1 /* $NetBSD: back-ldap.h,v 1.1.1.4 2010/12/12 15:23:02 adam Exp $ */ 2 3 /* back-ldap.h - ldap backend header file */ 4 /* OpenLDAP: pkg/ldap/servers/slapd/back-ldap/back-ldap.h,v 1.88.2.18 2010/04/19 19:28:14 quanah Exp */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 1999-2010 The OpenLDAP Foundation. 8 * Portions Copyright 2000-2003 Pierangelo Masarati. 9 * Portions Copyright 1999-2003 Howard Chu. 10 * All rights reserved. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted only as authorized by the OpenLDAP 14 * Public License. 15 * 16 * A copy of this license is available in the file LICENSE in the 17 * top-level directory of the distribution or, alternatively, at 18 * <http://www.OpenLDAP.org/license.html>. 19 */ 20 /* ACKNOWLEDGEMENTS: 21 * This work was initially developed by the Howard Chu for inclusion 22 * in OpenLDAP Software and subsequently enhanced by Pierangelo 23 * Masarati. 24 */ 25 26 #ifndef SLAPD_LDAP_H 27 #define SLAPD_LDAP_H 28 29 #include "../back-monitor/back-monitor.h" 30 31 LDAP_BEGIN_DECL 32 33 struct ldapinfo_t; 34 35 /* stuff required for monitoring */ 36 typedef struct ldap_monitor_info_t { 37 monitor_subsys_t lmi_mss; 38 struct ldapinfo_t *lmi_li; 39 40 struct berval lmi_rdn; 41 struct berval lmi_nrdn; 42 monitor_callback_t *lmi_cb; 43 struct berval lmi_base; 44 int lmi_scope; 45 struct berval lmi_filter; 46 struct berval lmi_more_filter; 47 } ldap_monitor_info_t; 48 49 enum { 50 /* even numbers are connection types */ 51 LDAP_BACK_PCONN_FIRST = 0, 52 LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST, 53 LDAP_BACK_PCONN_ANON = 2, 54 LDAP_BACK_PCONN_BIND = 4, 55 56 /* add the TLS bit */ 57 LDAP_BACK_PCONN_TLS = 0x1U, 58 59 LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS), 60 LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS), 61 LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS), 62 63 LDAP_BACK_PCONN_LAST 64 }; 65 66 typedef struct ldapconn_base_t { 67 Connection *lcb_conn; 68 #define LDAP_BACK_CONN2PRIV(lc) ((unsigned long)(lc)->lc_conn) 69 #define LDAP_BACK_PCONN_ISPRIV(lc) (((void *)(lc)->lc_conn) >= ((void *)LDAP_BACK_PCONN_FIRST) \ 70 && ((void *)(lc)->lc_conn) < ((void *)LDAP_BACK_PCONN_LAST)) 71 #define LDAP_BACK_PCONN_ISROOTDN(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 72 && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON)) 73 #define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 74 && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \ 75 && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON)) 76 #define LDAP_BACK_PCONN_ISBIND(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 77 && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND)) 78 #define LDAP_BACK_PCONN_ISTLS(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 79 && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS)) 80 #ifdef HAVE_TLS 81 #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 82 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN)) 83 #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 84 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON)) 85 #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 86 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND)) 87 #else /* ! HAVE_TLS */ 88 #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 89 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN) 90 #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 91 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON) 92 #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 93 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND) 94 #endif /* ! HAVE_TLS */ 95 #define LDAP_BACK_PCONN_SET(lc, op) \ 96 (BER_BVISEMPTY(&(op)->o_ndn) ? \ 97 LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op))) 98 99 struct berval lcb_local_ndn; 100 unsigned lcb_refcnt; 101 time_t lcb_create_time; 102 time_t lcb_time; 103 } ldapconn_base_t; 104 105 typedef struct ldapconn_t { 106 ldapconn_base_t lc_base; 107 #define lc_conn lc_base.lcb_conn 108 #define lc_local_ndn lc_base.lcb_local_ndn 109 #define lc_refcnt lc_base.lcb_refcnt 110 #define lc_create_time lc_base.lcb_create_time 111 #define lc_time lc_base.lcb_time 112 113 LDAP_TAILQ_ENTRY(ldapconn_t) lc_q; 114 115 unsigned lc_lcflags; 116 #define LDAP_BACK_CONN_ISSET_F(fp,f) (*(fp) & (f)) 117 #define LDAP_BACK_CONN_SET_F(fp,f) (*(fp) |= (f)) 118 #define LDAP_BACK_CONN_CLEAR_F(fp,f) (*(fp) &= ~(f)) 119 #define LDAP_BACK_CONN_CPY_F(fp,f,mfp) \ 120 do { \ 121 if ( ((f) & *(mfp)) == (f) ) { \ 122 *(fp) |= (f); \ 123 } else { \ 124 *(fp) &= ~(f); \ 125 } \ 126 } while ( 0 ) 127 128 #define LDAP_BACK_CONN_ISSET(lc,f) LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f)) 129 #define LDAP_BACK_CONN_SET(lc,f) LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f)) 130 #define LDAP_BACK_CONN_CLEAR(lc,f) LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f)) 131 #define LDAP_BACK_CONN_CPY(lc,f,mlc) LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags) 132 133 /* 0xFFF00000U are reserved for back-meta */ 134 135 #define LDAP_BACK_FCONN_ISBOUND (0x00000001U) 136 #define LDAP_BACK_FCONN_ISANON (0x00000002U) 137 #define LDAP_BACK_FCONN_ISBMASK (LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON) 138 #define LDAP_BACK_FCONN_ISPRIV (0x00000004U) 139 #define LDAP_BACK_FCONN_ISTLS (0x00000008U) 140 #define LDAP_BACK_FCONN_BINDING (0x00000010U) 141 #define LDAP_BACK_FCONN_TAINTED (0x00000020U) 142 #define LDAP_BACK_FCONN_ABANDON (0x00000040U) 143 #define LDAP_BACK_FCONN_ISIDASR (0x00000080U) 144 #define LDAP_BACK_FCONN_CACHED (0x00000100U) 145 146 #define LDAP_BACK_CONN_ISBOUND(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND) 147 #define LDAP_BACK_CONN_ISBOUND_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND) 148 #define LDAP_BACK_CONN_ISBOUND_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK) 149 #define LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc)) 150 #define LDAP_BACK_CONN_ISANON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON) 151 #define LDAP_BACK_CONN_ISANON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON) 152 #define LDAP_BACK_CONN_ISANON_CLEAR(lc) LDAP_BACK_CONN_ISBOUND_CLEAR((lc)) 153 #define LDAP_BACK_CONN_ISANON_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc)) 154 #define LDAP_BACK_CONN_ISPRIV(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV) 155 #define LDAP_BACK_CONN_ISPRIV_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV) 156 #define LDAP_BACK_CONN_ISPRIV_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV) 157 #define LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc)) 158 #define LDAP_BACK_CONN_ISTLS(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS) 159 #define LDAP_BACK_CONN_ISTLS_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS) 160 #define LDAP_BACK_CONN_ISTLS_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS) 161 #define LDAP_BACK_CONN_ISTLS_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc)) 162 #define LDAP_BACK_CONN_BINDING(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING) 163 #define LDAP_BACK_CONN_BINDING_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING) 164 #define LDAP_BACK_CONN_BINDING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING) 165 #define LDAP_BACK_CONN_TAINTED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED) 166 #define LDAP_BACK_CONN_TAINTED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED) 167 #define LDAP_BACK_CONN_TAINTED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED) 168 #define LDAP_BACK_CONN_ABANDON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON) 169 #define LDAP_BACK_CONN_ABANDON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON) 170 #define LDAP_BACK_CONN_ABANDON_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON) 171 #define LDAP_BACK_CONN_ISIDASSERT(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR) 172 #define LDAP_BACK_CONN_ISIDASSERT_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR) 173 #define LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR) 174 #define LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc)) 175 #define LDAP_BACK_CONN_CACHED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED) 176 #define LDAP_BACK_CONN_CACHED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED) 177 #define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED) 178 179 LDAP *lc_ld; 180 struct berval lc_cred; 181 struct berval lc_bound_ndn; 182 unsigned lc_flags; 183 } ldapconn_t; 184 185 typedef struct ldap_avl_info_t { 186 ldap_pvt_thread_mutex_t lai_mutex; 187 Avlnode *lai_tree; 188 } ldap_avl_info_t; 189 190 typedef struct slap_retry_info_t { 191 time_t *ri_interval; 192 int *ri_num; 193 int ri_idx; 194 int ri_count; 195 time_t ri_last; 196 197 #define SLAP_RETRYNUM_FOREVER (-1) /* retry forever */ 198 #define SLAP_RETRYNUM_TAIL (-2) /* end of retrynum array */ 199 #define SLAP_RETRYNUM_VALID(n) ((n) >= SLAP_RETRYNUM_FOREVER) /* valid retrynum */ 200 #define SLAP_RETRYNUM_FINITE(n) ((n) > SLAP_RETRYNUM_FOREVER) /* not forever */ 201 } slap_retry_info_t; 202 203 /* 204 * identity assertion modes 205 */ 206 typedef enum { 207 LDAP_BACK_IDASSERT_LEGACY = 1, 208 LDAP_BACK_IDASSERT_NOASSERT, 209 LDAP_BACK_IDASSERT_ANONYMOUS, 210 LDAP_BACK_IDASSERT_SELF, 211 LDAP_BACK_IDASSERT_OTHERDN, 212 LDAP_BACK_IDASSERT_OTHERID 213 } slap_idassert_mode_t; 214 215 /* ID assert stuff */ 216 typedef struct slap_idassert_t { 217 slap_idassert_mode_t si_mode; 218 #define li_idassert_mode li_idassert.si_mode 219 220 slap_bindconf si_bc; 221 #define li_idassert_authcID li_idassert.si_bc.sb_authcId 222 #define li_idassert_authcDN li_idassert.si_bc.sb_binddn 223 #define li_idassert_passwd li_idassert.si_bc.sb_cred 224 #define li_idassert_authzID li_idassert.si_bc.sb_authzId 225 #define li_idassert_authmethod li_idassert.si_bc.sb_method 226 #define li_idassert_sasl_mech li_idassert.si_bc.sb_saslmech 227 #define li_idassert_sasl_realm li_idassert.si_bc.sb_realm 228 #define li_idassert_secprops li_idassert.si_bc.sb_secprops 229 #define li_idassert_tls li_idassert.si_bc.sb_tls 230 231 unsigned si_flags; 232 #define LDAP_BACK_AUTH_NONE (0x00U) 233 #define LDAP_BACK_AUTH_NATIVE_AUTHZ (0x01U) 234 #define LDAP_BACK_AUTH_OVERRIDE (0x02U) 235 #define LDAP_BACK_AUTH_PRESCRIPTIVE (0x04U) 236 #define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ (0x08U) 237 #define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND (0x10U) 238 #define LDAP_BACK_AUTH_AUTHZ_ALL (0x20U) 239 #define LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL (0x40U) 240 #define li_idassert_flags li_idassert.si_flags 241 242 BerVarray si_authz; 243 #define li_idassert_authz li_idassert.si_authz 244 245 BerVarray si_passthru; 246 #define li_idassert_passthru li_idassert.si_passthru 247 } slap_idassert_t; 248 249 /* 250 * Hook to allow mucking with ldapinfo_t when quarantine is over 251 */ 252 typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * ); 253 254 typedef struct ldapinfo_t { 255 /* li_uri: the string that goes into ldap_initialize() 256 * TODO: use li_acl.sb_uri instead */ 257 char *li_uri; 258 /* li_bvuri: an array of each single URI that is equivalent; 259 * to be checked for the presence of a certain item */ 260 BerVarray li_bvuri; 261 ldap_pvt_thread_mutex_t li_uri_mutex; 262 /* hack because when TLS is used we need to lock and let 263 * the li_urllist_f function to know it's locked */ 264 int li_uri_mutex_do_not_lock; 265 266 LDAP_REBIND_PROC *li_rebind_f; 267 LDAP_URLLIST_PROC *li_urllist_f; 268 void *li_urllist_p; 269 270 /* we only care about the TLS options here */ 271 slap_bindconf li_tls; 272 273 slap_bindconf li_acl; 274 #define li_acl_authcID li_acl.sb_authcId 275 #define li_acl_authcDN li_acl.sb_binddn 276 #define li_acl_passwd li_acl.sb_cred 277 #define li_acl_authzID li_acl.sb_authzId 278 #define li_acl_authmethod li_acl.sb_method 279 #define li_acl_sasl_mech li_acl.sb_saslmech 280 #define li_acl_sasl_realm li_acl.sb_realm 281 #define li_acl_secprops li_acl.sb_secprops 282 283 /* ID assert stuff */ 284 slap_idassert_t li_idassert; 285 /* end of ID assert stuff */ 286 287 int li_nretries; 288 #define LDAP_BACK_RETRY_UNDEFINED (-2) 289 #define LDAP_BACK_RETRY_FOREVER (-1) 290 #define LDAP_BACK_RETRY_NEVER (0) 291 #define LDAP_BACK_RETRY_DEFAULT (3) 292 293 unsigned li_flags; 294 295 /* 0xFFF00000U are reserved for back-meta */ 296 297 #define LDAP_BACK_F_NONE (0x00000000U) 298 #define LDAP_BACK_F_SAVECRED (0x00000001U) 299 #define LDAP_BACK_F_USE_TLS (0x00000002U) 300 #define LDAP_BACK_F_PROPAGATE_TLS (0x00000004U) 301 #define LDAP_BACK_F_TLS_CRITICAL (0x00000008U) 302 #define LDAP_BACK_F_TLS_LDAPS (0x00000010U) 303 304 #define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL) 305 #define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL) 306 #define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS) 307 #define LDAP_BACK_F_CHASE_REFERRALS (0x00000020U) 308 #define LDAP_BACK_F_PROXY_WHOAMI (0x00000040U) 309 310 #define LDAP_BACK_F_T_F (0x00000080U) 311 #define LDAP_BACK_F_T_F_DISCOVER (0x00000100U) 312 #define LDAP_BACK_F_T_F_MASK (LDAP_BACK_F_T_F) 313 #define LDAP_BACK_F_T_F_MASK2 (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER) 314 315 #define LDAP_BACK_F_MONITOR (0x00000200U) 316 #define LDAP_BACK_F_SINGLECONN (0x00000400U) 317 #define LDAP_BACK_F_USE_TEMPORARIES (0x00000800U) 318 319 #define LDAP_BACK_F_ISOPEN (0x00001000U) 320 321 #define LDAP_BACK_F_CANCEL_ABANDON (0x00000000U) 322 #define LDAP_BACK_F_CANCEL_IGNORE (0x00002000U) 323 #define LDAP_BACK_F_CANCEL_EXOP (0x00004000U) 324 #define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00008000U) 325 #define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP) 326 #define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER) 327 328 #define LDAP_BACK_F_QUARANTINE (0x00010000U) 329 330 #ifdef SLAP_CONTROL_X_SESSION_TRACKING 331 #define LDAP_BACK_F_ST_REQUEST (0x00020000U) 332 #define LDAP_BACK_F_ST_RESPONSE (0x00040000U) 333 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 334 335 #define LDAP_BACK_F_NOREFS (0x00080000U) 336 #define LDAP_BACK_F_NOUNDEFFILTER (0x00100000U) 337 338 #define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) ) 339 #define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) ) 340 341 #define LDAP_BACK_ISSET(li,f) LDAP_BACK_ISSET_F( (li)->li_flags, (f) ) 342 #define LDAP_BACK_ISMASK(li,m,f) LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) ) 343 344 #define LDAP_BACK_SAVECRED(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED ) 345 #define LDAP_BACK_USE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS ) 346 #define LDAP_BACK_PROPAGATE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS ) 347 #define LDAP_BACK_TLS_CRITICAL(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL ) 348 #define LDAP_BACK_CHASE_REFERRALS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS ) 349 #define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI ) 350 351 #define LDAP_BACK_USE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS ) 352 #define LDAP_BACK_PROPAGATE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS ) 353 #define LDAP_BACK_TLS_CRITICAL_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL ) 354 355 #define LDAP_BACK_T_F(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F ) 356 #define LDAP_BACK_T_F_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER ) 357 358 #define LDAP_BACK_MONITOR(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR ) 359 #define LDAP_BACK_SINGLECONN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN ) 360 #define LDAP_BACK_USE_TEMPORARIES(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES) 361 362 #define LDAP_BACK_ISOPEN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN ) 363 364 #define LDAP_BACK_ABANDON(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON ) 365 #define LDAP_BACK_IGNORE(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE ) 366 #define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP ) 367 #define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER ) 368 369 #define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE ) 370 371 #ifdef SLAP_CONTROL_X_SESSION_TRACKING 372 #define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST) 373 #define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE) 374 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 375 376 #define LDAP_BACK_NOREFS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS) 377 #define LDAP_BACK_NOUNDEFFILTER(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER) 378 379 int li_version; 380 381 /* cached connections; 382 * special conns are in tailq rather than in tree */ 383 ldap_avl_info_t li_conninfo; 384 struct { 385 int lic_num; 386 LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t) lic_priv; 387 } li_conn_priv[ LDAP_BACK_PCONN_LAST ]; 388 int li_conn_priv_max; 389 #define LDAP_BACK_CONN_PRIV_MIN (1) 390 #define LDAP_BACK_CONN_PRIV_MAX (256) 391 /* must be between LDAP_BACK_CONN_PRIV_MIN 392 * and LDAP_BACK_CONN_PRIV_MAX ! */ 393 #define LDAP_BACK_CONN_PRIV_DEFAULT (16) 394 395 ldap_monitor_info_t li_monitor_info; 396 397 sig_atomic_t li_isquarantined; 398 #define LDAP_BACK_FQ_NO (0) 399 #define LDAP_BACK_FQ_YES (1) 400 #define LDAP_BACK_FQ_RETRYING (2) 401 402 slap_retry_info_t li_quarantine; 403 ldap_pvt_thread_mutex_t li_quarantine_mutex; 404 ldap_back_quarantine_f li_quarantine_f; 405 void *li_quarantine_p; 406 407 time_t li_network_timeout; 408 time_t li_conn_ttl; 409 time_t li_idle_timeout; 410 time_t li_timeout[ SLAP_OP_LAST ]; 411 } ldapinfo_t; 412 413 #define LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE) 414 415 typedef enum ldap_back_send_t { 416 LDAP_BACK_DONTSEND = 0x00, 417 LDAP_BACK_SENDOK = 0x01, 418 LDAP_BACK_SENDERR = 0x02, 419 LDAP_BACK_SENDRESULT = (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR), 420 LDAP_BACK_BINDING = 0x04, 421 422 LDAP_BACK_BIND_DONTSEND = (LDAP_BACK_BINDING), 423 LDAP_BACK_BIND_SOK = (LDAP_BACK_BINDING|LDAP_BACK_SENDOK), 424 LDAP_BACK_BIND_SERR = (LDAP_BACK_BINDING|LDAP_BACK_SENDERR), 425 LDAP_BACK_BIND_SRES = (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT), 426 427 LDAP_BACK_RETRYING = 0x08, 428 LDAP_BACK_RETRY_DONTSEND = (LDAP_BACK_RETRYING), 429 LDAP_BACK_RETRY_SOK = (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK), 430 LDAP_BACK_RETRY_SERR = (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR), 431 LDAP_BACK_RETRY_SRES = (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT), 432 433 LDAP_BACK_GETCONN = 0x10 434 } ldap_back_send_t; 435 436 /* define to use asynchronous StartTLS */ 437 #define SLAP_STARTTLS_ASYNCHRONOUS 438 439 /* timeout to use when calling ldap_result() */ 440 #define LDAP_BACK_RESULT_TIMEOUT (0) 441 #define LDAP_BACK_RESULT_UTIMEOUT (100000) 442 #define LDAP_BACK_TV_SET(tv) \ 443 do { \ 444 (tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \ 445 (tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \ 446 } while ( 0 ) 447 448 #ifndef LDAP_BACK_PRINT_CONNTREE 449 #define LDAP_BACK_PRINT_CONNTREE 0 450 #endif /* !LDAP_BACK_PRINT_CONNTREE */ 451 452 typedef struct ldap_extra_t { 453 int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn, 454 int version, slap_idassert_t *si, LDAPControl *ctrl ); 455 int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls ); 456 int (*idassert_authzfrom_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si ); 457 int (*idassert_passthru_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si ); 458 int (*idassert_parse_cf)( const char *fname, int lineno, int argc, char *argv[], slap_idassert_t *si ); 459 void (*retry_info_destroy)( slap_retry_info_t *ri ); 460 int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen ); 461 int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout ); 462 int (*connid2str)( const ldapconn_base_t *lc, char *buf, ber_len_t buflen ); 463 } ldap_extra_t; 464 465 LDAP_END_DECL 466 467 #include "proto-ldap.h" 468 469 #endif /* SLAPD_LDAP_H */ 470