1 /* back-ldap.h - ldap backend header file */ 2 /* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/back-ldap.h,v 1.88.2.10 2008/07/10 00:28:39 quanah Exp $ */ 3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 * 5 * Copyright 1999-2008 The OpenLDAP Foundation. 6 * Portions Copyright 2000-2003 Pierangelo Masarati. 7 * Portions Copyright 1999-2003 Howard Chu. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted only as authorized by the OpenLDAP 12 * Public License. 13 * 14 * A copy of this license is available in the file LICENSE in the 15 * top-level directory of the distribution or, alternatively, at 16 * <http://www.OpenLDAP.org/license.html>. 17 */ 18 /* ACKNOWLEDGEMENTS: 19 * This work was initially developed by the Howard Chu for inclusion 20 * in OpenLDAP Software and subsequently enhanced by Pierangelo 21 * Masarati. 22 */ 23 24 #ifndef SLAPD_LDAP_H 25 #define SLAPD_LDAP_H 26 27 #include "../back-monitor/back-monitor.h" 28 29 LDAP_BEGIN_DECL 30 31 struct ldapinfo_t; 32 33 /* stuff required for monitoring */ 34 typedef struct ldap_monitor_info_t { 35 monitor_subsys_t lmi_mss; 36 struct ldapinfo_t *lmi_li; 37 38 struct berval lmi_rdn; 39 struct berval lmi_nrdn; 40 monitor_callback_t *lmi_cb; 41 struct berval lmi_base; 42 int lmi_scope; 43 struct berval lmi_filter; 44 struct berval lmi_more_filter; 45 } ldap_monitor_info_t; 46 47 enum { 48 /* even numbers are connection types */ 49 LDAP_BACK_PCONN_FIRST = 0, 50 LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST, 51 LDAP_BACK_PCONN_ANON = 2, 52 LDAP_BACK_PCONN_BIND = 4, 53 54 /* add the TLS bit */ 55 LDAP_BACK_PCONN_TLS = 0x1U, 56 57 LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS), 58 LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS), 59 LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS), 60 61 LDAP_BACK_PCONN_LAST 62 }; 63 64 typedef struct ldapconn_t { 65 Connection *lc_conn; 66 #define LDAP_BACK_CONN2PRIV(lc) ((unsigned long)(lc)->lc_conn) 67 #define LDAP_BACK_PCONN_ISPRIV(lc) ((void *)(lc)->lc_conn >= (void *)LDAP_BACK_PCONN_FIRST \ 68 && (void *)(lc)->lc_conn < (void *)LDAP_BACK_PCONN_LAST) 69 #define LDAP_BACK_PCONN_ISROOTDN(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 70 && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON)) 71 #define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 72 && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \ 73 && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON)) 74 #define LDAP_BACK_PCONN_ISBIND(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 75 && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND)) 76 #define LDAP_BACK_PCONN_ISTLS(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 77 && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS)) 78 #define LDAP_BACK_PCONN_ID(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) ? \ 79 ( -1 - (long)(lc)->lc_conn ) : (lc)->lc_conn->c_connid ) 80 #ifdef HAVE_TLS 81 #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 82 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN)) 83 #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 84 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON)) 85 #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 86 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND)) 87 #else /* ! HAVE_TLS */ 88 #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 89 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN) 90 #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 91 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON) 92 #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 93 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND) 94 #endif /* ! HAVE_TLS */ 95 #define LDAP_BACK_PCONN_SET(lc, op) \ 96 (BER_BVISEMPTY(&(op)->o_ndn) ? \ 97 LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op))) 98 99 LDAP *lc_ld; 100 struct berval lc_cred; 101 struct berval lc_bound_ndn; 102 struct berval lc_local_ndn; 103 unsigned lc_lcflags; 104 #define LDAP_BACK_CONN_ISSET_F(fp,f) (*(fp) & (f)) 105 #define LDAP_BACK_CONN_SET_F(fp,f) (*(fp) |= (f)) 106 #define LDAP_BACK_CONN_CLEAR_F(fp,f) (*(fp) &= ~(f)) 107 #define LDAP_BACK_CONN_CPY_F(fp,f,mfp) \ 108 do { \ 109 if ( ((f) & *(mfp)) == (f) ) { \ 110 *(fp) |= (f); \ 111 } else { \ 112 *(fp) &= ~(f); \ 113 } \ 114 } while ( 0 ) 115 116 #define LDAP_BACK_CONN_ISSET(lc,f) LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f)) 117 #define LDAP_BACK_CONN_SET(lc,f) LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f)) 118 #define LDAP_BACK_CONN_CLEAR(lc,f) LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f)) 119 #define LDAP_BACK_CONN_CPY(lc,f,mlc) LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags) 120 121 /* 0xFFF00000U are reserved for back-meta */ 122 123 #define LDAP_BACK_FCONN_ISBOUND (0x00000001U) 124 #define LDAP_BACK_FCONN_ISANON (0x00000002U) 125 #define LDAP_BACK_FCONN_ISBMASK (LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON) 126 #define LDAP_BACK_FCONN_ISPRIV (0x00000004U) 127 #define LDAP_BACK_FCONN_ISTLS (0x00000008U) 128 #define LDAP_BACK_FCONN_BINDING (0x00000010U) 129 #define LDAP_BACK_FCONN_TAINTED (0x00000020U) 130 #define LDAP_BACK_FCONN_ABANDON (0x00000040U) 131 #define LDAP_BACK_FCONN_ISIDASR (0x00000080U) 132 #define LDAP_BACK_FCONN_CACHED (0x00000100U) 133 134 #define LDAP_BACK_CONN_ISBOUND(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND) 135 #define LDAP_BACK_CONN_ISBOUND_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND) 136 #define LDAP_BACK_CONN_ISBOUND_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK) 137 #define LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc)) 138 #define LDAP_BACK_CONN_ISANON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON) 139 #define LDAP_BACK_CONN_ISANON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON) 140 #define LDAP_BACK_CONN_ISANON_CLEAR(lc) LDAP_BACK_CONN_ISBOUND_CLEAR((lc)) 141 #define LDAP_BACK_CONN_ISANON_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc)) 142 #define LDAP_BACK_CONN_ISPRIV(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV) 143 #define LDAP_BACK_CONN_ISPRIV_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV) 144 #define LDAP_BACK_CONN_ISPRIV_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV) 145 #define LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc)) 146 #define LDAP_BACK_CONN_ISTLS(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS) 147 #define LDAP_BACK_CONN_ISTLS_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS) 148 #define LDAP_BACK_CONN_ISTLS_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS) 149 #define LDAP_BACK_CONN_ISTLS_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc)) 150 #define LDAP_BACK_CONN_BINDING(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING) 151 #define LDAP_BACK_CONN_BINDING_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING) 152 #define LDAP_BACK_CONN_BINDING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING) 153 #define LDAP_BACK_CONN_TAINTED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED) 154 #define LDAP_BACK_CONN_TAINTED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED) 155 #define LDAP_BACK_CONN_TAINTED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED) 156 #define LDAP_BACK_CONN_ABANDON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON) 157 #define LDAP_BACK_CONN_ABANDON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON) 158 #define LDAP_BACK_CONN_ABANDON_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON) 159 #define LDAP_BACK_CONN_ISIDASSERT(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR) 160 #define LDAP_BACK_CONN_ISIDASSERT_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR) 161 #define LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR) 162 #define LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc)) 163 #define LDAP_BACK_CONN_CACHED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED) 164 #define LDAP_BACK_CONN_CACHED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED) 165 #define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED) 166 167 unsigned lc_refcnt; 168 unsigned lc_flags; 169 time_t lc_create_time; 170 time_t lc_time; 171 172 LDAP_TAILQ_ENTRY(ldapconn_t) lc_q; 173 } ldapconn_t; 174 175 typedef struct ldap_avl_info_t { 176 ldap_pvt_thread_mutex_t lai_mutex; 177 Avlnode *lai_tree; 178 } ldap_avl_info_t; 179 180 typedef struct slap_retry_info_t { 181 time_t *ri_interval; 182 int *ri_num; 183 int ri_idx; 184 int ri_count; 185 time_t ri_last; 186 187 #define SLAP_RETRYNUM_FOREVER (-1) /* retry forever */ 188 #define SLAP_RETRYNUM_TAIL (-2) /* end of retrynum array */ 189 #define SLAP_RETRYNUM_VALID(n) ((n) >= SLAP_RETRYNUM_FOREVER) /* valid retrynum */ 190 #define SLAP_RETRYNUM_FINITE(n) ((n) > SLAP_RETRYNUM_FOREVER) /* not forever */ 191 } slap_retry_info_t; 192 193 /* 194 * identity assertion modes 195 */ 196 typedef enum { 197 LDAP_BACK_IDASSERT_LEGACY = 1, 198 LDAP_BACK_IDASSERT_NOASSERT, 199 LDAP_BACK_IDASSERT_ANONYMOUS, 200 LDAP_BACK_IDASSERT_SELF, 201 LDAP_BACK_IDASSERT_OTHERDN, 202 LDAP_BACK_IDASSERT_OTHERID 203 } slap_idassert_mode_t; 204 205 /* ID assert stuff */ 206 typedef struct slap_idassert_t { 207 slap_idassert_mode_t si_mode; 208 #define li_idassert_mode li_idassert.si_mode 209 210 slap_bindconf si_bc; 211 #define li_idassert_authcID li_idassert.si_bc.sb_authcId 212 #define li_idassert_authcDN li_idassert.si_bc.sb_binddn 213 #define li_idassert_passwd li_idassert.si_bc.sb_cred 214 #define li_idassert_authzID li_idassert.si_bc.sb_authzId 215 #define li_idassert_authmethod li_idassert.si_bc.sb_method 216 #define li_idassert_sasl_mech li_idassert.si_bc.sb_saslmech 217 #define li_idassert_sasl_realm li_idassert.si_bc.sb_realm 218 #define li_idassert_secprops li_idassert.si_bc.sb_secprops 219 #define li_idassert_tls li_idassert.si_bc.sb_tls 220 221 unsigned si_flags; 222 #define LDAP_BACK_AUTH_NONE (0x00U) 223 #define LDAP_BACK_AUTH_NATIVE_AUTHZ (0x01U) 224 #define LDAP_BACK_AUTH_OVERRIDE (0x02U) 225 #define LDAP_BACK_AUTH_PRESCRIPTIVE (0x04U) 226 #define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ (0x08U) 227 #define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND (0x10U) 228 #define LDAP_BACK_AUTH_AUTHZ_ALL (0x20U) 229 #define li_idassert_flags li_idassert.si_flags 230 231 BerVarray si_authz; 232 #define li_idassert_authz li_idassert.si_authz 233 } slap_idassert_t; 234 235 /* 236 * Hook to allow mucking with ldapinfo_t when quarantine is over 237 */ 238 typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * ); 239 240 typedef struct ldapinfo_t { 241 /* li_uri: the string that goes into ldap_initialize() 242 * TODO: use li_acl.sb_uri instead */ 243 char *li_uri; 244 /* li_bvuri: an array of each single URI that is equivalent; 245 * to be checked for the presence of a certain item */ 246 BerVarray li_bvuri; 247 ldap_pvt_thread_mutex_t li_uri_mutex; 248 249 LDAP_REBIND_PROC *li_rebind_f; 250 LDAP_URLLIST_PROC *li_urllist_f; 251 void *li_urllist_p; 252 253 /* we only care about the TLS options here */ 254 slap_bindconf li_tls; 255 256 slap_bindconf li_acl; 257 #define li_acl_authcID li_acl.sb_authcId 258 #define li_acl_authcDN li_acl.sb_binddn 259 #define li_acl_passwd li_acl.sb_cred 260 #define li_acl_authzID li_acl.sb_authzId 261 #define li_acl_authmethod li_acl.sb_method 262 #define li_acl_sasl_mech li_acl.sb_saslmech 263 #define li_acl_sasl_realm li_acl.sb_realm 264 #define li_acl_secprops li_acl.sb_secprops 265 266 /* ID assert stuff */ 267 slap_idassert_t li_idassert; 268 /* end of ID assert stuff */ 269 270 int li_nretries; 271 #define LDAP_BACK_RETRY_UNDEFINED (-2) 272 #define LDAP_BACK_RETRY_FOREVER (-1) 273 #define LDAP_BACK_RETRY_NEVER (0) 274 #define LDAP_BACK_RETRY_DEFAULT (3) 275 276 unsigned li_flags; 277 278 /* 0xFFF00000U are reserved for back-meta */ 279 280 #define LDAP_BACK_F_NONE (0x00000000U) 281 #define LDAP_BACK_F_SAVECRED (0x00000001U) 282 #define LDAP_BACK_F_USE_TLS (0x00000002U) 283 #define LDAP_BACK_F_PROPAGATE_TLS (0x00000004U) 284 #define LDAP_BACK_F_TLS_CRITICAL (0x00000008U) 285 #define LDAP_BACK_F_TLS_LDAPS (0x00000010U) 286 287 #define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL) 288 #define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL) 289 #define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS) 290 #define LDAP_BACK_F_CHASE_REFERRALS (0x00000020U) 291 #define LDAP_BACK_F_PROXY_WHOAMI (0x00000040U) 292 293 #define LDAP_BACK_F_T_F (0x00000080U) 294 #define LDAP_BACK_F_T_F_DISCOVER (0x00000100U) 295 #define LDAP_BACK_F_T_F_MASK (LDAP_BACK_F_T_F) 296 #define LDAP_BACK_F_T_F_MASK2 (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER) 297 298 #define LDAP_BACK_F_MONITOR (0x00000200U) 299 #define LDAP_BACK_F_SINGLECONN (0x00000400U) 300 #define LDAP_BACK_F_USE_TEMPORARIES (0x00000800U) 301 302 #define LDAP_BACK_F_ISOPEN (0x00001000U) 303 304 #define LDAP_BACK_F_CANCEL_ABANDON (0x00000000U) 305 #define LDAP_BACK_F_CANCEL_IGNORE (0x00002000U) 306 #define LDAP_BACK_F_CANCEL_EXOP (0x00004000U) 307 #define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00008000U) 308 #define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP) 309 #define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER) 310 311 #define LDAP_BACK_F_QUARANTINE (0x00010000U) 312 313 #ifdef SLAP_CONTROL_X_SESSION_TRACKING 314 #define LDAP_BACK_F_ST_REQUEST (0x00020000U) 315 #define LDAP_BACK_F_ST_RESPONSE (0x00040000U) 316 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 317 318 #define LDAP_BACK_F_NOREFS (0x00080000U) 319 320 #define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) ) 321 #define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) ) 322 323 #define LDAP_BACK_ISSET(li,f) LDAP_BACK_ISSET_F( (li)->li_flags, (f) ) 324 #define LDAP_BACK_ISMASK(li,m,f) LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) ) 325 326 #define LDAP_BACK_SAVECRED(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED ) 327 #define LDAP_BACK_USE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS ) 328 #define LDAP_BACK_PROPAGATE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS ) 329 #define LDAP_BACK_TLS_CRITICAL(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL ) 330 #define LDAP_BACK_CHASE_REFERRALS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS ) 331 #define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI ) 332 333 #define LDAP_BACK_USE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS ) 334 #define LDAP_BACK_PROPAGATE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS ) 335 #define LDAP_BACK_TLS_CRITICAL_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL ) 336 337 #define LDAP_BACK_T_F(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F ) 338 #define LDAP_BACK_T_F_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER ) 339 340 #define LDAP_BACK_MONITOR(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR ) 341 #define LDAP_BACK_SINGLECONN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN ) 342 #define LDAP_BACK_USE_TEMPORARIES(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES) 343 344 #define LDAP_BACK_ISOPEN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN ) 345 346 #define LDAP_BACK_ABANDON(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON ) 347 #define LDAP_BACK_IGNORE(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE ) 348 #define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP ) 349 #define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER ) 350 351 #define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE ) 352 353 #ifdef SLAP_CONTROL_X_SESSION_TRACKING 354 #define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST) 355 #define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE) 356 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 357 358 #define LDAP_BACK_NOREFS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS) 359 360 int li_version; 361 362 /* cached connections; 363 * special conns are in tailq rather than in tree */ 364 ldap_avl_info_t li_conninfo; 365 struct { 366 int lic_num; 367 LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t) lic_priv; 368 } li_conn_priv[ LDAP_BACK_PCONN_LAST ]; 369 int li_conn_priv_max; 370 #define LDAP_BACK_CONN_PRIV_MIN (1) 371 #define LDAP_BACK_CONN_PRIV_MAX (256) 372 /* must be between LDAP_BACK_CONN_PRIV_MIN 373 * and LDAP_BACK_CONN_PRIV_MAX ! */ 374 #define LDAP_BACK_CONN_PRIV_DEFAULT (16) 375 376 ldap_monitor_info_t li_monitor_info; 377 378 sig_atomic_t li_isquarantined; 379 #define LDAP_BACK_FQ_NO (0) 380 #define LDAP_BACK_FQ_YES (1) 381 #define LDAP_BACK_FQ_RETRYING (2) 382 383 slap_retry_info_t li_quarantine; 384 ldap_pvt_thread_mutex_t li_quarantine_mutex; 385 ldap_back_quarantine_f li_quarantine_f; 386 void *li_quarantine_p; 387 388 time_t li_network_timeout; 389 time_t li_conn_ttl; 390 time_t li_idle_timeout; 391 time_t li_timeout[ SLAP_OP_LAST ]; 392 } ldapinfo_t; 393 394 typedef enum ldap_back_send_t { 395 LDAP_BACK_DONTSEND = 0x00, 396 LDAP_BACK_SENDOK = 0x01, 397 LDAP_BACK_SENDERR = 0x02, 398 LDAP_BACK_SENDRESULT = (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR), 399 LDAP_BACK_BINDING = 0x04, 400 401 LDAP_BACK_BIND_DONTSEND = (LDAP_BACK_BINDING), 402 LDAP_BACK_BIND_SOK = (LDAP_BACK_BINDING|LDAP_BACK_SENDOK), 403 LDAP_BACK_BIND_SERR = (LDAP_BACK_BINDING|LDAP_BACK_SENDERR), 404 LDAP_BACK_BIND_SRES = (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT), 405 406 LDAP_BACK_RETRYING = 0x08, 407 LDAP_BACK_RETRY_DONTSEND = (LDAP_BACK_RETRYING), 408 LDAP_BACK_RETRY_SOK = (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK), 409 LDAP_BACK_RETRY_SERR = (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR), 410 LDAP_BACK_RETRY_SRES = (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT), 411 412 LDAP_BACK_GETCONN = 0x10 413 } ldap_back_send_t; 414 415 /* define to use asynchronous StartTLS */ 416 #define SLAP_STARTTLS_ASYNCHRONOUS 417 418 /* timeout to use when calling ldap_result() */ 419 #define LDAP_BACK_RESULT_TIMEOUT (0) 420 #define LDAP_BACK_RESULT_UTIMEOUT (100000) 421 #define LDAP_BACK_TV_SET(tv) \ 422 do { \ 423 (tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \ 424 (tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \ 425 } while ( 0 ) 426 427 #ifndef LDAP_BACK_PRINT_CONNTREE 428 #define LDAP_BACK_PRINT_CONNTREE 0 429 #endif /* !LDAP_BACK_PRINT_CONNTREE */ 430 431 typedef struct ldap_extra_t { 432 int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn, 433 int version, slap_idassert_t *si, LDAPControl *ctrl ); 434 int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls ); 435 int (*idassert_authzfrom_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si ); 436 int (*idassert_parse_cf)( const char *fname, int lineno, int argc, char *argv[], slap_idassert_t *si ); 437 void (*retry_info_destroy)( slap_retry_info_t *ri ); 438 int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen ); 439 int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout ); 440 } ldap_extra_t; 441 442 LDAP_END_DECL 443 444 #include "proto-ldap.h" 445 446 #endif /* SLAPD_LDAP_H */ 447