417. #define LDAP_MOD_REPLACE 0x02
  418. #define LDAP_MOD_BVALUES 0x80 // AND in this flag if berval structure used
  419. typedef struct ldapmodW {
  420. ULONG mod_op;
  421. PWCHAR mod_type;
  422. union {
  423. PWCHAR *modv_strvals;
  424. struct berval **modv_bvals;
  425. } mod_vals;
  426. } LDAPModW, *PLDAPModW;
  427. typedef struct ldapmodA {
  428. ULONG mod_op;
  429. PCHAR mod_type;
  430. union {
  431. PCHAR *modv_strvals;
  432. struct berval **modv_bvals;
  433. } mod_vals;
  434. } LDAPModA, *PLDAPModA;
  435. #if LDAP_UNICODE
  436. #define LDAPMod LDAPModW
  437. #define PLDAPMod PLDAPModW
  438. #else
  439. #define LDAPMod LDAPModA
  440. #define PLDAPMod PLDAPModA
  441. #endif
  442. #if !defined(_WIN64)
  443. #pragma pack(pop)
  444. #endif
  445. //
  446. // macros compatible with reference implementation...
  447. //
  448. #define LDAP_IS_CLDAP( ld ) ( (ld)->ld_sb.sb_naddr > 0 )
  449. #define mod_values mod_vals.modv_strvals
  450. #define mod_bvalues mod_vals.modv_bvals
  451. #define NAME_ERROR(n) ((n & 0xf0) == 0x20)
  452. //
  453. // function definitions for LDAP API
  454. //
  455. //
  456. // Create a connection block to an LDAP server. HostName can be NULL, in
  457. // which case we'll try to go off and find the "default" LDAP server.
  458. //
  459. // Note that if we have to go off and find the default server, we'll pull
  460. // in NETAPI32.DLL and ADVAPI32.DLL.
  461. //
  462. // If it returns NULL, an error occurred. Pick up error code with
  463. // GetLastError().
  464. //
  465. // ldap_open actually opens the connection at the time of the call,
  466. // whereas ldap_init only opens the connection when an operation is performed
  467. // that requires it.
  468. //
  469. // multi-thread: ldap_open*, ldap_init*, and ldap_sslinit* calls are safe.
  470. //
  471. WINLDAPAPI LDAP * LDAPAPI ldap_openW( const PWCHAR HostName, ULONG PortNumber );
  472. WINLDAPAPI LDAP * LDAPAPI ldap_openA( const PCHAR HostName, ULONG PortNumber );
  473. WINLDAPAPI LDAP * LDAPAPI ldap_initW( const PWCHAR HostName, ULONG PortNumber );
  474. WINLDAPAPI LDAP * LDAPAPI ldap_initA( const PCHAR HostName, ULONG PortNumber );
  475. WINLDAPAPI LDAP * LDAPAPI ldap_sslinitW( PWCHAR HostName, ULONG PortNumber, int secure );
  476. WINLDAPAPI LDAP * LDAPAPI ldap_sslinitA( PCHAR HostName, ULONG PortNumber, int secure );
  477. //
  478. // when calling ldap_init, you can call ldap_connect explicitly to have the
  479. // library contact the server. This is useful for checking for server
  480. // availability. This call is not required however, since the other functions
  481. // will call it internally if it hasn't already been called.
  482. //
  483. WINLDAPAPI ULONG LDAPAPI ldap_connect( LDAP *ld,
  484. struct l_timeval *timeout
  485. );
  486. #if LDAP_UNICODE
  487. #define ldap_open ldap_openW
  488. #define ldap_init ldap_initW
  489. #define ldap_sslinit ldap_sslinitW
  490. #else
  491. WINLDAPAPI LDAP * LDAPAPI ldap_open( PCHAR HostName, ULONG PortNumber );
  492. WINLDAPAPI LDAP * LDAPAPI ldap_init( PCHAR HostName, ULONG PortNumber );
  493. WINLDAPAPI LDAP * LDAPAPI ldap_sslinit( PCHAR HostName, ULONG PortNumber, int secure );
  494. #endif
  495. //
  496. // This is similar to ldap_open except it creates a connection block for
  497. // UDP based Connectionless LDAP services. No TCP session is maintained.
  498. //
  499. // If it returns NULL, an error occurred. Pick up error code with
  500. // GetLastError().
  501. //
  502. // multi-thread: cldap_open* calls are safe.
  503. //
  504. WINLDAPAPI LDAP * LDAPAPI cldap_openW( PWCHAR HostName, ULONG PortNumber );
  505. WINLDAPAPI LDAP * LDAPAPI cldap_openA( PCHAR HostName, ULONG PortNumber );
  506. #if LDAP_UNICODE
  507. #define cldap_open cldap_openW
  508. #else
  509. WINLDAPAPI LDAP * LDAPAPI cldap_open( PCHAR HostName, ULONG PortNumber );
  510. #endif
  511. //
  512. // Call unbind when you're done with the connection, it will free all
  513. // resources associated with the connection.
  514. //
  515. // There is no ldap_close... use ldap_unbind even if you haven't called
  516. // ldap_bind on the connection.
  517. //
  518. // multi-thread: ldap_unbind* calls are safe EXCEPT don't use the LDAP *
  519. // stucture after it's been freed.
  520. //
  521. WINLDAPAPI ULONG LDAPAPI ldap_unbind( LDAP *ld );
  522. WINLDAPAPI ULONG LDAPAPI ldap_unbind_s( LDAP *ld ); // calls ldap_unbind
  523. //
  524. // Calls to get and set options on connection blocks... use them rather
  525. // than modifying the LDAP block directly.
  526. //
  527. //
  528. // multi-thread: ldap_get_option is safe
  529. // multi-thread: ldap_set_option is not safe in that it affects the
  530. // connection as a whole. beware if threads share connections.
  531. WINLDAPAPI ULONG LDAPAPI ldap_get_option( LDAP *ld, int option, void *outvalue );
  532. WINLDAPAPI ULONG LDAPAPI ldap_get_optionW( LDAP *ld, int option, void *outvalue );
  533. WINLDAPAPI ULONG LDAPAPI ldap_set_option( LDAP *ld, int option, const void *invalue );
  534. WINLDAPAPI ULONG LDAPAPI ldap_set_optionW( LDAP *ld, int option, const void *invalue );
  535. #if LDAP_UNICODE
  536. #define ldap_get_option ldap_get_optionW
  537. #define ldap_set_option ldap_set_optionW
  538. #endif
  539. //
  540. // These are the values to pass to ldap_get/set_option :
  541. //
  542. #define LDAP_OPT_API_INFO 0x00
  543. #define LDAP_OPT_DESC 0x01
  544. #define LDAP_OPT_DEREF 0x02
  545. #define LDAP_OPT_SIZELIMIT 0x03
  546. #define LDAP_OPT_TIMELIMIT 0x04
  547. #define LDAP_OPT_THREAD_FN_PTRS 0x05
  548. #define LDAP_OPT_REBIND_FN 0x06
  549. #define LDAP_OPT_REBIND_ARG 0x07
  550. #define LDAP_OPT_REFERRALS 0x08
  551. #define LDAP_OPT_RESTART 0x09
  552. #define LDAP_OPT_SSL 0x0a
  553. #define LDAP_OPT_IO_FN_PTRS 0x0b
  554. #define LDAP_OPT_CACHE_FN_PTRS 0x0d
  555. #define LDAP_OPT_CACHE_STRATEGY 0x0e
  556. #define LDAP_OPT_CACHE_ENABLE 0x0f
  557. #define LDAP_OPT_REFERRAL_HOP_LIMIT 0x10
  558. #define LDAP_OPT_PROTOCOL_VERSION 0x11 // known by two names.
  559. #define LDAP_OPT_VERSION 0x11
  560. #define LDAP_OPT_API_FEATURE_INFO 0x15
  561. //
  562. // These are new ones that we've defined, not in current RFC draft.
  563. //
  564. #define LDAP_OPT_HOST_NAME 0x30
  565. #define LDAP_OPT_ERROR_NUMBER 0x31
  566. #define LDAP_OPT_ERROR_STRING 0x32
  567. #define LDAP_OPT_SERVER_ERROR 0x33
  568. #define LDAP_OPT_SERVER_EXT_ERROR 0x34
  569. #define LDAP_OPT_HOST_REACHABLE 0x3E
  570. //
  571. // These options control the keep-alive logic. Keep alives are sent as
  572. // ICMP ping messages (which currently don't go through firewalls).
  573. //
  574. // There are three values that control how this works :
  575. // PING_KEEP_ALIVE : min number of seconds since we last received a response
  576. // from the server before we send a keep-alive ping
  577. // PING_WAIT_TIME : number of milliseconds we wait for the response to
  578. // come back when we send a ping
  579. // PING_LIMIT : number of unanswered pings we send before we close the
  580. // connection.
  581. //
  582. // To disable the keep-alive logic, set any of the values (PING_KEEP_ALIVE,
  583. // PING_LIMIT, or PING_WAIT_TIME) to zero.
  584. //
  585. // The current default/min/max for these values are as follows :
  586. //
  587. // PING_KEEP_ALIVE : 120/5/maxInt seconds (may also be zero)
  588. // PING_WAIT_TIME : 2000/10/60000 milliseconds (may also be zero)
  589. // PING_LIMIT : 4/0/maxInt
  590. //
  591. #define LDAP_OPT_PING_KEEP_ALIVE 0x36
  592. #define LDAP_OPT_PING_WAIT_TIME 0x37
  593. #define LDAP_OPT_PING_LIMIT 0x38
  594. //
  595. // These won't be in the RFC. Only use these if you're going to be dependent
  596. // on our implementation.
  597. //
  598. #define LDAP_OPT_DNSDOMAIN_NAME 0x3B // return DNS name of domain
  599. #define LDAP_OPT_GETDSNAME_FLAGS 0x3D // flags for DsGetDcName
  600. #define LDAP_OPT_PROMPT_CREDENTIALS 0x3F // prompt for creds? currently
  601. // only for DPA & NTLM if no creds
  602. // are loaded
  603. #define LDAP_OPT_AUTO_RECONNECT 0x91 // enable/disable autoreconnect
  604. #define LDAP_OPT_SSPI_FLAGS 0x92 // flags to pass to InitSecurityContext
  605. //
  606. // To retrieve information on an secure connection, a pointer to a
  607. // SecPkgContext_connectionInfo structure (defined in schannel.h) must be
  608. // passed in. On success, it is filled with relevent security information.
  609. //
  610. #define LDAP_OPT_SSL_INFO 0x93
  611. // backward compatible #define for older constant name.
  612. #define LDAP_OPT_TLS LDAP_OPT_SSL
  613. #define LDAP_OPT_TLS_INFO LDAP_OPT_SSL_INFO
  614. //
  615. // Turing on either the sign or the encrypt option prior to binding using
  616. // LDAP_AUTH_NEGOTIATE will result in the ensuing LDAP session to be signed
  617. // or encrypted using Kerberos. Note that these options can't be used with SSL.
  618. //
  619. #define LDAP_OPT_SIGN 0x95
  620. #define LDAP_OPT_ENCRYPT 0x96
  621. //
  622. // The user can set a preferred SASL method prior to binding using LDAP_AUTH_NEGOTIATE
  623. // We will try to use this mechanism while binding. One example is "GSSAPI".
  624. //
  625. #define LDAP_OPT_SASL_METHOD 0x97
  626. //
  627. // Setting this option to LDAP_OPT_ON will instruct the library to only perform an
  628. // A-Record DNS lookup on the supplied host string. This option is OFF by default.
  629. //
  630. #define LDAP_OPT_AREC_EXCLUSIVE 0x98
  631. //
  632. // Retrieve the security context associated with the connection.
  633. //
  634. #define LDAP_OPT_SECURITY_CONTEXT 0x99
  635. //
  636. // Enable/Disable the built-in RootDSE cache. This option is ON by default.
  637. //
  638. #define LDAP_OPT_ROOTDSE_CACHE 0x9a
  639. //
  640. // Turns on TCP keep-alives. This is separate from the ICMP ping keep-alive
  641. // mechanism (discussed above), and enables the keep-alive mechanism built into
  642. // the TCP protocol. This has no effect when using connectionless (UDP) LDAP.
  643. // This option is OFF by default.
  644. //
  645. #define LDAP_OPT_TCP_KEEPALIVE 0x40
  646. //
  647. // End of Microsoft only options
  648. //
  649. #define LDAP_OPT_ON ((void *) 1)
  650. #define LDAP_OPT_OFF ((void *) 0)
  651. //
  652. // For chasing referrals, we extend this a bit for LDAP_OPT_REFERRALS. If
  653. // the value is not LDAP_OPT_ON or LDAP_OPT_OFF, we'll treat them as the
  654. // following :
  655. //
  656. // LDAP_CHASE_SUBORDINATE_REFERRALS : chase subordinate referrals (or
  657. // references) returned in a v3 search
  658. // LDAP_CHASE_EXTERNAL_REFERRALS : chase external referrals. These are
  659. // returned possibly on any operation except bind.
  660. //
  661. // If you OR these flags together, it's equivalent to setting referrals to
  662. // LDAP_OPT_ON.
  663. //
  664. #define LDAP_CHASE_SUBORDINATE_REFERRALS 0x00000020
  665. #define LDAP_CHASE_EXTERNAL_REFERRALS 0x00000040
  666. //
  667. // Bind is required as the first operation to v2 servers, not so for v3
  668. // servers. See above description of authentication methods.
  669. //
  670. // multi-thread: bind calls are not safe in that it affects the
  671. // connection as a whole. beware if threads share connections
  672. // and try to mulithread binds with other operations.
  673. WINLDAPAPI ULONG LDAPAPI ldap_simple_bindW( LDAP *ld, PWCHAR dn, PWCHAR passwd );
  674. WINLDAPAPI ULONG LDAPAPI ldap_simple_bindA( LDAP *ld, PCHAR dn, PCHAR passwd );
  675. WINLDAPAPI ULONG LDAPAPI ldap_simple_bind_sW( LDAP *ld, PWCHAR dn, PWCHAR passwd );
  676. WINLDAPAPI ULONG LDAPAPI ldap_simple_bind_sA( LDAP *ld, PCHAR dn, PCHAR passwd );
  677. WINLDAPAPI ULONG LDAPAPI ldap_bindW( LDAP *ld, PWCHAR dn, PWCHAR cred, ULONG method );
  678. WINLDAPAPI ULONG LDAPAPI ldap_bindA( LDAP *ld, PCHAR dn, PCHAR cred, ULONG method );
  679. WINLDAPAPI ULONG LDAPAPI ldap_bind_sW( LDAP *ld, PWCHAR dn, PWCHAR cred, ULONG method );
  680. WINLDAPAPI ULONG LDAPAPI ldap_bind_sA( LDAP *ld, PCHAR dn, PCHAR cred, ULONG method );
  681. //
  682. // The following functions can be used to pass in any arbitrary credentials
  683. // to the server. The application must be ready to interpret the response
  684. // sent back from the server.
  685. //
  686. WINLDAPAPI INT LDAPAPI ldap_sasl_bindA(
  687. LDAP *ExternalHandle,
  688. const PCHAR DistName,
  689. const PCHAR AuthMechanism,
  690. const BERVAL *cred,
  691. PLDAPControlA *ServerCtrls,
  692. PLDAPControlA *ClientCtrls,
  693. int *MessageNumber
  694. );
  695. WINLDAPAPI INT LDAPAPI ldap_sasl_bindW(
  696. LDAP *ExternalHandle,
  697. const PWCHAR DistName,
  698. const PWCHAR AuthMechanism,
  699. const BERVAL *cred,
  700. PLDAPControlW *ServerCtrls,
  701. PLDAPControlW *ClientCtrls,
  702. int *MessageNumber
  703. );
  704. WINLDAPAPI INT LDAPAPI ldap_sasl_bind_sA(
  705. LDAP *ExternalHandle,
  706. const PCHAR DistName,
  707. const PCHAR AuthMechanism,
  708. const BERVAL *cred,
  709. PLDAPControlA *ServerCtrls,
  710. PLDAPControlA *ClientCtrls,
  711. PBERVAL *ServerData
  712. );
  713. WINLDAPAPI INT LDAPAPI ldap_sasl_bind_sW(
  714. LDAP *ExternalHandle,
  715. const PWCHAR DistName,
  716. const PWCHAR AuthMechanism,
  717. const BERVAL *cred,
  718. PLDAPControlW *ServerCtrls,
  719. PLDAPControlW *ClientCtrls,
  720. PBERVAL *ServerData
  721. );
  722. #if LDAP_UNICODE
  723. #define ldap_simple_bind ldap_simple_bindW
  724. #define ldap_simple_bind_s ldap_simple_bind_sW
  725. #define ldap_bind ldap_bindW
  726. #define ldap_bind_s ldap_bind_sW
  727. #define ldap_sasl_bind ldap_sasl_bindW
  728. #define ldap_sasl_bind_s ldap_sasl_bind_sW
  729. #else
  730. WINLDAPAPI ULONG LDAPAPI ldap_simple_bind( LDAP *ld, const PCHAR dn, const PCHAR passwd );
  731. WINLDAPAPI ULONG LDAPAPI ldap_simple_bind_s( LDAP *ld, const PCHAR dn, const PCHAR passwd );
  732. WINLDAPAPI ULONG LDAPAPI ldap_bind( LDAP *ld, const PCHAR dn, const PCHAR cred, ULONG method );
  733. WINLDAPAPI ULONG LDAPAPI ldap_bind_s( LDAP *ld, const PCHAR dn, const PCHAR cred, ULONG method );
  734. #define ldap_sasl_bind ldap_sasl_bindA
  735. #define ldap_sasl_bind_s ldap_sasl_bind_sA
  736. #endif
  737. //
  738. // Synchronous and asynch search routines.
  739. //
  740. // filter follows RFC 1960 with the addition that '(' ')' '*' ' ' '\' and
  741. // '\0' are all escaped with '\'
  742. //
  743. // Scope of search. This corresponds to the "scope" parameter on search
  744. #define LDAP_SCOPE_BASE 0x00
  745. #define LDAP_SCOPE_ONELEVEL 0x01
  746. #define LDAP_SCOPE_SUBTREE 0x02
  747. //
  748. // multi-thread: ldap_search calls are not safe in that the message number
  749. // is returned rather than the return code. You have to look
  750. // at the connection block in an error case and the return code
  751. // may be overwritten by another thread inbetween.
  752. //
  753. // Use ldap_search_ext instead, as these are thread safe.
  754. //
  755. // ldap_search_s and ldap_search_ext* calls are thread safe.
  756. //
  757. WINLDAPAPI ULONG LDAPAPI ldap_searchW(
  758. LDAP *ld,
  759. const PWCHAR base, // distinguished name or ""
  760. ULONG scope, // LDAP_SCOPE_xxxx
  761. const PWCHAR filter,
  762. PWCHAR attrs[], // pointer to an array of PCHAR attribute names
  763. ULONG attrsonly // boolean on whether to only return attr names
  764. );
  765. WINLDAPAPI ULONG LDAPAPI ldap_searchA(
  766. LDAP *ld,
  767. const PCHAR base, // distinguished name or ""
  768. ULONG scope, // LDAP_SCOPE_xxxx
  769. const PCHAR filter,
  770. PCHAR attrs[], // pointer to an array of PCHAR attribute names
  771. ULONG attrsonly // boolean on whether to only return attr names
  772. );
  773. WINLDAPAPI ULONG LDAPAPI ldap_search_sW(
  774. LDAP *ld,
  775. const PWCHAR base,
  776. ULONG scope,
  777. const PWCHAR filter,
  778. PWCHAR attrs[],
  779. ULONG attrsonly,
  780. LDAPMessage **res
  781. );
  782. WINLDAPAPI ULONG LDAPAPI ldap_search_sA(
  783. LDAP *ld,
  784. const PCHAR base,
  785. ULONG scope,
  786. const PCHAR filter,
  787. PCHAR attrs[],
  788. ULONG attrsonly,
  789. LDAPMessage **res
  790. );
  791. WINLDAPAPI ULONG LDAPAPI ldap_search_stW(
  792. LDAP *ld,
  793. const PWCHAR base,
  794. ULONG scope,
  795. const PWCHAR filter,
  796. PWCHAR attrs[],
  797. ULONG attrsonly,
  798. struct l_timeval *timeout,
  799. LDAPMessage **res
  800. );
  801. WINLDAPAPI ULONG LDAPAPI ldap_search_stA(
  802. LDAP *ld,
  803. const PCHAR base,
  804. ULONG scope,
  805. const PCHAR filter,
  806. PCHAR attrs[],
  807. ULONG attrsonly,
  808. struct l_timeval *timeout,
  809. LDAPMessage **res
  810. );
  811. WINLDAPAPI ULONG LDAPAPI ldap_search_extW(
  812. LDAP *ld,
  813. const PWCHAR base,
  814. ULONG scope,
  815. const PWCHAR filter,
  816. PWCHAR attrs[],
  817. ULONG attrsonly,
  818. PLDAPControlW *ServerControls,
  819. PLDAPControlW *ClientControls,
  820. ULONG TimeLimit,
  821. ULONG SizeLimit,
  822. ULONG *MessageNumber
  823. );
  824. WINLDAPAPI ULONG LDAPAPI ldap_search_extA(
  825. LDAP *ld,
  826. const PCHAR base,
  827. ULONG scope,
  828. const PCHAR filter,
  829. PCHAR attrs[],
  830. ULONG attrsonly,
  831. PLDAPControlA *ServerControls,
  832. PLDAPControlA *ClientControls,
  833. ULONG TimeLimit,
  834. ULONG SizeLimit,
  835. ULONG *MessageNumber
  836. );
  837. WINLDAPAPI ULONG LDAPAPI ldap_search_ext_sW(
  838. LDAP *ld,
  839. const PWCHAR base,
  840. ULONG scope,
  841. const PWCHAR filter,
  842. PWCHAR attrs[],
  843. ULONG attrsonly,
  844. PLDAPControlW *ServerControls,
  845. PLDAPControlW *ClientControls,
  846. struct l_timeval *timeout,
  847. ULONG SizeLimit,
  848. LDAPMessage **res
  849. );
  850. WINLDAPAPI ULONG LDAPAPI ldap_search_ext_sA(
  851. LDAP *ld,
  852. const PCHAR base,
  853. ULONG scope,
  854. const PCHAR filter,
  855. PCHAR attrs[],
  856. ULONG attrsonly,
  857. PLDAPControlA *ServerControls,
  858. PLDAPControlA *ClientControls,
  859. struct l_timeval *timeout,
  860. ULONG SizeLimit,
  861. LDAPMessage **res
  862. );
  863. #if LDAP_UNICODE
  864. #define ldap_search ldap_searchW
  865. #define ldap_search_s ldap_search_sW
  866. #define ldap_search_st ldap_search_stW
  867. #define ldap_search_ext ldap_search_extW
  868. #define ldap_search_ext_s ldap_search_ext_sW
  869. #else
  870. WINLDAPAPI ULONG LDAPAPI ldap_search(
  871. LDAP *ld,
  872. PCHAR base, // distinguished name or ""
  873. ULONG scope, // LDAP_SCOPE_xxxx
  874. PCHAR filter,
  875. PCHAR attrs[], // pointer to an array of PCHAR attribute names
  876. ULONG attrsonly // boolean on whether to only return attr names
  877. );
  878. WINLDAPAPI ULONG LDAPAPI ldap_search_s(
  879. LDAP *ld,
  880. PCHAR base,
  881. ULONG scope,
  882. PCHAR filter,
  883. PCHAR attrs[],
  884. ULONG attrsonly,
  885. LDAPMessage **res
  886. );
  887. WINLDAPAPI ULONG LDAPAPI ldap_search_st(
  888. LDAP *ld,
  889. PCHAR base,
  890. ULONG scope,
  891. PCHAR filter,
  892. PCHAR attrs[],
  893. ULONG attrsonly,
  894. struct l_timeval *timeout,
  895. LDAPMessage **res
  896. );
  897. WINLDAPAPI ULONG LDAPAPI ldap_search_ext(
  898. LDAP *ld,
  899. PCHAR base,
  900. ULONG scope,
  901. PCHAR filter,
  902. PCHAR attrs[],
  903. ULONG attrsonly,
  904. PLDAPControlA *ServerControls,
  905. PLDAPControlA *ClientControls,
  906. ULONG TimeLimit,
  907. ULONG SizeLimit,
  908. ULONG *MessageNumber
  909. );
  910. WINLDAPAPI ULONG LDAPAPI ldap_search_ext_s(
  911. LDAP *ld,
  912. PCHAR base,
  913. ULONG scope,
  914. PCHAR filter,
  915. PCHAR attrs[],
  916. ULONG attrsonly,
  917. PLDAPControlA *ServerControls,
  918. PLDAPControlA *ClientControls,
  919. struct l_timeval *timeout,
  920. ULONG SizeLimit,
  921. LDAPMessage **res
  922. );
  923. #endif
  924. //
  925. // Extended API to check filter syntax. Returns LDAP error code if syntax
  926. // is invalid or LDAP_SUCCESS if it's ok.
  927. //
  928. WINLDAPAPI ULONG LDAPAPI
  929. ldap_check_filterW(
  930. LDAP *ld,
  931. PWCHAR SearchFilter
  932. );
  933. WINLDAPAPI ULONG LDAPAPI
  934. ldap_check_filterA(
  935. LDAP *ld,
  936. PCHAR SearchFilter
  937. );
  938. #if LDAP_UNICODE
  939. #define ldap_check_filter ldap_check_filterW
  940. #else
  941. #define ldap_check_filter ldap_check_filterA
  942. #endif
  943. //
  944. // modify an existing entry
  945. //
  946. //
  947. // multi-thread: ldap_modify calls are not safe in that the message number
  948. // is returned rather than the return code. You have to look
  949. // at the connection block in an error case and the return code
  950. // may be overwritten by another thread inbetween.
  951. //
  952. // Use ldap_modify_ext instead, as these are thread safe.
  953. //
  954. // ldap_modify_s and ldap_modify_ext* calls are thread safe.
  955. //
  956. WINLDAPAPI ULONG LDAPAPI ldap_modifyW( LDAP *ld, PWCHAR dn, LDAPModW *mods[] );
  957. WINLDAPAPI ULONG LDAPAPI ldap_modifyA( LDAP *ld, PCHAR dn, LDAPModA *mods[] );
  958. WINLDAPAPI ULONG LDAPAPI ldap_modify_sW( LDAP *ld, PWCHAR dn, LDAPModW *mods[] );
  959. WINLDAPAPI ULONG LDAPAPI ldap_modify_sA( LDAP *ld, PCHAR dn, LDAPModA *mods[] );
  960. WINLDAPAPI ULONG LDAPAPI ldap_modify_extW(
  961. LDAP *ld,
  962. const PWCHAR dn,
  963. LDAPModW *mods[],
  964. PLDAPControlW *ServerControls,
  965. PLDAPControlW *ClientControls,
  966. ULONG *MessageNumber
  967. );
  968. WINLDAPAPI ULONG LDAPAPI ldap_modify_extA(
  969. LDAP *ld,
  970. const PCHAR dn,
  971. LDAPModA *mods[],
  972. PLDAPControlA *ServerControls,
  973. PLDAPControlA *ClientControls,
  974. ULONG *MessageNumber
  975. );
  976. WINLDAPAPI ULONG LDAPAPI ldap_modify_ext_sW(
  977. LDAP *ld,
  978. const PWCHAR dn,
  979. LDAPModW *mods[],
  980. PLDAPControlW *ServerControls,
  981. PLDAPControlW *ClientControls
  982. );
  983. WINLDAPAPI ULONG LDAPAPI ldap_modify_ext_sA(
  984. LDAP *ld,
  985. const PCHAR dn,
  986. LDAPModA *mods[],
  987. PLDAPControlA *ServerControls,
  988. PLDAPControlA *ClientControls
  989. );
  990. #if LDAP_UNICODE
  991. #define ldap_modify ldap_modifyW
  992. #define ldap_modify_s ldap_modify_sW
  993. #define ldap_modify_ext ldap_modify_extW
  994. #define ldap_modify_ext_s ldap_modify_ext_sW
  995. #else
  996. WINLDAPAPI ULONG LDAPAPI ldap_modify( LDAP *ld, PCHAR dn, LDAPModA *mods[] );
  997. WINLDAPAPI ULONG LDAPAPI ldap_modify_s( LDAP *ld, PCHAR dn, LDAPModA *mods[] );
  998. WINLDAPAPI ULONG LDAPAPI ldap_modify_ext(
  999. LDAP *ld,
  1000. const PCHAR dn,
  1001. LDAPModA *mods[],
  1002. PLDAPControlA *ServerControls,
  1003. PLDAPControlA *ClientControls,
  1004. ULONG *MessageNumber
  1005. );
  1006. WINLDAPAPI ULONG LDAPAPI ldap_modify_ext_s(
  1007. LDAP *ld,
  1008. const PCHAR dn,
  1009. LDAPModA *mods[],
  1010. PLDAPControlA *ServerControls,
  1011. PLDAPControlA *ClientControls
  1012. );
  1013. #endif
  1014. //
  1015. // modrdn and modrdn2 function both as RenameObject and MoveObject.
  1016. //
  1017. // Note that to LDAP v2 servers, only rename within a given container
  1018. // is supported... therefore NewDistinguishedName is actually NewRDN.
  1019. // Here are some examples :
  1020. //
  1021. // This works to both v2 and v3 servers :
  1022. //
  1023. // DN = CN=Bob,OU=FOO,O=BAR
  1024. // NewDN = CN=Joe
  1025. //
  1026. // result is: CN=Joe,OU=FOO,O=BAR
  1027. //
  1028. // This works to only v3 and above servers :
  1029. //
  1030. // DN = CN=Bob,OU=FOO,O=BAR
  1031. // NewDN = CN=Joe,OU=FOOBAR,O=BAR
  1032. //
  1033. // result is: CN=Joe,OU=FOOBAR,O=BAR
  1034. //
  1035. // If you try the second example to a v2 server, we'll send the whole
  1036. // NewDN over as the new RDN (rather than break up the parent OU and
  1037. // child). The server will then give you back some unknown error.
  1038. //
  1039. //
  1040. // multi-thread: ldap_modrdn and ldap_modrdn2 calls are not safe in that
  1041. // the message number is returned rather than the return code.
  1042. // You have to look at the connection block in an error case
  1043. // and the return code may be overwritten by another thread
  1044. // inbetween.
  1045. //
  1046. // Use ldap_rename_ext instead, as these are thread safe.
  1047. //
  1048. WINLDAPAPI ULONG LDAPAPI ldap_modrdn2W (
  1049. LDAP *ExternalHandle,
  1050. const PWCHAR DistinguishedName,
  1051. const PWCHAR NewDistinguishedName,
  1052. INT DeleteOldRdn
  1053. );
  1054. WINLDAPAPI ULONG LDAPAPI ldap_modrdn2A (
  1055. LDAP *ExternalHandle,
  1056. const PCHAR DistinguishedName,
  1057. const PCHAR NewDistinguishedName,
  1058. INT DeleteOldRdn
  1059. );
  1060. //
  1061. // ldap_modrdn simply calls ldap_modrdn2 with a value of 1 for DeleteOldRdn.
  1062. //
  1063. WINLDAPAPI ULONG LDAPAPI ldap_modrdnW (
  1064. LDAP *ExternalHandle,
  1065. const PWCHAR DistinguishedName,
  1066. const PWCHAR NewDistinguishedName
  1067. );
  1068. WINLDAPAPI ULONG LDAPAPI ldap_modrdnA (
  1069. LDAP *ExternalHandle,
  1070. const PCHAR DistinguishedName,
  1071. const PCHAR NewDistinguishedName
  1072. );
  1073. WINLDAPAPI ULONG LDAPAPI ldap_modrdn2_sW (
  1074. LDAP *ExternalHandle,
  1075. const PWCHAR DistinguishedName,
  1076. const PWCHAR NewDistinguishedName,
  1077. INT DeleteOldRdn
  1078. );
  1079. WINLDAPAPI ULONG LDAPAPI ldap_modrdn2_sA (
  1080. LDAP *ExternalHandle,
  1081. const PCHAR DistinguishedName,
  1082. const PCHAR NewDistinguishedName,
  1083. INT DeleteOldRdn
  1084. );
  1085. WINLDAPAPI ULONG LDAPAPI ldap_modrdn_sW (
  1086. LDAP *ExternalHandle,
  1087. const PWCHAR DistinguishedName,
  1088. const PWCHAR NewDistinguishedName
  1089. );
  1090. WINLDAPAPI ULONG LDAPAPI ldap_modrdn_sA (
  1091. LDAP *ExternalHandle,
  1092. const PCHAR DistinguishedName,
  1093. const PCHAR NewDistinguishedName
  1094. );
  1095. #if LDAP_UNICODE
  1096. #define ldap_modrdn2 ldap_modrdn2W
  1097. #define ldap_modrdn ldap_modrdnW
  1098. #define ldap_modrdn2_s ldap_modrdn2_sW
  1099. #define ldap_modrdn_s ldap_modrdn_sW
  1100. #else
  1101. WINLDAPAPI ULONG LDAPAPI ldap_modrdn2 (
  1102. LDAP *ExternalHandle,
  1103. const PCHAR DistinguishedName,
  1104. const PCHAR NewDistinguishedName,
  1105. INT DeleteOldRdn
  1106. );
  1107. WINLDAPAPI ULONG LDAPAPI ldap_modrdn (
  1108. LDAP *ExternalHandle,
  1109. const PCHAR DistinguishedName,
  1110. const PCHAR NewDistinguishedName
  1111. );
  1112. WINLDAPAPI ULONG LDAPAPI ldap_modrdn2_s (
  1113. LDAP *ExternalHandle,
  1114. const PCHAR DistinguishedName,
  1115. const PCHAR NewDistinguishedName,
  1116. INT DeleteOldRdn
  1117. );
  1118. WINLDAPAPI ULONG LDAPAPI ldap_modrdn_s (
  1119. LDAP *ExternalHandle,
  1120. const PCHAR DistinguishedName,
  1121. const PCHAR NewDistinguishedName
  1122. );
  1123. #endif
  1124. //
  1125. // Extended Rename operations. These take controls and separate out the
  1126. // parent from the RDN, for clarity.
  1127. //
  1128. WINLDAPAPI ULONG LDAPAPI ldap_rename_extW(
  1129. LDAP *ld,
  1130. const PWCHAR dn,
  1131. const PWCHAR NewRDN,
  1132. const PWCHAR NewParent,
  1133. INT DeleteOldRdn,
  1134. PLDAPControlW *ServerControls,
  1135. PLDAPControlW *ClientControls,
  1136. ULONG *MessageNumber
  1137. );
  1138. WINLDAPAPI ULONG LDAPAPI ldap_rename_extA(
  1139. LDAP *ld,
  1140. const PCHAR dn,
  1141. const PCHAR NewRDN,
  1142. const PCHAR NewParent,
  1143. INT DeleteOldRdn,
  1144. PLDAPControlA *ServerControls,
  1145. PLDAPControlA *ClientControls,
  1146. ULONG *MessageNumber
  1147. );
  1148. WINLDAPAPI ULONG LDAPAPI ldap_rename_ext_sW(
  1149. LDAP *ld,
  1150. const PWCHAR dn,
  1151. const PWCHAR NewRDN,
  1152. const PWCHAR NewParent,
  1153. INT DeleteOldRdn,
  1154. PLDAPControlW *ServerControls,
  1155. PLDAPControlW *ClientControls
  1156. );
  1157. WINLDAPAPI ULONG LDAPAPI ldap_rename_ext_sA(
  1158. LDAP *ld,
  1159. const PCHAR dn,
  1160. const PCHAR NewRDN,
  1161. const PCHAR NewParent,
  1162. INT DeleteOldRdn,
  1163. PLDAPControlA *ServerControls,
  1164. PLDAPControlA *ClientControls
  1165. );
  1166. #if LDAP_UNICODE
  1167. #define ldap_rename ldap_rename_extW
  1168. #define ldap_rename_s ldap_rename_ext_sW
  1169. #else
  1170. #define ldap_rename ldap_rename_extA
  1171. #define ldap_rename_s ldap_rename_ext_sA
  1172. #endif
  1173. #if LDAP_UNICODE
  1174. #define ldap_rename_ext ldap_rename_extW
  1175. #define ldap_rename_ext_s ldap_rename_ext_sW
  1176. #else
  1177. WINLDAPAPI ULONG LDAPAPI ldap_rename_ext(
  1178. LDAP *ld,
  1179. const PCHAR dn,
  1180. const PCHAR NewRDN,
  1181. const PCHAR NewParent,
  1182. INT DeleteOldRdn,
  1183. PLDAPControlA *ServerControls,
  1184. PLDAPControlA *ClientControls,
  1185. ULONG *MessageNumber
  1186. );
  1187. WINLDAPAPI ULONG LDAPAPI ldap_rename_ext_s(
  1188. LDAP *ld,
  1189. const PCHAR dn,
  1190. const PCHAR NewRDN,
  1191. const PCHAR NewParent,
  1192. INT DeleteOldRdn,
  1193. PLDAPControlA *ServerControls,
  1194. PLDAPControlA *ClientControls
  1195. );
  1196. #endif
  1197. //
  1198. // Add an entry to the tree
  1199. //
  1200. //
  1201. // multi-thread: ldap_add calls are not safe in that the message number
  1202. // is returned rather than the return code. You have to look
  1203. // at the connection block in an error case and the return code
  1204. // may be overwritten by another thread inbetween.
  1205. //
  1206. // Use ldap_add_ext instead, as these are thread safe.
  1207. //
  1208. // ldap_add_s and ldap_add_ext* calls are thread safe.
  1209. //
  1210. WINLDAPAPI ULONG LDAPAPI ldap_addW( LDAP *ld, PWCHAR dn, LDAPModW *attrs[] );
  1211. WINLDAPAPI ULONG LDAPAPI ldap_addA( LDAP *ld, PCHAR dn, LDAPModA *attrs[] );
  1212. WINLDAPAPI ULONG LDAPAPI ldap_add_sW( LDAP *ld, PWCHAR dn, LDAPModW *attrs[] );
  1213. WINLDAPAPI ULONG LDAPAPI ldap_add_sA( LDAP *ld, PCHAR dn, LDAPModA *attrs[] );
  1214. WINLDAPAPI ULONG LDAPAPI ldap_add_extW(
  1215. LDAP *ld,
  1216. const PWCHAR dn,
  1217. LDAPModW *attrs[],
  1218. PLDAPControlW *ServerControls,
  1219. PLDAPControlW *ClientControls,
  1220. ULONG *MessageNumber
  1221. );
  1222. WINLDAPAPI ULONG LDAPAPI ldap_add_extA(
  1223. LDAP *ld,
  1224. const PCHAR dn,
  1225. LDAPModA *attrs[],
  1226. PLDAPControlA *ServerControls,
  1227. PLDAPControlA *ClientControls,
  1228. ULONG *MessageNumber
  1229. );
  1230. WINLDAPAPI ULONG LDAPAPI ldap_add_ext_sW(
  1231. LDAP *ld,
  1232. const PWCHAR dn,
  1233. LDAPModW *attrs[],
  1234. PLDAPControlW *ServerControls,
  1235. PLDAPControlW *ClientControls
  1236. );
  1237. WINLDAPAPI ULONG LDAPAPI ldap_add_ext_sA(
  1238. LDAP *ld,
  1239. const PCHAR dn,
  1240. LDAPModA *attrs[],
  1241. PLDAPControlA *ServerControls,
  1242. PLDAPControlA *ClientControls
  1243. );
  1244. #if LDAP_UNICODE
  1245. #define ldap_add ldap_addW
  1246. #define ldap_add_s ldap_add_sW
  1247. #define ldap_add_ext ldap_add_extW
  1248. #define ldap_add_ext_s ldap_add_ext_sW
  1249. #else
  1250. WINLDAPAPI ULONG LDAPAPI ldap_add( LDAP *ld, PCHAR dn, LDAPMod *attrs[] );
  1251. WINLDAPAPI ULONG LDAPAPI ldap_add_s( LDAP *ld, PCHAR dn, LDAPMod *attrs[] );
  1252. WINLDAPAPI ULONG LDAPAPI ldap_add_ext(
  1253. LDAP *ld,
  1254. const PCHAR dn,
  1255. LDAPModA *attrs[],
  1256. PLDAPControlA *ServerControls,
  1257. PLDAPControlA *ClientControls,
  1258. ULONG *MessageNumber
  1259. );
  1260. WINLDAPAPI ULONG LDAPAPI ldap_add_ext_s(
  1261. LDAP *ld,
  1262. const PCHAR dn,
  1263. LDAPModA *attrs[],
  1264. PLDAPControlA *ServerControls,
  1265. PLDAPControlA *ClientControls
  1266. );
  1267. #endif
  1268. //
  1269. // Compare the attribute for a given entry to a known value.
  1270. //
  1271. //
  1272. // multi-thread: ldap_compare calls are not safe in that the message number
  1273. // is returned rather than the return code. You have to look
  1274. // at the connection block in an error case and the return code
  1275. // may be overwritten by another thread inbetween.
  1276. //
  1277. // Use ldap_compare_ext instead, as these are thread safe.
  1278. //
  1279. // ldap_compare_s and ldap_compare_ext* calls are thread safe.
  1280. //
  1281. WINLDAPAPI ULONG LDAPAPI ldap_compareW( LDAP *ld, const PWCHAR dn, const PWCHAR attr, PWCHAR value );
  1282. WINLDAPAPI ULONG LDAPAPI ldap_compareA( LDAP *ld, const PCHAR dn, const PCHAR attr, PCHAR value );
  1283. WINLDAPAPI ULONG LDAPAPI ldap_compare_sW( LDAP *ld, const PWCHAR dn, const PWCHAR attr, PWCHAR value );
  1284. WINLDAPAPI ULONG LDAPAPI ldap_compare_sA( LDAP *ld, const PCHAR dn, const PCHAR attr, PCHAR value );
  1285. #if LDAP_UNICODE
  1286. #define ldap_compare ldap_compareW
  1287. #define ldap_compare_s ldap_compare_sW
  1288. #else
  1289. WINLDAPAPI ULONG LDAPAPI ldap_compare( LDAP *ld, const PCHAR dn, const PCHAR attr, PCHAR value );
  1290. WINLDAPAPI ULONG LDAPAPI ldap_compare_s( LDAP *ld, const PCHAR dn, const PCHAR attr, PCHAR value );
  1291. #endif
  1292. //
  1293. // Extended Compare operations. These take controls and are thread safe.
  1294. // They also allow you to specify a bval structure for the data, so that it
  1295. // isn't translated from Unicode or ANSI to UTF8. Allows for comparison of
  1296. // raw binary data.
  1297. //
  1298. // Specify either Data or Value as not NULL. If both are not NULL, the
  1299. // berval Data will be used.
  1300. //
  1301. WINLDAPAPI ULONG LDAPAPI ldap_compare_extW(
  1302. LDAP *ld,
  1303. const PWCHAR dn,
  1304. const PWCHAR Attr,
  1305. const PWCHAR Value, // either value or Data is not null, not both
  1306. struct berval *Data,
  1307. PLDAPControlW *ServerControls,
  1308. PLDAPControlW *ClientControls,
  1309. ULONG *MessageNumber
  1310. );
  1311. WINLDAPAPI ULONG LDAPAPI ldap_compare_extA(
  1312. LDAP *ld,
  1313. const PCHAR dn,
  1314. const PCHAR Attr,
  1315. const PCHAR Value, // either value or Data is not null, not both
  1316. struct berval *Data,
  1317. PLDAPControlA *ServerControls,
  1318. PLDAPControlA *ClientControls,
  1319. ULONG *MessageNumber
  1320. );
  1321. WINLDAPAPI ULONG LDAPAPI ldap_compare_ext_sW(
  1322. LDAP *ld,
  1323. const PWCHAR dn,
  1324. const PWCHAR Attr,
  1325. const PWCHAR Value, // either value or Data is not null, not both
  1326. struct berval *Data,
  1327. PLDAPControlW *ServerControls,
  1328. PLDAPControlW *ClientControls
  1329. );
  1330. WINLDAPAPI ULONG LDAPAPI ldap_compare_ext_sA(
  1331. LDAP *ld,
  1332. const PCHAR dn,
  1333. const PCHAR Attr,
  1334. const PCHAR Value, // either value or Data is not null, not both
  1335. struct berval *Data,
  1336. PLDAPControlA *ServerControls,
  1337. PLDAPControlA *ClientControls
  1338. );
  1339. #if LDAP_UNICODE
  1340. #define ldap_compare_ext ldap_compare_extW
  1341. #define ldap_compare_ext_s ldap_compare_ext_sW
  1342. #else
  1343. WINLDAPAPI ULONG LDAPAPI ldap_compare_ext(
  1344. LDAP *ld,
  1345. const PCHAR dn,
  1346. const PCHAR Attr,
  1347. const PCHAR Value, // either value or Data is not null, not both
  1348. struct berval *Data,
  1349. PLDAPControlA *ServerControls,
  1350. PLDAPControlA *ClientControls,
  1351. ULONG *MessageNumber
  1352. );
  1353. WINLDAPAPI ULONG LDAPAPI ldap_compare_ext_s(
  1354. LDAP *ld,
  1355. const PCHAR dn,
  1356. const PCHAR Attr,
  1357. const PCHAR Value, // either value or Data is not null, not both
  1358. struct berval *Data,
  1359. PLDAPControlA *ServerControls,
  1360. PLDAPControlA *ClientControls
  1361. );
  1362. #endif
  1363. //
  1364. // Delete an object out of the tree
  1365. //
  1366. //
  1367. // multi-thread: ldap_delete calls are not safe in that the message number
  1368. // is returned rather than the return code. You have to look
  1369. // at the connection block in an error case and the return code
  1370. // may be overwritten by another thread inbetween.
  1371. //
  1372. // Use ldap_delete_ext instead, as these are thread safe.
  1373. //
  1374. // ldap_delete_s and ldap_delete_ext* calls are thread safe.
  1375. //
  1376. WINLDAPAPI ULONG LDAPAPI ldap_deleteW( LDAP *ld, const PWCHAR dn );
  1377. WINLDAPAPI ULONG LDAPAPI ldap_deleteA( LDAP *ld, const PCHAR dn );
  1378. WINLDAPAPI ULONG LDAPAPI ldap_delete_sW( LDAP *ld, const PWCHAR dn );
  1379. WINLDAPAPI ULONG LDAPAPI ldap_delete_sA( LDAP *ld, const PCHAR dn );
  1380. WINLDAPAPI ULONG LDAPAPI ldap_delete_extW(
  1381. LDAP *ld,
  1382. const PWCHAR dn,
  1383. PLDAPControlW *ServerControls,
  1384. PLDAPControlW *ClientControls,
  1385. ULONG *MessageNumber
  1386. );
  1387. WINLDAPAPI ULONG LDAPAPI ldap_delete_extA(
  1388. LDAP *ld,
  1389. const PCHAR dn,
  1390. PLDAPControlA *ServerControls,
  1391. PLDAPControlA *ClientControls,
  1392. ULONG *MessageNumber
  1393. );
  1394. WINLDAPAPI ULONG LDAPAPI ldap_delete_ext_sW(
  1395. LDAP *ld,
  1396. const PWCHAR dn,
  1397. PLDAPControlW *ServerControls,
  1398. PLDAPControlW *ClientControls
  1399. );
  1400. WINLDAPAPI ULONG LDAPAPI ldap_delete_ext_sA(
  1401. LDAP *ld,
  1402. const PCHAR dn,
  1403. PLDAPControlA *ServerControls,
  1404. PLDAPControlA *ClientControls
  1405. );
  1406. #if LDAP_UNICODE
  1407. #define ldap_delete ldap_deleteW
  1408. #define ldap_delete_ext ldap_delete_extW
  1409. #define ldap_delete_s ldap_delete_sW
  1410. #define ldap_delete_ext_s ldap_delete_ext_sW
  1411. #else
  1412. WINLDAPAPI ULONG LDAPAPI ldap_delete( LDAP *ld, PCHAR dn );
  1413. WINLDAPAPI ULONG LDAPAPI ldap_delete_s( LDAP *ld, PCHAR dn );
  1414. WINLDAPAPI ULONG LDAPAPI ldap_delete_ext(
  1415. LDAP *ld,
  1416. const PCHAR dn,
  1417. PLDAPControlA *ServerControls,
  1418. PLDAPControlA *ClientControls,
  1419. ULONG *MessageNumber
  1420. );
  1421. WINLDAPAPI ULONG LDAPAPI ldap_delete_ext_s(
  1422. LDAP *ld,
  1423. const PCHAR dn,
  1424. PLDAPControlA *ServerControls,
  1425. PLDAPControlA *ClientControls
  1426. );
  1427. #endif
  1428. //
  1429. // Give up on a request. No guarentee that it got there as there is no
  1430. // response from the server.
  1431. //
  1432. // multi-thread: ldap_abandon calls are thread safe
  1433. WINLDAPAPI ULONG LDAPAPI ldap_abandon( LDAP *ld, ULONG msgid );
  1434. //
  1435. // Possible values for "all" field in ldap_result. We've enhanced it such
  1436. // that if someone passes in LDAP_MSG_RECEIVED, we'll pass all values we've
  1437. // received up to that point.
  1438. //
  1439. #define LDAP_MSG_ONE 0
  1440. #define LDAP_MSG_ALL 1
  1441. #define LDAP_MSG_RECEIVED 2
  1442. //
  1443. // Get a response from a connection. One enhancement here is that ld can
  1444. // be null, in which case we'll return responses from any server. Free
  1445. // responses here with ldap_msgfree.
  1446. //
  1447. // For connection-less LDAP, you should pass in both a LDAP connection
  1448. // handle and a msgid. This will ensure we know which request the app
  1449. // is waiting on a reply to. ( we actively resend request until we get
  1450. // a response.)
  1451. //
  1452. // multi-thread: ldap_result calls are thread safe
  1453. WINLDAPAPI ULONG LDAPAPI ldap_result(
  1454. LDAP *ld,
  1455. ULONG msgid,
  1456. ULONG all,
  1457. struct l_timeval *timeout,
  1458. LDAPMessage **res
  1459. );
  1460. WINLDAPAPI ULONG LDAPAPI ldap_msgfree( LDAPMessage *res );
  1461. //
  1462. // This parses a message and returns the error code. It optionally frees
  1463. // the message by calling ldap_msgfree.
  1464. //
  1465. // multi-thread: ldap_result2error call is thread safe
  1466. WINLDAPAPI ULONG LDAPAPI ldap_result2error(
  1467. LDAP *ld,
  1468. LDAPMessage *res,
  1469. ULONG freeit // boolean.. free the message?
  1470. );
  1471. //
  1472. // Similar to ldap_result2error, this parses responses from the server and
  1473. // returns the appropriate fields. Use this one if you want to get at the
  1474. // referrals, matchingDNs, or server controls returned.
  1475. //
  1476. // multi-thread: ldap_parse_result call is thread safe
  1477. WINLDAPAPI ULONG LDAPAPI ldap_parse_resultW (
  1478. LDAP *Connection,
  1479. LDAPMessage *ResultMessage,
  1480. ULONG *ReturnCode OPTIONAL, // returned by server
  1481. PWCHAR *MatchedDNs OPTIONAL, // free with ldap_memfree
  1482. PWCHAR *ErrorMessage OPTIONAL, // free with ldap_memfree
  1483. PWCHAR **Referrals OPTIONAL, // free with ldap_value_freeW
  1484. PLDAPControlW **ServerControls OPTIONAL, // free with ldap_free_controlsW
  1485. BOOLEAN Freeit
  1486. );
  1487. WINLDAPAPI ULONG LDAPAPI ldap_parse_resultA (
  1488. LDAP *Connection,
  1489. LDAPMessage *ResultMessage,
  1490. ULONG *ReturnCode OPTIONAL, // returned by server
  1491. PCHAR *MatchedDNs OPTIONAL, // free with ldap_memfree
  1492. PCHAR *ErrorMessage OPTIONAL, // free with ldap_memfree
  1493. PCHAR **Referrals OPTIONAL, // free with ldap_value_freeA
  1494. PLDAPControlA **ServerControls OPTIONAL, // free with ldap_free_controlsA
  1495. BOOLEAN Freeit
  1496. );
  1497. WINLDAPAPI ULONG LDAPAPI ldap_parse_extended_resultA (
  1498. LDAP *Connection,
  1499. LDAPMessage *ResultMessage, // returned by server
  1500. PCHAR *ResultOID, // free with ldap_memfree
  1501. struct berval **ResultData, // free with ldap_memfree
  1502. BOOLEAN Freeit // Don't need the message anymore
  1503. );
  1504. WINLDAPAPI ULONG LDAPAPI ldap_parse_extended_resultW (
  1505. LDAP *Connection,
  1506. LDAPMessage *ResultMessage, // returned by server
  1507. PWCHAR *ResultOID, // free with ldap_memfree
  1508. struct berval **ResultData, // free with ldap_memfree
  1509. BOOLEAN Freeit // Don't need the message anymore
  1510. );
  1511. WINLDAPAPI ULONG LDAPAPI ldap_controls_freeA (
  1512. LDAPControlA **Controls
  1513. );
  1514. WINLDAPAPI ULONG LDAPAPI ldap_control_freeA (
  1515. LDAPControlA *Controls
  1516. );
  1517. WINLDAPAPI ULONG LDAPAPI ldap_controls_freeW (
  1518. LDAPControlW **Control
  1519. );
  1520. WINLDAPAPI ULONG LDAPAPI ldap_control_freeW (
  1521. LDAPControlW *Control
  1522. );
  1523. //
  1524. // ldap_free_controls are old, use ldap_controls_free
  1525. //
  1526. WINLDAPAPI ULONG LDAPAPI ldap_free_controlsW (
  1527. LDAPControlW **Controls
  1528. );
  1529. WINLDAPAPI ULONG LDAPAPI ldap_free_controlsA (
  1530. LDAPControlA **Controls
  1531. );
  1532. #if LDAP_UNICODE
  1533. #define ldap_parse_result ldap_parse_resultW
  1534. #define ldap_controls_free ldap_controls_freeW
  1535. #define ldap_control_free ldap_control_freeW
  1536. #define ldap_free_controls ldap_free_controlsW
  1537. #define ldap_parse_extended_result ldap_parse_extended_resultW
  1538. #else
  1539. #define ldap_parse_extended_result ldap_parse_extended_resultA
  1540. WINLDAPAPI ULONG LDAPAPI ldap_parse_result (
  1541. LDAP *Connection,
  1542. LDAPMessage *ResultMessage,
  1543. ULONG *ReturnCode OPTIONAL, // returned by server
  1544. PCHAR *MatchedDNs OPTIONAL, // free with ldap_memfree
  1545. PCHAR *ErrorMessage OPTIONAL, // free with ldap_memfree
  1546. PCHAR **Referrals OPTIONAL, // free with ldap_value_free
  1547. PLDAPControlA **ServerControls OPTIONAL, // free with ldap_free_controls
  1548. BOOLEAN Freeit
  1549. );
  1550. WINLDAPAPI ULONG LDAPAPI ldap_controls_free (
  1551. LDAPControlA **Controls
  1552. );
  1553. WINLDAPAPI ULONG LDAPAPI ldap_control_free (
  1554. LDAPControlA *Control
  1555. );
  1556. WINLDAPAPI ULONG LDAPAPI ldap_free_controls (
  1557. LDAPControlA **Controls
  1558. );
  1559. #endif
  1560. //
  1561. // ldap_err2string returns a pointer to a string describing the error. This
  1562. // string should not be freed.
  1563. //
  1564. WINLDAPAPI PWCHAR LDAPAPI ldap_err2stringW( ULONG err );
  1565. WINLDAPAPI PCHAR LDAPAPI ldap_err2stringA( ULONG err );
  1566. #if LDAP_UNICODE
  1567. #define ldap_err2string ldap_err2stringW
  1568. #else
  1569. WINLDAPAPI PCHAR LDAPAPI ldap_err2string( ULONG err );
  1570. #endif
  1571. //
  1572. // ldap_perror does nothing and is here just for compatibility.
  1573. //
  1574. WINLDAPAPI void LDAPAPI ldap_perror( LDAP *ld, const PCHAR msg );
  1575. //
  1576. // Return the first entry of a message. It is freed when the message is
  1577. // freed so should not be freed explicitly.
  1578. //
  1579. WINLDAPAPI LDAPMessage *LDAPAPI ldap_first_entry( LDAP *ld, LDAPMessage *res );
  1580. //
  1581. // Return the next entry of a message. It is freed when the message is
  1582. // freed so should not be freed explicitly.
  1583. //
  1584. WINLDAPAPI LDAPMessage *LDAPAPI ldap_next_entry( LDAP *ld, LDAPMessage *entry );
  1585. //
  1586. // Count the number of search entries returned by the server in a response
  1587. // to a server request.
  1588. //
  1589. WINLDAPAPI ULONG LDAPAPI ldap_count_entries( LDAP *ld, LDAPMessage *res );
  1590. //
  1591. // A BerElement really maps out to a C++ class object that does BER encoding.
  1592. // Don't mess with it as it's opaque.
  1593. //
  1594. typedef struct berelement {
  1595. PCHAR opaque; // this is an opaque structure used just for
  1596. // compatibility with reference implementation
  1597. } BerElement;
  1598. #define NULLBER ((BerElement *) 0)
  1599. //
  1600. // For a given entry, return the first attribute. The pointer returned is
  1601. // actually a buffer in the connection block (with allowances for
  1602. // multi-threaded apps) so it should not be freed.
  1603. //
  1604. WINLDAPAPI PWCHAR LDAPAPI ldap_first_attributeW(
  1605. LDAP *ld,
  1606. LDAPMessage *entry,
  1607. BerElement **ptr
  1608. );
  1609. WINLDAPAPI PCHAR LDAPAPI ldap_first_attributeA(
  1610. LDAP *ld,
  1611. LDAPMessage *entry,
  1612. BerElement **ptr
  1613. );
  1614. #if LDAP_UNICODE
  1615. #define ldap_first_attribute ldap_first_attributeW
  1616. #else
  1617. WINLDAPAPI PCHAR LDAPAPI ldap_first_attribute(
  1618. LDAP *ld,
  1619. LDAPMessage *entry,
  1620. BerElement **ptr
  1621. );
  1622. #endif
  1623. //
  1624. // Return the next attribute... again, the attribute pointer should not be
  1625. // freed.
  1626. //
  1627. WINLDAPAPI PWCHAR LDAPAPI ldap_next_attributeW(
  1628. LDAP *ld,
  1629. LDAPMessage *entry,
  1630. BerElement *ptr
  1631. );
  1632. WINLDAPAPI PCHAR LDAPAPI ldap_next_attributeA(
  1633. LDAP *ld,
  1634. LDAPMessage *entry,
  1635. BerElement *ptr
  1636. );
  1637. #if LDAP_UNICODE
  1638. #define ldap_next_attribute ldap_next_attributeW
  1639. #else
  1640. WINLDAPAPI PCHAR LDAPAPI ldap_next_attribute(
  1641. LDAP *ld,
  1642. LDAPMessage *entry,
  1643. BerElement *ptr
  1644. );
  1645. #endif
  1646. //
  1647. // Get a given attribute's list of values. This is used during parsing of
  1648. // a search response. It returns a list of pointers to values, the list is
  1649. // null terminated.
  1650. //
  1651. // If the values are generic octet strings and not null terminated strings,
  1652. // use ldap_get_values_len instead.
  1653. //
  1654. // The returned value should be freed when your done with it by calling
  1655. // ldap_value_free.
  1656. //
  1657. WINLDAPAPI PWCHAR *LDAPAPI ldap_get_valuesW(
  1658. LDAP *ld,
  1659. LDAPMessage *entry,
  1660. const PWCHAR attr
  1661. );
  1662. WINLDAPAPI PCHAR *LDAPAPI ldap_get_valuesA(
  1663. LDAP *ld,
  1664. LDAPMessage *entry,
  1665. const PCHAR attr
  1666. );
  1667. #if LDAP_UNICODE
  1668. #define ldap_get_values ldap_get_valuesW
  1669. #else
  1670. WINLDAPAPI PCHAR *LDAPAPI ldap_get_values(
  1671. LDAP *ld,
  1672. LDAPMessage *entry,
  1673. const PCHAR attr
  1674. );
  1675. #endif
  1676. //
  1677. // Get a given attribute's list of values. This is used during parsing of
  1678. // a search response. It returns a list of berval structures to values,
  1679. // the list is null terminated.
  1680. //
  1681. // If the values are null terminated strings, it may be easier to process them
  1682. // by calling ldap_get_values instead.
  1683. //
  1684. // The returned value should be freed when your done with it by calling
  1685. // ldap_value_free_len.
  1686. //
  1687. WINLDAPAPI struct berval **LDAPAPI ldap_get_values_lenW (
  1688. LDAP *ExternalHandle,
  1689. LDAPMessage *Message,
  1690. const PWCHAR attr
  1691. );
  1692. WINLDAPAPI struct berval **LDAPAPI ldap_get_values_lenA (
  1693. LDAP *ExternalHandle,
  1694. LDAPMessage *Message,
  1695. const PCHAR attr
  1696. );
  1697. #if LDAP_UNICODE
  1698. #define ldap_get_values_len ldap_get_values_lenW
  1699. #else
  1700. WINLDAPAPI struct berval **LDAPAPI ldap_get_values_len (
  1701. LDAP *ExternalHandle,
  1702. LDAPMessage *Message,
  1703. const PCHAR attr
  1704. );
  1705. #endif
  1706. //
  1707. // Return the number of values in a list returned by ldap_get_values.
  1708. //
  1709. WINLDAPAPI ULONG LDAPAPI ldap_count_valuesW( PWCHAR *vals );
  1710. WINLDAPAPI ULONG LDAPAPI ldap_count_valuesA( PCHAR *vals );
  1711. #if LDAP_UNICODE
  1712. #define ldap_count_values ldap_count_valuesW
  1713. #else
  1714. WINLDAPAPI ULONG LDAPAPI ldap_count_values( PCHAR *vals );
  1715. #endif
  1716. //
  1717. // Return the number of values in a list returned by ldap_get_values_len.
  1718. //
  1719. WINLDAPAPI ULONG LDAPAPI ldap_count_values_len( struct berval **vals );
  1720. //
  1721. // Free structures returned by ldap_get_values.
  1722. //
  1723. WINLDAPAPI ULONG LDAPAPI ldap_value_freeW( PWCHAR *vals );
  1724. WINLDAPAPI ULONG LDAPAPI ldap_value_freeA( PCHAR *vals );
  1725. #if LDAP_UNICODE
  1726. #define ldap_value_free ldap_value_freeW
  1727. #else
  1728. WINLDAPAPI ULONG LDAPAPI ldap_value_free( PCHAR *vals );
  1729. #endif
  1730. //
  1731. // Free structures returned by ldap_get_values_len.
  1732. //
  1733. WINLDAPAPI ULONG LDAPAPI ldap_value_free_len( struct berval **vals );
  1734. //
  1735. // Get the distinguished name for a given search entry. It should be freed
  1736. // by calling ldap_memfree.
  1737. //
  1738. WINLDAPAPI PWCHAR LDAPAPI ldap_get_dnW( LDAP *ld, LDAPMessage *entry );
  1739. WINLDAPAPI PCHAR LDAPAPI ldap_get_dnA( LDAP *ld, LDAPMessage *entry );
  1740. #if LDAP_UNICODE
  1741. #define ldap_get_dn ldap_get_dnW
  1742. #else
  1743. WINLDAPAPI PCHAR LDAPAPI ldap_get_dn( LDAP *ld, LDAPMessage *entry );
  1744. #endif
  1745. //
  1746. // When using ldap_explode_dn, you should free the returned string by
  1747. // calling ldap_value_free.
  1748. //
  1749. WINLDAPAPI PWCHAR *LDAPAPI ldap_explode_dnW( const PWCHAR dn, ULONG notypes );
  1750. WINLDAPAPI PCHAR *LDAPAPI ldap_explode_dnA( const PCHAR dn, ULONG notypes );
  1751. #if LDAP_UNICODE
  1752. #define ldap_explode_dn ldap_explode_dnW
  1753. #else
  1754. WINLDAPAPI PCHAR *LDAPAPI ldap_explode_dn( const PCHAR dn, ULONG notypes );
  1755. #endif
  1756. //
  1757. // When calling ldap_dn2ufn, you should free the returned string by calling
  1758. // ldap_memfree.
  1759. //
  1760. WINLDAPAPI PWCHAR LDAPAPI ldap_dn2ufnW( const PWCHAR dn );
  1761. WINLDAPAPI PCHAR LDAPAPI ldap_dn2ufnA( const PCHAR dn );
  1762. #if LDAP_UNICODE
  1763. #define ldap_dn2ufn ldap_dn2ufnW
  1764. #else
  1765. WINLDAPAPI PCHAR LDAPAPI ldap_dn2ufn( const PCHAR dn );
  1766. #endif
  1767. //
  1768. // This is used to free strings back to the LDAP API heap. Don't pass in
  1769. // values that you've gotten from ldap_open, ldap_get_values, etc.
  1770. //
  1771. WINLDAPAPI VOID LDAPAPI ldap_memfreeW( PWCHAR Block );
  1772. WINLDAPAPI VOID LDAPAPI ldap_memfreeA( PCHAR Block );
  1773. WINLDAPAPI VOID LDAPAPI ber_bvfree( struct berval *bv );
  1774. #if LDAP_UNICODE
  1775. #define ldap_memfree ldap_memfreeW
  1776. #else
  1777. WINLDAPAPI VOID LDAPAPI ldap_memfree( PCHAR Block );
  1778. #endif
  1779. //
  1780. // The function ldap_ufn2dn attempts to "normalize" a user specified DN
  1781. // to make it "proper". It follows RFC 1781 (add CN= if not present,
  1782. // add OU= if none present, etc). If it runs into any problems at all
  1783. // while normalizing, it simply returns a copy of what was passed in.
  1784. //
  1785. // It allocates the output string from the LDAP memory pool. If the pDn
  1786. // comes back as non-NULL, you should free it when you're done with a call
  1787. // to ldap_memfree.
  1788. //
  1789. WINLDAPAPI ULONG LDAPAPI ldap_ufn2dnW (
  1790. const PWCHAR ufn,
  1791. PWCHAR *pDn
  1792. );
  1793. WINLDAPAPI ULONG LDAPAPI ldap_ufn2dnA (
  1794. const PCHAR ufn,
  1795. PCHAR *pDn
  1796. );
  1797. #if LDAP_UNICODE
  1798. #define ldap_ufn2dn ldap_ufn2dnW
  1799. #else
  1800. WINLDAPAPI ULONG LDAPAPI ldap_ufn2dn (
  1801. const PCHAR ufn,
  1802. PCHAR *pDn
  1803. );
  1804. #endif
  1805. #define LBER_USE_DER 0x01
  1806. #define LBER_USE_INDEFINITE_LEN 0x02
  1807. #define LBER_TRANSLATE_STRINGS 0x04
  1808. //
  1809. // Call to initialize the LDAP library. Pass in a version structure with
  1810. // lv_size set to sizeof( LDAP_VERSION ), lv_major set to LAPI_MAJOR_VER1,
  1811. // and lv_minor set to LAPI_MINOR_VER1. Return value will be either
  1812. // LDAP_SUCCESS if OK or LDAP_OPERATIONS_ERROR if can't be supported.
  1813. //
  1814. #define LAPI_MAJOR_VER1 1
  1815. #define LAPI_MINOR_VER1 1
  1816. typedef struct ldap_version_info {
  1817. ULONG lv_size;
  1818. ULONG lv_major;
  1819. ULONG lv_minor;
  1820. } LDAP_VERSION_INFO, *PLDAP_VERSION_INFO;
  1821. WINLDAPAPI ULONG LDAPAPI ldap_startup (
  1822. PLDAP_VERSION_INFO version,
  1823. HANDLE *Instance
  1824. );
  1825. //
  1826. // Calls to retrieve basic information about the API and specific implementations
  1827. // being used. The caller has to pass the LDAP_OPT_API_INFO option along with
  1828. // a pointer to the following structure to retrieve information about this library.
  1829. // It is the caller's responsibility to free the individual strings and string
  1830. // arrays in the structure using ldap_memfree() and ldap_value_free() respectively.
  1831. //
  1832. #define LDAP_API_INFO_VERSION 1
  1833. #define LDAP_API_VERSION 2004
  1834. #define LDAP_VERSION_MIN 2
  1835. #define LDAP_VERSION_MAX 3
  1836. #define LDAP_VENDOR_NAME "Microsoft Corporation."
  1837. #define LDAP_VENDOR_NAME_W L"Microsoft Corporation."
  1838. #define LDAP_VENDOR_VERSION 510
  1839. typedef struct ldapapiinfoA {
  1840. int ldapai_info_version; /* version of this struct: LDAP_API_INFO_VERSION */
  1841. int ldapai_api_version; /* revision of API supported */
  1842. int ldapai_protocol_version; /* highest LDAP version supported */
  1843. char **ldapai_extensions; /* names of API extensions */
  1844. char *ldapai_vendor_name; /* name of supplier */
  1845. int ldapai_vendor_version; /* supplier-specific version times 100 */
  1846. } LDAPAPIInfoA;
  1847. typedef struct ldapapiinfoW {
  1848. int ldapai_info_version; /* version of this struct: LDAP_API_INFO_VERSION */
  1849. int ldapai_api_version; /* revision of API supported */
  1850. int ldapai_protocol_version; /* highest LDAP version supported */
  1851. PWCHAR *ldapai_extensions; /* names of API extensions */
  1852. PWCHAR ldapai_vendor_name; /* name of supplier */
  1853. int ldapai_vendor_version; /* supplier-specific version times 100 */
  1854. } LDAPAPIInfoW;
  1855. #define LDAP_FEATURE_INFO_VERSION 1
  1856. typedef struct ldap_apifeature_infoA {
  1857. int ldapaif_info_version; /* version of this struct : LDAP_FEATURE_INFO_VERSION */
  1858. char *ldapaif_name; /* name of supported feature */
  1859. int ldapaif_version; /* revision of supported feature */
  1860. } LDAPAPIFeatureInfoA;
  1861. typedef struct ldap_apifeature_infoW {
  1862. int ldapaif_info_version; /* version of this struct : LDAP_FEATURE_INFO_VERSION */
  1863. PWCHAR ldapaif_name; /* name of supported feature */
  1864. int ldapaif_version; /* revision of supported feature */
  1865. } LDAPAPIFeatureInfoW;
  1866. #if LDAP_UNICODE
  1867. #define LDAPAPIInfo LDAPAPIInfoW
  1868. #define LDAPAPIFeatureInfo LDAPAPIFeatureInfoW
  1869. #else
  1870. #define LDAPAPIInfo LDAPAPIInfoA
  1871. #define LDAPAPIFeatureInfo LDAPAPIFeatureInfoA
  1872. #endif
  1873. //
  1874. // ldap_cleanup unloads the library when the refcount of opens goes to zero.
  1875. // (i.e. if a DLL calls it within a program that is also using it, it won't
  1876. // free all resources)
  1877. //
  1878. WINLDAPAPI ULONG LDAPAPI ldap_cleanup (
  1879. HANDLE hInstance
  1880. );
  1881. //
  1882. // Extended API to support allowing opaque blobs of data in search filters.
  1883. // This API takes any filter element and converts it to a safe text string that
  1884. // can safely be passed in a search filter.
  1885. // An example of using this is :
  1886. //
  1887. // filter is something like guid=4826BF6CF0123444
  1888. // this will put out on the wire guid of binary 0x4826BF6CF0123444
  1889. //
  1890. // call ldap_escape_filter_element with sourceFilterElement pointing to
  1891. // raw data, sourceCount set appropriately to length of data.
  1892. //
  1893. // if destFilterElement is NULL, then return value is length required for
  1894. // output buffer.
  1895. //
  1896. // if destFilterElement is not NULL, then the function will copy the source
  1897. // into the dest buffer and ensure that it is of a safe format.
  1898. //
  1899. // then simply insert the dest buffer into your search filter after the
  1900. // "attributetype=".
  1901. //
  1902. // this will put out on the wire guid of binary 0x004826BF6CF000123444
  1903. //
  1904. // Note : don't call this for attribute values that are really strings, as
  1905. // we won't do any conversion from what you passed in to UTF-8. Should only
  1906. // be used for attributes that really are raw binary.
  1907. //
  1908. WINLDAPAPI ULONG LDAPAPI ldap_escape_filter_elementW (
  1909. PCHAR sourceFilterElement,
  1910. ULONG sourceLength,
  1911. PWCHAR destFilterElement,
  1912. ULONG destLength
  1913. );
  1914. WINLDAPAPI ULONG LDAPAPI ldap_escape_filter_elementA (
  1915. PCHAR sourceFilterElement,
  1916. ULONG sourceLength,
  1917. PCHAR destFilterElement,
  1918. ULONG destLength
  1919. );
  1920. #if LDAP_UNICODE
  1921. #define ldap_escape_filter_element ldap_escape_filter_elementW
  1922. #else
  1923. WINLDAPAPI ULONG LDAPAPI ldap_escape_filter_element (
  1924. PCHAR sourceFilterElement,
  1925. ULONG sourceLength,
  1926. PCHAR destFilterElement,
  1927. ULONG destLength
  1928. );
  1929. #endif
  1930. //
  1931. // Misc extensions for additional debugging.
  1932. //
  1933. // Note that these do nothing on free builds.
  1934. //
  1935. WINLDAPAPI ULONG LDAPAPI ldap_set_dbg_flags( ULONG NewFlags );
  1936. typedef ULONG (_cdecl *DBGPRINT)( PCH Format, ... );
  1937. WINLDAPAPI VOID LDAPAPI ldap_set_dbg_routine( DBGPRINT DebugPrintRoutine );
  1938. //
  1939. // These routines are possibly useful by other modules. Note that Win95
  1940. // doesn't by default have the UTF-8 codepage loaded. So a good way to
  1941. // convert from UTF-8 to Unicode.
  1942. //
  1943. WINLDAPAPI int LDAPAPI
  1944. LdapUTF8ToUnicode(
  1945. LPCSTR lpSrcStr,
  1946. int cchSrc,
  1947. LPWSTR lpDestStr,
  1948. int cchDest
  1949. );
  1950. WINLDAPAPI
  1951. int LDAPAPI
  1952. LdapUnicodeToUTF8(
  1953. LPCWSTR lpSrcStr,
  1954. int cchSrc,
  1955. LPSTR lpDestStr,
  1956. int cchDest
  1957. );
  1958. //
  1959. // LDAPv3 features :
  1960. //
  1961. // Sort Keys... these are used to ask the server to sort the results
  1962. // before sending the results back. LDAPv3 only and optional to implement
  1963. // on the server side. Check supportedControl for an OID of
  1964. // "1.2.840.113556.1.4.473" to see if the server supports it.
  1965. //
  1966. #define LDAP_SERVER_SORT_OID "1.2.840.113556.1.4.473"
  1967. #define LDAP_SERVER_SORT_OID_W L"1.2.840.113556.1.4.473"
  1968. #define LDAP_SERVER_RESP_SORT_OID "1.2.840.113556.1.4.474"
  1969. #define LDAP_SERVER_RESP_SORT_OID_W L"1.2.840.113556.1.4.474"
  1970. typedef struct ldapsearch LDAPSearch, *PLDAPSearch;
  1971. typedef struct ldapsortkeyW {
  1972. PWCHAR sk_attrtype;
  1973. PWCHAR sk_matchruleoid;
  1974. BOOLEAN sk_reverseorder;
  1975. } LDAPSortKeyW, *PLDAPSortKeyW;
  1976. typedef struct ldapsortkeyA {
  1977. PCHAR sk_attrtype;
  1978. PCHAR sk_matchruleoid;
  1979. BOOLEAN sk_reverseorder;
  1980. } LDAPSortKeyA, *PLDAPSortKeyA;
  1981. #if LDAP_UNICODE
  1982. #define LDAPSortKey LDAPSortKeyW
  1983. #define PLDAPSortKey PLDAPSortKeyW
  1984. #else
  1985. #define LDAPSortKey LDAPSortKeyA
  1986. #define PLDAPSortKey PLDAPSortKeyA
  1987. #endif
  1988. //
  1989. // This API formats a list of sort keys into a search control. Call
  1990. // ldap_control_free when you're finished with the control.
  1991. //
  1992. // Use this one rather than ldap_encode_sort_control as this is per RFC.
  1993. //
  1994. WINLDAPAPI ULONG LDAPAPI ldap_create_sort_controlA (
  1995. PLDAP ExternalHandle,
  1996. PLDAPSortKeyA *SortKeys,
  1997. UCHAR IsCritical,
  1998. PLDAPControlA *Control
  1999. );
  2000. WINLDAPAPI ULONG LDAPAPI ldap_create_sort_controlW (
  2001. PLDAP ExternalHandle,
  2002. PLDAPSortKeyW *SortKeys,
  2003. UCHAR IsCritical,
  2004. PLDAPControlW *Control
  2005. );
  2006. //
  2007. // This API parses the sort control returned by the server. Use ldap_memfree
  2008. // to free the attribute value, if it's returned.
  2009. //
  2010. WINLDAPAPI ULONG LDAPAPI ldap_parse_sort_controlA (
  2011. PLDAP ExternalHandle,
  2012. PLDAPControlA *Control,
  2013. ULONG *Result,
  2014. PCHAR *Attribute
  2015. );
  2016. WINLDAPAPI ULONG LDAPAPI ldap_parse_sort_controlW (
  2017. PLDAP ExternalHandle,
  2018. PLDAPControlW *Control,
  2019. ULONG *Result,
  2020. PWCHAR *Attribute
  2021. );
  2022. #if LDAP_UNICODE
  2023. #define ldap_create_sort_control ldap_create_sort_controlW
  2024. #define ldap_parse_sort_control ldap_parse_sort_controlW
  2025. #else
  2026. WINLDAPAPI ULONG LDAPAPI ldap_create_sort_control (
  2027. PLDAP ExternalHandle,
  2028. PLDAPSortKeyA *SortKeys,
  2029. UCHAR IsCritical,
  2030. PLDAPControlA *Control
  2031. );
  2032. WINLDAPAPI ULONG LDAPAPI ldap_parse_sort_control (
  2033. PLDAP ExternalHandle,
  2034. PLDAPControlA *Control,
  2035. ULONG *Result,
  2036. PCHAR *Attribute
  2037. );
  2038. #endif
  2039. //
  2040. // This API formats a list of sort keys into a search control. Call
  2041. // ldap_memfree for both Control->ldctl_value.bv_val and
  2042. // Control->currentControl->ldctl_oid when you're finished with the control.
  2043. //
  2044. // This is the old sort API that will be shortly pulled. Please use
  2045. // ldap_create_sort_control defined above.
  2046. //
  2047. WINLDAPAPI ULONG LDAPAPI ldap_encode_sort_controlW (
  2048. PLDAP ExternalHandle,
  2049. PLDAPSortKeyW *SortKeys,
  2050. PLDAPControlW Control,
  2051. BOOLEAN Criticality
  2052. );
  2053. WINLDAPAPI ULONG LDAPAPI ldap_encode_sort_controlA (
  2054. PLDAP ExternalHandle,
  2055. PLDAPSortKeyA *SortKeys,
  2056. PLDAPControlA Control,
  2057. BOOLEAN Criticality
  2058. );
  2059. #if LDAP_UNICODE
  2060. #define ldap_encode_sort_control ldap_encode_sort_controlW
  2061. #else
  2062. WINLDAPAPI ULONG LDAPAPI ldap_encode_sort_control (
  2063. PLDAP ExternalHandle,
  2064. PLDAPSortKeyA *SortKeys,
  2065. PLDAPControlA Control,
  2066. BOOLEAN Criticality
  2067. );
  2068. #endif
  2069. //
  2070. // LDAPv3: This is the RFC defined API for the simple paging of results
  2071. // control. Use ldap_control_free to free the control allocated by
  2072. // ldap_create_page_control.
  2073. //
  2074. WINLDAPAPI ULONG LDAPAPI ldap_create_page_controlW(
  2075. PLDAP ExternalHandle,
  2076. ULONG PageSize,
  2077. struct berval *Cookie,
  2078. UCHAR IsCritical,
  2079. PLDAPControlW *Control
  2080. );
  2081. WINLDAPAPI ULONG LDAPAPI ldap_create_page_controlA(
  2082. PLDAP ExternalHandle,
  2083. ULONG PageSize,
  2084. struct berval *Cookie,
  2085. UCHAR IsCritical,
  2086. PLDAPControlA *Control
  2087. );
  2088. WINLDAPAPI ULONG LDAPAPI ldap_parse_page_controlW (
  2089. PLDAP ExternalHandle,
  2090. PLDAPControlW *ServerControls,
  2091. ULONG *TotalCount,
  2092. struct berval **Cookie // Use ber_bvfree to free
  2093. );
  2094. WINLDAPAPI ULONG LDAPAPI ldap_parse_page_controlA (
  2095. PLDAP ExternalHandle,
  2096. PLDAPControlA *ServerControls,
  2097. ULONG *TotalCount,
  2098. struct berval **Cookie // Use ber_bvfree to free
  2099. );
  2100. #if LDAP_UNICODE
  2101. #define ldap_create_page_control ldap_create_page_controlW
  2102. #define ldap_parse_page_control ldap_parse_page_controlW
  2103. #else
  2104. WINLDAPAPI ULONG LDAPAPI ldap_create_page_control(
  2105. PLDAP ExternalHandle,
  2106. ULONG PageSize,
  2107. struct berval *Cookie,
  2108. UCHAR IsCritical,
  2109. PLDAPControlA *Control
  2110. );
  2111. WINLDAPAPI ULONG LDAPAPI ldap_parse_page_control (
  2112. PLDAP ExternalHandle,
  2113. PLDAPControlA *ServerControls,
  2114. ULONG *TotalCount,
  2115. struct berval **Cookie // Use ber_bvfree to free
  2116. );
  2117. #endif
  2118. //
  2119. // LDAPv3: This is the interface for simple paging of results. To ensure
  2120. // that the server supports it, check the supportedControl property off of
  2121. // the root for an OID of 1.2.840.113556.1.4.319. If it is there, then it
  2122. // supports this feature.
  2123. //
  2124. // If you're going to specify sort keys, see section above on sort keys on
  2125. // now to tell if they're supported by the server.
  2126. //
  2127. // You first call ldap_search_init_page. If it returns a non-NULL LDAPSearch
  2128. // block, then it worked ok. Otherwise call LdapGetLastError to find error.
  2129. //
  2130. // With a valid LDAPSearch block (there are opaque), call ldap_get_next_page
  2131. // or ldap_get_next_page_s. If you call ldap_get_next_page, you MUST call
  2132. // ldap_get_paged_count for each set of results that you get for that message.
  2133. // This allows the library to save off the cookie that the server sent to
  2134. // resume the search.
  2135. //
  2136. // Other than calling ldap_get_paged_count, the results you get back from
  2137. // ldap_get_next_page can be treated as any other search result, and should
  2138. // be freed when you're done by calling ldap_msgfree.
  2139. //
  2140. // When the end of the search is hit, you'll get a return code of
  2141. // LDAP_NO_RESULTS_RETURNED. At this point, (or any point after LDAPSearch
  2142. // structure has been allocated), you call ldap_search_abandon_page. You
  2143. // need to call this even after you get a return code of
  2144. // LDAP_NO_RESULTS_RETURNED.
  2145. //
  2146. // If you call ldap_get_next_page_s, you don't need to call
  2147. // ldap_get_paged_count.
  2148. //
  2149. #define LDAP_PAGED_RESULT_OID_STRING "1.2.840.113556.1.4.319"
  2150. #define LDAP_PAGED_RESULT_OID_STRING_W L"1.2.840.113556.1.4.319"
  2151. WINLDAPAPI PLDAPSearch LDAPAPI ldap_search_init_pageW(
  2152. PLDAP ExternalHandle,
  2153. const PWCHAR DistinguishedName,
  2154. ULONG ScopeOfSearch,
  2155. const PWCHAR SearchFilter,
  2156. PWCHAR AttributeList[],
  2157. ULONG AttributesOnly,
  2158. PLDAPControlW *ServerControls,
  2159. PLDAPControlW *ClientControls,
  2160. ULONG PageTimeLimit,
  2161. ULONG TotalSizeLimit,
  2162. PLDAPSortKeyW *SortKeys
  2163. );
  2164. WINLDAPAPI PLDAPSearch LDAPAPI ldap_search_init_pageA(
  2165. PLDAP ExternalHandle,
  2166. const PCHAR DistinguishedName,
  2167. ULONG ScopeOfSearch,
  2168. const PCHAR SearchFilter,
  2169. PCHAR AttributeList[],
  2170. ULONG AttributesOnly,
  2171. PLDAPControlA *ServerControls,
  2172. PLDAPControlA *ClientControls,
  2173. ULONG PageTimeLimit,
  2174. ULONG TotalSizeLimit,
  2175. PLDAPSortKeyA *SortKeys
  2176. );
  2177. #if LDAP_UNICODE
  2178. #define ldap_search_init_page ldap_search_init_pageW
  2179. #else
  2180. WINLDAPAPI PLDAPSearch LDAPAPI ldap_search_init_page(
  2181. PLDAP ExternalHandle,
  2182. const PCHAR DistinguishedName,
  2183. ULONG ScopeOfSearch,
  2184. const PCHAR SearchFilter,
  2185. PCHAR AttributeList[],
  2186. ULONG AttributesOnly,
  2187. PLDAPControl *ServerControls,
  2188. PLDAPControl *ClientControls,
  2189. ULONG PageTimeLimit,
  2190. ULONG TotalSizeLimit,
  2191. PLDAPSortKey *SortKeys
  2192. );
  2193. #endif
  2194. WINLDAPAPI ULONG LDAPAPI ldap_get_next_page(
  2195. PLDAP ExternalHandle,
  2196. PLDAPSearch SearchHandle,
  2197. ULONG PageSize,
  2198. ULONG *MessageNumber
  2199. );
  2200. WINLDAPAPI ULONG LDAPAPI ldap_get_next_page_s(
  2201. PLDAP ExternalHandle,
  2202. PLDAPSearch SearchHandle,
  2203. struct l_timeval *timeout,
  2204. ULONG PageSize,
  2205. ULONG *TotalCount,
  2206. LDAPMessage **Results
  2207. );
  2208. WINLDAPAPI ULONG LDAPAPI ldap_get_paged_count(
  2209. PLDAP ExternalHandle,
  2210. PLDAPSearch SearchBlock,
  2211. ULONG *TotalCount,
  2212. PLDAPMessage Results
  2213. );
  2214. WINLDAPAPI ULONG LDAPAPI ldap_search_abandon_page(
  2215. PLDAP ExternalHandle,
  2216. PLDAPSearch SearchBlock
  2217. );
  2218. //
  2219. // The Virtual List View (VLV) functions are used to simulate an address book
  2220. // like client scenario where the user can request a small window of results
  2221. // within a larger result set. The advantage of this method is that the client
  2222. // does not have to store all of the results sent back from the server. This
  2223. // also acts as a superset of simple paging.
  2224. //
  2225. #define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
  2226. #define LDAP_CONTROL_VLVREQUEST_W L"2.16.840.1.113730.3.4.9"
  2227. #define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
  2228. #define LDAP_CONTROL_VLVRESPONSE_W L"2.16.840.1.113730.3.4.10"
  2229. //
  2230. // This library supports the version 01 of the internet draft
  2231. // draft-smith-ldap-c-api-ext-vlv-01.txt
  2232. //
  2233. #define LDAP_API_FEATURE_VIRTUAL_LIST_VIEW 1001
  2234. #define LDAP_VLVINFO_VERSION 1
  2235. typedef struct ldapvlvinfo {
  2236. int ldvlv_version; // version of this struct (1)
  2237. ULONG ldvlv_before_count;
  2238. ULONG ldvlv_after_count;
  2239. ULONG ldvlv_offset; // used if ldvlv_attrvalue is NULL
  2240. ULONG ldvlv_count; // used if ldvlv_attrvalue is NULL
  2241. PBERVAL ldvlv_attrvalue;
  2242. PBERVAL ldvlv_context;
  2243. VOID *ldvlv_extradata; // for use by application
  2244. } LDAPVLVInfo, *PLDAPVLVInfo;
  2245. WINLDAPAPI INT LDAPAPI ldap_create_vlv_controlW (
  2246. PLDAP ExternalHandle,
  2247. PLDAPVLVInfo VlvInfo,
  2248. UCHAR IsCritical,
  2249. PLDAPControlW *Control
  2250. );
  2251. WINLDAPAPI INT LDAPAPI ldap_create_vlv_controlA (
  2252. PLDAP ExternalHandle,
  2253. PLDAPVLVInfo VlvInfo,
  2254. UCHAR IsCritical,
  2255. PLDAPControlA *Control
  2256. );
  2257. WINLDAPAPI INT LDAPAPI ldap_parse_vlv_controlW (
  2258. PLDAP ExternalHandle,
  2259. PLDAPControlW *Control,
  2260. PULONG TargetPos,
  2261. PULONG ListCount,
  2262. PBERVAL *Context,
  2263. PINT ErrCode
  2264. );
  2265. WINLDAPAPI INT LDAPAPI ldap_parse_vlv_controlA (
  2266. PLDAP ExternalHandle,
  2267. PLDAPControlA *Control,
  2268. PULONG TargetPos,
  2269. PULONG ListCount,
  2270. PBERVAL *Context,
  2271. PINT ErrCode
  2272. );
  2273. #if LDAP_UNICODE
  2274. #define ldap_create_vlv_control ldap_create_vlv_controlW
  2275. #define ldap_parse_vlv_control ldap_parse_vlv_controlW
  2276. #else
  2277. #define ldap_create_vlv_control ldap_create_vlv_controlA
  2278. #define ldap_parse_vlv_control ldap_parse_vlv_controlA
  2279. #endif
  2280. //
  2281. // The StartTLS APIs are used for establishing Transport Layer Security on
  2282. // the fly.
  2283. //
  2284. #define LDAP_START_TLS_OID "1.3.6.1.4.1.1466.20037"
  2285. #define LDAP_START_TLS_OID_W L"1.3.6.1.4.1.1466.20037"
  2286. //
  2287. // This API is called by users to initiate Transport Level Security on an
  2288. // LDAP connection. If the server accepts our proposal and initiates TLS,
  2289. // this API will return LDAP_SUCCESS.
  2290. //
  2291. // If the server fails the request for whatever reason, the API returns LDAP_OTHER
  2292. // and the ServerReturnValue will contain the error code from the server.
  2293. //
  2294. // It is possible that the server returns a referral - either in response to the
  2295. // StartTLS request or during the subsequent encrypted session. For security
  2296. // reasons, we have decided to NOT chase referrals by default. In the former case
  2297. // the referral message is returned as an LDAPMessage to the user.
  2298. //
  2299. // The operation has a default timeout of about 30 seconds.
  2300. //
  2301. WINLDAPAPI ULONG LDAPAPI ldap_start_tls_sW (
  2302. IN PLDAP ExternalHandle,
  2303. OUT PULONG ServerReturnValue,
  2304. OUT LDAPMessage **result,
  2305. IN PLDAPControlW *ServerControls,
  2306. IN PLDAPControlW *ClientControls
  2307. );
  2308. WINLDAPAPI ULONG LDAPAPI ldap_start_tls_sA (
  2309. IN PLDAP ExternalHandle,
  2310. OUT PULONG ServerReturnValue,
  2311. OUT LDAPMessage **result,
  2312. IN PLDAPControlA *ServerControls,
  2313. IN PLDAPControlA *ClientControls
  2314. );
  2315. //
  2316. // This API is called by the user to stop Transport Level Security on an open
  2317. // LDAP connection on which TLS has already been started.
  2318. //
  2319. // If the operation succeeds, the user can resume normal plaintext LDAP
  2320. // operations on the connection.
  2321. //
  2322. // If the operation fails, the user MUST close the connection by calling
  2323. // ldap_unbind as the TLS state of the connection will be indeterminate.
  2324. //
  2325. // The operation has a default timeout of about 30 seconds.
  2326. //
  2327. WINLDAPAPI BOOLEAN LDAPAPI ldap_stop_tls_s (
  2328. IN PLDAP ExternalHandle
  2329. );
  2330. #if LDAP_UNICODE
  2331. #define ldap_start_tls_s ldap_start_tls_sW
  2332. #else
  2333. #define ldap_start_tls_s ldap_start_tls_sA
  2334. #endif
  2335. //
  2336. // This OID is used in a Refresh Extended operation as defined in
  2337. // RFC 2589: LDAP v3 Extensions for Dynamic Directory Services
  2338. //
  2339. #define LDAP_TTL_EXTENDED_OP_OID "1.3.6.1.4.1.1466.101.119.1"
  2340. #define LDAP_TTL_EXTENDED_OP_OID_W L"1.3.6.1.4.1.1466.101.119.1"
  2341. //
  2342. // These functions return subordinate referrals (references) that are returned
  2343. // in search responses. There are two types of referrals. External referrals
  2344. // where the naming context doesn't reside on the server (e.g. server says "I
  2345. // don't have the data, look over there") and Subordinate referrals (or
  2346. // references) where some data has been returned and the referrals are passed
  2347. // to other naming contexts below the current one (e.g. servers says "Here's
  2348. // some data from the tree I hold, go look here, there, and over there for
  2349. // more data that is further down in the tree.").
  2350. //
  2351. // These routines handle the latter. For external references, use
  2352. // ldap_parse_result.
  2353. //
  2354. // Return the first reference from a message. It is freed when the message is
  2355. // freed so should not be freed explicitly.
  2356. //
  2357. WINLDAPAPI LDAPMessage *LDAPAPI ldap_first_reference( LDAP *ld, LDAPMessage *res );
  2358. //
  2359. // Return the next entry of a message. It is freed when the message is
  2360. // freed so should not be freed explicitly.
  2361. //
  2362. WINLDAPAPI LDAPMessage *LDAPAPI ldap_next_reference( LDAP *ld, LDAPMessage *entry );
  2363. //
  2364. // Count the number of subordinate references returned by the server in a
  2365. // response to a search request.
  2366. //
  2367. WINLDAPAPI ULONG LDAPAPI ldap_count_references( LDAP *ld, LDAPMessage *res );
  2368. //
  2369. // We return the list of subordinate referrals in a search response message.
  2370. //
  2371. WINLDAPAPI ULONG LDAPAPI ldap_parse_referenceW (
  2372. LDAP *Connection,
  2373. LDAPMessage *ResultMessage,
  2374. PWCHAR **Referrals // free with ldap_value_freeW
  2375. );
  2376. WINLDAPAPI ULONG LDAPAPI ldap_parse_referenceA (
  2377. LDAP *Connection,
  2378. LDAPMessage *ResultMessage,
  2379. PCHAR **Referrals // free with ldap_value_freeA
  2380. );
  2381. #if LDAP_UNICODE
  2382. #define ldap_parse_reference ldap_parse_referenceW
  2383. #else
  2384. WINLDAPAPI ULONG LDAPAPI ldap_parse_reference (
  2385. LDAP *Connection,
  2386. LDAPMessage *ResultMessage,
  2387. PCHAR **Referrals // free with ldap_value_free
  2388. );
  2389. #endif
  2390. //
  2391. // These APIs allow a client to send an extended request (free for all) to
  2392. // an LDAPv3 (or above) server. The functionality is fairly open... you can
  2393. // send any request you'd like. Note that since we don't know if you'll
  2394. // be receiving a single or multiple responses, you'll have to explicitly tell
  2395. // us when you're done with the request by calling ldap_close_extended_op.
  2396. //
  2397. // These are thread safe.
  2398. //
  2399. WINLDAPAPI ULONG LDAPAPI ldap_extended_operationW(
  2400. LDAP *ld,
  2401. const PWCHAR Oid,
  2402. struct berval *Data,
  2403. PLDAPControlW *ServerControls,
  2404. PLDAPControlW *ClientControls,
  2405. ULONG *MessageNumber
  2406. );
  2407. WINLDAPAPI ULONG LDAPAPI ldap_extended_operationA(
  2408. LDAP *ld,
  2409. const PCHAR Oid,
  2410. struct berval *Data,
  2411. PLDAPControlA *ServerControls,
  2412. PLDAPControlA *ClientControls,
  2413. ULONG *MessageNumber
  2414. );
  2415. WINLDAPAPI ULONG LDAPAPI ldap_extended_operation_sA (
  2416. LDAP *ExternalHandle,
  2417. PCHAR Oid,
  2418. struct berval *Data,
  2419. PLDAPControlA *ServerControls,
  2420. PLDAPControlA *ClientControls,
  2421. PCHAR *ReturnedOid,
  2422. struct berval **ReturnedData
  2423. );
  2424. WINLDAPAPI ULONG LDAPAPI ldap_extended_operation_sW (
  2425. LDAP *ExternalHandle,
  2426. PWCHAR Oid,
  2427. struct berval *Data,
  2428. PLDAPControlW *ServerControls,
  2429. PLDAPControlW *ClientControls,
  2430. PWCHAR *ReturnedOid,
  2431. struct berval **ReturnedData
  2432. );
  2433. #if LDAP_UNICODE
  2434. #define ldap_extended_operation ldap_extended_operationW
  2435. #define ldap_extended_operation_s ldap_extended_operation_sW
  2436. #else
  2437. WINLDAPAPI ULONG LDAPAPI ldap_extended_operation(
  2438. LDAP *ld,
  2439. const PCHAR Oid,
  2440. struct berval *Data,
  2441. PLDAPControlA *ServerControls,
  2442. PLDAPControlA *ClientControls,
  2443. ULONG *MessageNumber
  2444. );
  2445. #define ldap_extended_operation_s ldap_extended_operation_sA
  2446. #endif
  2447. WINLDAPAPI ULONG LDAPAPI ldap_close_extended_op(
  2448. LDAP *ld,
  2449. ULONG MessageNumber
  2450. );
  2451. //
  2452. // Some enhancements that will probably never make it into the RFC related
  2453. // to callouts to allow external caching of connections.
  2454. //
  2455. // Call ldap_set_option( conn, LDAP_OPT_REFERRAL_CALLBACK, &referralRoutines )
  2456. // where referralRoutines is the address of an LDAP_REFERRAL_CALLBACK
  2457. // structure with your routines. They may be NULL, in which case we'll
  2458. // obviously not make the calls.
  2459. //
  2460. // Any connections that are created will inherit the current callbacks from
  2461. // the primary connection that the request was initiated on.
  2462. //
  2463. #define LDAP_OPT_REFERRAL_CALLBACK 0x70
  2464. //
  2465. // This first routine is called when we're about to chase a referral. We
  2466. // callout to it to see if there is already a connection cached that we
  2467. // can use. If so, the callback routine returns the pointer to the
  2468. // connection to use in ConnectionToUse. If not, it sets
  2469. // *ConnectionToUse to NULL.
  2470. //
  2471. // For a return code, it should return 0 if we should continue to chase the
  2472. // referral. If it returns a non-zero return code, we'll treat that as the
  2473. // error code for chasing the referral. This allows caching of host names
  2474. // that are not reachable, if we decide to add that in the future.
  2475. //
  2476. typedef ULONG (_cdecl QUERYFORCONNECTION)(
  2477. PLDAP PrimaryConnection,
  2478. PLDAP ReferralFromConnection,
  2479. PWCHAR NewDN,
  2480. PCHAR HostName,
  2481. ULONG PortNumber,
  2482. PVOID SecAuthIdentity, // if null, use CurrentUser below
  2483. PVOID CurrentUserToken, // pointer to current user's LUID
  2484. PLDAP *ConnectionToUse
  2485. );
  2486. //
  2487. // This next function is called when we've created a new connection while
  2488. // chasing a referral. Note that it gets assigned the same callback functions
  2489. // as the PrimaryConnection. If the return code is FALSE, then the call
  2490. // back function doesn't want to cache the connection and it will be
  2491. // destroyed after the operation is complete. If TRUE is returned, we'll
  2492. // assume that the callee has taken ownership of the connection and it will
  2493. // not be destroyed after the operation is complete.
  2494. //
  2495. // If the ErrorCodeFromBind field is not 0, then the bind operation to
  2496. // that server failed.
  2497. //
  2498. typedef BOOLEAN (_cdecl NOTIFYOFNEWCONNECTION) (
  2499. PLDAP PrimaryConnection,
  2500. PLDAP ReferralFromConnection,
  2501. PWCHAR NewDN,
  2502. PCHAR HostName,
  2503. PLDAP NewConnection,
  2504. ULONG PortNumber,
  2505. PVOID SecAuthIdentity, // if null, use CurrentUser below
  2506. PVOID CurrentUser, // pointer to current user's LUID
  2507. ULONG ErrorCodeFromBind
  2508. );
  2509. //
  2510. // This next function is called when we've successfully called off to the
  2511. // QueryForConnection call and received a connection OR when we called off
  2512. // to the NotifyOfNewConnection call and it returned TRUE. We call this
  2513. // function when we're dereferencing the connection after we're done with it.
  2514. //
  2515. // Return code is currently ignored, but the function should return
  2516. // LDAP_SUCCESS if all went well.
  2517. //
  2518. typedef ULONG (_cdecl DEREFERENCECONNECTION)(
  2519. PLDAP PrimaryConnection,
  2520. PLDAP ConnectionToDereference
  2521. );
  2522. typedef struct LdapReferralCallback {
  2523. ULONG SizeOfCallbacks; // set to sizeof( LDAP_REFERRAL_CALLBACK )
  2524. QUERYFORCONNECTION *QueryForConnection;
  2525. NOTIFYOFNEWCONNECTION *NotifyRoutine;
  2526. DEREFERENCECONNECTION *DereferenceRoutine;
  2527. } LDAP_REFERRAL_CALLBACK, *PLDAP_REFERRAL_CALLBACK;
  2528. //
  2529. // Thread Safe way to get last error code returned by LDAP API is to call
  2530. // LdapGetLastError();
  2531. //
  2532. WINLDAPAPI ULONG LDAPAPI LdapGetLastError( VOID );
  2533. //
  2534. // Translate from LdapError to closest Win32 error code.
  2535. //
  2536. WINLDAPAPI ULONG LDAPAPI LdapMapErrorToWin32( ULONG LdapError );
  2537. //
  2538. // This is an arrangement for specifying client certificates while establishing
  2539. // an SSL connection.
  2540. // Simply Call ldap_set_option( conn, LDAP_OPT_CLIENT_CERTIFICATE, &CertRoutine )
  2541. // where CertRoutine is the address of your callback routine. If it is NULL,
  2542. // we will obviously not make the call.
  2543. //
  2544. #define LDAP_OPT_CLIENT_CERTIFICATE 0x80
  2545. //
  2546. // This callback is invoked when the server demands a client certificate for
  2547. // authorization. The application should examine the list of Certificate Authorities
  2548. // the server trusts and supply an appropriate client certificate. wldap32.dll
  2549. // subsequently passes these credentials to the SSL server as part of the
  2550. // handshake. If the application desires that anonymous credentials be used,
  2551. // it must return FALSE instead of a certificate. Any certificate must be freed
  2552. // by the application after the connection has been completed. Note that the
  2553. // application MUST perform an EXTERNAL bind subsequent to connection
  2554. // establishment for these credentials to be used by the server.
  2555. //
  2556. typedef BOOLEAN (_cdecl QUERYCLIENTCERT) (
  2557. IN PLDAP Connection,
  2558. IN PSecPkgContext_IssuerListInfoEx trusted_CAs,
  2559. IN OUT PCCERT_CONTEXT *ppCertificate
  2560. );
  2561. //
  2562. // We are also giving an opportunity for the client to verify the certificate
  2563. // of the server. The client registers a callback which is invoked after the
  2564. // secure connection is setup. The server certificate is presented to the
  2565. // client who invokes it and decides it it is acceptable. To register this
  2566. // callback, simply call ldap_set_option( conn, LDAP_OPT_SERVER_CERTIFICATE, &CertRoutine )
  2567. //
  2568. #define LDAP_OPT_SERVER_CERTIFICATE 0x81
  2569. //
  2570. // This function is called after the secure connection has been established. The
  2571. // certificate of the server is supplied for examination by the client. If the
  2572. // client approves it, it returns TRUE else, it returns false and the secure
  2573. // connection is torn down.
  2574. //
  2575. typedef BOOLEAN (_cdecl VERIFYSERVERCERT) (
  2576. PLDAP Connection,
  2577. PCCERT_CONTEXT pServerCert
  2578. );
  2579. //
  2580. // Given an LDAP message, return the connection pointer where the message
  2581. // came from. It can return NULL if the connection has already been freed.
  2582. //
  2583. WINLDAPAPI LDAP * LDAPAPI ldap_conn_from_msg (
  2584. LDAP *PrimaryConn,
  2585. LDAPMessage *res
  2586. );
  2587. //
  2588. // Do we reference the connection for each message so that we can safely get
  2589. // the connection pointer back by calling ldap_conn_from_msg?
  2590. //
  2591. #define LDAP_OPT_REF_DEREF_CONN_PER_MSG 0x94
  2592. #ifdef __cplusplus
  2593. }
  2594. #endif
  2595. #endif // LDAP_CLIENT_DEFINED
  2596.