1 1.3 christos /* $NetBSD: back-ldap.h,v 1.4 2025/09/05 21:16:27 christos Exp $ */ 2 1.2 christos 3 1.1 lukem /* back-ldap.h - ldap backend header file */ 4 1.2 christos /* $OpenLDAP$ */ 5 1.1 lukem /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 1.1 lukem * 7 1.4 christos * Copyright 1999-2024 The OpenLDAP Foundation. 8 1.1 lukem * Portions Copyright 2000-2003 Pierangelo Masarati. 9 1.1 lukem * Portions Copyright 1999-2003 Howard Chu. 10 1.1 lukem * All rights reserved. 11 1.1 lukem * 12 1.1 lukem * Redistribution and use in source and binary forms, with or without 13 1.1 lukem * modification, are permitted only as authorized by the OpenLDAP 14 1.1 lukem * Public License. 15 1.1 lukem * 16 1.1 lukem * A copy of this license is available in the file LICENSE in the 17 1.1 lukem * top-level directory of the distribution or, alternatively, at 18 1.1 lukem * <http://www.OpenLDAP.org/license.html>. 19 1.1 lukem */ 20 1.1 lukem /* ACKNOWLEDGEMENTS: 21 1.1 lukem * This work was initially developed by the Howard Chu for inclusion 22 1.1 lukem * in OpenLDAP Software and subsequently enhanced by Pierangelo 23 1.1 lukem * Masarati. 24 1.1 lukem */ 25 1.1 lukem 26 1.1 lukem #ifndef SLAPD_LDAP_H 27 1.1 lukem #define SLAPD_LDAP_H 28 1.1 lukem 29 1.1 lukem #include "../back-monitor/back-monitor.h" 30 1.1 lukem 31 1.1 lukem LDAP_BEGIN_DECL 32 1.1 lukem 33 1.1 lukem struct ldapinfo_t; 34 1.1 lukem 35 1.1 lukem /* stuff required for monitoring */ 36 1.1 lukem typedef struct ldap_monitor_info_t { 37 1.2 christos monitor_subsys_t lmi_mss[2]; 38 1.1 lukem 39 1.2 christos struct berval lmi_ndn; 40 1.2 christos struct berval lmi_conn_rdn; 41 1.2 christos struct berval lmi_ops_rdn; 42 1.1 lukem } ldap_monitor_info_t; 43 1.1 lukem 44 1.1 lukem enum { 45 1.1 lukem /* even numbers are connection types */ 46 1.1 lukem LDAP_BACK_PCONN_FIRST = 0, 47 1.1 lukem LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST, 48 1.1 lukem LDAP_BACK_PCONN_ANON = 2, 49 1.1 lukem LDAP_BACK_PCONN_BIND = 4, 50 1.1 lukem 51 1.1 lukem /* add the TLS bit */ 52 1.1 lukem LDAP_BACK_PCONN_TLS = 0x1U, 53 1.1 lukem 54 1.1 lukem LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS), 55 1.1 lukem LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS), 56 1.1 lukem LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS), 57 1.1 lukem 58 1.1 lukem LDAP_BACK_PCONN_LAST 59 1.1 lukem }; 60 1.1 lukem 61 1.2 christos typedef struct ldapconn_base_t { 62 1.2 christos Connection *lcb_conn; 63 1.1 lukem #define LDAP_BACK_CONN2PRIV(lc) ((unsigned long)(lc)->lc_conn) 64 1.2 christos #define LDAP_BACK_PCONN_ISPRIV(lc) (((void *)(lc)->lc_conn) >= ((void *)LDAP_BACK_PCONN_FIRST) \ 65 1.2 christos && ((void *)(lc)->lc_conn) < ((void *)LDAP_BACK_PCONN_LAST)) 66 1.1 lukem #define LDAP_BACK_PCONN_ISROOTDN(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 67 1.1 lukem && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON)) 68 1.1 lukem #define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 69 1.1 lukem && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \ 70 1.1 lukem && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON)) 71 1.1 lukem #define LDAP_BACK_PCONN_ISBIND(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 72 1.1 lukem && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND)) 73 1.1 lukem #define LDAP_BACK_PCONN_ISTLS(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 74 1.1 lukem && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS)) 75 1.1 lukem #ifdef HAVE_TLS 76 1.1 lukem #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 77 1.1 lukem ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN)) 78 1.1 lukem #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 79 1.1 lukem ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON)) 80 1.1 lukem #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 81 1.1 lukem ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND)) 82 1.1 lukem #else /* ! HAVE_TLS */ 83 1.1 lukem #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 84 1.1 lukem ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN) 85 1.1 lukem #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 86 1.1 lukem ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON) 87 1.1 lukem #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 88 1.1 lukem ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND) 89 1.1 lukem #endif /* ! HAVE_TLS */ 90 1.1 lukem #define LDAP_BACK_PCONN_SET(lc, op) \ 91 1.1 lukem (BER_BVISEMPTY(&(op)->o_ndn) ? \ 92 1.1 lukem LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op))) 93 1.1 lukem 94 1.2 christos struct ldapinfo_t *lcb_ldapinfo; 95 1.2 christos struct berval lcb_local_ndn; 96 1.2 christos unsigned lcb_refcnt; 97 1.2 christos time_t lcb_create_time; 98 1.2 christos time_t lcb_time; 99 1.2 christos } ldapconn_base_t; 100 1.2 christos 101 1.2 christos typedef struct ldapconn_t { 102 1.2 christos ldapconn_base_t lc_base; 103 1.2 christos #define lc_conn lc_base.lcb_conn 104 1.2 christos #define lc_ldapinfo lc_base.lcb_ldapinfo 105 1.2 christos #define lc_local_ndn lc_base.lcb_local_ndn 106 1.2 christos #define lc_refcnt lc_base.lcb_refcnt 107 1.2 christos #define lc_create_time lc_base.lcb_create_time 108 1.2 christos #define lc_time lc_base.lcb_time 109 1.2 christos 110 1.2 christos LDAP_TAILQ_ENTRY(ldapconn_t) lc_q; 111 1.2 christos 112 1.1 lukem unsigned lc_lcflags; 113 1.1 lukem #define LDAP_BACK_CONN_ISSET_F(fp,f) (*(fp) & (f)) 114 1.1 lukem #define LDAP_BACK_CONN_SET_F(fp,f) (*(fp) |= (f)) 115 1.1 lukem #define LDAP_BACK_CONN_CLEAR_F(fp,f) (*(fp) &= ~(f)) 116 1.1 lukem #define LDAP_BACK_CONN_CPY_F(fp,f,mfp) \ 117 1.1 lukem do { \ 118 1.1 lukem if ( ((f) & *(mfp)) == (f) ) { \ 119 1.1 lukem *(fp) |= (f); \ 120 1.1 lukem } else { \ 121 1.1 lukem *(fp) &= ~(f); \ 122 1.1 lukem } \ 123 1.1 lukem } while ( 0 ) 124 1.1 lukem 125 1.1 lukem #define LDAP_BACK_CONN_ISSET(lc,f) LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f)) 126 1.1 lukem #define LDAP_BACK_CONN_SET(lc,f) LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f)) 127 1.1 lukem #define LDAP_BACK_CONN_CLEAR(lc,f) LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f)) 128 1.1 lukem #define LDAP_BACK_CONN_CPY(lc,f,mlc) LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags) 129 1.1 lukem 130 1.1 lukem /* 0xFFF00000U are reserved for back-meta */ 131 1.1 lukem 132 1.1 lukem #define LDAP_BACK_FCONN_ISBOUND (0x00000001U) 133 1.1 lukem #define LDAP_BACK_FCONN_ISANON (0x00000002U) 134 1.1 lukem #define LDAP_BACK_FCONN_ISBMASK (LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON) 135 1.1 lukem #define LDAP_BACK_FCONN_ISPRIV (0x00000004U) 136 1.1 lukem #define LDAP_BACK_FCONN_ISTLS (0x00000008U) 137 1.1 lukem #define LDAP_BACK_FCONN_BINDING (0x00000010U) 138 1.1 lukem #define LDAP_BACK_FCONN_TAINTED (0x00000020U) 139 1.1 lukem #define LDAP_BACK_FCONN_ABANDON (0x00000040U) 140 1.1 lukem #define LDAP_BACK_FCONN_ISIDASR (0x00000080U) 141 1.1 lukem #define LDAP_BACK_FCONN_CACHED (0x00000100U) 142 1.1 lukem 143 1.1 lukem #define LDAP_BACK_CONN_ISBOUND(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND) 144 1.1 lukem #define LDAP_BACK_CONN_ISBOUND_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND) 145 1.1 lukem #define LDAP_BACK_CONN_ISBOUND_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK) 146 1.1 lukem #define LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc)) 147 1.1 lukem #define LDAP_BACK_CONN_ISANON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON) 148 1.1 lukem #define LDAP_BACK_CONN_ISANON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON) 149 1.1 lukem #define LDAP_BACK_CONN_ISANON_CLEAR(lc) LDAP_BACK_CONN_ISBOUND_CLEAR((lc)) 150 1.1 lukem #define LDAP_BACK_CONN_ISANON_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc)) 151 1.1 lukem #define LDAP_BACK_CONN_ISPRIV(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV) 152 1.1 lukem #define LDAP_BACK_CONN_ISPRIV_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV) 153 1.1 lukem #define LDAP_BACK_CONN_ISPRIV_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV) 154 1.1 lukem #define LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc)) 155 1.1 lukem #define LDAP_BACK_CONN_ISTLS(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS) 156 1.1 lukem #define LDAP_BACK_CONN_ISTLS_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS) 157 1.1 lukem #define LDAP_BACK_CONN_ISTLS_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS) 158 1.1 lukem #define LDAP_BACK_CONN_ISTLS_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc)) 159 1.1 lukem #define LDAP_BACK_CONN_BINDING(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING) 160 1.1 lukem #define LDAP_BACK_CONN_BINDING_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING) 161 1.1 lukem #define LDAP_BACK_CONN_BINDING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING) 162 1.1 lukem #define LDAP_BACK_CONN_TAINTED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED) 163 1.1 lukem #define LDAP_BACK_CONN_TAINTED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED) 164 1.1 lukem #define LDAP_BACK_CONN_TAINTED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED) 165 1.1 lukem #define LDAP_BACK_CONN_ABANDON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON) 166 1.1 lukem #define LDAP_BACK_CONN_ABANDON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON) 167 1.1 lukem #define LDAP_BACK_CONN_ABANDON_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON) 168 1.1 lukem #define LDAP_BACK_CONN_ISIDASSERT(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR) 169 1.1 lukem #define LDAP_BACK_CONN_ISIDASSERT_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR) 170 1.1 lukem #define LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR) 171 1.1 lukem #define LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc)) 172 1.1 lukem #define LDAP_BACK_CONN_CACHED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED) 173 1.1 lukem #define LDAP_BACK_CONN_CACHED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED) 174 1.1 lukem #define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED) 175 1.1 lukem 176 1.2 christos LDAP *lc_ld; 177 1.2 christos unsigned long lc_connid; 178 1.2 christos struct berval lc_cred; 179 1.2 christos struct berval lc_bound_ndn; 180 1.1 lukem unsigned lc_flags; 181 1.1 lukem } ldapconn_t; 182 1.1 lukem 183 1.1 lukem typedef struct ldap_avl_info_t { 184 1.1 lukem ldap_pvt_thread_mutex_t lai_mutex; 185 1.3 christos TAvlnode *lai_tree; 186 1.1 lukem } ldap_avl_info_t; 187 1.1 lukem 188 1.1 lukem typedef struct slap_retry_info_t { 189 1.1 lukem time_t *ri_interval; 190 1.1 lukem int *ri_num; 191 1.1 lukem int ri_idx; 192 1.1 lukem int ri_count; 193 1.1 lukem time_t ri_last; 194 1.1 lukem 195 1.1 lukem #define SLAP_RETRYNUM_FOREVER (-1) /* retry forever */ 196 1.1 lukem #define SLAP_RETRYNUM_TAIL (-2) /* end of retrynum array */ 197 1.1 lukem #define SLAP_RETRYNUM_VALID(n) ((n) >= SLAP_RETRYNUM_FOREVER) /* valid retrynum */ 198 1.1 lukem #define SLAP_RETRYNUM_FINITE(n) ((n) > SLAP_RETRYNUM_FOREVER) /* not forever */ 199 1.1 lukem } slap_retry_info_t; 200 1.1 lukem 201 1.1 lukem /* 202 1.1 lukem * identity assertion modes 203 1.1 lukem */ 204 1.1 lukem typedef enum { 205 1.1 lukem LDAP_BACK_IDASSERT_LEGACY = 1, 206 1.1 lukem LDAP_BACK_IDASSERT_NOASSERT, 207 1.1 lukem LDAP_BACK_IDASSERT_ANONYMOUS, 208 1.1 lukem LDAP_BACK_IDASSERT_SELF, 209 1.1 lukem LDAP_BACK_IDASSERT_OTHERDN, 210 1.1 lukem LDAP_BACK_IDASSERT_OTHERID 211 1.1 lukem } slap_idassert_mode_t; 212 1.1 lukem 213 1.1 lukem /* ID assert stuff */ 214 1.1 lukem typedef struct slap_idassert_t { 215 1.1 lukem slap_idassert_mode_t si_mode; 216 1.1 lukem #define li_idassert_mode li_idassert.si_mode 217 1.1 lukem 218 1.1 lukem slap_bindconf si_bc; 219 1.1 lukem #define li_idassert_authcID li_idassert.si_bc.sb_authcId 220 1.1 lukem #define li_idassert_authcDN li_idassert.si_bc.sb_binddn 221 1.1 lukem #define li_idassert_passwd li_idassert.si_bc.sb_cred 222 1.1 lukem #define li_idassert_authzID li_idassert.si_bc.sb_authzId 223 1.1 lukem #define li_idassert_authmethod li_idassert.si_bc.sb_method 224 1.1 lukem #define li_idassert_sasl_mech li_idassert.si_bc.sb_saslmech 225 1.1 lukem #define li_idassert_sasl_realm li_idassert.si_bc.sb_realm 226 1.1 lukem #define li_idassert_secprops li_idassert.si_bc.sb_secprops 227 1.1 lukem #define li_idassert_tls li_idassert.si_bc.sb_tls 228 1.1 lukem 229 1.1 lukem unsigned si_flags; 230 1.1 lukem #define LDAP_BACK_AUTH_NONE (0x00U) 231 1.1 lukem #define LDAP_BACK_AUTH_NATIVE_AUTHZ (0x01U) 232 1.1 lukem #define LDAP_BACK_AUTH_OVERRIDE (0x02U) 233 1.1 lukem #define LDAP_BACK_AUTH_PRESCRIPTIVE (0x04U) 234 1.1 lukem #define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ (0x08U) 235 1.1 lukem #define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND (0x10U) 236 1.1 lukem #define LDAP_BACK_AUTH_AUTHZ_ALL (0x20U) 237 1.2 christos #define LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL (0x40U) 238 1.3 christos #define LDAP_BACK_AUTH_DN_AUTHZID (0x100U) 239 1.3 christos #define LDAP_BACK_AUTH_DN_WHOAMI (0x200U) 240 1.3 christos #define LDAP_BACK_AUTH_DN_MASK (LDAP_BACK_AUTH_DN_AUTHZID|LDAP_BACK_AUTH_DN_WHOAMI) 241 1.1 lukem #define li_idassert_flags li_idassert.si_flags 242 1.1 lukem 243 1.1 lukem BerVarray si_authz; 244 1.1 lukem #define li_idassert_authz li_idassert.si_authz 245 1.2 christos 246 1.2 christos BerVarray si_passthru; 247 1.2 christos #define li_idassert_passthru li_idassert.si_passthru 248 1.1 lukem } slap_idassert_t; 249 1.1 lukem 250 1.1 lukem /* 251 1.1 lukem * Hook to allow mucking with ldapinfo_t when quarantine is over 252 1.1 lukem */ 253 1.1 lukem typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * ); 254 1.1 lukem 255 1.1 lukem typedef struct ldapinfo_t { 256 1.1 lukem /* li_uri: the string that goes into ldap_initialize() 257 1.1 lukem * TODO: use li_acl.sb_uri instead */ 258 1.1 lukem char *li_uri; 259 1.1 lukem /* li_bvuri: an array of each single URI that is equivalent; 260 1.1 lukem * to be checked for the presence of a certain item */ 261 1.1 lukem BerVarray li_bvuri; 262 1.1 lukem ldap_pvt_thread_mutex_t li_uri_mutex; 263 1.2 christos /* hack because when TLS is used we need to lock and let 264 1.2 christos * the li_urllist_f function to know it's locked */ 265 1.2 christos int li_uri_mutex_do_not_lock; 266 1.1 lukem 267 1.1 lukem LDAP_REBIND_PROC *li_rebind_f; 268 1.1 lukem LDAP_URLLIST_PROC *li_urllist_f; 269 1.1 lukem void *li_urllist_p; 270 1.1 lukem 271 1.1 lukem /* we only care about the TLS options here */ 272 1.1 lukem slap_bindconf li_tls; 273 1.1 lukem 274 1.1 lukem slap_bindconf li_acl; 275 1.1 lukem #define li_acl_authcID li_acl.sb_authcId 276 1.1 lukem #define li_acl_authcDN li_acl.sb_binddn 277 1.1 lukem #define li_acl_passwd li_acl.sb_cred 278 1.1 lukem #define li_acl_authzID li_acl.sb_authzId 279 1.1 lukem #define li_acl_authmethod li_acl.sb_method 280 1.1 lukem #define li_acl_sasl_mech li_acl.sb_saslmech 281 1.1 lukem #define li_acl_sasl_realm li_acl.sb_realm 282 1.1 lukem #define li_acl_secprops li_acl.sb_secprops 283 1.1 lukem 284 1.1 lukem /* ID assert stuff */ 285 1.1 lukem slap_idassert_t li_idassert; 286 1.1 lukem /* end of ID assert stuff */ 287 1.1 lukem 288 1.1 lukem int li_nretries; 289 1.1 lukem #define LDAP_BACK_RETRY_UNDEFINED (-2) 290 1.1 lukem #define LDAP_BACK_RETRY_FOREVER (-1) 291 1.1 lukem #define LDAP_BACK_RETRY_NEVER (0) 292 1.1 lukem #define LDAP_BACK_RETRY_DEFAULT (3) 293 1.1 lukem 294 1.1 lukem unsigned li_flags; 295 1.1 lukem 296 1.2 christos /* 0xFF000000U are reserved for back-meta */ 297 1.1 lukem 298 1.1 lukem #define LDAP_BACK_F_NONE (0x00000000U) 299 1.1 lukem #define LDAP_BACK_F_SAVECRED (0x00000001U) 300 1.1 lukem #define LDAP_BACK_F_USE_TLS (0x00000002U) 301 1.1 lukem #define LDAP_BACK_F_PROPAGATE_TLS (0x00000004U) 302 1.1 lukem #define LDAP_BACK_F_TLS_CRITICAL (0x00000008U) 303 1.1 lukem #define LDAP_BACK_F_TLS_LDAPS (0x00000010U) 304 1.1 lukem 305 1.1 lukem #define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL) 306 1.1 lukem #define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL) 307 1.1 lukem #define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS) 308 1.1 lukem #define LDAP_BACK_F_CHASE_REFERRALS (0x00000020U) 309 1.1 lukem #define LDAP_BACK_F_PROXY_WHOAMI (0x00000040U) 310 1.1 lukem 311 1.1 lukem #define LDAP_BACK_F_T_F (0x00000080U) 312 1.1 lukem #define LDAP_BACK_F_T_F_DISCOVER (0x00000100U) 313 1.1 lukem #define LDAP_BACK_F_T_F_MASK (LDAP_BACK_F_T_F) 314 1.1 lukem #define LDAP_BACK_F_T_F_MASK2 (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER) 315 1.1 lukem 316 1.1 lukem #define LDAP_BACK_F_MONITOR (0x00000200U) 317 1.1 lukem #define LDAP_BACK_F_SINGLECONN (0x00000400U) 318 1.1 lukem #define LDAP_BACK_F_USE_TEMPORARIES (0x00000800U) 319 1.1 lukem 320 1.1 lukem #define LDAP_BACK_F_ISOPEN (0x00001000U) 321 1.1 lukem 322 1.1 lukem #define LDAP_BACK_F_CANCEL_ABANDON (0x00000000U) 323 1.1 lukem #define LDAP_BACK_F_CANCEL_IGNORE (0x00002000U) 324 1.1 lukem #define LDAP_BACK_F_CANCEL_EXOP (0x00004000U) 325 1.1 lukem #define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00008000U) 326 1.1 lukem #define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP) 327 1.1 lukem #define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER) 328 1.1 lukem 329 1.1 lukem #define LDAP_BACK_F_QUARANTINE (0x00010000U) 330 1.1 lukem 331 1.1 lukem #ifdef SLAP_CONTROL_X_SESSION_TRACKING 332 1.1 lukem #define LDAP_BACK_F_ST_REQUEST (0x00020000U) 333 1.1 lukem #define LDAP_BACK_F_ST_RESPONSE (0x00040000U) 334 1.1 lukem #endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 335 1.1 lukem 336 1.2 christos #define LDAP_BACK_F_NOREFS (0x00080000U) 337 1.2 christos #define LDAP_BACK_F_NOUNDEFFILTER (0x00100000U) 338 1.2 christos #define LDAP_BACK_F_OMIT_UNKNOWN_SCHEMA (0x00200000U) 339 1.2 christos 340 1.2 christos #define LDAP_BACK_F_ONERR_STOP (0x00400000U) 341 1.2 christos 342 1.1 lukem #define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) ) 343 1.1 lukem #define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) ) 344 1.1 lukem 345 1.1 lukem #define LDAP_BACK_ISSET(li,f) LDAP_BACK_ISSET_F( (li)->li_flags, (f) ) 346 1.1 lukem #define LDAP_BACK_ISMASK(li,m,f) LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) ) 347 1.1 lukem 348 1.1 lukem #define LDAP_BACK_SAVECRED(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED ) 349 1.1 lukem #define LDAP_BACK_USE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS ) 350 1.1 lukem #define LDAP_BACK_PROPAGATE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS ) 351 1.1 lukem #define LDAP_BACK_TLS_CRITICAL(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL ) 352 1.1 lukem #define LDAP_BACK_CHASE_REFERRALS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS ) 353 1.1 lukem #define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI ) 354 1.1 lukem 355 1.1 lukem #define LDAP_BACK_USE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS ) 356 1.1 lukem #define LDAP_BACK_PROPAGATE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS ) 357 1.1 lukem #define LDAP_BACK_TLS_CRITICAL_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL ) 358 1.1 lukem 359 1.1 lukem #define LDAP_BACK_T_F(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F ) 360 1.1 lukem #define LDAP_BACK_T_F_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER ) 361 1.1 lukem 362 1.1 lukem #define LDAP_BACK_MONITOR(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR ) 363 1.1 lukem #define LDAP_BACK_SINGLECONN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN ) 364 1.1 lukem #define LDAP_BACK_USE_TEMPORARIES(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES) 365 1.1 lukem 366 1.1 lukem #define LDAP_BACK_ISOPEN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN ) 367 1.1 lukem 368 1.1 lukem #define LDAP_BACK_ABANDON(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON ) 369 1.1 lukem #define LDAP_BACK_IGNORE(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE ) 370 1.1 lukem #define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP ) 371 1.1 lukem #define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER ) 372 1.1 lukem 373 1.1 lukem #define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE ) 374 1.1 lukem 375 1.1 lukem #ifdef SLAP_CONTROL_X_SESSION_TRACKING 376 1.1 lukem #define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST) 377 1.1 lukem #define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE) 378 1.1 lukem #endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 379 1.1 lukem 380 1.2 christos #define LDAP_BACK_NOREFS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS) 381 1.2 christos #define LDAP_BACK_NOUNDEFFILTER(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER) 382 1.2 christos #define LDAP_BACK_OMIT_UNKNOWN_SCHEMA(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_OMIT_UNKNOWN_SCHEMA) 383 1.2 christos #define LDAP_BACK_ONERR_STOP(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ONERR_STOP) 384 1.2 christos 385 1.1 lukem int li_version; 386 1.1 lukem 387 1.2 christos unsigned long li_conn_nextid; 388 1.2 christos 389 1.1 lukem /* cached connections; 390 1.1 lukem * special conns are in tailq rather than in tree */ 391 1.1 lukem ldap_avl_info_t li_conninfo; 392 1.1 lukem struct { 393 1.1 lukem int lic_num; 394 1.1 lukem LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t) lic_priv; 395 1.1 lukem } li_conn_priv[ LDAP_BACK_PCONN_LAST ]; 396 1.1 lukem int li_conn_priv_max; 397 1.1 lukem #define LDAP_BACK_CONN_PRIV_MIN (1) 398 1.1 lukem #define LDAP_BACK_CONN_PRIV_MAX (256) 399 1.1 lukem /* must be between LDAP_BACK_CONN_PRIV_MIN 400 1.1 lukem * and LDAP_BACK_CONN_PRIV_MAX ! */ 401 1.1 lukem #define LDAP_BACK_CONN_PRIV_DEFAULT (16) 402 1.1 lukem 403 1.1 lukem ldap_monitor_info_t li_monitor_info; 404 1.1 lukem 405 1.1 lukem sig_atomic_t li_isquarantined; 406 1.1 lukem #define LDAP_BACK_FQ_NO (0) 407 1.1 lukem #define LDAP_BACK_FQ_YES (1) 408 1.1 lukem #define LDAP_BACK_FQ_RETRYING (2) 409 1.1 lukem 410 1.1 lukem slap_retry_info_t li_quarantine; 411 1.1 lukem ldap_pvt_thread_mutex_t li_quarantine_mutex; 412 1.1 lukem ldap_back_quarantine_f li_quarantine_f; 413 1.1 lukem void *li_quarantine_p; 414 1.1 lukem 415 1.1 lukem time_t li_network_timeout; 416 1.1 lukem time_t li_conn_ttl; 417 1.1 lukem time_t li_idle_timeout; 418 1.1 lukem time_t li_timeout[ SLAP_OP_LAST ]; 419 1.2 christos 420 1.2 christos ldap_pvt_thread_mutex_t li_counter_mutex; 421 1.2 christos ldap_pvt_mp_t li_ops_completed[SLAP_OP_LAST]; 422 1.3 christos struct re_s* li_conn_expire_task; 423 1.1 lukem } ldapinfo_t; 424 1.1 lukem 425 1.2 christos #define LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE) 426 1.2 christos 427 1.1 lukem typedef enum ldap_back_send_t { 428 1.1 lukem LDAP_BACK_DONTSEND = 0x00, 429 1.1 lukem LDAP_BACK_SENDOK = 0x01, 430 1.1 lukem LDAP_BACK_SENDERR = 0x02, 431 1.1 lukem LDAP_BACK_SENDRESULT = (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR), 432 1.1 lukem LDAP_BACK_BINDING = 0x04, 433 1.1 lukem 434 1.1 lukem LDAP_BACK_BIND_DONTSEND = (LDAP_BACK_BINDING), 435 1.1 lukem LDAP_BACK_BIND_SOK = (LDAP_BACK_BINDING|LDAP_BACK_SENDOK), 436 1.1 lukem LDAP_BACK_BIND_SERR = (LDAP_BACK_BINDING|LDAP_BACK_SENDERR), 437 1.1 lukem LDAP_BACK_BIND_SRES = (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT), 438 1.1 lukem 439 1.1 lukem LDAP_BACK_RETRYING = 0x08, 440 1.1 lukem LDAP_BACK_RETRY_DONTSEND = (LDAP_BACK_RETRYING), 441 1.1 lukem LDAP_BACK_RETRY_SOK = (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK), 442 1.1 lukem LDAP_BACK_RETRY_SERR = (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR), 443 1.1 lukem LDAP_BACK_RETRY_SRES = (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT), 444 1.1 lukem 445 1.1 lukem LDAP_BACK_GETCONN = 0x10 446 1.1 lukem } ldap_back_send_t; 447 1.1 lukem 448 1.1 lukem /* define to use asynchronous StartTLS */ 449 1.1 lukem #define SLAP_STARTTLS_ASYNCHRONOUS 450 1.1 lukem 451 1.1 lukem /* timeout to use when calling ldap_result() */ 452 1.1 lukem #define LDAP_BACK_RESULT_TIMEOUT (0) 453 1.1 lukem #define LDAP_BACK_RESULT_UTIMEOUT (100000) 454 1.1 lukem #define LDAP_BACK_TV_SET(tv) \ 455 1.1 lukem do { \ 456 1.1 lukem (tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \ 457 1.1 lukem (tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \ 458 1.1 lukem } while ( 0 ) 459 1.1 lukem 460 1.1 lukem #ifndef LDAP_BACK_PRINT_CONNTREE 461 1.1 lukem #define LDAP_BACK_PRINT_CONNTREE 0 462 1.1 lukem #endif /* !LDAP_BACK_PRINT_CONNTREE */ 463 1.1 lukem 464 1.1 lukem typedef struct ldap_extra_t { 465 1.1 lukem int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn, 466 1.1 lukem int version, slap_idassert_t *si, LDAPControl *ctrl ); 467 1.1 lukem int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls ); 468 1.2 christos int (*idassert_authzfrom_parse)( struct config_args_s *ca, slap_idassert_t *si ); 469 1.2 christos int (*idassert_passthru_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si ); 470 1.2 christos int (*idassert_parse)( struct config_args_s *ca, slap_idassert_t *si ); 471 1.2 christos void (*retry_info_destroy)( slap_retry_info_t *ri ); 472 1.2 christos int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen ); 473 1.2 christos int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout ); 474 1.2 christos int (*connid2str)( const ldapconn_base_t *lc, char *buf, ber_len_t buflen ); 475 1.1 lukem } ldap_extra_t; 476 1.1 lukem 477 1.1 lukem LDAP_END_DECL 478 1.1 lukem 479 1.1 lukem #include "proto-ldap.h" 480 1.1 lukem 481 1.1 lukem #endif /* SLAPD_LDAP_H */ 482