1 /* $NetBSD: back-ldap.h,v 1.3 2021/08/14 16:14:59 christos Exp $ */ 2 3 /* back-ldap.h - ldap backend header file */ 4 /* $OpenLDAP$ */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 1999-2021 The OpenLDAP Foundation. 8 * Portions Copyright 2000-2003 Pierangelo Masarati. 9 * Portions Copyright 1999-2003 Howard Chu. 10 * All rights reserved. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted only as authorized by the OpenLDAP 14 * Public License. 15 * 16 * A copy of this license is available in the file LICENSE in the 17 * top-level directory of the distribution or, alternatively, at 18 * <http://www.OpenLDAP.org/license.html>. 19 */ 20 /* ACKNOWLEDGEMENTS: 21 * This work was initially developed by the Howard Chu for inclusion 22 * in OpenLDAP Software and subsequently enhanced by Pierangelo 23 * Masarati. 24 */ 25 26 #ifndef SLAPD_LDAP_H 27 #define SLAPD_LDAP_H 28 29 #include "../back-monitor/back-monitor.h" 30 31 LDAP_BEGIN_DECL 32 33 struct ldapinfo_t; 34 35 /* stuff required for monitoring */ 36 typedef struct ldap_monitor_info_t { 37 monitor_subsys_t lmi_mss[2]; 38 39 struct berval lmi_ndn; 40 struct berval lmi_conn_rdn; 41 struct berval lmi_ops_rdn; 42 } ldap_monitor_info_t; 43 44 enum { 45 /* even numbers are connection types */ 46 LDAP_BACK_PCONN_FIRST = 0, 47 LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST, 48 LDAP_BACK_PCONN_ANON = 2, 49 LDAP_BACK_PCONN_BIND = 4, 50 51 /* add the TLS bit */ 52 LDAP_BACK_PCONN_TLS = 0x1U, 53 54 LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS), 55 LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS), 56 LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS), 57 58 LDAP_BACK_PCONN_LAST 59 }; 60 61 typedef struct ldapconn_base_t { 62 Connection *lcb_conn; 63 #define LDAP_BACK_CONN2PRIV(lc) ((unsigned long)(lc)->lc_conn) 64 #define LDAP_BACK_PCONN_ISPRIV(lc) (((void *)(lc)->lc_conn) >= ((void *)LDAP_BACK_PCONN_FIRST) \ 65 && ((void *)(lc)->lc_conn) < ((void *)LDAP_BACK_PCONN_LAST)) 66 #define LDAP_BACK_PCONN_ISROOTDN(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 67 && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON)) 68 #define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 69 && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \ 70 && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON)) 71 #define LDAP_BACK_PCONN_ISBIND(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 72 && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND)) 73 #define LDAP_BACK_PCONN_ISTLS(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 74 && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS)) 75 #ifdef HAVE_TLS 76 #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 77 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN)) 78 #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 79 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON)) 80 #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 81 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND)) 82 #else /* ! HAVE_TLS */ 83 #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 84 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN) 85 #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 86 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON) 87 #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 88 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND) 89 #endif /* ! HAVE_TLS */ 90 #define LDAP_BACK_PCONN_SET(lc, op) \ 91 (BER_BVISEMPTY(&(op)->o_ndn) ? \ 92 LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op))) 93 94 struct ldapinfo_t *lcb_ldapinfo; 95 struct berval lcb_local_ndn; 96 unsigned lcb_refcnt; 97 time_t lcb_create_time; 98 time_t lcb_time; 99 } ldapconn_base_t; 100 101 typedef struct ldapconn_t { 102 ldapconn_base_t lc_base; 103 #define lc_conn lc_base.lcb_conn 104 #define lc_ldapinfo lc_base.lcb_ldapinfo 105 #define lc_local_ndn lc_base.lcb_local_ndn 106 #define lc_refcnt lc_base.lcb_refcnt 107 #define lc_create_time lc_base.lcb_create_time 108 #define lc_time lc_base.lcb_time 109 110 LDAP_TAILQ_ENTRY(ldapconn_t) lc_q; 111 112 unsigned lc_lcflags; 113 #define LDAP_BACK_CONN_ISSET_F(fp,f) (*(fp) & (f)) 114 #define LDAP_BACK_CONN_SET_F(fp,f) (*(fp) |= (f)) 115 #define LDAP_BACK_CONN_CLEAR_F(fp,f) (*(fp) &= ~(f)) 116 #define LDAP_BACK_CONN_CPY_F(fp,f,mfp) \ 117 do { \ 118 if ( ((f) & *(mfp)) == (f) ) { \ 119 *(fp) |= (f); \ 120 } else { \ 121 *(fp) &= ~(f); \ 122 } \ 123 } while ( 0 ) 124 125 #define LDAP_BACK_CONN_ISSET(lc,f) LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f)) 126 #define LDAP_BACK_CONN_SET(lc,f) LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f)) 127 #define LDAP_BACK_CONN_CLEAR(lc,f) LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f)) 128 #define LDAP_BACK_CONN_CPY(lc,f,mlc) LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags) 129 130 /* 0xFFF00000U are reserved for back-meta */ 131 132 #define LDAP_BACK_FCONN_ISBOUND (0x00000001U) 133 #define LDAP_BACK_FCONN_ISANON (0x00000002U) 134 #define LDAP_BACK_FCONN_ISBMASK (LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON) 135 #define LDAP_BACK_FCONN_ISPRIV (0x00000004U) 136 #define LDAP_BACK_FCONN_ISTLS (0x00000008U) 137 #define LDAP_BACK_FCONN_BINDING (0x00000010U) 138 #define LDAP_BACK_FCONN_TAINTED (0x00000020U) 139 #define LDAP_BACK_FCONN_ABANDON (0x00000040U) 140 #define LDAP_BACK_FCONN_ISIDASR (0x00000080U) 141 #define LDAP_BACK_FCONN_CACHED (0x00000100U) 142 143 #define LDAP_BACK_CONN_ISBOUND(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND) 144 #define LDAP_BACK_CONN_ISBOUND_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND) 145 #define LDAP_BACK_CONN_ISBOUND_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK) 146 #define LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc)) 147 #define LDAP_BACK_CONN_ISANON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON) 148 #define LDAP_BACK_CONN_ISANON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON) 149 #define LDAP_BACK_CONN_ISANON_CLEAR(lc) LDAP_BACK_CONN_ISBOUND_CLEAR((lc)) 150 #define LDAP_BACK_CONN_ISANON_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc)) 151 #define LDAP_BACK_CONN_ISPRIV(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV) 152 #define LDAP_BACK_CONN_ISPRIV_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV) 153 #define LDAP_BACK_CONN_ISPRIV_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV) 154 #define LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc)) 155 #define LDAP_BACK_CONN_ISTLS(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS) 156 #define LDAP_BACK_CONN_ISTLS_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS) 157 #define LDAP_BACK_CONN_ISTLS_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS) 158 #define LDAP_BACK_CONN_ISTLS_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc)) 159 #define LDAP_BACK_CONN_BINDING(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING) 160 #define LDAP_BACK_CONN_BINDING_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING) 161 #define LDAP_BACK_CONN_BINDING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING) 162 #define LDAP_BACK_CONN_TAINTED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED) 163 #define LDAP_BACK_CONN_TAINTED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED) 164 #define LDAP_BACK_CONN_TAINTED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED) 165 #define LDAP_BACK_CONN_ABANDON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON) 166 #define LDAP_BACK_CONN_ABANDON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON) 167 #define LDAP_BACK_CONN_ABANDON_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON) 168 #define LDAP_BACK_CONN_ISIDASSERT(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR) 169 #define LDAP_BACK_CONN_ISIDASSERT_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR) 170 #define LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR) 171 #define LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc)) 172 #define LDAP_BACK_CONN_CACHED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED) 173 #define LDAP_BACK_CONN_CACHED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED) 174 #define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED) 175 176 LDAP *lc_ld; 177 unsigned long lc_connid; 178 struct berval lc_cred; 179 struct berval lc_bound_ndn; 180 unsigned lc_flags; 181 } ldapconn_t; 182 183 typedef struct ldap_avl_info_t { 184 ldap_pvt_thread_mutex_t lai_mutex; 185 TAvlnode *lai_tree; 186 } ldap_avl_info_t; 187 188 typedef struct slap_retry_info_t { 189 time_t *ri_interval; 190 int *ri_num; 191 int ri_idx; 192 int ri_count; 193 time_t ri_last; 194 195 #define SLAP_RETRYNUM_FOREVER (-1) /* retry forever */ 196 #define SLAP_RETRYNUM_TAIL (-2) /* end of retrynum array */ 197 #define SLAP_RETRYNUM_VALID(n) ((n) >= SLAP_RETRYNUM_FOREVER) /* valid retrynum */ 198 #define SLAP_RETRYNUM_FINITE(n) ((n) > SLAP_RETRYNUM_FOREVER) /* not forever */ 199 } slap_retry_info_t; 200 201 /* 202 * identity assertion modes 203 */ 204 typedef enum { 205 LDAP_BACK_IDASSERT_LEGACY = 1, 206 LDAP_BACK_IDASSERT_NOASSERT, 207 LDAP_BACK_IDASSERT_ANONYMOUS, 208 LDAP_BACK_IDASSERT_SELF, 209 LDAP_BACK_IDASSERT_OTHERDN, 210 LDAP_BACK_IDASSERT_OTHERID 211 } slap_idassert_mode_t; 212 213 /* ID assert stuff */ 214 typedef struct slap_idassert_t { 215 slap_idassert_mode_t si_mode; 216 #define li_idassert_mode li_idassert.si_mode 217 218 slap_bindconf si_bc; 219 #define li_idassert_authcID li_idassert.si_bc.sb_authcId 220 #define li_idassert_authcDN li_idassert.si_bc.sb_binddn 221 #define li_idassert_passwd li_idassert.si_bc.sb_cred 222 #define li_idassert_authzID li_idassert.si_bc.sb_authzId 223 #define li_idassert_authmethod li_idassert.si_bc.sb_method 224 #define li_idassert_sasl_mech li_idassert.si_bc.sb_saslmech 225 #define li_idassert_sasl_realm li_idassert.si_bc.sb_realm 226 #define li_idassert_secprops li_idassert.si_bc.sb_secprops 227 #define li_idassert_tls li_idassert.si_bc.sb_tls 228 229 unsigned si_flags; 230 #define LDAP_BACK_AUTH_NONE (0x00U) 231 #define LDAP_BACK_AUTH_NATIVE_AUTHZ (0x01U) 232 #define LDAP_BACK_AUTH_OVERRIDE (0x02U) 233 #define LDAP_BACK_AUTH_PRESCRIPTIVE (0x04U) 234 #define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ (0x08U) 235 #define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND (0x10U) 236 #define LDAP_BACK_AUTH_AUTHZ_ALL (0x20U) 237 #define LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL (0x40U) 238 #define LDAP_BACK_AUTH_DN_AUTHZID (0x100U) 239 #define LDAP_BACK_AUTH_DN_WHOAMI (0x200U) 240 #define LDAP_BACK_AUTH_DN_MASK (LDAP_BACK_AUTH_DN_AUTHZID|LDAP_BACK_AUTH_DN_WHOAMI) 241 #define li_idassert_flags li_idassert.si_flags 242 243 BerVarray si_authz; 244 #define li_idassert_authz li_idassert.si_authz 245 246 BerVarray si_passthru; 247 #define li_idassert_passthru li_idassert.si_passthru 248 } slap_idassert_t; 249 250 /* 251 * Hook to allow mucking with ldapinfo_t when quarantine is over 252 */ 253 typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * ); 254 255 typedef struct ldapinfo_t { 256 /* li_uri: the string that goes into ldap_initialize() 257 * TODO: use li_acl.sb_uri instead */ 258 char *li_uri; 259 /* li_bvuri: an array of each single URI that is equivalent; 260 * to be checked for the presence of a certain item */ 261 BerVarray li_bvuri; 262 ldap_pvt_thread_mutex_t li_uri_mutex; 263 /* hack because when TLS is used we need to lock and let 264 * the li_urllist_f function to know it's locked */ 265 int li_uri_mutex_do_not_lock; 266 267 LDAP_REBIND_PROC *li_rebind_f; 268 LDAP_URLLIST_PROC *li_urllist_f; 269 void *li_urllist_p; 270 271 /* we only care about the TLS options here */ 272 slap_bindconf li_tls; 273 274 slap_bindconf li_acl; 275 #define li_acl_authcID li_acl.sb_authcId 276 #define li_acl_authcDN li_acl.sb_binddn 277 #define li_acl_passwd li_acl.sb_cred 278 #define li_acl_authzID li_acl.sb_authzId 279 #define li_acl_authmethod li_acl.sb_method 280 #define li_acl_sasl_mech li_acl.sb_saslmech 281 #define li_acl_sasl_realm li_acl.sb_realm 282 #define li_acl_secprops li_acl.sb_secprops 283 284 /* ID assert stuff */ 285 slap_idassert_t li_idassert; 286 /* end of ID assert stuff */ 287 288 int li_nretries; 289 #define LDAP_BACK_RETRY_UNDEFINED (-2) 290 #define LDAP_BACK_RETRY_FOREVER (-1) 291 #define LDAP_BACK_RETRY_NEVER (0) 292 #define LDAP_BACK_RETRY_DEFAULT (3) 293 294 unsigned li_flags; 295 296 /* 0xFF000000U are reserved for back-meta */ 297 298 #define LDAP_BACK_F_NONE (0x00000000U) 299 #define LDAP_BACK_F_SAVECRED (0x00000001U) 300 #define LDAP_BACK_F_USE_TLS (0x00000002U) 301 #define LDAP_BACK_F_PROPAGATE_TLS (0x00000004U) 302 #define LDAP_BACK_F_TLS_CRITICAL (0x00000008U) 303 #define LDAP_BACK_F_TLS_LDAPS (0x00000010U) 304 305 #define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL) 306 #define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL) 307 #define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS) 308 #define LDAP_BACK_F_CHASE_REFERRALS (0x00000020U) 309 #define LDAP_BACK_F_PROXY_WHOAMI (0x00000040U) 310 311 #define LDAP_BACK_F_T_F (0x00000080U) 312 #define LDAP_BACK_F_T_F_DISCOVER (0x00000100U) 313 #define LDAP_BACK_F_T_F_MASK (LDAP_BACK_F_T_F) 314 #define LDAP_BACK_F_T_F_MASK2 (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER) 315 316 #define LDAP_BACK_F_MONITOR (0x00000200U) 317 #define LDAP_BACK_F_SINGLECONN (0x00000400U) 318 #define LDAP_BACK_F_USE_TEMPORARIES (0x00000800U) 319 320 #define LDAP_BACK_F_ISOPEN (0x00001000U) 321 322 #define LDAP_BACK_F_CANCEL_ABANDON (0x00000000U) 323 #define LDAP_BACK_F_CANCEL_IGNORE (0x00002000U) 324 #define LDAP_BACK_F_CANCEL_EXOP (0x00004000U) 325 #define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00008000U) 326 #define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP) 327 #define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER) 328 329 #define LDAP_BACK_F_QUARANTINE (0x00010000U) 330 331 #ifdef SLAP_CONTROL_X_SESSION_TRACKING 332 #define LDAP_BACK_F_ST_REQUEST (0x00020000U) 333 #define LDAP_BACK_F_ST_RESPONSE (0x00040000U) 334 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 335 336 #define LDAP_BACK_F_NOREFS (0x00080000U) 337 #define LDAP_BACK_F_NOUNDEFFILTER (0x00100000U) 338 #define LDAP_BACK_F_OMIT_UNKNOWN_SCHEMA (0x00200000U) 339 340 #define LDAP_BACK_F_ONERR_STOP (0x00400000U) 341 342 #define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) ) 343 #define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) ) 344 345 #define LDAP_BACK_ISSET(li,f) LDAP_BACK_ISSET_F( (li)->li_flags, (f) ) 346 #define LDAP_BACK_ISMASK(li,m,f) LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) ) 347 348 #define LDAP_BACK_SAVECRED(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED ) 349 #define LDAP_BACK_USE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS ) 350 #define LDAP_BACK_PROPAGATE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS ) 351 #define LDAP_BACK_TLS_CRITICAL(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL ) 352 #define LDAP_BACK_CHASE_REFERRALS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS ) 353 #define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI ) 354 355 #define LDAP_BACK_USE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS ) 356 #define LDAP_BACK_PROPAGATE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS ) 357 #define LDAP_BACK_TLS_CRITICAL_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL ) 358 359 #define LDAP_BACK_T_F(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F ) 360 #define LDAP_BACK_T_F_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER ) 361 362 #define LDAP_BACK_MONITOR(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR ) 363 #define LDAP_BACK_SINGLECONN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN ) 364 #define LDAP_BACK_USE_TEMPORARIES(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES) 365 366 #define LDAP_BACK_ISOPEN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN ) 367 368 #define LDAP_BACK_ABANDON(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON ) 369 #define LDAP_BACK_IGNORE(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE ) 370 #define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP ) 371 #define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER ) 372 373 #define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE ) 374 375 #ifdef SLAP_CONTROL_X_SESSION_TRACKING 376 #define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST) 377 #define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE) 378 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 379 380 #define LDAP_BACK_NOREFS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS) 381 #define LDAP_BACK_NOUNDEFFILTER(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER) 382 #define LDAP_BACK_OMIT_UNKNOWN_SCHEMA(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_OMIT_UNKNOWN_SCHEMA) 383 #define LDAP_BACK_ONERR_STOP(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ONERR_STOP) 384 385 int li_version; 386 387 unsigned long li_conn_nextid; 388 389 /* cached connections; 390 * special conns are in tailq rather than in tree */ 391 ldap_avl_info_t li_conninfo; 392 struct { 393 int lic_num; 394 LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t) lic_priv; 395 } li_conn_priv[ LDAP_BACK_PCONN_LAST ]; 396 int li_conn_priv_max; 397 #define LDAP_BACK_CONN_PRIV_MIN (1) 398 #define LDAP_BACK_CONN_PRIV_MAX (256) 399 /* must be between LDAP_BACK_CONN_PRIV_MIN 400 * and LDAP_BACK_CONN_PRIV_MAX ! */ 401 #define LDAP_BACK_CONN_PRIV_DEFAULT (16) 402 403 ldap_monitor_info_t li_monitor_info; 404 405 sig_atomic_t li_isquarantined; 406 #define LDAP_BACK_FQ_NO (0) 407 #define LDAP_BACK_FQ_YES (1) 408 #define LDAP_BACK_FQ_RETRYING (2) 409 410 slap_retry_info_t li_quarantine; 411 ldap_pvt_thread_mutex_t li_quarantine_mutex; 412 ldap_back_quarantine_f li_quarantine_f; 413 void *li_quarantine_p; 414 415 time_t li_network_timeout; 416 time_t li_conn_ttl; 417 time_t li_idle_timeout; 418 time_t li_timeout[ SLAP_OP_LAST ]; 419 420 ldap_pvt_thread_mutex_t li_counter_mutex; 421 ldap_pvt_mp_t li_ops_completed[SLAP_OP_LAST]; 422 struct re_s* li_conn_expire_task; 423 } ldapinfo_t; 424 425 #define LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE) 426 427 typedef enum ldap_back_send_t { 428 LDAP_BACK_DONTSEND = 0x00, 429 LDAP_BACK_SENDOK = 0x01, 430 LDAP_BACK_SENDERR = 0x02, 431 LDAP_BACK_SENDRESULT = (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR), 432 LDAP_BACK_BINDING = 0x04, 433 434 LDAP_BACK_BIND_DONTSEND = (LDAP_BACK_BINDING), 435 LDAP_BACK_BIND_SOK = (LDAP_BACK_BINDING|LDAP_BACK_SENDOK), 436 LDAP_BACK_BIND_SERR = (LDAP_BACK_BINDING|LDAP_BACK_SENDERR), 437 LDAP_BACK_BIND_SRES = (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT), 438 439 LDAP_BACK_RETRYING = 0x08, 440 LDAP_BACK_RETRY_DONTSEND = (LDAP_BACK_RETRYING), 441 LDAP_BACK_RETRY_SOK = (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK), 442 LDAP_BACK_RETRY_SERR = (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR), 443 LDAP_BACK_RETRY_SRES = (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT), 444 445 LDAP_BACK_GETCONN = 0x10 446 } ldap_back_send_t; 447 448 /* define to use asynchronous StartTLS */ 449 #define SLAP_STARTTLS_ASYNCHRONOUS 450 451 /* timeout to use when calling ldap_result() */ 452 #define LDAP_BACK_RESULT_TIMEOUT (0) 453 #define LDAP_BACK_RESULT_UTIMEOUT (100000) 454 #define LDAP_BACK_TV_SET(tv) \ 455 do { \ 456 (tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \ 457 (tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \ 458 } while ( 0 ) 459 460 #ifndef LDAP_BACK_PRINT_CONNTREE 461 #define LDAP_BACK_PRINT_CONNTREE 0 462 #endif /* !LDAP_BACK_PRINT_CONNTREE */ 463 464 typedef struct ldap_extra_t { 465 int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn, 466 int version, slap_idassert_t *si, LDAPControl *ctrl ); 467 int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls ); 468 int (*idassert_authzfrom_parse)( struct config_args_s *ca, slap_idassert_t *si ); 469 int (*idassert_passthru_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si ); 470 int (*idassert_parse)( struct config_args_s *ca, slap_idassert_t *si ); 471 void (*retry_info_destroy)( slap_retry_info_t *ri ); 472 int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen ); 473 int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout ); 474 int (*connid2str)( const ldapconn_base_t *lc, char *buf, ber_len_t buflen ); 475 } ldap_extra_t; 476 477 LDAP_END_DECL 478 479 #include "proto-ldap.h" 480 481 #endif /* SLAPD_LDAP_H */ 482