xref: /netbsd-src/external/bsd/openldap/dist/servers/slapd/back-ldap/back-ldap.h (revision b7b7574d3bf8eeb51a1fa3977b59142ec6434a55) 
1 /*	$NetBSD: back-ldap.h,v 1.1.1.5 2014/05/28 09:58:49 tron Exp $	*/
2 
3 /* back-ldap.h - ldap backend header file */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6  *
7  * Copyright 1999-2014 The OpenLDAP Foundation.
8  * Portions Copyright 2000-2003 Pierangelo Masarati.
9  * Portions Copyright 1999-2003 Howard Chu.
10  * All rights reserved.
11  *
12  * Redistribution and use in source and binary forms, with or without
13  * modification, are permitted only as authorized by the OpenLDAP
14  * Public License.
15  *
16  * A copy of this license is available in the file LICENSE in the
17  * top-level directory of the distribution or, alternatively, at
18  * <http://www.OpenLDAP.org/license.html>.
19  */
20 /* ACKNOWLEDGEMENTS:
21  * This work was initially developed by the Howard Chu for inclusion
22  * in OpenLDAP Software and subsequently enhanced by Pierangelo
23  * Masarati.
24  */
25 
26 #ifndef SLAPD_LDAP_H
27 #define SLAPD_LDAP_H
28 
29 #include "../back-monitor/back-monitor.h"
30 
31 LDAP_BEGIN_DECL
32 
33 struct ldapinfo_t;
34 
35 /* stuff required for monitoring */
36 typedef struct ldap_monitor_info_t {
37 	monitor_subsys_t	lmi_mss[2];
38 
39 	struct berval		lmi_ndn;
40 	struct berval		lmi_conn_rdn;
41 	struct berval		lmi_ops_rdn;
42 } ldap_monitor_info_t;
43 
44 enum {
45 	/* even numbers are connection types */
46 	LDAP_BACK_PCONN_FIRST = 0,
47 	LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST,
48 	LDAP_BACK_PCONN_ANON = 2,
49 	LDAP_BACK_PCONN_BIND = 4,
50 
51 	/* add the TLS bit */
52 	LDAP_BACK_PCONN_TLS = 0x1U,
53 
54 	LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS),
55 	LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS),
56 	LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS),
57 
58 	LDAP_BACK_PCONN_LAST
59 };
60 
61 typedef struct ldapconn_base_t {
62 	Connection		*lcb_conn;
63 #define	LDAP_BACK_CONN2PRIV(lc)		((unsigned long)(lc)->lc_conn)
64 #define LDAP_BACK_PCONN_ISPRIV(lc)	(((void *)(lc)->lc_conn) >= ((void *)LDAP_BACK_PCONN_FIRST) \
65 						&& ((void *)(lc)->lc_conn) < ((void *)LDAP_BACK_PCONN_LAST))
66 #define LDAP_BACK_PCONN_ISROOTDN(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
67 						&& (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON))
68 #define LDAP_BACK_PCONN_ISANON(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
69 						&& (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \
70 						&& (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON))
71 #define LDAP_BACK_PCONN_ISBIND(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
72 						&& (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND))
73 #define LDAP_BACK_PCONN_ISTLS(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
74 						&& (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS))
75 #ifdef HAVE_TLS
76 #define	LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
77 	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN))
78 #define	LDAP_BACK_PCONN_ANON_SET(lc, op) \
79 	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON))
80 #define	LDAP_BACK_PCONN_BIND_SET(lc, op) \
81 	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND))
82 #else /* ! HAVE_TLS */
83 #define	LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
84 	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN)
85 #define	LDAP_BACK_PCONN_ANON_SET(lc, op) \
86 	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON)
87 #define	LDAP_BACK_PCONN_BIND_SET(lc, op) \
88 	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND)
89 #endif /* ! HAVE_TLS */
90 #define	LDAP_BACK_PCONN_SET(lc, op) \
91 	(BER_BVISEMPTY(&(op)->o_ndn) ? \
92 		LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op)))
93 
94 	struct berval		lcb_local_ndn;
95 	unsigned		lcb_refcnt;
96 	time_t			lcb_create_time;
97 	time_t			lcb_time;
98 } ldapconn_base_t;
99 
100 typedef struct ldapconn_t {
101 	ldapconn_base_t		lc_base;
102 #define	lc_conn			lc_base.lcb_conn
103 #define	lc_local_ndn		lc_base.lcb_local_ndn
104 #define	lc_refcnt		lc_base.lcb_refcnt
105 #define	lc_create_time		lc_base.lcb_create_time
106 #define	lc_time			lc_base.lcb_time
107 
108 	LDAP_TAILQ_ENTRY(ldapconn_t)	lc_q;
109 
110 	unsigned		lc_lcflags;
111 #define LDAP_BACK_CONN_ISSET_F(fp,f)	(*(fp) & (f))
112 #define	LDAP_BACK_CONN_SET_F(fp,f)	(*(fp) |= (f))
113 #define	LDAP_BACK_CONN_CLEAR_F(fp,f)	(*(fp) &= ~(f))
114 #define	LDAP_BACK_CONN_CPY_F(fp,f,mfp) \
115 	do { \
116 		if ( ((f) & *(mfp)) == (f) ) { \
117 			*(fp) |= (f); \
118 		} else { \
119 			*(fp) &= ~(f); \
120 		} \
121 	} while ( 0 )
122 
123 #define LDAP_BACK_CONN_ISSET(lc,f)	LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f))
124 #define	LDAP_BACK_CONN_SET(lc,f)	LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f))
125 #define	LDAP_BACK_CONN_CLEAR(lc,f)	LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f))
126 #define	LDAP_BACK_CONN_CPY(lc,f,mlc)	LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags)
127 
128 /* 0xFFF00000U are reserved for back-meta */
129 
130 #define	LDAP_BACK_FCONN_ISBOUND	(0x00000001U)
131 #define	LDAP_BACK_FCONN_ISANON	(0x00000002U)
132 #define	LDAP_BACK_FCONN_ISBMASK	(LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON)
133 #define	LDAP_BACK_FCONN_ISPRIV	(0x00000004U)
134 #define	LDAP_BACK_FCONN_ISTLS	(0x00000008U)
135 #define	LDAP_BACK_FCONN_BINDING	(0x00000010U)
136 #define	LDAP_BACK_FCONN_TAINTED	(0x00000020U)
137 #define	LDAP_BACK_FCONN_ABANDON	(0x00000040U)
138 #define	LDAP_BACK_FCONN_ISIDASR	(0x00000080U)
139 #define	LDAP_BACK_FCONN_CACHED	(0x00000100U)
140 
141 #define	LDAP_BACK_CONN_ISBOUND(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND)
142 #define	LDAP_BACK_CONN_ISBOUND_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND)
143 #define	LDAP_BACK_CONN_ISBOUND_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK)
144 #define	LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc))
145 #define	LDAP_BACK_CONN_ISANON(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON)
146 #define	LDAP_BACK_CONN_ISANON_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON)
147 #define	LDAP_BACK_CONN_ISANON_CLEAR(lc)		LDAP_BACK_CONN_ISBOUND_CLEAR((lc))
148 #define	LDAP_BACK_CONN_ISANON_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc))
149 #define	LDAP_BACK_CONN_ISPRIV(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV)
150 #define	LDAP_BACK_CONN_ISPRIV_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV)
151 #define	LDAP_BACK_CONN_ISPRIV_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV)
152 #define	LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc))
153 #define	LDAP_BACK_CONN_ISTLS(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS)
154 #define	LDAP_BACK_CONN_ISTLS_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS)
155 #define	LDAP_BACK_CONN_ISTLS_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS)
156 #define	LDAP_BACK_CONN_ISTLS_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc))
157 #define	LDAP_BACK_CONN_BINDING(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING)
158 #define	LDAP_BACK_CONN_BINDING_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING)
159 #define	LDAP_BACK_CONN_BINDING_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING)
160 #define	LDAP_BACK_CONN_TAINTED(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED)
161 #define	LDAP_BACK_CONN_TAINTED_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED)
162 #define	LDAP_BACK_CONN_TAINTED_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED)
163 #define	LDAP_BACK_CONN_ABANDON(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON)
164 #define	LDAP_BACK_CONN_ABANDON_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON)
165 #define	LDAP_BACK_CONN_ABANDON_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON)
166 #define	LDAP_BACK_CONN_ISIDASSERT(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR)
167 #define	LDAP_BACK_CONN_ISIDASSERT_SET(lc)	LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR)
168 #define	LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR)
169 #define	LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc))
170 #define	LDAP_BACK_CONN_CACHED(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED)
171 #define	LDAP_BACK_CONN_CACHED_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED)
172 #define	LDAP_BACK_CONN_CACHED_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED)
173 
174 	LDAP			*lc_ld;
175 	unsigned long		lc_connid;
176 	struct berval		lc_cred;
177 	struct berval 		lc_bound_ndn;
178 	unsigned		lc_flags;
179 } ldapconn_t;
180 
181 typedef struct ldap_avl_info_t {
182 	ldap_pvt_thread_mutex_t		lai_mutex;
183 	Avlnode				*lai_tree;
184 } ldap_avl_info_t;
185 
186 typedef struct slap_retry_info_t {
187 	time_t		*ri_interval;
188 	int		*ri_num;
189 	int		ri_idx;
190 	int		ri_count;
191 	time_t		ri_last;
192 
193 #define SLAP_RETRYNUM_FOREVER	(-1)		/* retry forever */
194 #define SLAP_RETRYNUM_TAIL	(-2)		/* end of retrynum array */
195 #define SLAP_RETRYNUM_VALID(n)	((n) >= SLAP_RETRYNUM_FOREVER)	/* valid retrynum */
196 #define SLAP_RETRYNUM_FINITE(n)	((n) > SLAP_RETRYNUM_FOREVER)	/* not forever */
197 } slap_retry_info_t;
198 
199 /*
200  * identity assertion modes
201  */
202 typedef enum {
203 	LDAP_BACK_IDASSERT_LEGACY = 1,
204 	LDAP_BACK_IDASSERT_NOASSERT,
205 	LDAP_BACK_IDASSERT_ANONYMOUS,
206 	LDAP_BACK_IDASSERT_SELF,
207 	LDAP_BACK_IDASSERT_OTHERDN,
208 	LDAP_BACK_IDASSERT_OTHERID
209 } slap_idassert_mode_t;
210 
211 /* ID assert stuff */
212 typedef struct slap_idassert_t {
213 	slap_idassert_mode_t	si_mode;
214 #define	li_idassert_mode	li_idassert.si_mode
215 
216 	slap_bindconf	si_bc;
217 #define	li_idassert_authcID	li_idassert.si_bc.sb_authcId
218 #define	li_idassert_authcDN	li_idassert.si_bc.sb_binddn
219 #define	li_idassert_passwd	li_idassert.si_bc.sb_cred
220 #define	li_idassert_authzID	li_idassert.si_bc.sb_authzId
221 #define	li_idassert_authmethod	li_idassert.si_bc.sb_method
222 #define	li_idassert_sasl_mech	li_idassert.si_bc.sb_saslmech
223 #define	li_idassert_sasl_realm	li_idassert.si_bc.sb_realm
224 #define	li_idassert_secprops	li_idassert.si_bc.sb_secprops
225 #define	li_idassert_tls		li_idassert.si_bc.sb_tls
226 
227 	unsigned 	si_flags;
228 #define LDAP_BACK_AUTH_NONE				(0x00U)
229 #define	LDAP_BACK_AUTH_NATIVE_AUTHZ			(0x01U)
230 #define	LDAP_BACK_AUTH_OVERRIDE				(0x02U)
231 #define	LDAP_BACK_AUTH_PRESCRIPTIVE			(0x04U)
232 #define	LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ		(0x08U)
233 #define	LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND	(0x10U)
234 #define	LDAP_BACK_AUTH_AUTHZ_ALL			(0x20U)
235 #define	LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL		(0x40U)
236 #define	li_idassert_flags	li_idassert.si_flags
237 
238 	BerVarray	si_authz;
239 #define	li_idassert_authz	li_idassert.si_authz
240 
241 	BerVarray	si_passthru;
242 #define	li_idassert_passthru	li_idassert.si_passthru
243 } slap_idassert_t;
244 
245 /*
246  * Hook to allow mucking with ldapinfo_t when quarantine is over
247  */
248 typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * );
249 
250 typedef struct ldapinfo_t {
251 	/* li_uri: the string that goes into ldap_initialize()
252 	 * TODO: use li_acl.sb_uri instead */
253 	char			*li_uri;
254 	/* li_bvuri: an array of each single URI that is equivalent;
255 	 * to be checked for the presence of a certain item */
256 	BerVarray		li_bvuri;
257 	ldap_pvt_thread_mutex_t	li_uri_mutex;
258 	/* hack because when TLS is used we need to lock and let
259 	 * the li_urllist_f function to know it's locked */
260 	int			li_uri_mutex_do_not_lock;
261 
262 	LDAP_REBIND_PROC	*li_rebind_f;
263 	LDAP_URLLIST_PROC	*li_urllist_f;
264 	void			*li_urllist_p;
265 
266 	/* we only care about the TLS options here */
267 	slap_bindconf		li_tls;
268 
269 	slap_bindconf		li_acl;
270 #define	li_acl_authcID		li_acl.sb_authcId
271 #define	li_acl_authcDN		li_acl.sb_binddn
272 #define	li_acl_passwd		li_acl.sb_cred
273 #define	li_acl_authzID		li_acl.sb_authzId
274 #define	li_acl_authmethod	li_acl.sb_method
275 #define	li_acl_sasl_mech	li_acl.sb_saslmech
276 #define	li_acl_sasl_realm	li_acl.sb_realm
277 #define	li_acl_secprops		li_acl.sb_secprops
278 
279 	/* ID assert stuff */
280 	slap_idassert_t		li_idassert;
281 	/* end of ID assert stuff */
282 
283 	int			li_nretries;
284 #define LDAP_BACK_RETRY_UNDEFINED	(-2)
285 #define LDAP_BACK_RETRY_FOREVER		(-1)
286 #define LDAP_BACK_RETRY_NEVER		(0)
287 #define LDAP_BACK_RETRY_DEFAULT		(3)
288 
289 	unsigned		li_flags;
290 
291 /* 0xFFF00000U are reserved for back-meta */
292 
293 #define LDAP_BACK_F_NONE		(0x00000000U)
294 #define LDAP_BACK_F_SAVECRED		(0x00000001U)
295 #define LDAP_BACK_F_USE_TLS		(0x00000002U)
296 #define LDAP_BACK_F_PROPAGATE_TLS	(0x00000004U)
297 #define LDAP_BACK_F_TLS_CRITICAL	(0x00000008U)
298 #define LDAP_BACK_F_TLS_LDAPS		(0x00000010U)
299 
300 #define LDAP_BACK_F_TLS_USE_MASK	(LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL)
301 #define LDAP_BACK_F_TLS_PROPAGATE_MASK	(LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
302 #define LDAP_BACK_F_TLS_MASK		(LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS)
303 #define LDAP_BACK_F_CHASE_REFERRALS	(0x00000020U)
304 #define LDAP_BACK_F_PROXY_WHOAMI	(0x00000040U)
305 
306 #define	LDAP_BACK_F_T_F			(0x00000080U)
307 #define	LDAP_BACK_F_T_F_DISCOVER	(0x00000100U)
308 #define	LDAP_BACK_F_T_F_MASK		(LDAP_BACK_F_T_F)
309 #define	LDAP_BACK_F_T_F_MASK2		(LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER)
310 
311 #define LDAP_BACK_F_MONITOR		(0x00000200U)
312 #define	LDAP_BACK_F_SINGLECONN		(0x00000400U)
313 #define LDAP_BACK_F_USE_TEMPORARIES	(0x00000800U)
314 
315 #define	LDAP_BACK_F_ISOPEN		(0x00001000U)
316 
317 #define	LDAP_BACK_F_CANCEL_ABANDON	(0x00000000U)
318 #define	LDAP_BACK_F_CANCEL_IGNORE	(0x00002000U)
319 #define	LDAP_BACK_F_CANCEL_EXOP		(0x00004000U)
320 #define	LDAP_BACK_F_CANCEL_EXOP_DISCOVER	(0x00008000U)
321 #define	LDAP_BACK_F_CANCEL_MASK		(LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP)
322 #define	LDAP_BACK_F_CANCEL_MASK2	(LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER)
323 
324 #define	LDAP_BACK_F_QUARANTINE		(0x00010000U)
325 
326 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
327 #define	LDAP_BACK_F_ST_REQUEST		(0x00020000U)
328 #define	LDAP_BACK_F_ST_RESPONSE		(0x00040000U)
329 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
330 
331 #define LDAP_BACK_F_NOREFS		(0x00080000U)
332 #define LDAP_BACK_F_NOUNDEFFILTER	(0x00100000U)
333 
334 #define LDAP_BACK_F_ONERR_STOP		(0x00200000U)
335 
336 #define	LDAP_BACK_ISSET_F(ff,f)		( ( (ff) & (f) ) == (f) )
337 #define	LDAP_BACK_ISMASK_F(ff,m,f)	( ( (ff) & (m) ) == (f) )
338 
339 #define	LDAP_BACK_ISSET(li,f)		LDAP_BACK_ISSET_F( (li)->li_flags, (f) )
340 #define	LDAP_BACK_ISMASK(li,m,f)	LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) )
341 
342 #define LDAP_BACK_SAVECRED(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED )
343 #define LDAP_BACK_USE_TLS(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS )
344 #define LDAP_BACK_PROPAGATE_TLS(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS )
345 #define LDAP_BACK_TLS_CRITICAL(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL )
346 #define LDAP_BACK_CHASE_REFERRALS(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS )
347 #define LDAP_BACK_PROXY_WHOAMI(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI )
348 
349 #define LDAP_BACK_USE_TLS_F(ff)		LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS )
350 #define LDAP_BACK_PROPAGATE_TLS_F(ff)	LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS )
351 #define LDAP_BACK_TLS_CRITICAL_F(ff)	LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL )
352 
353 #define	LDAP_BACK_T_F(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
354 #define	LDAP_BACK_T_F_DISCOVER(li)	LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
355 
356 #define LDAP_BACK_MONITOR(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR )
357 #define	LDAP_BACK_SINGLECONN(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN )
358 #define	LDAP_BACK_USE_TEMPORARIES(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES)
359 
360 #define	LDAP_BACK_ISOPEN(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN )
361 
362 #define	LDAP_BACK_ABANDON(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON )
363 #define	LDAP_BACK_IGNORE(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
364 #define	LDAP_BACK_CANCEL(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
365 #define	LDAP_BACK_CANCEL_DISCOVER(li)	LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
366 
367 #define	LDAP_BACK_QUARANTINE(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
368 
369 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
370 #define	LDAP_BACK_ST_REQUEST(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST)
371 #define	LDAP_BACK_ST_RESPONSE(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE)
372 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
373 
374 #define	LDAP_BACK_NOREFS(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS)
375 #define	LDAP_BACK_NOUNDEFFILTER(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER)
376 
377 #define	LDAP_BACK_ONERR_STOP(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_ONERR_STOP)
378 
379 	int			li_version;
380 
381 	unsigned long		li_conn_nextid;
382 
383 	/* cached connections;
384 	 * special conns are in tailq rather than in tree */
385 	ldap_avl_info_t		li_conninfo;
386 	struct {
387 		int						lic_num;
388 		LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t)	lic_priv;
389 	}			li_conn_priv[ LDAP_BACK_PCONN_LAST ];
390 	int			li_conn_priv_max;
391 #define	LDAP_BACK_CONN_PRIV_MIN		(1)
392 #define	LDAP_BACK_CONN_PRIV_MAX		(256)
393 	/* must be between LDAP_BACK_CONN_PRIV_MIN
394 	 * and LDAP_BACK_CONN_PRIV_MAX ! */
395 #define	LDAP_BACK_CONN_PRIV_DEFAULT	(16)
396 
397 	ldap_monitor_info_t	li_monitor_info;
398 
399 	sig_atomic_t		li_isquarantined;
400 #define	LDAP_BACK_FQ_NO		(0)
401 #define	LDAP_BACK_FQ_YES	(1)
402 #define	LDAP_BACK_FQ_RETRYING	(2)
403 
404 	slap_retry_info_t	li_quarantine;
405 	ldap_pvt_thread_mutex_t	li_quarantine_mutex;
406 	ldap_back_quarantine_f	li_quarantine_f;
407 	void			*li_quarantine_p;
408 
409 	time_t			li_network_timeout;
410 	time_t			li_conn_ttl;
411 	time_t			li_idle_timeout;
412 	time_t			li_timeout[ SLAP_OP_LAST ];
413 
414 	ldap_pvt_thread_mutex_t li_counter_mutex;
415 	ldap_pvt_mp_t		li_ops_completed[SLAP_OP_LAST];
416 } ldapinfo_t;
417 
418 #define	LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
419 
420 typedef enum ldap_back_send_t {
421 	LDAP_BACK_DONTSEND		= 0x00,
422 	LDAP_BACK_SENDOK		= 0x01,
423 	LDAP_BACK_SENDERR		= 0x02,
424 	LDAP_BACK_SENDRESULT		= (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR),
425 	LDAP_BACK_BINDING		= 0x04,
426 
427 	LDAP_BACK_BIND_DONTSEND		= (LDAP_BACK_BINDING),
428 	LDAP_BACK_BIND_SOK		= (LDAP_BACK_BINDING|LDAP_BACK_SENDOK),
429 	LDAP_BACK_BIND_SERR		= (LDAP_BACK_BINDING|LDAP_BACK_SENDERR),
430 	LDAP_BACK_BIND_SRES		= (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT),
431 
432 	LDAP_BACK_RETRYING		= 0x08,
433 	LDAP_BACK_RETRY_DONTSEND	= (LDAP_BACK_RETRYING),
434 	LDAP_BACK_RETRY_SOK		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK),
435 	LDAP_BACK_RETRY_SERR		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR),
436 	LDAP_BACK_RETRY_SRES		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT),
437 
438 	LDAP_BACK_GETCONN		= 0x10
439 } ldap_back_send_t;
440 
441 /* define to use asynchronous StartTLS */
442 #define SLAP_STARTTLS_ASYNCHRONOUS
443 
444 /* timeout to use when calling ldap_result() */
445 #define	LDAP_BACK_RESULT_TIMEOUT	(0)
446 #define	LDAP_BACK_RESULT_UTIMEOUT	(100000)
447 #define	LDAP_BACK_TV_SET(tv) \
448 	do { \
449 		(tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \
450 		(tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \
451 	} while ( 0 )
452 
453 #ifndef LDAP_BACK_PRINT_CONNTREE
454 #define LDAP_BACK_PRINT_CONNTREE 0
455 #endif /* !LDAP_BACK_PRINT_CONNTREE */
456 
457 typedef struct ldap_extra_t {
458 	int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn,
459 		int version, slap_idassert_t *si, LDAPControl	*ctrl );
460 	int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls );
461 	int (*idassert_authzfrom_parse)( struct config_args_s *ca, slap_idassert_t *si );
462 	int (*idassert_passthru_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si );
463 	int (*idassert_parse)( struct config_args_s *ca, slap_idassert_t *si );
464 	void (*retry_info_destroy)( slap_retry_info_t *ri );
465 	int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen );
466 	int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout );
467 	int (*connid2str)( const ldapconn_base_t *lc, char *buf, ber_len_t buflen );
468 } ldap_extra_t;
469 
470 LDAP_END_DECL
471 
472 #include "proto-ldap.h"
473 
474 #endif /* SLAPD_LDAP_H */
475