1/* back-ldap.h - ldap backend header file */ 2/* $OpenLDAP$ */ 3/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 * 5 * Copyright 1999-2011 The OpenLDAP Foundation. 6 * Portions Copyright 2000-2003 Pierangelo Masarati. 7 * Portions Copyright 1999-2003 Howard Chu. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted only as authorized by the OpenLDAP 12 * Public License. 13 * 14 * A copy of this license is available in the file LICENSE in the 15 * top-level directory of the distribution or, alternatively, at 16 * <http://www.OpenLDAP.org/license.html>. 17 */ 18/* ACKNOWLEDGEMENTS: 19 * This work was initially developed by the Howard Chu for inclusion 20 * in OpenLDAP Software and subsequently enhanced by Pierangelo 21 * Masarati. 22 */ 23 24#ifndef SLAPD_LDAP_H 25#define SLAPD_LDAP_H 26 27#include "../back-monitor/back-monitor.h" 28 29LDAP_BEGIN_DECL 30 31struct ldapinfo_t; 32 33/* stuff required for monitoring */ 34typedef struct ldap_monitor_info_t { 35 monitor_subsys_t lmi_mss; 36 struct ldapinfo_t *lmi_li; 37 38 struct berval lmi_rdn; 39 struct berval lmi_nrdn; 40 monitor_callback_t *lmi_cb; 41 struct berval lmi_base; 42 int lmi_scope; 43 struct berval lmi_filter; 44 struct berval lmi_more_filter; 45} ldap_monitor_info_t; 46 47enum { 48 /* even numbers are connection types */ 49 LDAP_BACK_PCONN_FIRST = 0, 50 LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST, 51 LDAP_BACK_PCONN_ANON = 2, 52 LDAP_BACK_PCONN_BIND = 4, 53 54 /* add the TLS bit */ 55 LDAP_BACK_PCONN_TLS = 0x1U, 56 57 LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS), 58 LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS), 59 LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS), 60 61 LDAP_BACK_PCONN_LAST 62}; 63 64typedef struct ldapconn_base_t { 65 Connection *lcb_conn; 66#define LDAP_BACK_CONN2PRIV(lc) ((unsigned long)(lc)->lc_conn) 67#define LDAP_BACK_PCONN_ISPRIV(lc) (((void *)(lc)->lc_conn) >= ((void *)LDAP_BACK_PCONN_FIRST) \ 68 && ((void *)(lc)->lc_conn) < ((void *)LDAP_BACK_PCONN_LAST)) 69#define LDAP_BACK_PCONN_ISROOTDN(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 70 && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON)) 71#define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 72 && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \ 73 && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON)) 74#define LDAP_BACK_PCONN_ISBIND(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 75 && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND)) 76#define LDAP_BACK_PCONN_ISTLS(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 77 && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS)) 78#ifdef HAVE_TLS 79#define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 80 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN)) 81#define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 82 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON)) 83#define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 84 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND)) 85#else /* ! HAVE_TLS */ 86#define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 87 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN) 88#define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 89 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON) 90#define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 91 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND) 92#endif /* ! HAVE_TLS */ 93#define LDAP_BACK_PCONN_SET(lc, op) \ 94 (BER_BVISEMPTY(&(op)->o_ndn) ? \ 95 LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op))) 96 97 struct berval lcb_local_ndn; 98 unsigned lcb_refcnt; 99 time_t lcb_create_time; 100 time_t lcb_time; 101} ldapconn_base_t; 102 103typedef struct ldapconn_t { 104 ldapconn_base_t lc_base; 105#define lc_conn lc_base.lcb_conn 106#define lc_local_ndn lc_base.lcb_local_ndn 107#define lc_refcnt lc_base.lcb_refcnt 108#define lc_create_time lc_base.lcb_create_time 109#define lc_time lc_base.lcb_time 110 111 LDAP_TAILQ_ENTRY(ldapconn_t) lc_q; 112 113 unsigned lc_lcflags; 114#define LDAP_BACK_CONN_ISSET_F(fp,f) (*(fp) & (f)) 115#define LDAP_BACK_CONN_SET_F(fp,f) (*(fp) |= (f)) 116#define LDAP_BACK_CONN_CLEAR_F(fp,f) (*(fp) &= ~(f)) 117#define LDAP_BACK_CONN_CPY_F(fp,f,mfp) \ 118 do { \ 119 if ( ((f) & *(mfp)) == (f) ) { \ 120 *(fp) |= (f); \ 121 } else { \ 122 *(fp) &= ~(f); \ 123 } \ 124 } while ( 0 ) 125 126#define LDAP_BACK_CONN_ISSET(lc,f) LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f)) 127#define LDAP_BACK_CONN_SET(lc,f) LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f)) 128#define LDAP_BACK_CONN_CLEAR(lc,f) LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f)) 129#define LDAP_BACK_CONN_CPY(lc,f,mlc) LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags) 130 131/* 0xFFF00000U are reserved for back-meta */ 132 133#define LDAP_BACK_FCONN_ISBOUND (0x00000001U) 134#define LDAP_BACK_FCONN_ISANON (0x00000002U) 135#define LDAP_BACK_FCONN_ISBMASK (LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON) 136#define LDAP_BACK_FCONN_ISPRIV (0x00000004U) 137#define LDAP_BACK_FCONN_ISTLS (0x00000008U) 138#define LDAP_BACK_FCONN_BINDING (0x00000010U) 139#define LDAP_BACK_FCONN_TAINTED (0x00000020U) 140#define LDAP_BACK_FCONN_ABANDON (0x00000040U) 141#define LDAP_BACK_FCONN_ISIDASR (0x00000080U) 142#define LDAP_BACK_FCONN_CACHED (0x00000100U) 143 144#define LDAP_BACK_CONN_ISBOUND(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND) 145#define LDAP_BACK_CONN_ISBOUND_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND) 146#define LDAP_BACK_CONN_ISBOUND_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK) 147#define LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc)) 148#define LDAP_BACK_CONN_ISANON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON) 149#define LDAP_BACK_CONN_ISANON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON) 150#define LDAP_BACK_CONN_ISANON_CLEAR(lc) LDAP_BACK_CONN_ISBOUND_CLEAR((lc)) 151#define LDAP_BACK_CONN_ISANON_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc)) 152#define LDAP_BACK_CONN_ISPRIV(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV) 153#define LDAP_BACK_CONN_ISPRIV_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV) 154#define LDAP_BACK_CONN_ISPRIV_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV) 155#define LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc)) 156#define LDAP_BACK_CONN_ISTLS(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS) 157#define LDAP_BACK_CONN_ISTLS_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS) 158#define LDAP_BACK_CONN_ISTLS_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS) 159#define LDAP_BACK_CONN_ISTLS_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc)) 160#define LDAP_BACK_CONN_BINDING(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING) 161#define LDAP_BACK_CONN_BINDING_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING) 162#define LDAP_BACK_CONN_BINDING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING) 163#define LDAP_BACK_CONN_TAINTED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED) 164#define LDAP_BACK_CONN_TAINTED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED) 165#define LDAP_BACK_CONN_TAINTED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED) 166#define LDAP_BACK_CONN_ABANDON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON) 167#define LDAP_BACK_CONN_ABANDON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON) 168#define LDAP_BACK_CONN_ABANDON_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON) 169#define LDAP_BACK_CONN_ISIDASSERT(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR) 170#define LDAP_BACK_CONN_ISIDASSERT_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR) 171#define LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR) 172#define LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc)) 173#define LDAP_BACK_CONN_CACHED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED) 174#define LDAP_BACK_CONN_CACHED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED) 175#define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED) 176 177 LDAP *lc_ld; 178 struct berval lc_cred; 179 struct berval lc_bound_ndn; 180 unsigned lc_flags; 181} ldapconn_t; 182 183typedef struct ldap_avl_info_t { 184 ldap_pvt_thread_mutex_t lai_mutex; 185 Avlnode *lai_tree; 186} ldap_avl_info_t; 187 188typedef struct slap_retry_info_t { 189 time_t *ri_interval; 190 int *ri_num; 191 int ri_idx; 192 int ri_count; 193 time_t ri_last; 194 195#define SLAP_RETRYNUM_FOREVER (-1) /* retry forever */ 196#define SLAP_RETRYNUM_TAIL (-2) /* end of retrynum array */ 197#define SLAP_RETRYNUM_VALID(n) ((n) >= SLAP_RETRYNUM_FOREVER) /* valid retrynum */ 198#define SLAP_RETRYNUM_FINITE(n) ((n) > SLAP_RETRYNUM_FOREVER) /* not forever */ 199} slap_retry_info_t; 200 201/* 202 * identity assertion modes 203 */ 204typedef enum { 205 LDAP_BACK_IDASSERT_LEGACY = 1, 206 LDAP_BACK_IDASSERT_NOASSERT, 207 LDAP_BACK_IDASSERT_ANONYMOUS, 208 LDAP_BACK_IDASSERT_SELF, 209 LDAP_BACK_IDASSERT_OTHERDN, 210 LDAP_BACK_IDASSERT_OTHERID 211} slap_idassert_mode_t; 212 213/* ID assert stuff */ 214typedef struct slap_idassert_t { 215 slap_idassert_mode_t si_mode; 216#define li_idassert_mode li_idassert.si_mode 217 218 slap_bindconf si_bc; 219#define li_idassert_authcID li_idassert.si_bc.sb_authcId 220#define li_idassert_authcDN li_idassert.si_bc.sb_binddn 221#define li_idassert_passwd li_idassert.si_bc.sb_cred 222#define li_idassert_authzID li_idassert.si_bc.sb_authzId 223#define li_idassert_authmethod li_idassert.si_bc.sb_method 224#define li_idassert_sasl_mech li_idassert.si_bc.sb_saslmech 225#define li_idassert_sasl_realm li_idassert.si_bc.sb_realm 226#define li_idassert_secprops li_idassert.si_bc.sb_secprops 227#define li_idassert_tls li_idassert.si_bc.sb_tls 228 229 unsigned si_flags; 230#define LDAP_BACK_AUTH_NONE (0x00U) 231#define LDAP_BACK_AUTH_NATIVE_AUTHZ (0x01U) 232#define LDAP_BACK_AUTH_OVERRIDE (0x02U) 233#define LDAP_BACK_AUTH_PRESCRIPTIVE (0x04U) 234#define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ (0x08U) 235#define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND (0x10U) 236#define LDAP_BACK_AUTH_AUTHZ_ALL (0x20U) 237#define LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL (0x40U) 238#define li_idassert_flags li_idassert.si_flags 239 240 BerVarray si_authz; 241#define li_idassert_authz li_idassert.si_authz 242 243 BerVarray si_passthru; 244#define li_idassert_passthru li_idassert.si_passthru 245} slap_idassert_t; 246 247/* 248 * Hook to allow mucking with ldapinfo_t when quarantine is over 249 */ 250typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * ); 251 252typedef struct ldapinfo_t { 253 /* li_uri: the string that goes into ldap_initialize() 254 * TODO: use li_acl.sb_uri instead */ 255 char *li_uri; 256 /* li_bvuri: an array of each single URI that is equivalent; 257 * to be checked for the presence of a certain item */ 258 BerVarray li_bvuri; 259 ldap_pvt_thread_mutex_t li_uri_mutex; 260 /* hack because when TLS is used we need to lock and let 261 * the li_urllist_f function to know it's locked */ 262 int li_uri_mutex_do_not_lock; 263 264 LDAP_REBIND_PROC *li_rebind_f; 265 LDAP_URLLIST_PROC *li_urllist_f; 266 void *li_urllist_p; 267 268 /* we only care about the TLS options here */ 269 slap_bindconf li_tls; 270 271 slap_bindconf li_acl; 272#define li_acl_authcID li_acl.sb_authcId 273#define li_acl_authcDN li_acl.sb_binddn 274#define li_acl_passwd li_acl.sb_cred 275#define li_acl_authzID li_acl.sb_authzId 276#define li_acl_authmethod li_acl.sb_method 277#define li_acl_sasl_mech li_acl.sb_saslmech 278#define li_acl_sasl_realm li_acl.sb_realm 279#define li_acl_secprops li_acl.sb_secprops 280 281 /* ID assert stuff */ 282 slap_idassert_t li_idassert; 283 /* end of ID assert stuff */ 284 285 int li_nretries; 286#define LDAP_BACK_RETRY_UNDEFINED (-2) 287#define LDAP_BACK_RETRY_FOREVER (-1) 288#define LDAP_BACK_RETRY_NEVER (0) 289#define LDAP_BACK_RETRY_DEFAULT (3) 290 291 unsigned li_flags; 292 293/* 0xFFF00000U are reserved for back-meta */ 294 295#define LDAP_BACK_F_NONE (0x00000000U) 296#define LDAP_BACK_F_SAVECRED (0x00000001U) 297#define LDAP_BACK_F_USE_TLS (0x00000002U) 298#define LDAP_BACK_F_PROPAGATE_TLS (0x00000004U) 299#define LDAP_BACK_F_TLS_CRITICAL (0x00000008U) 300#define LDAP_BACK_F_TLS_LDAPS (0x00000010U) 301 302#define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL) 303#define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL) 304#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS) 305#define LDAP_BACK_F_CHASE_REFERRALS (0x00000020U) 306#define LDAP_BACK_F_PROXY_WHOAMI (0x00000040U) 307 308#define LDAP_BACK_F_T_F (0x00000080U) 309#define LDAP_BACK_F_T_F_DISCOVER (0x00000100U) 310#define LDAP_BACK_F_T_F_MASK (LDAP_BACK_F_T_F) 311#define LDAP_BACK_F_T_F_MASK2 (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER) 312 313#define LDAP_BACK_F_MONITOR (0x00000200U) 314#define LDAP_BACK_F_SINGLECONN (0x00000400U) 315#define LDAP_BACK_F_USE_TEMPORARIES (0x00000800U) 316 317#define LDAP_BACK_F_ISOPEN (0x00001000U) 318 319#define LDAP_BACK_F_CANCEL_ABANDON (0x00000000U) 320#define LDAP_BACK_F_CANCEL_IGNORE (0x00002000U) 321#define LDAP_BACK_F_CANCEL_EXOP (0x00004000U) 322#define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00008000U) 323#define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP) 324#define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER) 325 326#define LDAP_BACK_F_QUARANTINE (0x00010000U) 327 328#ifdef SLAP_CONTROL_X_SESSION_TRACKING 329#define LDAP_BACK_F_ST_REQUEST (0x00020000U) 330#define LDAP_BACK_F_ST_RESPONSE (0x00040000U) 331#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 332 333#define LDAP_BACK_F_NOREFS (0x00080000U) 334#define LDAP_BACK_F_NOUNDEFFILTER (0x00100000U) 335 336#define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) ) 337#define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) ) 338 339#define LDAP_BACK_ISSET(li,f) LDAP_BACK_ISSET_F( (li)->li_flags, (f) ) 340#define LDAP_BACK_ISMASK(li,m,f) LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) ) 341 342#define LDAP_BACK_SAVECRED(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED ) 343#define LDAP_BACK_USE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS ) 344#define LDAP_BACK_PROPAGATE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS ) 345#define LDAP_BACK_TLS_CRITICAL(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL ) 346#define LDAP_BACK_CHASE_REFERRALS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS ) 347#define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI ) 348 349#define LDAP_BACK_USE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS ) 350#define LDAP_BACK_PROPAGATE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS ) 351#define LDAP_BACK_TLS_CRITICAL_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL ) 352 353#define LDAP_BACK_T_F(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F ) 354#define LDAP_BACK_T_F_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER ) 355 356#define LDAP_BACK_MONITOR(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR ) 357#define LDAP_BACK_SINGLECONN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN ) 358#define LDAP_BACK_USE_TEMPORARIES(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES) 359 360#define LDAP_BACK_ISOPEN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN ) 361 362#define LDAP_BACK_ABANDON(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON ) 363#define LDAP_BACK_IGNORE(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE ) 364#define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP ) 365#define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER ) 366 367#define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE ) 368 369#ifdef SLAP_CONTROL_X_SESSION_TRACKING 370#define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST) 371#define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE) 372#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 373 374#define LDAP_BACK_NOREFS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS) 375#define LDAP_BACK_NOUNDEFFILTER(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER) 376 377 int li_version; 378 379 /* cached connections; 380 * special conns are in tailq rather than in tree */ 381 ldap_avl_info_t li_conninfo; 382 struct { 383 int lic_num; 384 LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t) lic_priv; 385 } li_conn_priv[ LDAP_BACK_PCONN_LAST ]; 386 int li_conn_priv_max; 387#define LDAP_BACK_CONN_PRIV_MIN (1) 388#define LDAP_BACK_CONN_PRIV_MAX (256) 389 /* must be between LDAP_BACK_CONN_PRIV_MIN 390 * and LDAP_BACK_CONN_PRIV_MAX ! */ 391#define LDAP_BACK_CONN_PRIV_DEFAULT (16) 392 393 ldap_monitor_info_t li_monitor_info; 394 395 sig_atomic_t li_isquarantined; 396#define LDAP_BACK_FQ_NO (0) 397#define LDAP_BACK_FQ_YES (1) 398#define LDAP_BACK_FQ_RETRYING (2) 399 400 slap_retry_info_t li_quarantine; 401 ldap_pvt_thread_mutex_t li_quarantine_mutex; 402 ldap_back_quarantine_f li_quarantine_f; 403 void *li_quarantine_p; 404 405 time_t li_network_timeout; 406 time_t li_conn_ttl; 407 time_t li_idle_timeout; 408 time_t li_timeout[ SLAP_OP_LAST ]; 409} ldapinfo_t; 410 411#define LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE) 412 413typedef enum ldap_back_send_t { 414 LDAP_BACK_DONTSEND = 0x00, 415 LDAP_BACK_SENDOK = 0x01, 416 LDAP_BACK_SENDERR = 0x02, 417 LDAP_BACK_SENDRESULT = (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR), 418 LDAP_BACK_BINDING = 0x04, 419 420 LDAP_BACK_BIND_DONTSEND = (LDAP_BACK_BINDING), 421 LDAP_BACK_BIND_SOK = (LDAP_BACK_BINDING|LDAP_BACK_SENDOK), 422 LDAP_BACK_BIND_SERR = (LDAP_BACK_BINDING|LDAP_BACK_SENDERR), 423 LDAP_BACK_BIND_SRES = (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT), 424 425 LDAP_BACK_RETRYING = 0x08, 426 LDAP_BACK_RETRY_DONTSEND = (LDAP_BACK_RETRYING), 427 LDAP_BACK_RETRY_SOK = (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK), 428 LDAP_BACK_RETRY_SERR = (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR), 429 LDAP_BACK_RETRY_SRES = (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT), 430 431 LDAP_BACK_GETCONN = 0x10 432} ldap_back_send_t; 433 434/* define to use asynchronous StartTLS */ 435#define SLAP_STARTTLS_ASYNCHRONOUS 436 437/* timeout to use when calling ldap_result() */ 438#define LDAP_BACK_RESULT_TIMEOUT (0) 439#define LDAP_BACK_RESULT_UTIMEOUT (100000) 440#define LDAP_BACK_TV_SET(tv) \ 441 do { \ 442 (tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \ 443 (tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \ 444 } while ( 0 ) 445 446#ifndef LDAP_BACK_PRINT_CONNTREE 447#define LDAP_BACK_PRINT_CONNTREE 0 448#endif /* !LDAP_BACK_PRINT_CONNTREE */ 449 450typedef struct ldap_extra_t { 451 int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn, 452 int version, slap_idassert_t *si, LDAPControl *ctrl ); 453 int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls ); 454 int (*idassert_authzfrom_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si ); 455 int (*idassert_passthru_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si ); 456 int (*idassert_parse_cf)( const char *fname, int lineno, int argc, char *argv[], slap_idassert_t *si ); 457 void (*retry_info_destroy)( slap_retry_info_t *ri ); 458 int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen ); 459 int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout ); 460 int (*connid2str)( const ldapconn_base_t *lc, char *buf, ber_len_t buflen ); 461} ldap_extra_t; 462 463LDAP_END_DECL 464 465#include "proto-ldap.h" 466 467#endif /* SLAPD_LDAP_H */ 468