Home | History | Annotate | Line # | Download | only in back-ldap
      1  1.3  christos /*	$NetBSD: back-ldap.h,v 1.4 2025/09/05 21:16:27 christos Exp $	*/
      2  1.2  christos 
      3  1.1     lukem /* back-ldap.h - ldap backend header file */
      4  1.2  christos /* $OpenLDAP$ */
      5  1.1     lukem /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
      6  1.1     lukem  *
      7  1.4  christos  * Copyright 1999-2024 The OpenLDAP Foundation.
      8  1.1     lukem  * Portions Copyright 2000-2003 Pierangelo Masarati.
      9  1.1     lukem  * Portions Copyright 1999-2003 Howard Chu.
     10  1.1     lukem  * All rights reserved.
     11  1.1     lukem  *
     12  1.1     lukem  * Redistribution and use in source and binary forms, with or without
     13  1.1     lukem  * modification, are permitted only as authorized by the OpenLDAP
     14  1.1     lukem  * Public License.
     15  1.1     lukem  *
     16  1.1     lukem  * A copy of this license is available in the file LICENSE in the
     17  1.1     lukem  * top-level directory of the distribution or, alternatively, at
     18  1.1     lukem  * <http://www.OpenLDAP.org/license.html>.
     19  1.1     lukem  */
     20  1.1     lukem /* ACKNOWLEDGEMENTS:
     21  1.1     lukem  * This work was initially developed by the Howard Chu for inclusion
     22  1.1     lukem  * in OpenLDAP Software and subsequently enhanced by Pierangelo
     23  1.1     lukem  * Masarati.
     24  1.1     lukem  */
     25  1.1     lukem 
     26  1.1     lukem #ifndef SLAPD_LDAP_H
     27  1.1     lukem #define SLAPD_LDAP_H
     28  1.1     lukem 
     29  1.1     lukem #include "../back-monitor/back-monitor.h"
     30  1.1     lukem 
     31  1.1     lukem LDAP_BEGIN_DECL
     32  1.1     lukem 
     33  1.1     lukem struct ldapinfo_t;
     34  1.1     lukem 
     35  1.1     lukem /* stuff required for monitoring */
     36  1.1     lukem typedef struct ldap_monitor_info_t {
     37  1.2  christos 	monitor_subsys_t	lmi_mss[2];
     38  1.1     lukem 
     39  1.2  christos 	struct berval		lmi_ndn;
     40  1.2  christos 	struct berval		lmi_conn_rdn;
     41  1.2  christos 	struct berval		lmi_ops_rdn;
     42  1.1     lukem } ldap_monitor_info_t;
     43  1.1     lukem 
     44  1.1     lukem enum {
     45  1.1     lukem 	/* even numbers are connection types */
     46  1.1     lukem 	LDAP_BACK_PCONN_FIRST = 0,
     47  1.1     lukem 	LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST,
     48  1.1     lukem 	LDAP_BACK_PCONN_ANON = 2,
     49  1.1     lukem 	LDAP_BACK_PCONN_BIND = 4,
     50  1.1     lukem 
     51  1.1     lukem 	/* add the TLS bit */
     52  1.1     lukem 	LDAP_BACK_PCONN_TLS = 0x1U,
     53  1.1     lukem 
     54  1.1     lukem 	LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS),
     55  1.1     lukem 	LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS),
     56  1.1     lukem 	LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS),
     57  1.1     lukem 
     58  1.1     lukem 	LDAP_BACK_PCONN_LAST
     59  1.1     lukem };
     60  1.1     lukem 
     61  1.2  christos typedef struct ldapconn_base_t {
     62  1.2  christos 	Connection		*lcb_conn;
     63  1.1     lukem #define	LDAP_BACK_CONN2PRIV(lc)		((unsigned long)(lc)->lc_conn)
     64  1.2  christos #define LDAP_BACK_PCONN_ISPRIV(lc)	(((void *)(lc)->lc_conn) >= ((void *)LDAP_BACK_PCONN_FIRST) \
     65  1.2  christos 						&& ((void *)(lc)->lc_conn) < ((void *)LDAP_BACK_PCONN_LAST))
     66  1.1     lukem #define LDAP_BACK_PCONN_ISROOTDN(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
     67  1.1     lukem 						&& (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON))
     68  1.1     lukem #define LDAP_BACK_PCONN_ISANON(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
     69  1.1     lukem 						&& (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \
     70  1.1     lukem 						&& (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON))
     71  1.1     lukem #define LDAP_BACK_PCONN_ISBIND(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
     72  1.1     lukem 						&& (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND))
     73  1.1     lukem #define LDAP_BACK_PCONN_ISTLS(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
     74  1.1     lukem 						&& (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS))
     75  1.1     lukem #ifdef HAVE_TLS
     76  1.1     lukem #define	LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
     77  1.1     lukem 	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN))
     78  1.1     lukem #define	LDAP_BACK_PCONN_ANON_SET(lc, op) \
     79  1.1     lukem 	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON))
     80  1.1     lukem #define	LDAP_BACK_PCONN_BIND_SET(lc, op) \
     81  1.1     lukem 	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND))
     82  1.1     lukem #else /* ! HAVE_TLS */
     83  1.1     lukem #define	LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
     84  1.1     lukem 	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN)
     85  1.1     lukem #define	LDAP_BACK_PCONN_ANON_SET(lc, op) \
     86  1.1     lukem 	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON)
     87  1.1     lukem #define	LDAP_BACK_PCONN_BIND_SET(lc, op) \
     88  1.1     lukem 	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND)
     89  1.1     lukem #endif /* ! HAVE_TLS */
     90  1.1     lukem #define	LDAP_BACK_PCONN_SET(lc, op) \
     91  1.1     lukem 	(BER_BVISEMPTY(&(op)->o_ndn) ? \
     92  1.1     lukem 		LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op)))
     93  1.1     lukem 
     94  1.2  christos 	struct ldapinfo_t	*lcb_ldapinfo;
     95  1.2  christos 	struct berval		lcb_local_ndn;
     96  1.2  christos 	unsigned		lcb_refcnt;
     97  1.2  christos 	time_t			lcb_create_time;
     98  1.2  christos 	time_t			lcb_time;
     99  1.2  christos } ldapconn_base_t;
    100  1.2  christos 
    101  1.2  christos typedef struct ldapconn_t {
    102  1.2  christos 	ldapconn_base_t		lc_base;
    103  1.2  christos #define	lc_conn			lc_base.lcb_conn
    104  1.2  christos #define	lc_ldapinfo			lc_base.lcb_ldapinfo
    105  1.2  christos #define	lc_local_ndn		lc_base.lcb_local_ndn
    106  1.2  christos #define	lc_refcnt		lc_base.lcb_refcnt
    107  1.2  christos #define	lc_create_time		lc_base.lcb_create_time
    108  1.2  christos #define	lc_time			lc_base.lcb_time
    109  1.2  christos 
    110  1.2  christos 	LDAP_TAILQ_ENTRY(ldapconn_t)	lc_q;
    111  1.2  christos 
    112  1.1     lukem 	unsigned		lc_lcflags;
    113  1.1     lukem #define LDAP_BACK_CONN_ISSET_F(fp,f)	(*(fp) & (f))
    114  1.1     lukem #define	LDAP_BACK_CONN_SET_F(fp,f)	(*(fp) |= (f))
    115  1.1     lukem #define	LDAP_BACK_CONN_CLEAR_F(fp,f)	(*(fp) &= ~(f))
    116  1.1     lukem #define	LDAP_BACK_CONN_CPY_F(fp,f,mfp) \
    117  1.1     lukem 	do { \
    118  1.1     lukem 		if ( ((f) & *(mfp)) == (f) ) { \
    119  1.1     lukem 			*(fp) |= (f); \
    120  1.1     lukem 		} else { \
    121  1.1     lukem 			*(fp) &= ~(f); \
    122  1.1     lukem 		} \
    123  1.1     lukem 	} while ( 0 )
    124  1.1     lukem 
    125  1.1     lukem #define LDAP_BACK_CONN_ISSET(lc,f)	LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f))
    126  1.1     lukem #define	LDAP_BACK_CONN_SET(lc,f)	LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f))
    127  1.1     lukem #define	LDAP_BACK_CONN_CLEAR(lc,f)	LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f))
    128  1.1     lukem #define	LDAP_BACK_CONN_CPY(lc,f,mlc)	LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags)
    129  1.1     lukem 
    130  1.1     lukem /* 0xFFF00000U are reserved for back-meta */
    131  1.1     lukem 
    132  1.1     lukem #define	LDAP_BACK_FCONN_ISBOUND	(0x00000001U)
    133  1.1     lukem #define	LDAP_BACK_FCONN_ISANON	(0x00000002U)
    134  1.1     lukem #define	LDAP_BACK_FCONN_ISBMASK	(LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON)
    135  1.1     lukem #define	LDAP_BACK_FCONN_ISPRIV	(0x00000004U)
    136  1.1     lukem #define	LDAP_BACK_FCONN_ISTLS	(0x00000008U)
    137  1.1     lukem #define	LDAP_BACK_FCONN_BINDING	(0x00000010U)
    138  1.1     lukem #define	LDAP_BACK_FCONN_TAINTED	(0x00000020U)
    139  1.1     lukem #define	LDAP_BACK_FCONN_ABANDON	(0x00000040U)
    140  1.1     lukem #define	LDAP_BACK_FCONN_ISIDASR	(0x00000080U)
    141  1.1     lukem #define	LDAP_BACK_FCONN_CACHED	(0x00000100U)
    142  1.1     lukem 
    143  1.1     lukem #define	LDAP_BACK_CONN_ISBOUND(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND)
    144  1.1     lukem #define	LDAP_BACK_CONN_ISBOUND_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND)
    145  1.1     lukem #define	LDAP_BACK_CONN_ISBOUND_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK)
    146  1.1     lukem #define	LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc))
    147  1.1     lukem #define	LDAP_BACK_CONN_ISANON(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON)
    148  1.1     lukem #define	LDAP_BACK_CONN_ISANON_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON)
    149  1.1     lukem #define	LDAP_BACK_CONN_ISANON_CLEAR(lc)		LDAP_BACK_CONN_ISBOUND_CLEAR((lc))
    150  1.1     lukem #define	LDAP_BACK_CONN_ISANON_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc))
    151  1.1     lukem #define	LDAP_BACK_CONN_ISPRIV(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV)
    152  1.1     lukem #define	LDAP_BACK_CONN_ISPRIV_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV)
    153  1.1     lukem #define	LDAP_BACK_CONN_ISPRIV_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV)
    154  1.1     lukem #define	LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc))
    155  1.1     lukem #define	LDAP_BACK_CONN_ISTLS(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS)
    156  1.1     lukem #define	LDAP_BACK_CONN_ISTLS_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS)
    157  1.1     lukem #define	LDAP_BACK_CONN_ISTLS_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS)
    158  1.1     lukem #define	LDAP_BACK_CONN_ISTLS_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc))
    159  1.1     lukem #define	LDAP_BACK_CONN_BINDING(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING)
    160  1.1     lukem #define	LDAP_BACK_CONN_BINDING_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING)
    161  1.1     lukem #define	LDAP_BACK_CONN_BINDING_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING)
    162  1.1     lukem #define	LDAP_BACK_CONN_TAINTED(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED)
    163  1.1     lukem #define	LDAP_BACK_CONN_TAINTED_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED)
    164  1.1     lukem #define	LDAP_BACK_CONN_TAINTED_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED)
    165  1.1     lukem #define	LDAP_BACK_CONN_ABANDON(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON)
    166  1.1     lukem #define	LDAP_BACK_CONN_ABANDON_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON)
    167  1.1     lukem #define	LDAP_BACK_CONN_ABANDON_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON)
    168  1.1     lukem #define	LDAP_BACK_CONN_ISIDASSERT(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR)
    169  1.1     lukem #define	LDAP_BACK_CONN_ISIDASSERT_SET(lc)	LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR)
    170  1.1     lukem #define	LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR)
    171  1.1     lukem #define	LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc))
    172  1.1     lukem #define	LDAP_BACK_CONN_CACHED(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED)
    173  1.1     lukem #define	LDAP_BACK_CONN_CACHED_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED)
    174  1.1     lukem #define	LDAP_BACK_CONN_CACHED_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED)
    175  1.1     lukem 
    176  1.2  christos 	LDAP			*lc_ld;
    177  1.2  christos 	unsigned long		lc_connid;
    178  1.2  christos 	struct berval		lc_cred;
    179  1.2  christos 	struct berval 		lc_bound_ndn;
    180  1.1     lukem 	unsigned		lc_flags;
    181  1.1     lukem } ldapconn_t;
    182  1.1     lukem 
    183  1.1     lukem typedef struct ldap_avl_info_t {
    184  1.1     lukem 	ldap_pvt_thread_mutex_t		lai_mutex;
    185  1.3  christos 	TAvlnode			*lai_tree;
    186  1.1     lukem } ldap_avl_info_t;
    187  1.1     lukem 
    188  1.1     lukem typedef struct slap_retry_info_t {
    189  1.1     lukem 	time_t		*ri_interval;
    190  1.1     lukem 	int		*ri_num;
    191  1.1     lukem 	int		ri_idx;
    192  1.1     lukem 	int		ri_count;
    193  1.1     lukem 	time_t		ri_last;
    194  1.1     lukem 
    195  1.1     lukem #define SLAP_RETRYNUM_FOREVER	(-1)		/* retry forever */
    196  1.1     lukem #define SLAP_RETRYNUM_TAIL	(-2)		/* end of retrynum array */
    197  1.1     lukem #define SLAP_RETRYNUM_VALID(n)	((n) >= SLAP_RETRYNUM_FOREVER)	/* valid retrynum */
    198  1.1     lukem #define SLAP_RETRYNUM_FINITE(n)	((n) > SLAP_RETRYNUM_FOREVER)	/* not forever */
    199  1.1     lukem } slap_retry_info_t;
    200  1.1     lukem 
    201  1.1     lukem /*
    202  1.1     lukem  * identity assertion modes
    203  1.1     lukem  */
    204  1.1     lukem typedef enum {
    205  1.1     lukem 	LDAP_BACK_IDASSERT_LEGACY = 1,
    206  1.1     lukem 	LDAP_BACK_IDASSERT_NOASSERT,
    207  1.1     lukem 	LDAP_BACK_IDASSERT_ANONYMOUS,
    208  1.1     lukem 	LDAP_BACK_IDASSERT_SELF,
    209  1.1     lukem 	LDAP_BACK_IDASSERT_OTHERDN,
    210  1.1     lukem 	LDAP_BACK_IDASSERT_OTHERID
    211  1.1     lukem } slap_idassert_mode_t;
    212  1.1     lukem 
    213  1.1     lukem /* ID assert stuff */
    214  1.1     lukem typedef struct slap_idassert_t {
    215  1.1     lukem 	slap_idassert_mode_t	si_mode;
    216  1.1     lukem #define	li_idassert_mode	li_idassert.si_mode
    217  1.1     lukem 
    218  1.1     lukem 	slap_bindconf	si_bc;
    219  1.1     lukem #define	li_idassert_authcID	li_idassert.si_bc.sb_authcId
    220  1.1     lukem #define	li_idassert_authcDN	li_idassert.si_bc.sb_binddn
    221  1.1     lukem #define	li_idassert_passwd	li_idassert.si_bc.sb_cred
    222  1.1     lukem #define	li_idassert_authzID	li_idassert.si_bc.sb_authzId
    223  1.1     lukem #define	li_idassert_authmethod	li_idassert.si_bc.sb_method
    224  1.1     lukem #define	li_idassert_sasl_mech	li_idassert.si_bc.sb_saslmech
    225  1.1     lukem #define	li_idassert_sasl_realm	li_idassert.si_bc.sb_realm
    226  1.1     lukem #define	li_idassert_secprops	li_idassert.si_bc.sb_secprops
    227  1.1     lukem #define	li_idassert_tls		li_idassert.si_bc.sb_tls
    228  1.1     lukem 
    229  1.1     lukem 	unsigned 	si_flags;
    230  1.1     lukem #define LDAP_BACK_AUTH_NONE				(0x00U)
    231  1.1     lukem #define	LDAP_BACK_AUTH_NATIVE_AUTHZ			(0x01U)
    232  1.1     lukem #define	LDAP_BACK_AUTH_OVERRIDE				(0x02U)
    233  1.1     lukem #define	LDAP_BACK_AUTH_PRESCRIPTIVE			(0x04U)
    234  1.1     lukem #define	LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ		(0x08U)
    235  1.1     lukem #define	LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND	(0x10U)
    236  1.1     lukem #define	LDAP_BACK_AUTH_AUTHZ_ALL			(0x20U)
    237  1.2  christos #define	LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL		(0x40U)
    238  1.3  christos #define LDAP_BACK_AUTH_DN_AUTHZID			(0x100U)
    239  1.3  christos #define LDAP_BACK_AUTH_DN_WHOAMI			(0x200U)
    240  1.3  christos #define LDAP_BACK_AUTH_DN_MASK				(LDAP_BACK_AUTH_DN_AUTHZID|LDAP_BACK_AUTH_DN_WHOAMI)
    241  1.1     lukem #define	li_idassert_flags	li_idassert.si_flags
    242  1.1     lukem 
    243  1.1     lukem 	BerVarray	si_authz;
    244  1.1     lukem #define	li_idassert_authz	li_idassert.si_authz
    245  1.2  christos 
    246  1.2  christos 	BerVarray	si_passthru;
    247  1.2  christos #define	li_idassert_passthru	li_idassert.si_passthru
    248  1.1     lukem } slap_idassert_t;
    249  1.1     lukem 
    250  1.1     lukem /*
    251  1.1     lukem  * Hook to allow mucking with ldapinfo_t when quarantine is over
    252  1.1     lukem  */
    253  1.1     lukem typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * );
    254  1.1     lukem 
    255  1.1     lukem typedef struct ldapinfo_t {
    256  1.1     lukem 	/* li_uri: the string that goes into ldap_initialize()
    257  1.1     lukem 	 * TODO: use li_acl.sb_uri instead */
    258  1.1     lukem 	char			*li_uri;
    259  1.1     lukem 	/* li_bvuri: an array of each single URI that is equivalent;
    260  1.1     lukem 	 * to be checked for the presence of a certain item */
    261  1.1     lukem 	BerVarray		li_bvuri;
    262  1.1     lukem 	ldap_pvt_thread_mutex_t	li_uri_mutex;
    263  1.2  christos 	/* hack because when TLS is used we need to lock and let
    264  1.2  christos 	 * the li_urllist_f function to know it's locked */
    265  1.2  christos 	int			li_uri_mutex_do_not_lock;
    266  1.1     lukem 
    267  1.1     lukem 	LDAP_REBIND_PROC	*li_rebind_f;
    268  1.1     lukem 	LDAP_URLLIST_PROC	*li_urllist_f;
    269  1.1     lukem 	void			*li_urllist_p;
    270  1.1     lukem 
    271  1.1     lukem 	/* we only care about the TLS options here */
    272  1.1     lukem 	slap_bindconf		li_tls;
    273  1.1     lukem 
    274  1.1     lukem 	slap_bindconf		li_acl;
    275  1.1     lukem #define	li_acl_authcID		li_acl.sb_authcId
    276  1.1     lukem #define	li_acl_authcDN		li_acl.sb_binddn
    277  1.1     lukem #define	li_acl_passwd		li_acl.sb_cred
    278  1.1     lukem #define	li_acl_authzID		li_acl.sb_authzId
    279  1.1     lukem #define	li_acl_authmethod	li_acl.sb_method
    280  1.1     lukem #define	li_acl_sasl_mech	li_acl.sb_saslmech
    281  1.1     lukem #define	li_acl_sasl_realm	li_acl.sb_realm
    282  1.1     lukem #define	li_acl_secprops		li_acl.sb_secprops
    283  1.1     lukem 
    284  1.1     lukem 	/* ID assert stuff */
    285  1.1     lukem 	slap_idassert_t		li_idassert;
    286  1.1     lukem 	/* end of ID assert stuff */
    287  1.1     lukem 
    288  1.1     lukem 	int			li_nretries;
    289  1.1     lukem #define LDAP_BACK_RETRY_UNDEFINED	(-2)
    290  1.1     lukem #define LDAP_BACK_RETRY_FOREVER		(-1)
    291  1.1     lukem #define LDAP_BACK_RETRY_NEVER		(0)
    292  1.1     lukem #define LDAP_BACK_RETRY_DEFAULT		(3)
    293  1.1     lukem 
    294  1.1     lukem 	unsigned		li_flags;
    295  1.1     lukem 
    296  1.2  christos /* 0xFF000000U are reserved for back-meta */
    297  1.1     lukem 
    298  1.1     lukem #define LDAP_BACK_F_NONE		(0x00000000U)
    299  1.1     lukem #define LDAP_BACK_F_SAVECRED		(0x00000001U)
    300  1.1     lukem #define LDAP_BACK_F_USE_TLS		(0x00000002U)
    301  1.1     lukem #define LDAP_BACK_F_PROPAGATE_TLS	(0x00000004U)
    302  1.1     lukem #define LDAP_BACK_F_TLS_CRITICAL	(0x00000008U)
    303  1.1     lukem #define LDAP_BACK_F_TLS_LDAPS		(0x00000010U)
    304  1.1     lukem 
    305  1.1     lukem #define LDAP_BACK_F_TLS_USE_MASK	(LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL)
    306  1.1     lukem #define LDAP_BACK_F_TLS_PROPAGATE_MASK	(LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
    307  1.1     lukem #define LDAP_BACK_F_TLS_MASK		(LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS)
    308  1.1     lukem #define LDAP_BACK_F_CHASE_REFERRALS	(0x00000020U)
    309  1.1     lukem #define LDAP_BACK_F_PROXY_WHOAMI	(0x00000040U)
    310  1.1     lukem 
    311  1.1     lukem #define	LDAP_BACK_F_T_F			(0x00000080U)
    312  1.1     lukem #define	LDAP_BACK_F_T_F_DISCOVER	(0x00000100U)
    313  1.1     lukem #define	LDAP_BACK_F_T_F_MASK		(LDAP_BACK_F_T_F)
    314  1.1     lukem #define	LDAP_BACK_F_T_F_MASK2		(LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER)
    315  1.1     lukem 
    316  1.1     lukem #define LDAP_BACK_F_MONITOR		(0x00000200U)
    317  1.1     lukem #define	LDAP_BACK_F_SINGLECONN		(0x00000400U)
    318  1.1     lukem #define LDAP_BACK_F_USE_TEMPORARIES	(0x00000800U)
    319  1.1     lukem 
    320  1.1     lukem #define	LDAP_BACK_F_ISOPEN		(0x00001000U)
    321  1.1     lukem 
    322  1.1     lukem #define	LDAP_BACK_F_CANCEL_ABANDON	(0x00000000U)
    323  1.1     lukem #define	LDAP_BACK_F_CANCEL_IGNORE	(0x00002000U)
    324  1.1     lukem #define	LDAP_BACK_F_CANCEL_EXOP		(0x00004000U)
    325  1.1     lukem #define	LDAP_BACK_F_CANCEL_EXOP_DISCOVER	(0x00008000U)
    326  1.1     lukem #define	LDAP_BACK_F_CANCEL_MASK		(LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP)
    327  1.1     lukem #define	LDAP_BACK_F_CANCEL_MASK2	(LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER)
    328  1.1     lukem 
    329  1.1     lukem #define	LDAP_BACK_F_QUARANTINE		(0x00010000U)
    330  1.1     lukem 
    331  1.1     lukem #ifdef SLAP_CONTROL_X_SESSION_TRACKING
    332  1.1     lukem #define	LDAP_BACK_F_ST_REQUEST		(0x00020000U)
    333  1.1     lukem #define	LDAP_BACK_F_ST_RESPONSE		(0x00040000U)
    334  1.1     lukem #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
    335  1.1     lukem 
    336  1.2  christos #define LDAP_BACK_F_NOREFS		(0x00080000U)
    337  1.2  christos #define LDAP_BACK_F_NOUNDEFFILTER	(0x00100000U)
    338  1.2  christos #define LDAP_BACK_F_OMIT_UNKNOWN_SCHEMA (0x00200000U)
    339  1.2  christos 
    340  1.2  christos #define LDAP_BACK_F_ONERR_STOP		(0x00400000U)
    341  1.2  christos 
    342  1.1     lukem #define	LDAP_BACK_ISSET_F(ff,f)		( ( (ff) & (f) ) == (f) )
    343  1.1     lukem #define	LDAP_BACK_ISMASK_F(ff,m,f)	( ( (ff) & (m) ) == (f) )
    344  1.1     lukem 
    345  1.1     lukem #define	LDAP_BACK_ISSET(li,f)		LDAP_BACK_ISSET_F( (li)->li_flags, (f) )
    346  1.1     lukem #define	LDAP_BACK_ISMASK(li,m,f)	LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) )
    347  1.1     lukem 
    348  1.1     lukem #define LDAP_BACK_SAVECRED(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED )
    349  1.1     lukem #define LDAP_BACK_USE_TLS(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS )
    350  1.1     lukem #define LDAP_BACK_PROPAGATE_TLS(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS )
    351  1.1     lukem #define LDAP_BACK_TLS_CRITICAL(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL )
    352  1.1     lukem #define LDAP_BACK_CHASE_REFERRALS(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS )
    353  1.1     lukem #define LDAP_BACK_PROXY_WHOAMI(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI )
    354  1.1     lukem 
    355  1.1     lukem #define LDAP_BACK_USE_TLS_F(ff)		LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS )
    356  1.1     lukem #define LDAP_BACK_PROPAGATE_TLS_F(ff)	LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS )
    357  1.1     lukem #define LDAP_BACK_TLS_CRITICAL_F(ff)	LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL )
    358  1.1     lukem 
    359  1.1     lukem #define	LDAP_BACK_T_F(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
    360  1.1     lukem #define	LDAP_BACK_T_F_DISCOVER(li)	LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
    361  1.1     lukem 
    362  1.1     lukem #define LDAP_BACK_MONITOR(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR )
    363  1.1     lukem #define	LDAP_BACK_SINGLECONN(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN )
    364  1.1     lukem #define	LDAP_BACK_USE_TEMPORARIES(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES)
    365  1.1     lukem 
    366  1.1     lukem #define	LDAP_BACK_ISOPEN(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN )
    367  1.1     lukem 
    368  1.1     lukem #define	LDAP_BACK_ABANDON(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON )
    369  1.1     lukem #define	LDAP_BACK_IGNORE(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
    370  1.1     lukem #define	LDAP_BACK_CANCEL(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
    371  1.1     lukem #define	LDAP_BACK_CANCEL_DISCOVER(li)	LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
    372  1.1     lukem 
    373  1.1     lukem #define	LDAP_BACK_QUARANTINE(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
    374  1.1     lukem 
    375  1.1     lukem #ifdef SLAP_CONTROL_X_SESSION_TRACKING
    376  1.1     lukem #define	LDAP_BACK_ST_REQUEST(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST)
    377  1.1     lukem #define	LDAP_BACK_ST_RESPONSE(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE)
    378  1.1     lukem #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
    379  1.1     lukem 
    380  1.2  christos #define	LDAP_BACK_NOREFS(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS)
    381  1.2  christos #define	LDAP_BACK_NOUNDEFFILTER(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER)
    382  1.2  christos #define	LDAP_BACK_OMIT_UNKNOWN_SCHEMA(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_OMIT_UNKNOWN_SCHEMA)
    383  1.2  christos #define	LDAP_BACK_ONERR_STOP(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_ONERR_STOP)
    384  1.2  christos 
    385  1.1     lukem 	int			li_version;
    386  1.1     lukem 
    387  1.2  christos 	unsigned long		li_conn_nextid;
    388  1.2  christos 
    389  1.1     lukem 	/* cached connections;
    390  1.1     lukem 	 * special conns are in tailq rather than in tree */
    391  1.1     lukem 	ldap_avl_info_t		li_conninfo;
    392  1.1     lukem 	struct {
    393  1.1     lukem 		int						lic_num;
    394  1.1     lukem 		LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t)	lic_priv;
    395  1.1     lukem 	}			li_conn_priv[ LDAP_BACK_PCONN_LAST ];
    396  1.1     lukem 	int			li_conn_priv_max;
    397  1.1     lukem #define	LDAP_BACK_CONN_PRIV_MIN		(1)
    398  1.1     lukem #define	LDAP_BACK_CONN_PRIV_MAX		(256)
    399  1.1     lukem 	/* must be between LDAP_BACK_CONN_PRIV_MIN
    400  1.1     lukem 	 * and LDAP_BACK_CONN_PRIV_MAX ! */
    401  1.1     lukem #define	LDAP_BACK_CONN_PRIV_DEFAULT	(16)
    402  1.1     lukem 
    403  1.1     lukem 	ldap_monitor_info_t	li_monitor_info;
    404  1.1     lukem 
    405  1.1     lukem 	sig_atomic_t		li_isquarantined;
    406  1.1     lukem #define	LDAP_BACK_FQ_NO		(0)
    407  1.1     lukem #define	LDAP_BACK_FQ_YES	(1)
    408  1.1     lukem #define	LDAP_BACK_FQ_RETRYING	(2)
    409  1.1     lukem 
    410  1.1     lukem 	slap_retry_info_t	li_quarantine;
    411  1.1     lukem 	ldap_pvt_thread_mutex_t	li_quarantine_mutex;
    412  1.1     lukem 	ldap_back_quarantine_f	li_quarantine_f;
    413  1.1     lukem 	void			*li_quarantine_p;
    414  1.1     lukem 
    415  1.1     lukem 	time_t			li_network_timeout;
    416  1.1     lukem 	time_t			li_conn_ttl;
    417  1.1     lukem 	time_t			li_idle_timeout;
    418  1.1     lukem 	time_t			li_timeout[ SLAP_OP_LAST ];
    419  1.2  christos 
    420  1.2  christos 	ldap_pvt_thread_mutex_t li_counter_mutex;
    421  1.2  christos 	ldap_pvt_mp_t		li_ops_completed[SLAP_OP_LAST];
    422  1.3  christos 	struct re_s*		li_conn_expire_task;
    423  1.1     lukem } ldapinfo_t;
    424  1.1     lukem 
    425  1.2  christos #define	LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
    426  1.2  christos 
    427  1.1     lukem typedef enum ldap_back_send_t {
    428  1.1     lukem 	LDAP_BACK_DONTSEND		= 0x00,
    429  1.1     lukem 	LDAP_BACK_SENDOK		= 0x01,
    430  1.1     lukem 	LDAP_BACK_SENDERR		= 0x02,
    431  1.1     lukem 	LDAP_BACK_SENDRESULT		= (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR),
    432  1.1     lukem 	LDAP_BACK_BINDING		= 0x04,
    433  1.1     lukem 
    434  1.1     lukem 	LDAP_BACK_BIND_DONTSEND		= (LDAP_BACK_BINDING),
    435  1.1     lukem 	LDAP_BACK_BIND_SOK		= (LDAP_BACK_BINDING|LDAP_BACK_SENDOK),
    436  1.1     lukem 	LDAP_BACK_BIND_SERR		= (LDAP_BACK_BINDING|LDAP_BACK_SENDERR),
    437  1.1     lukem 	LDAP_BACK_BIND_SRES		= (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT),
    438  1.1     lukem 
    439  1.1     lukem 	LDAP_BACK_RETRYING		= 0x08,
    440  1.1     lukem 	LDAP_BACK_RETRY_DONTSEND	= (LDAP_BACK_RETRYING),
    441  1.1     lukem 	LDAP_BACK_RETRY_SOK		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK),
    442  1.1     lukem 	LDAP_BACK_RETRY_SERR		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR),
    443  1.1     lukem 	LDAP_BACK_RETRY_SRES		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT),
    444  1.1     lukem 
    445  1.1     lukem 	LDAP_BACK_GETCONN		= 0x10
    446  1.1     lukem } ldap_back_send_t;
    447  1.1     lukem 
    448  1.1     lukem /* define to use asynchronous StartTLS */
    449  1.1     lukem #define SLAP_STARTTLS_ASYNCHRONOUS
    450  1.1     lukem 
    451  1.1     lukem /* timeout to use when calling ldap_result() */
    452  1.1     lukem #define	LDAP_BACK_RESULT_TIMEOUT	(0)
    453  1.1     lukem #define	LDAP_BACK_RESULT_UTIMEOUT	(100000)
    454  1.1     lukem #define	LDAP_BACK_TV_SET(tv) \
    455  1.1     lukem 	do { \
    456  1.1     lukem 		(tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \
    457  1.1     lukem 		(tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \
    458  1.1     lukem 	} while ( 0 )
    459  1.1     lukem 
    460  1.1     lukem #ifndef LDAP_BACK_PRINT_CONNTREE
    461  1.1     lukem #define LDAP_BACK_PRINT_CONNTREE 0
    462  1.1     lukem #endif /* !LDAP_BACK_PRINT_CONNTREE */
    463  1.1     lukem 
    464  1.1     lukem typedef struct ldap_extra_t {
    465  1.1     lukem 	int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn,
    466  1.1     lukem 		int version, slap_idassert_t *si, LDAPControl	*ctrl );
    467  1.1     lukem 	int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls );
    468  1.2  christos 	int (*idassert_authzfrom_parse)( struct config_args_s *ca, slap_idassert_t *si );
    469  1.2  christos 	int (*idassert_passthru_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si );
    470  1.2  christos 	int (*idassert_parse)( struct config_args_s *ca, slap_idassert_t *si );
    471  1.2  christos 	void (*retry_info_destroy)( slap_retry_info_t *ri );
    472  1.2  christos 	int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen );
    473  1.2  christos 	int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout );
    474  1.2  christos 	int (*connid2str)( const ldapconn_base_t *lc, char *buf, ber_len_t buflen );
    475  1.1     lukem } ldap_extra_t;
    476  1.1     lukem 
    477  1.1     lukem LDAP_END_DECL
    478  1.1     lukem 
    479  1.1     lukem #include "proto-ldap.h"
    480  1.1     lukem 
    481  1.1     lukem #endif /* SLAPD_LDAP_H */
    482