Home | History | Annotate | Line # | Download | only in back-ldap
back-ldap.h revision 1.1.1.2
      1 /* back-ldap.h - ldap backend header file */
      2 /* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/back-ldap.h,v 1.88.2.10 2008/07/10 00:28:39 quanah Exp $ */
      3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
      4  *
      5  * Copyright 1999-2008 The OpenLDAP Foundation.
      6  * Portions Copyright 2000-2003 Pierangelo Masarati.
      7  * Portions Copyright 1999-2003 Howard Chu.
      8  * All rights reserved.
      9  *
     10  * Redistribution and use in source and binary forms, with or without
     11  * modification, are permitted only as authorized by the OpenLDAP
     12  * Public License.
     13  *
     14  * A copy of this license is available in the file LICENSE in the
     15  * top-level directory of the distribution or, alternatively, at
     16  * <http://www.OpenLDAP.org/license.html>.
     17  */
     18 /* ACKNOWLEDGEMENTS:
     19  * This work was initially developed by the Howard Chu for inclusion
     20  * in OpenLDAP Software and subsequently enhanced by Pierangelo
     21  * Masarati.
     22  */
     23 
     24 #ifndef SLAPD_LDAP_H
     25 #define SLAPD_LDAP_H
     26 
     27 #include "../back-monitor/back-monitor.h"
     28 
     29 LDAP_BEGIN_DECL
     30 
     31 struct ldapinfo_t;
     32 
     33 /* stuff required for monitoring */
     34 typedef struct ldap_monitor_info_t {
     35 	monitor_subsys_t	lmi_mss;
     36 	struct ldapinfo_t	*lmi_li;
     37 
     38 	struct berval		lmi_rdn;
     39 	struct berval		lmi_nrdn;
     40 	monitor_callback_t	*lmi_cb;
     41 	struct berval		lmi_base;
     42 	int			lmi_scope;
     43 	struct berval		lmi_filter;
     44 	struct berval		lmi_more_filter;
     45 } ldap_monitor_info_t;
     46 
     47 enum {
     48 	/* even numbers are connection types */
     49 	LDAP_BACK_PCONN_FIRST = 0,
     50 	LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST,
     51 	LDAP_BACK_PCONN_ANON = 2,
     52 	LDAP_BACK_PCONN_BIND = 4,
     53 
     54 	/* add the TLS bit */
     55 	LDAP_BACK_PCONN_TLS = 0x1U,
     56 
     57 	LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS),
     58 	LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS),
     59 	LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS),
     60 
     61 	LDAP_BACK_PCONN_LAST
     62 };
     63 
     64 typedef struct ldapconn_t {
     65 	Connection		*lc_conn;
     66 #define	LDAP_BACK_CONN2PRIV(lc)		((unsigned long)(lc)->lc_conn)
     67 #define LDAP_BACK_PCONN_ISPRIV(lc)	((void *)(lc)->lc_conn >= (void *)LDAP_BACK_PCONN_FIRST \
     68 						&& (void *)(lc)->lc_conn < (void *)LDAP_BACK_PCONN_LAST)
     69 #define LDAP_BACK_PCONN_ISROOTDN(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
     70 						&& (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON))
     71 #define LDAP_BACK_PCONN_ISANON(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
     72 						&& (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \
     73 						&& (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON))
     74 #define LDAP_BACK_PCONN_ISBIND(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
     75 						&& (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND))
     76 #define LDAP_BACK_PCONN_ISTLS(lc)	(LDAP_BACK_PCONN_ISPRIV((lc)) \
     77 						&& (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS))
     78 #define	LDAP_BACK_PCONN_ID(lc)		(LDAP_BACK_PCONN_ISPRIV((lc)) ? \
     79 						( -1 - (long)(lc)->lc_conn ) : (lc)->lc_conn->c_connid )
     80 #ifdef HAVE_TLS
     81 #define	LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
     82 	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN))
     83 #define	LDAP_BACK_PCONN_ANON_SET(lc, op) \
     84 	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON))
     85 #define	LDAP_BACK_PCONN_BIND_SET(lc, op) \
     86 	((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND))
     87 #else /* ! HAVE_TLS */
     88 #define	LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
     89 	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN)
     90 #define	LDAP_BACK_PCONN_ANON_SET(lc, op) \
     91 	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON)
     92 #define	LDAP_BACK_PCONN_BIND_SET(lc, op) \
     93 	((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND)
     94 #endif /* ! HAVE_TLS */
     95 #define	LDAP_BACK_PCONN_SET(lc, op) \
     96 	(BER_BVISEMPTY(&(op)->o_ndn) ? \
     97 		LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op)))
     98 
     99 	LDAP			*lc_ld;
    100 	struct berval		lc_cred;
    101 	struct berval 		lc_bound_ndn;
    102 	struct berval		lc_local_ndn;
    103 	unsigned		lc_lcflags;
    104 #define LDAP_BACK_CONN_ISSET_F(fp,f)	(*(fp) & (f))
    105 #define	LDAP_BACK_CONN_SET_F(fp,f)	(*(fp) |= (f))
    106 #define	LDAP_BACK_CONN_CLEAR_F(fp,f)	(*(fp) &= ~(f))
    107 #define	LDAP_BACK_CONN_CPY_F(fp,f,mfp) \
    108 	do { \
    109 		if ( ((f) & *(mfp)) == (f) ) { \
    110 			*(fp) |= (f); \
    111 		} else { \
    112 			*(fp) &= ~(f); \
    113 		} \
    114 	} while ( 0 )
    115 
    116 #define LDAP_BACK_CONN_ISSET(lc,f)	LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f))
    117 #define	LDAP_BACK_CONN_SET(lc,f)	LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f))
    118 #define	LDAP_BACK_CONN_CLEAR(lc,f)	LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f))
    119 #define	LDAP_BACK_CONN_CPY(lc,f,mlc)	LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags)
    120 
    121 /* 0xFFF00000U are reserved for back-meta */
    122 
    123 #define	LDAP_BACK_FCONN_ISBOUND	(0x00000001U)
    124 #define	LDAP_BACK_FCONN_ISANON	(0x00000002U)
    125 #define	LDAP_BACK_FCONN_ISBMASK	(LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON)
    126 #define	LDAP_BACK_FCONN_ISPRIV	(0x00000004U)
    127 #define	LDAP_BACK_FCONN_ISTLS	(0x00000008U)
    128 #define	LDAP_BACK_FCONN_BINDING	(0x00000010U)
    129 #define	LDAP_BACK_FCONN_TAINTED	(0x00000020U)
    130 #define	LDAP_BACK_FCONN_ABANDON	(0x00000040U)
    131 #define	LDAP_BACK_FCONN_ISIDASR	(0x00000080U)
    132 #define	LDAP_BACK_FCONN_CACHED	(0x00000100U)
    133 
    134 #define	LDAP_BACK_CONN_ISBOUND(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND)
    135 #define	LDAP_BACK_CONN_ISBOUND_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND)
    136 #define	LDAP_BACK_CONN_ISBOUND_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK)
    137 #define	LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc))
    138 #define	LDAP_BACK_CONN_ISANON(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON)
    139 #define	LDAP_BACK_CONN_ISANON_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON)
    140 #define	LDAP_BACK_CONN_ISANON_CLEAR(lc)		LDAP_BACK_CONN_ISBOUND_CLEAR((lc))
    141 #define	LDAP_BACK_CONN_ISANON_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc))
    142 #define	LDAP_BACK_CONN_ISPRIV(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV)
    143 #define	LDAP_BACK_CONN_ISPRIV_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV)
    144 #define	LDAP_BACK_CONN_ISPRIV_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV)
    145 #define	LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc))
    146 #define	LDAP_BACK_CONN_ISTLS(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS)
    147 #define	LDAP_BACK_CONN_ISTLS_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS)
    148 #define	LDAP_BACK_CONN_ISTLS_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS)
    149 #define	LDAP_BACK_CONN_ISTLS_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc))
    150 #define	LDAP_BACK_CONN_BINDING(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING)
    151 #define	LDAP_BACK_CONN_BINDING_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING)
    152 #define	LDAP_BACK_CONN_BINDING_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING)
    153 #define	LDAP_BACK_CONN_TAINTED(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED)
    154 #define	LDAP_BACK_CONN_TAINTED_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED)
    155 #define	LDAP_BACK_CONN_TAINTED_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED)
    156 #define	LDAP_BACK_CONN_ABANDON(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON)
    157 #define	LDAP_BACK_CONN_ABANDON_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON)
    158 #define	LDAP_BACK_CONN_ABANDON_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON)
    159 #define	LDAP_BACK_CONN_ISIDASSERT(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR)
    160 #define	LDAP_BACK_CONN_ISIDASSERT_SET(lc)	LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR)
    161 #define	LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc)	LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR)
    162 #define	LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc)	LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc))
    163 #define	LDAP_BACK_CONN_CACHED(lc)		LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED)
    164 #define	LDAP_BACK_CONN_CACHED_SET(lc)		LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED)
    165 #define	LDAP_BACK_CONN_CACHED_CLEAR(lc)		LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED)
    166 
    167 	unsigned		lc_refcnt;
    168 	unsigned		lc_flags;
    169 	time_t			lc_create_time;
    170 	time_t			lc_time;
    171 
    172 	LDAP_TAILQ_ENTRY(ldapconn_t)	lc_q;
    173 } ldapconn_t;
    174 
    175 typedef struct ldap_avl_info_t {
    176 	ldap_pvt_thread_mutex_t		lai_mutex;
    177 	Avlnode				*lai_tree;
    178 } ldap_avl_info_t;
    179 
    180 typedef struct slap_retry_info_t {
    181 	time_t		*ri_interval;
    182 	int		*ri_num;
    183 	int		ri_idx;
    184 	int		ri_count;
    185 	time_t		ri_last;
    186 
    187 #define SLAP_RETRYNUM_FOREVER	(-1)		/* retry forever */
    188 #define SLAP_RETRYNUM_TAIL	(-2)		/* end of retrynum array */
    189 #define SLAP_RETRYNUM_VALID(n)	((n) >= SLAP_RETRYNUM_FOREVER)	/* valid retrynum */
    190 #define SLAP_RETRYNUM_FINITE(n)	((n) > SLAP_RETRYNUM_FOREVER)	/* not forever */
    191 } slap_retry_info_t;
    192 
    193 /*
    194  * identity assertion modes
    195  */
    196 typedef enum {
    197 	LDAP_BACK_IDASSERT_LEGACY = 1,
    198 	LDAP_BACK_IDASSERT_NOASSERT,
    199 	LDAP_BACK_IDASSERT_ANONYMOUS,
    200 	LDAP_BACK_IDASSERT_SELF,
    201 	LDAP_BACK_IDASSERT_OTHERDN,
    202 	LDAP_BACK_IDASSERT_OTHERID
    203 } slap_idassert_mode_t;
    204 
    205 /* ID assert stuff */
    206 typedef struct slap_idassert_t {
    207 	slap_idassert_mode_t	si_mode;
    208 #define	li_idassert_mode	li_idassert.si_mode
    209 
    210 	slap_bindconf	si_bc;
    211 #define	li_idassert_authcID	li_idassert.si_bc.sb_authcId
    212 #define	li_idassert_authcDN	li_idassert.si_bc.sb_binddn
    213 #define	li_idassert_passwd	li_idassert.si_bc.sb_cred
    214 #define	li_idassert_authzID	li_idassert.si_bc.sb_authzId
    215 #define	li_idassert_authmethod	li_idassert.si_bc.sb_method
    216 #define	li_idassert_sasl_mech	li_idassert.si_bc.sb_saslmech
    217 #define	li_idassert_sasl_realm	li_idassert.si_bc.sb_realm
    218 #define	li_idassert_secprops	li_idassert.si_bc.sb_secprops
    219 #define	li_idassert_tls		li_idassert.si_bc.sb_tls
    220 
    221 	unsigned 	si_flags;
    222 #define LDAP_BACK_AUTH_NONE				(0x00U)
    223 #define	LDAP_BACK_AUTH_NATIVE_AUTHZ			(0x01U)
    224 #define	LDAP_BACK_AUTH_OVERRIDE				(0x02U)
    225 #define	LDAP_BACK_AUTH_PRESCRIPTIVE			(0x04U)
    226 #define	LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ		(0x08U)
    227 #define	LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND	(0x10U)
    228 #define	LDAP_BACK_AUTH_AUTHZ_ALL			(0x20U)
    229 #define	li_idassert_flags	li_idassert.si_flags
    230 
    231 	BerVarray	si_authz;
    232 #define	li_idassert_authz	li_idassert.si_authz
    233 } slap_idassert_t;
    234 
    235 /*
    236  * Hook to allow mucking with ldapinfo_t when quarantine is over
    237  */
    238 typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * );
    239 
    240 typedef struct ldapinfo_t {
    241 	/* li_uri: the string that goes into ldap_initialize()
    242 	 * TODO: use li_acl.sb_uri instead */
    243 	char			*li_uri;
    244 	/* li_bvuri: an array of each single URI that is equivalent;
    245 	 * to be checked for the presence of a certain item */
    246 	BerVarray		li_bvuri;
    247 	ldap_pvt_thread_mutex_t	li_uri_mutex;
    248 
    249 	LDAP_REBIND_PROC	*li_rebind_f;
    250 	LDAP_URLLIST_PROC	*li_urllist_f;
    251 	void			*li_urllist_p;
    252 
    253 	/* we only care about the TLS options here */
    254 	slap_bindconf		li_tls;
    255 
    256 	slap_bindconf		li_acl;
    257 #define	li_acl_authcID		li_acl.sb_authcId
    258 #define	li_acl_authcDN		li_acl.sb_binddn
    259 #define	li_acl_passwd		li_acl.sb_cred
    260 #define	li_acl_authzID		li_acl.sb_authzId
    261 #define	li_acl_authmethod	li_acl.sb_method
    262 #define	li_acl_sasl_mech	li_acl.sb_saslmech
    263 #define	li_acl_sasl_realm	li_acl.sb_realm
    264 #define	li_acl_secprops		li_acl.sb_secprops
    265 
    266 	/* ID assert stuff */
    267 	slap_idassert_t		li_idassert;
    268 	/* end of ID assert stuff */
    269 
    270 	int			li_nretries;
    271 #define LDAP_BACK_RETRY_UNDEFINED	(-2)
    272 #define LDAP_BACK_RETRY_FOREVER		(-1)
    273 #define LDAP_BACK_RETRY_NEVER		(0)
    274 #define LDAP_BACK_RETRY_DEFAULT		(3)
    275 
    276 	unsigned		li_flags;
    277 
    278 /* 0xFFF00000U are reserved for back-meta */
    279 
    280 #define LDAP_BACK_F_NONE		(0x00000000U)
    281 #define LDAP_BACK_F_SAVECRED		(0x00000001U)
    282 #define LDAP_BACK_F_USE_TLS		(0x00000002U)
    283 #define LDAP_BACK_F_PROPAGATE_TLS	(0x00000004U)
    284 #define LDAP_BACK_F_TLS_CRITICAL	(0x00000008U)
    285 #define LDAP_BACK_F_TLS_LDAPS		(0x00000010U)
    286 
    287 #define LDAP_BACK_F_TLS_USE_MASK	(LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL)
    288 #define LDAP_BACK_F_TLS_PROPAGATE_MASK	(LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
    289 #define LDAP_BACK_F_TLS_MASK		(LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS)
    290 #define LDAP_BACK_F_CHASE_REFERRALS	(0x00000020U)
    291 #define LDAP_BACK_F_PROXY_WHOAMI	(0x00000040U)
    292 
    293 #define	LDAP_BACK_F_T_F			(0x00000080U)
    294 #define	LDAP_BACK_F_T_F_DISCOVER	(0x00000100U)
    295 #define	LDAP_BACK_F_T_F_MASK		(LDAP_BACK_F_T_F)
    296 #define	LDAP_BACK_F_T_F_MASK2		(LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER)
    297 
    298 #define LDAP_BACK_F_MONITOR		(0x00000200U)
    299 #define	LDAP_BACK_F_SINGLECONN		(0x00000400U)
    300 #define LDAP_BACK_F_USE_TEMPORARIES	(0x00000800U)
    301 
    302 #define	LDAP_BACK_F_ISOPEN		(0x00001000U)
    303 
    304 #define	LDAP_BACK_F_CANCEL_ABANDON	(0x00000000U)
    305 #define	LDAP_BACK_F_CANCEL_IGNORE	(0x00002000U)
    306 #define	LDAP_BACK_F_CANCEL_EXOP		(0x00004000U)
    307 #define	LDAP_BACK_F_CANCEL_EXOP_DISCOVER	(0x00008000U)
    308 #define	LDAP_BACK_F_CANCEL_MASK		(LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP)
    309 #define	LDAP_BACK_F_CANCEL_MASK2	(LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER)
    310 
    311 #define	LDAP_BACK_F_QUARANTINE		(0x00010000U)
    312 
    313 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
    314 #define	LDAP_BACK_F_ST_REQUEST		(0x00020000U)
    315 #define	LDAP_BACK_F_ST_RESPONSE		(0x00040000U)
    316 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
    317 
    318 #define LDAP_BACK_F_NOREFS		(0x00080000U)
    319 
    320 #define	LDAP_BACK_ISSET_F(ff,f)		( ( (ff) & (f) ) == (f) )
    321 #define	LDAP_BACK_ISMASK_F(ff,m,f)	( ( (ff) & (m) ) == (f) )
    322 
    323 #define	LDAP_BACK_ISSET(li,f)		LDAP_BACK_ISSET_F( (li)->li_flags, (f) )
    324 #define	LDAP_BACK_ISMASK(li,m,f)	LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) )
    325 
    326 #define LDAP_BACK_SAVECRED(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED )
    327 #define LDAP_BACK_USE_TLS(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS )
    328 #define LDAP_BACK_PROPAGATE_TLS(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS )
    329 #define LDAP_BACK_TLS_CRITICAL(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL )
    330 #define LDAP_BACK_CHASE_REFERRALS(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS )
    331 #define LDAP_BACK_PROXY_WHOAMI(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI )
    332 
    333 #define LDAP_BACK_USE_TLS_F(ff)		LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS )
    334 #define LDAP_BACK_PROPAGATE_TLS_F(ff)	LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS )
    335 #define LDAP_BACK_TLS_CRITICAL_F(ff)	LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL )
    336 
    337 #define	LDAP_BACK_T_F(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
    338 #define	LDAP_BACK_T_F_DISCOVER(li)	LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
    339 
    340 #define LDAP_BACK_MONITOR(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR )
    341 #define	LDAP_BACK_SINGLECONN(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN )
    342 #define	LDAP_BACK_USE_TEMPORARIES(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES)
    343 
    344 #define	LDAP_BACK_ISOPEN(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN )
    345 
    346 #define	LDAP_BACK_ABANDON(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON )
    347 #define	LDAP_BACK_IGNORE(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
    348 #define	LDAP_BACK_CANCEL(li)		LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
    349 #define	LDAP_BACK_CANCEL_DISCOVER(li)	LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
    350 
    351 #define	LDAP_BACK_QUARANTINE(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
    352 
    353 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
    354 #define	LDAP_BACK_ST_REQUEST(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST)
    355 #define	LDAP_BACK_ST_RESPONSE(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE)
    356 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
    357 
    358 #define	LDAP_BACK_NOREFS(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS)
    359 
    360 	int			li_version;
    361 
    362 	/* cached connections;
    363 	 * special conns are in tailq rather than in tree */
    364 	ldap_avl_info_t		li_conninfo;
    365 	struct {
    366 		int						lic_num;
    367 		LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t)	lic_priv;
    368 	}			li_conn_priv[ LDAP_BACK_PCONN_LAST ];
    369 	int			li_conn_priv_max;
    370 #define	LDAP_BACK_CONN_PRIV_MIN		(1)
    371 #define	LDAP_BACK_CONN_PRIV_MAX		(256)
    372 	/* must be between LDAP_BACK_CONN_PRIV_MIN
    373 	 * and LDAP_BACK_CONN_PRIV_MAX ! */
    374 #define	LDAP_BACK_CONN_PRIV_DEFAULT	(16)
    375 
    376 	ldap_monitor_info_t	li_monitor_info;
    377 
    378 	sig_atomic_t		li_isquarantined;
    379 #define	LDAP_BACK_FQ_NO		(0)
    380 #define	LDAP_BACK_FQ_YES	(1)
    381 #define	LDAP_BACK_FQ_RETRYING	(2)
    382 
    383 	slap_retry_info_t	li_quarantine;
    384 	ldap_pvt_thread_mutex_t	li_quarantine_mutex;
    385 	ldap_back_quarantine_f	li_quarantine_f;
    386 	void			*li_quarantine_p;
    387 
    388 	time_t			li_network_timeout;
    389 	time_t			li_conn_ttl;
    390 	time_t			li_idle_timeout;
    391 	time_t			li_timeout[ SLAP_OP_LAST ];
    392 } ldapinfo_t;
    393 
    394 typedef enum ldap_back_send_t {
    395 	LDAP_BACK_DONTSEND		= 0x00,
    396 	LDAP_BACK_SENDOK		= 0x01,
    397 	LDAP_BACK_SENDERR		= 0x02,
    398 	LDAP_BACK_SENDRESULT		= (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR),
    399 	LDAP_BACK_BINDING		= 0x04,
    400 
    401 	LDAP_BACK_BIND_DONTSEND		= (LDAP_BACK_BINDING),
    402 	LDAP_BACK_BIND_SOK		= (LDAP_BACK_BINDING|LDAP_BACK_SENDOK),
    403 	LDAP_BACK_BIND_SERR		= (LDAP_BACK_BINDING|LDAP_BACK_SENDERR),
    404 	LDAP_BACK_BIND_SRES		= (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT),
    405 
    406 	LDAP_BACK_RETRYING		= 0x08,
    407 	LDAP_BACK_RETRY_DONTSEND	= (LDAP_BACK_RETRYING),
    408 	LDAP_BACK_RETRY_SOK		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK),
    409 	LDAP_BACK_RETRY_SERR		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR),
    410 	LDAP_BACK_RETRY_SRES		= (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT),
    411 
    412 	LDAP_BACK_GETCONN		= 0x10
    413 } ldap_back_send_t;
    414 
    415 /* define to use asynchronous StartTLS */
    416 #define SLAP_STARTTLS_ASYNCHRONOUS
    417 
    418 /* timeout to use when calling ldap_result() */
    419 #define	LDAP_BACK_RESULT_TIMEOUT	(0)
    420 #define	LDAP_BACK_RESULT_UTIMEOUT	(100000)
    421 #define	LDAP_BACK_TV_SET(tv) \
    422 	do { \
    423 		(tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \
    424 		(tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \
    425 	} while ( 0 )
    426 
    427 #ifndef LDAP_BACK_PRINT_CONNTREE
    428 #define LDAP_BACK_PRINT_CONNTREE 0
    429 #endif /* !LDAP_BACK_PRINT_CONNTREE */
    430 
    431 typedef struct ldap_extra_t {
    432 	int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn,
    433 		int version, slap_idassert_t *si, LDAPControl	*ctrl );
    434 	int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls );
    435 	int (*idassert_authzfrom_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si );
    436 	int (*idassert_parse_cf)( const char *fname, int lineno, int argc, char *argv[], slap_idassert_t *si );
    437 	void (*retry_info_destroy)( slap_retry_info_t *ri );
    438 	int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen );
    439 	int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout );
    440 } ldap_extra_t;
    441 
    442 LDAP_END_DECL
    443 
    444 #include "proto-ldap.h"
    445 
    446 #endif /* SLAPD_LDAP_H */
    447