back-ldap.h revision 1.2 1 1.2 christos /* $NetBSD: back-ldap.h,v 1.2 2020/08/11 13:15:40 christos Exp $ */
2 1.2 christos
3 1.1 lukem /* back-ldap.h - ldap backend header file */
4 1.2 christos /* $OpenLDAP$ */
5 1.1 lukem /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 1.1 lukem *
7 1.2 christos * Copyright 1999-2020 The OpenLDAP Foundation.
8 1.1 lukem * Portions Copyright 2000-2003 Pierangelo Masarati.
9 1.1 lukem * Portions Copyright 1999-2003 Howard Chu.
10 1.1 lukem * All rights reserved.
11 1.1 lukem *
12 1.1 lukem * Redistribution and use in source and binary forms, with or without
13 1.1 lukem * modification, are permitted only as authorized by the OpenLDAP
14 1.1 lukem * Public License.
15 1.1 lukem *
16 1.1 lukem * A copy of this license is available in the file LICENSE in the
17 1.1 lukem * top-level directory of the distribution or, alternatively, at
18 1.1 lukem * <http://www.OpenLDAP.org/license.html>.
19 1.1 lukem */
20 1.1 lukem /* ACKNOWLEDGEMENTS:
21 1.1 lukem * This work was initially developed by the Howard Chu for inclusion
22 1.1 lukem * in OpenLDAP Software and subsequently enhanced by Pierangelo
23 1.1 lukem * Masarati.
24 1.1 lukem */
25 1.1 lukem
26 1.1 lukem #ifndef SLAPD_LDAP_H
27 1.1 lukem #define SLAPD_LDAP_H
28 1.1 lukem
29 1.1 lukem #include "../back-monitor/back-monitor.h"
30 1.1 lukem
31 1.1 lukem LDAP_BEGIN_DECL
32 1.1 lukem
33 1.1 lukem struct ldapinfo_t;
34 1.1 lukem
35 1.1 lukem /* stuff required for monitoring */
36 1.1 lukem typedef struct ldap_monitor_info_t {
37 1.2 christos monitor_subsys_t lmi_mss[2];
38 1.1 lukem
39 1.2 christos struct berval lmi_ndn;
40 1.2 christos struct berval lmi_conn_rdn;
41 1.2 christos struct berval lmi_ops_rdn;
42 1.1 lukem } ldap_monitor_info_t;
43 1.1 lukem
44 1.1 lukem enum {
45 1.1 lukem /* even numbers are connection types */
46 1.1 lukem LDAP_BACK_PCONN_FIRST = 0,
47 1.1 lukem LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST,
48 1.1 lukem LDAP_BACK_PCONN_ANON = 2,
49 1.1 lukem LDAP_BACK_PCONN_BIND = 4,
50 1.1 lukem
51 1.1 lukem /* add the TLS bit */
52 1.1 lukem LDAP_BACK_PCONN_TLS = 0x1U,
53 1.1 lukem
54 1.1 lukem LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS),
55 1.1 lukem LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS),
56 1.1 lukem LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS),
57 1.1 lukem
58 1.1 lukem LDAP_BACK_PCONN_LAST
59 1.1 lukem };
60 1.1 lukem
61 1.2 christos typedef struct ldapconn_base_t {
62 1.2 christos Connection *lcb_conn;
63 1.1 lukem #define LDAP_BACK_CONN2PRIV(lc) ((unsigned long)(lc)->lc_conn)
64 1.2 christos #define LDAP_BACK_PCONN_ISPRIV(lc) (((void *)(lc)->lc_conn) >= ((void *)LDAP_BACK_PCONN_FIRST) \
65 1.2 christos && ((void *)(lc)->lc_conn) < ((void *)LDAP_BACK_PCONN_LAST))
66 1.1 lukem #define LDAP_BACK_PCONN_ISROOTDN(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
67 1.1 lukem && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON))
68 1.1 lukem #define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
69 1.1 lukem && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \
70 1.1 lukem && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON))
71 1.1 lukem #define LDAP_BACK_PCONN_ISBIND(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
72 1.1 lukem && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND))
73 1.1 lukem #define LDAP_BACK_PCONN_ISTLS(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
74 1.1 lukem && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS))
75 1.1 lukem #ifdef HAVE_TLS
76 1.1 lukem #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
77 1.1 lukem ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN))
78 1.1 lukem #define LDAP_BACK_PCONN_ANON_SET(lc, op) \
79 1.1 lukem ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON))
80 1.1 lukem #define LDAP_BACK_PCONN_BIND_SET(lc, op) \
81 1.1 lukem ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND))
82 1.1 lukem #else /* ! HAVE_TLS */
83 1.1 lukem #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
84 1.1 lukem ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN)
85 1.1 lukem #define LDAP_BACK_PCONN_ANON_SET(lc, op) \
86 1.1 lukem ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON)
87 1.1 lukem #define LDAP_BACK_PCONN_BIND_SET(lc, op) \
88 1.1 lukem ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND)
89 1.1 lukem #endif /* ! HAVE_TLS */
90 1.1 lukem #define LDAP_BACK_PCONN_SET(lc, op) \
91 1.1 lukem (BER_BVISEMPTY(&(op)->o_ndn) ? \
92 1.1 lukem LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op)))
93 1.1 lukem
94 1.2 christos struct ldapinfo_t *lcb_ldapinfo;
95 1.2 christos struct berval lcb_local_ndn;
96 1.2 christos unsigned lcb_refcnt;
97 1.2 christos time_t lcb_create_time;
98 1.2 christos time_t lcb_time;
99 1.2 christos } ldapconn_base_t;
100 1.2 christos
101 1.2 christos typedef struct ldapconn_t {
102 1.2 christos ldapconn_base_t lc_base;
103 1.2 christos #define lc_conn lc_base.lcb_conn
104 1.2 christos #define lc_ldapinfo lc_base.lcb_ldapinfo
105 1.2 christos #define lc_local_ndn lc_base.lcb_local_ndn
106 1.2 christos #define lc_refcnt lc_base.lcb_refcnt
107 1.2 christos #define lc_create_time lc_base.lcb_create_time
108 1.2 christos #define lc_time lc_base.lcb_time
109 1.2 christos
110 1.2 christos LDAP_TAILQ_ENTRY(ldapconn_t) lc_q;
111 1.2 christos
112 1.1 lukem unsigned lc_lcflags;
113 1.1 lukem #define LDAP_BACK_CONN_ISSET_F(fp,f) (*(fp) & (f))
114 1.1 lukem #define LDAP_BACK_CONN_SET_F(fp,f) (*(fp) |= (f))
115 1.1 lukem #define LDAP_BACK_CONN_CLEAR_F(fp,f) (*(fp) &= ~(f))
116 1.1 lukem #define LDAP_BACK_CONN_CPY_F(fp,f,mfp) \
117 1.1 lukem do { \
118 1.1 lukem if ( ((f) & *(mfp)) == (f) ) { \
119 1.1 lukem *(fp) |= (f); \
120 1.1 lukem } else { \
121 1.1 lukem *(fp) &= ~(f); \
122 1.1 lukem } \
123 1.1 lukem } while ( 0 )
124 1.1 lukem
125 1.1 lukem #define LDAP_BACK_CONN_ISSET(lc,f) LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f))
126 1.1 lukem #define LDAP_BACK_CONN_SET(lc,f) LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f))
127 1.1 lukem #define LDAP_BACK_CONN_CLEAR(lc,f) LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f))
128 1.1 lukem #define LDAP_BACK_CONN_CPY(lc,f,mlc) LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags)
129 1.1 lukem
130 1.1 lukem /* 0xFFF00000U are reserved for back-meta */
131 1.1 lukem
132 1.1 lukem #define LDAP_BACK_FCONN_ISBOUND (0x00000001U)
133 1.1 lukem #define LDAP_BACK_FCONN_ISANON (0x00000002U)
134 1.1 lukem #define LDAP_BACK_FCONN_ISBMASK (LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON)
135 1.1 lukem #define LDAP_BACK_FCONN_ISPRIV (0x00000004U)
136 1.1 lukem #define LDAP_BACK_FCONN_ISTLS (0x00000008U)
137 1.1 lukem #define LDAP_BACK_FCONN_BINDING (0x00000010U)
138 1.1 lukem #define LDAP_BACK_FCONN_TAINTED (0x00000020U)
139 1.1 lukem #define LDAP_BACK_FCONN_ABANDON (0x00000040U)
140 1.1 lukem #define LDAP_BACK_FCONN_ISIDASR (0x00000080U)
141 1.1 lukem #define LDAP_BACK_FCONN_CACHED (0x00000100U)
142 1.1 lukem
143 1.1 lukem #define LDAP_BACK_CONN_ISBOUND(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND)
144 1.1 lukem #define LDAP_BACK_CONN_ISBOUND_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND)
145 1.1 lukem #define LDAP_BACK_CONN_ISBOUND_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK)
146 1.1 lukem #define LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc))
147 1.1 lukem #define LDAP_BACK_CONN_ISANON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON)
148 1.1 lukem #define LDAP_BACK_CONN_ISANON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON)
149 1.1 lukem #define LDAP_BACK_CONN_ISANON_CLEAR(lc) LDAP_BACK_CONN_ISBOUND_CLEAR((lc))
150 1.1 lukem #define LDAP_BACK_CONN_ISANON_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc))
151 1.1 lukem #define LDAP_BACK_CONN_ISPRIV(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV)
152 1.1 lukem #define LDAP_BACK_CONN_ISPRIV_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV)
153 1.1 lukem #define LDAP_BACK_CONN_ISPRIV_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV)
154 1.1 lukem #define LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc))
155 1.1 lukem #define LDAP_BACK_CONN_ISTLS(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS)
156 1.1 lukem #define LDAP_BACK_CONN_ISTLS_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS)
157 1.1 lukem #define LDAP_BACK_CONN_ISTLS_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS)
158 1.1 lukem #define LDAP_BACK_CONN_ISTLS_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc))
159 1.1 lukem #define LDAP_BACK_CONN_BINDING(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING)
160 1.1 lukem #define LDAP_BACK_CONN_BINDING_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING)
161 1.1 lukem #define LDAP_BACK_CONN_BINDING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING)
162 1.1 lukem #define LDAP_BACK_CONN_TAINTED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED)
163 1.1 lukem #define LDAP_BACK_CONN_TAINTED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED)
164 1.1 lukem #define LDAP_BACK_CONN_TAINTED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED)
165 1.1 lukem #define LDAP_BACK_CONN_ABANDON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON)
166 1.1 lukem #define LDAP_BACK_CONN_ABANDON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON)
167 1.1 lukem #define LDAP_BACK_CONN_ABANDON_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON)
168 1.1 lukem #define LDAP_BACK_CONN_ISIDASSERT(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR)
169 1.1 lukem #define LDAP_BACK_CONN_ISIDASSERT_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR)
170 1.1 lukem #define LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR)
171 1.1 lukem #define LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc))
172 1.1 lukem #define LDAP_BACK_CONN_CACHED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED)
173 1.1 lukem #define LDAP_BACK_CONN_CACHED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED)
174 1.1 lukem #define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED)
175 1.1 lukem
176 1.2 christos LDAP *lc_ld;
177 1.2 christos unsigned long lc_connid;
178 1.2 christos struct berval lc_cred;
179 1.2 christos struct berval lc_bound_ndn;
180 1.1 lukem unsigned lc_flags;
181 1.1 lukem } ldapconn_t;
182 1.1 lukem
183 1.1 lukem typedef struct ldap_avl_info_t {
184 1.1 lukem ldap_pvt_thread_mutex_t lai_mutex;
185 1.1 lukem Avlnode *lai_tree;
186 1.1 lukem } ldap_avl_info_t;
187 1.1 lukem
188 1.1 lukem typedef struct slap_retry_info_t {
189 1.1 lukem time_t *ri_interval;
190 1.1 lukem int *ri_num;
191 1.1 lukem int ri_idx;
192 1.1 lukem int ri_count;
193 1.1 lukem time_t ri_last;
194 1.1 lukem
195 1.1 lukem #define SLAP_RETRYNUM_FOREVER (-1) /* retry forever */
196 1.1 lukem #define SLAP_RETRYNUM_TAIL (-2) /* end of retrynum array */
197 1.1 lukem #define SLAP_RETRYNUM_VALID(n) ((n) >= SLAP_RETRYNUM_FOREVER) /* valid retrynum */
198 1.1 lukem #define SLAP_RETRYNUM_FINITE(n) ((n) > SLAP_RETRYNUM_FOREVER) /* not forever */
199 1.1 lukem } slap_retry_info_t;
200 1.1 lukem
201 1.1 lukem /*
202 1.1 lukem * identity assertion modes
203 1.1 lukem */
204 1.1 lukem typedef enum {
205 1.1 lukem LDAP_BACK_IDASSERT_LEGACY = 1,
206 1.1 lukem LDAP_BACK_IDASSERT_NOASSERT,
207 1.1 lukem LDAP_BACK_IDASSERT_ANONYMOUS,
208 1.1 lukem LDAP_BACK_IDASSERT_SELF,
209 1.1 lukem LDAP_BACK_IDASSERT_OTHERDN,
210 1.1 lukem LDAP_BACK_IDASSERT_OTHERID
211 1.1 lukem } slap_idassert_mode_t;
212 1.1 lukem
213 1.1 lukem /* ID assert stuff */
214 1.1 lukem typedef struct slap_idassert_t {
215 1.1 lukem slap_idassert_mode_t si_mode;
216 1.1 lukem #define li_idassert_mode li_idassert.si_mode
217 1.1 lukem
218 1.1 lukem slap_bindconf si_bc;
219 1.1 lukem #define li_idassert_authcID li_idassert.si_bc.sb_authcId
220 1.1 lukem #define li_idassert_authcDN li_idassert.si_bc.sb_binddn
221 1.1 lukem #define li_idassert_passwd li_idassert.si_bc.sb_cred
222 1.1 lukem #define li_idassert_authzID li_idassert.si_bc.sb_authzId
223 1.1 lukem #define li_idassert_authmethod li_idassert.si_bc.sb_method
224 1.1 lukem #define li_idassert_sasl_mech li_idassert.si_bc.sb_saslmech
225 1.1 lukem #define li_idassert_sasl_realm li_idassert.si_bc.sb_realm
226 1.1 lukem #define li_idassert_secprops li_idassert.si_bc.sb_secprops
227 1.1 lukem #define li_idassert_tls li_idassert.si_bc.sb_tls
228 1.1 lukem
229 1.1 lukem unsigned si_flags;
230 1.1 lukem #define LDAP_BACK_AUTH_NONE (0x00U)
231 1.1 lukem #define LDAP_BACK_AUTH_NATIVE_AUTHZ (0x01U)
232 1.1 lukem #define LDAP_BACK_AUTH_OVERRIDE (0x02U)
233 1.1 lukem #define LDAP_BACK_AUTH_PRESCRIPTIVE (0x04U)
234 1.1 lukem #define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ (0x08U)
235 1.1 lukem #define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND (0x10U)
236 1.1 lukem #define LDAP_BACK_AUTH_AUTHZ_ALL (0x20U)
237 1.2 christos #define LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL (0x40U)
238 1.1 lukem #define li_idassert_flags li_idassert.si_flags
239 1.1 lukem
240 1.1 lukem BerVarray si_authz;
241 1.1 lukem #define li_idassert_authz li_idassert.si_authz
242 1.2 christos
243 1.2 christos BerVarray si_passthru;
244 1.2 christos #define li_idassert_passthru li_idassert.si_passthru
245 1.1 lukem } slap_idassert_t;
246 1.1 lukem
247 1.1 lukem /*
248 1.1 lukem * Hook to allow mucking with ldapinfo_t when quarantine is over
249 1.1 lukem */
250 1.1 lukem typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * );
251 1.1 lukem
252 1.1 lukem typedef struct ldapinfo_t {
253 1.1 lukem /* li_uri: the string that goes into ldap_initialize()
254 1.1 lukem * TODO: use li_acl.sb_uri instead */
255 1.1 lukem char *li_uri;
256 1.1 lukem /* li_bvuri: an array of each single URI that is equivalent;
257 1.1 lukem * to be checked for the presence of a certain item */
258 1.1 lukem BerVarray li_bvuri;
259 1.1 lukem ldap_pvt_thread_mutex_t li_uri_mutex;
260 1.2 christos /* hack because when TLS is used we need to lock and let
261 1.2 christos * the li_urllist_f function to know it's locked */
262 1.2 christos int li_uri_mutex_do_not_lock;
263 1.1 lukem
264 1.1 lukem LDAP_REBIND_PROC *li_rebind_f;
265 1.1 lukem LDAP_URLLIST_PROC *li_urllist_f;
266 1.1 lukem void *li_urllist_p;
267 1.1 lukem
268 1.1 lukem /* we only care about the TLS options here */
269 1.1 lukem slap_bindconf li_tls;
270 1.1 lukem
271 1.1 lukem slap_bindconf li_acl;
272 1.1 lukem #define li_acl_authcID li_acl.sb_authcId
273 1.1 lukem #define li_acl_authcDN li_acl.sb_binddn
274 1.1 lukem #define li_acl_passwd li_acl.sb_cred
275 1.1 lukem #define li_acl_authzID li_acl.sb_authzId
276 1.1 lukem #define li_acl_authmethod li_acl.sb_method
277 1.1 lukem #define li_acl_sasl_mech li_acl.sb_saslmech
278 1.1 lukem #define li_acl_sasl_realm li_acl.sb_realm
279 1.1 lukem #define li_acl_secprops li_acl.sb_secprops
280 1.1 lukem
281 1.1 lukem /* ID assert stuff */
282 1.1 lukem slap_idassert_t li_idassert;
283 1.1 lukem /* end of ID assert stuff */
284 1.1 lukem
285 1.1 lukem int li_nretries;
286 1.1 lukem #define LDAP_BACK_RETRY_UNDEFINED (-2)
287 1.1 lukem #define LDAP_BACK_RETRY_FOREVER (-1)
288 1.1 lukem #define LDAP_BACK_RETRY_NEVER (0)
289 1.1 lukem #define LDAP_BACK_RETRY_DEFAULT (3)
290 1.1 lukem
291 1.1 lukem unsigned li_flags;
292 1.1 lukem
293 1.2 christos /* 0xFF000000U are reserved for back-meta */
294 1.1 lukem
295 1.1 lukem #define LDAP_BACK_F_NONE (0x00000000U)
296 1.1 lukem #define LDAP_BACK_F_SAVECRED (0x00000001U)
297 1.1 lukem #define LDAP_BACK_F_USE_TLS (0x00000002U)
298 1.1 lukem #define LDAP_BACK_F_PROPAGATE_TLS (0x00000004U)
299 1.1 lukem #define LDAP_BACK_F_TLS_CRITICAL (0x00000008U)
300 1.1 lukem #define LDAP_BACK_F_TLS_LDAPS (0x00000010U)
301 1.1 lukem
302 1.1 lukem #define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL)
303 1.1 lukem #define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
304 1.1 lukem #define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS)
305 1.1 lukem #define LDAP_BACK_F_CHASE_REFERRALS (0x00000020U)
306 1.1 lukem #define LDAP_BACK_F_PROXY_WHOAMI (0x00000040U)
307 1.1 lukem
308 1.1 lukem #define LDAP_BACK_F_T_F (0x00000080U)
309 1.1 lukem #define LDAP_BACK_F_T_F_DISCOVER (0x00000100U)
310 1.1 lukem #define LDAP_BACK_F_T_F_MASK (LDAP_BACK_F_T_F)
311 1.1 lukem #define LDAP_BACK_F_T_F_MASK2 (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER)
312 1.1 lukem
313 1.1 lukem #define LDAP_BACK_F_MONITOR (0x00000200U)
314 1.1 lukem #define LDAP_BACK_F_SINGLECONN (0x00000400U)
315 1.1 lukem #define LDAP_BACK_F_USE_TEMPORARIES (0x00000800U)
316 1.1 lukem
317 1.1 lukem #define LDAP_BACK_F_ISOPEN (0x00001000U)
318 1.1 lukem
319 1.1 lukem #define LDAP_BACK_F_CANCEL_ABANDON (0x00000000U)
320 1.1 lukem #define LDAP_BACK_F_CANCEL_IGNORE (0x00002000U)
321 1.1 lukem #define LDAP_BACK_F_CANCEL_EXOP (0x00004000U)
322 1.1 lukem #define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00008000U)
323 1.1 lukem #define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP)
324 1.1 lukem #define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER)
325 1.1 lukem
326 1.1 lukem #define LDAP_BACK_F_QUARANTINE (0x00010000U)
327 1.1 lukem
328 1.1 lukem #ifdef SLAP_CONTROL_X_SESSION_TRACKING
329 1.1 lukem #define LDAP_BACK_F_ST_REQUEST (0x00020000U)
330 1.1 lukem #define LDAP_BACK_F_ST_RESPONSE (0x00040000U)
331 1.1 lukem #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
332 1.1 lukem
333 1.2 christos #define LDAP_BACK_F_NOREFS (0x00080000U)
334 1.2 christos #define LDAP_BACK_F_NOUNDEFFILTER (0x00100000U)
335 1.2 christos #define LDAP_BACK_F_OMIT_UNKNOWN_SCHEMA (0x00200000U)
336 1.2 christos
337 1.2 christos #define LDAP_BACK_F_ONERR_STOP (0x00400000U)
338 1.2 christos
339 1.1 lukem #define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) )
340 1.1 lukem #define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) )
341 1.1 lukem
342 1.1 lukem #define LDAP_BACK_ISSET(li,f) LDAP_BACK_ISSET_F( (li)->li_flags, (f) )
343 1.1 lukem #define LDAP_BACK_ISMASK(li,m,f) LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) )
344 1.1 lukem
345 1.1 lukem #define LDAP_BACK_SAVECRED(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED )
346 1.1 lukem #define LDAP_BACK_USE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS )
347 1.1 lukem #define LDAP_BACK_PROPAGATE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS )
348 1.1 lukem #define LDAP_BACK_TLS_CRITICAL(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL )
349 1.1 lukem #define LDAP_BACK_CHASE_REFERRALS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS )
350 1.1 lukem #define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI )
351 1.1 lukem
352 1.1 lukem #define LDAP_BACK_USE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS )
353 1.1 lukem #define LDAP_BACK_PROPAGATE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS )
354 1.1 lukem #define LDAP_BACK_TLS_CRITICAL_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL )
355 1.1 lukem
356 1.1 lukem #define LDAP_BACK_T_F(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
357 1.1 lukem #define LDAP_BACK_T_F_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
358 1.1 lukem
359 1.1 lukem #define LDAP_BACK_MONITOR(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR )
360 1.1 lukem #define LDAP_BACK_SINGLECONN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN )
361 1.1 lukem #define LDAP_BACK_USE_TEMPORARIES(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES)
362 1.1 lukem
363 1.1 lukem #define LDAP_BACK_ISOPEN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN )
364 1.1 lukem
365 1.1 lukem #define LDAP_BACK_ABANDON(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON )
366 1.1 lukem #define LDAP_BACK_IGNORE(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
367 1.1 lukem #define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
368 1.1 lukem #define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
369 1.1 lukem
370 1.1 lukem #define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
371 1.1 lukem
372 1.1 lukem #ifdef SLAP_CONTROL_X_SESSION_TRACKING
373 1.1 lukem #define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST)
374 1.1 lukem #define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE)
375 1.1 lukem #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
376 1.1 lukem
377 1.2 christos #define LDAP_BACK_NOREFS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS)
378 1.2 christos #define LDAP_BACK_NOUNDEFFILTER(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER)
379 1.2 christos #define LDAP_BACK_OMIT_UNKNOWN_SCHEMA(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_OMIT_UNKNOWN_SCHEMA)
380 1.2 christos #define LDAP_BACK_ONERR_STOP(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ONERR_STOP)
381 1.2 christos
382 1.1 lukem int li_version;
383 1.1 lukem
384 1.2 christos unsigned long li_conn_nextid;
385 1.2 christos
386 1.1 lukem /* cached connections;
387 1.1 lukem * special conns are in tailq rather than in tree */
388 1.1 lukem ldap_avl_info_t li_conninfo;
389 1.1 lukem struct {
390 1.1 lukem int lic_num;
391 1.1 lukem LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t) lic_priv;
392 1.1 lukem } li_conn_priv[ LDAP_BACK_PCONN_LAST ];
393 1.1 lukem int li_conn_priv_max;
394 1.1 lukem #define LDAP_BACK_CONN_PRIV_MIN (1)
395 1.1 lukem #define LDAP_BACK_CONN_PRIV_MAX (256)
396 1.1 lukem /* must be between LDAP_BACK_CONN_PRIV_MIN
397 1.1 lukem * and LDAP_BACK_CONN_PRIV_MAX ! */
398 1.1 lukem #define LDAP_BACK_CONN_PRIV_DEFAULT (16)
399 1.1 lukem
400 1.1 lukem ldap_monitor_info_t li_monitor_info;
401 1.1 lukem
402 1.1 lukem sig_atomic_t li_isquarantined;
403 1.1 lukem #define LDAP_BACK_FQ_NO (0)
404 1.1 lukem #define LDAP_BACK_FQ_YES (1)
405 1.1 lukem #define LDAP_BACK_FQ_RETRYING (2)
406 1.1 lukem
407 1.1 lukem slap_retry_info_t li_quarantine;
408 1.1 lukem ldap_pvt_thread_mutex_t li_quarantine_mutex;
409 1.1 lukem ldap_back_quarantine_f li_quarantine_f;
410 1.1 lukem void *li_quarantine_p;
411 1.1 lukem
412 1.1 lukem time_t li_network_timeout;
413 1.1 lukem time_t li_conn_ttl;
414 1.1 lukem time_t li_idle_timeout;
415 1.1 lukem time_t li_timeout[ SLAP_OP_LAST ];
416 1.2 christos
417 1.2 christos ldap_pvt_thread_mutex_t li_counter_mutex;
418 1.2 christos ldap_pvt_mp_t li_ops_completed[SLAP_OP_LAST];
419 1.1 lukem } ldapinfo_t;
420 1.1 lukem
421 1.2 christos #define LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
422 1.2 christos
423 1.1 lukem typedef enum ldap_back_send_t {
424 1.1 lukem LDAP_BACK_DONTSEND = 0x00,
425 1.1 lukem LDAP_BACK_SENDOK = 0x01,
426 1.1 lukem LDAP_BACK_SENDERR = 0x02,
427 1.1 lukem LDAP_BACK_SENDRESULT = (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR),
428 1.1 lukem LDAP_BACK_BINDING = 0x04,
429 1.1 lukem
430 1.1 lukem LDAP_BACK_BIND_DONTSEND = (LDAP_BACK_BINDING),
431 1.1 lukem LDAP_BACK_BIND_SOK = (LDAP_BACK_BINDING|LDAP_BACK_SENDOK),
432 1.1 lukem LDAP_BACK_BIND_SERR = (LDAP_BACK_BINDING|LDAP_BACK_SENDERR),
433 1.1 lukem LDAP_BACK_BIND_SRES = (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT),
434 1.1 lukem
435 1.1 lukem LDAP_BACK_RETRYING = 0x08,
436 1.1 lukem LDAP_BACK_RETRY_DONTSEND = (LDAP_BACK_RETRYING),
437 1.1 lukem LDAP_BACK_RETRY_SOK = (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK),
438 1.1 lukem LDAP_BACK_RETRY_SERR = (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR),
439 1.1 lukem LDAP_BACK_RETRY_SRES = (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT),
440 1.1 lukem
441 1.1 lukem LDAP_BACK_GETCONN = 0x10
442 1.1 lukem } ldap_back_send_t;
443 1.1 lukem
444 1.1 lukem /* define to use asynchronous StartTLS */
445 1.1 lukem #define SLAP_STARTTLS_ASYNCHRONOUS
446 1.1 lukem
447 1.1 lukem /* timeout to use when calling ldap_result() */
448 1.1 lukem #define LDAP_BACK_RESULT_TIMEOUT (0)
449 1.1 lukem #define LDAP_BACK_RESULT_UTIMEOUT (100000)
450 1.1 lukem #define LDAP_BACK_TV_SET(tv) \
451 1.1 lukem do { \
452 1.1 lukem (tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \
453 1.1 lukem (tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \
454 1.1 lukem } while ( 0 )
455 1.1 lukem
456 1.1 lukem #ifndef LDAP_BACK_PRINT_CONNTREE
457 1.1 lukem #define LDAP_BACK_PRINT_CONNTREE 0
458 1.1 lukem #endif /* !LDAP_BACK_PRINT_CONNTREE */
459 1.1 lukem
460 1.1 lukem typedef struct ldap_extra_t {
461 1.1 lukem int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn,
462 1.1 lukem int version, slap_idassert_t *si, LDAPControl *ctrl );
463 1.1 lukem int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls );
464 1.2 christos int (*idassert_authzfrom_parse)( struct config_args_s *ca, slap_idassert_t *si );
465 1.2 christos int (*idassert_passthru_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si );
466 1.2 christos int (*idassert_parse)( struct config_args_s *ca, slap_idassert_t *si );
467 1.2 christos void (*retry_info_destroy)( slap_retry_info_t *ri );
468 1.2 christos int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen );
469 1.2 christos int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout );
470 1.2 christos int (*connid2str)( const ldapconn_base_t *lc, char *buf, ber_len_t buflen );
471 1.1 lukem } ldap_extra_t;
472 1.1 lukem
473 1.1 lukem LDAP_END_DECL
474 1.1 lukem
475 1.1 lukem #include "proto-ldap.h"
476 1.1 lukem
477 1.1 lukem #endif /* SLAPD_LDAP_H */
478