1 /* back-ldap.h - ldap backend header file */ 2 /* $OpenLDAP$ */ 3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 * 5 * Copyright 1999-2021 The OpenLDAP Foundation. 6 * Portions Copyright 2000-2003 Pierangelo Masarati. 7 * Portions Copyright 1999-2003 Howard Chu. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted only as authorized by the OpenLDAP 12 * Public License. 13 * 14 * A copy of this license is available in the file LICENSE in the 15 * top-level directory of the distribution or, alternatively, at 16 * <http://www.OpenLDAP.org/license.html>. 17 */ 18 /* ACKNOWLEDGEMENTS: 19 * This work was initially developed by the Howard Chu for inclusion 20 * in OpenLDAP Software and subsequently enhanced by Pierangelo 21 * Masarati. 22 */ 23 24 #ifndef SLAPD_LDAP_H 25 #define SLAPD_LDAP_H 26 27 #include "../back-monitor/back-monitor.h" 28 29 LDAP_BEGIN_DECL 30 31 struct ldapinfo_t; 32 33 /* stuff required for monitoring */ 34 typedef struct ldap_monitor_info_t { 35 monitor_subsys_t lmi_mss[2]; 36 37 struct berval lmi_ndn; 38 struct berval lmi_conn_rdn; 39 struct berval lmi_ops_rdn; 40 } ldap_monitor_info_t; 41 42 enum { 43 /* even numbers are connection types */ 44 LDAP_BACK_PCONN_FIRST = 0, 45 LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST, 46 LDAP_BACK_PCONN_ANON = 2, 47 LDAP_BACK_PCONN_BIND = 4, 48 49 /* add the TLS bit */ 50 LDAP_BACK_PCONN_TLS = 0x1U, 51 52 LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS), 53 LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS), 54 LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS), 55 56 LDAP_BACK_PCONN_LAST 57 }; 58 59 typedef struct ldapconn_base_t { 60 Connection *lcb_conn; 61 #define LDAP_BACK_CONN2PRIV(lc) ((unsigned long)(lc)->lc_conn) 62 #define LDAP_BACK_PCONN_ISPRIV(lc) (((void *)(lc)->lc_conn) >= ((void *)LDAP_BACK_PCONN_FIRST) \ 63 && ((void *)(lc)->lc_conn) < ((void *)LDAP_BACK_PCONN_LAST)) 64 #define LDAP_BACK_PCONN_ISROOTDN(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 65 && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON)) 66 #define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 67 && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \ 68 && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON)) 69 #define LDAP_BACK_PCONN_ISBIND(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 70 && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND)) 71 #define LDAP_BACK_PCONN_ISTLS(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ 72 && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS)) 73 #ifdef HAVE_TLS 74 #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 75 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN)) 76 #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 77 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON)) 78 #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 79 ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND)) 80 #else /* ! HAVE_TLS */ 81 #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ 82 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN) 83 #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ 84 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON) 85 #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ 86 ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND) 87 #endif /* ! HAVE_TLS */ 88 #define LDAP_BACK_PCONN_SET(lc, op) \ 89 (BER_BVISEMPTY(&(op)->o_ndn) ? \ 90 LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op))) 91 92 struct ldapinfo_t *lcb_ldapinfo; 93 struct berval lcb_local_ndn; 94 unsigned lcb_refcnt; 95 time_t lcb_create_time; 96 time_t lcb_time; 97 } ldapconn_base_t; 98 99 typedef struct ldapconn_t { 100 ldapconn_base_t lc_base; 101 #define lc_conn lc_base.lcb_conn 102 #define lc_ldapinfo lc_base.lcb_ldapinfo 103 #define lc_local_ndn lc_base.lcb_local_ndn 104 #define lc_refcnt lc_base.lcb_refcnt 105 #define lc_create_time lc_base.lcb_create_time 106 #define lc_time lc_base.lcb_time 107 108 LDAP_TAILQ_ENTRY(ldapconn_t) lc_q; 109 110 unsigned lc_lcflags; 111 #define LDAP_BACK_CONN_ISSET_F(fp,f) (*(fp) & (f)) 112 #define LDAP_BACK_CONN_SET_F(fp,f) (*(fp) |= (f)) 113 #define LDAP_BACK_CONN_CLEAR_F(fp,f) (*(fp) &= ~(f)) 114 #define LDAP_BACK_CONN_CPY_F(fp,f,mfp) \ 115 do { \ 116 if ( ((f) & *(mfp)) == (f) ) { \ 117 *(fp) |= (f); \ 118 } else { \ 119 *(fp) &= ~(f); \ 120 } \ 121 } while ( 0 ) 122 123 #define LDAP_BACK_CONN_ISSET(lc,f) LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f)) 124 #define LDAP_BACK_CONN_SET(lc,f) LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f)) 125 #define LDAP_BACK_CONN_CLEAR(lc,f) LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f)) 126 #define LDAP_BACK_CONN_CPY(lc,f,mlc) LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags) 127 128 /* 0xFFF00000U are reserved for back-meta */ 129 130 #define LDAP_BACK_FCONN_ISBOUND (0x00000001U) 131 #define LDAP_BACK_FCONN_ISANON (0x00000002U) 132 #define LDAP_BACK_FCONN_ISBMASK (LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON) 133 #define LDAP_BACK_FCONN_ISPRIV (0x00000004U) 134 #define LDAP_BACK_FCONN_ISTLS (0x00000008U) 135 #define LDAP_BACK_FCONN_BINDING (0x00000010U) 136 #define LDAP_BACK_FCONN_TAINTED (0x00000020U) 137 #define LDAP_BACK_FCONN_ABANDON (0x00000040U) 138 #define LDAP_BACK_FCONN_ISIDASR (0x00000080U) 139 #define LDAP_BACK_FCONN_CACHED (0x00000100U) 140 141 #define LDAP_BACK_CONN_ISBOUND(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND) 142 #define LDAP_BACK_CONN_ISBOUND_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND) 143 #define LDAP_BACK_CONN_ISBOUND_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK) 144 #define LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc)) 145 #define LDAP_BACK_CONN_ISANON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON) 146 #define LDAP_BACK_CONN_ISANON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON) 147 #define LDAP_BACK_CONN_ISANON_CLEAR(lc) LDAP_BACK_CONN_ISBOUND_CLEAR((lc)) 148 #define LDAP_BACK_CONN_ISANON_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc)) 149 #define LDAP_BACK_CONN_ISPRIV(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV) 150 #define LDAP_BACK_CONN_ISPRIV_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV) 151 #define LDAP_BACK_CONN_ISPRIV_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV) 152 #define LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc)) 153 #define LDAP_BACK_CONN_ISTLS(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS) 154 #define LDAP_BACK_CONN_ISTLS_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS) 155 #define LDAP_BACK_CONN_ISTLS_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS) 156 #define LDAP_BACK_CONN_ISTLS_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc)) 157 #define LDAP_BACK_CONN_BINDING(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING) 158 #define LDAP_BACK_CONN_BINDING_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING) 159 #define LDAP_BACK_CONN_BINDING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING) 160 #define LDAP_BACK_CONN_TAINTED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED) 161 #define LDAP_BACK_CONN_TAINTED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED) 162 #define LDAP_BACK_CONN_TAINTED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED) 163 #define LDAP_BACK_CONN_ABANDON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON) 164 #define LDAP_BACK_CONN_ABANDON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON) 165 #define LDAP_BACK_CONN_ABANDON_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON) 166 #define LDAP_BACK_CONN_ISIDASSERT(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR) 167 #define LDAP_BACK_CONN_ISIDASSERT_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR) 168 #define LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR) 169 #define LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc)) 170 #define LDAP_BACK_CONN_CACHED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED) 171 #define LDAP_BACK_CONN_CACHED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED) 172 #define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED) 173 174 LDAP *lc_ld; 175 unsigned long lc_connid; 176 struct berval lc_cred; 177 struct berval lc_bound_ndn; 178 unsigned lc_flags; 179 } ldapconn_t; 180 181 typedef struct ldap_avl_info_t { 182 ldap_pvt_thread_mutex_t lai_mutex; 183 TAvlnode *lai_tree; 184 } ldap_avl_info_t; 185 186 typedef struct slap_retry_info_t { 187 time_t *ri_interval; 188 int *ri_num; 189 int ri_idx; 190 int ri_count; 191 time_t ri_last; 192 193 #define SLAP_RETRYNUM_FOREVER (-1) /* retry forever */ 194 #define SLAP_RETRYNUM_TAIL (-2) /* end of retrynum array */ 195 #define SLAP_RETRYNUM_VALID(n) ((n) >= SLAP_RETRYNUM_FOREVER) /* valid retrynum */ 196 #define SLAP_RETRYNUM_FINITE(n) ((n) > SLAP_RETRYNUM_FOREVER) /* not forever */ 197 } slap_retry_info_t; 198 199 /* 200 * identity assertion modes 201 */ 202 typedef enum { 203 LDAP_BACK_IDASSERT_LEGACY = 1, 204 LDAP_BACK_IDASSERT_NOASSERT, 205 LDAP_BACK_IDASSERT_ANONYMOUS, 206 LDAP_BACK_IDASSERT_SELF, 207 LDAP_BACK_IDASSERT_OTHERDN, 208 LDAP_BACK_IDASSERT_OTHERID 209 } slap_idassert_mode_t; 210 211 /* ID assert stuff */ 212 typedef struct slap_idassert_t { 213 slap_idassert_mode_t si_mode; 214 #define li_idassert_mode li_idassert.si_mode 215 216 slap_bindconf si_bc; 217 #define li_idassert_authcID li_idassert.si_bc.sb_authcId 218 #define li_idassert_authcDN li_idassert.si_bc.sb_binddn 219 #define li_idassert_passwd li_idassert.si_bc.sb_cred 220 #define li_idassert_authzID li_idassert.si_bc.sb_authzId 221 #define li_idassert_authmethod li_idassert.si_bc.sb_method 222 #define li_idassert_sasl_mech li_idassert.si_bc.sb_saslmech 223 #define li_idassert_sasl_realm li_idassert.si_bc.sb_realm 224 #define li_idassert_secprops li_idassert.si_bc.sb_secprops 225 #define li_idassert_tls li_idassert.si_bc.sb_tls 226 227 unsigned si_flags; 228 #define LDAP_BACK_AUTH_NONE (0x00U) 229 #define LDAP_BACK_AUTH_NATIVE_AUTHZ (0x01U) 230 #define LDAP_BACK_AUTH_OVERRIDE (0x02U) 231 #define LDAP_BACK_AUTH_PRESCRIPTIVE (0x04U) 232 #define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ (0x08U) 233 #define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND (0x10U) 234 #define LDAP_BACK_AUTH_AUTHZ_ALL (0x20U) 235 #define LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL (0x40U) 236 #define LDAP_BACK_AUTH_DN_AUTHZID (0x100U) 237 #define LDAP_BACK_AUTH_DN_WHOAMI (0x200U) 238 #define LDAP_BACK_AUTH_DN_MASK (LDAP_BACK_AUTH_DN_AUTHZID|LDAP_BACK_AUTH_DN_WHOAMI) 239 #define li_idassert_flags li_idassert.si_flags 240 241 BerVarray si_authz; 242 #define li_idassert_authz li_idassert.si_authz 243 244 BerVarray si_passthru; 245 #define li_idassert_passthru li_idassert.si_passthru 246 } slap_idassert_t; 247 248 /* 249 * Hook to allow mucking with ldapinfo_t when quarantine is over 250 */ 251 typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * ); 252 253 typedef struct ldapinfo_t { 254 /* li_uri: the string that goes into ldap_initialize() 255 * TODO: use li_acl.sb_uri instead */ 256 char *li_uri; 257 /* li_bvuri: an array of each single URI that is equivalent; 258 * to be checked for the presence of a certain item */ 259 BerVarray li_bvuri; 260 ldap_pvt_thread_mutex_t li_uri_mutex; 261 /* hack because when TLS is used we need to lock and let 262 * the li_urllist_f function to know it's locked */ 263 int li_uri_mutex_do_not_lock; 264 265 LDAP_REBIND_PROC *li_rebind_f; 266 LDAP_URLLIST_PROC *li_urllist_f; 267 void *li_urllist_p; 268 269 /* we only care about the TLS options here */ 270 slap_bindconf li_tls; 271 272 slap_bindconf li_acl; 273 #define li_acl_authcID li_acl.sb_authcId 274 #define li_acl_authcDN li_acl.sb_binddn 275 #define li_acl_passwd li_acl.sb_cred 276 #define li_acl_authzID li_acl.sb_authzId 277 #define li_acl_authmethod li_acl.sb_method 278 #define li_acl_sasl_mech li_acl.sb_saslmech 279 #define li_acl_sasl_realm li_acl.sb_realm 280 #define li_acl_secprops li_acl.sb_secprops 281 282 /* ID assert stuff */ 283 slap_idassert_t li_idassert; 284 /* end of ID assert stuff */ 285 286 int li_nretries; 287 #define LDAP_BACK_RETRY_UNDEFINED (-2) 288 #define LDAP_BACK_RETRY_FOREVER (-1) 289 #define LDAP_BACK_RETRY_NEVER (0) 290 #define LDAP_BACK_RETRY_DEFAULT (3) 291 292 unsigned li_flags; 293 294 /* 0xFF000000U are reserved for back-meta */ 295 296 #define LDAP_BACK_F_NONE (0x00000000U) 297 #define LDAP_BACK_F_SAVECRED (0x00000001U) 298 #define LDAP_BACK_F_USE_TLS (0x00000002U) 299 #define LDAP_BACK_F_PROPAGATE_TLS (0x00000004U) 300 #define LDAP_BACK_F_TLS_CRITICAL (0x00000008U) 301 #define LDAP_BACK_F_TLS_LDAPS (0x00000010U) 302 303 #define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL) 304 #define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL) 305 #define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS) 306 #define LDAP_BACK_F_CHASE_REFERRALS (0x00000020U) 307 #define LDAP_BACK_F_PROXY_WHOAMI (0x00000040U) 308 309 #define LDAP_BACK_F_T_F (0x00000080U) 310 #define LDAP_BACK_F_T_F_DISCOVER (0x00000100U) 311 #define LDAP_BACK_F_T_F_MASK (LDAP_BACK_F_T_F) 312 #define LDAP_BACK_F_T_F_MASK2 (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER) 313 314 #define LDAP_BACK_F_MONITOR (0x00000200U) 315 #define LDAP_BACK_F_SINGLECONN (0x00000400U) 316 #define LDAP_BACK_F_USE_TEMPORARIES (0x00000800U) 317 318 #define LDAP_BACK_F_ISOPEN (0x00001000U) 319 320 #define LDAP_BACK_F_CANCEL_ABANDON (0x00000000U) 321 #define LDAP_BACK_F_CANCEL_IGNORE (0x00002000U) 322 #define LDAP_BACK_F_CANCEL_EXOP (0x00004000U) 323 #define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00008000U) 324 #define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP) 325 #define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER) 326 327 #define LDAP_BACK_F_QUARANTINE (0x00010000U) 328 329 #ifdef SLAP_CONTROL_X_SESSION_TRACKING 330 #define LDAP_BACK_F_ST_REQUEST (0x00020000U) 331 #define LDAP_BACK_F_ST_RESPONSE (0x00040000U) 332 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 333 334 #define LDAP_BACK_F_NOREFS (0x00080000U) 335 #define LDAP_BACK_F_NOUNDEFFILTER (0x00100000U) 336 #define LDAP_BACK_F_OMIT_UNKNOWN_SCHEMA (0x00200000U) 337 338 #define LDAP_BACK_F_ONERR_STOP (0x00400000U) 339 340 #define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) ) 341 #define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) ) 342 343 #define LDAP_BACK_ISSET(li,f) LDAP_BACK_ISSET_F( (li)->li_flags, (f) ) 344 #define LDAP_BACK_ISMASK(li,m,f) LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) ) 345 346 #define LDAP_BACK_SAVECRED(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED ) 347 #define LDAP_BACK_USE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS ) 348 #define LDAP_BACK_PROPAGATE_TLS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS ) 349 #define LDAP_BACK_TLS_CRITICAL(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL ) 350 #define LDAP_BACK_CHASE_REFERRALS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS ) 351 #define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI ) 352 353 #define LDAP_BACK_USE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS ) 354 #define LDAP_BACK_PROPAGATE_TLS_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS ) 355 #define LDAP_BACK_TLS_CRITICAL_F(ff) LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL ) 356 357 #define LDAP_BACK_T_F(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F ) 358 #define LDAP_BACK_T_F_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER ) 359 360 #define LDAP_BACK_MONITOR(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR ) 361 #define LDAP_BACK_SINGLECONN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN ) 362 #define LDAP_BACK_USE_TEMPORARIES(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES) 363 364 #define LDAP_BACK_ISOPEN(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN ) 365 366 #define LDAP_BACK_ABANDON(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON ) 367 #define LDAP_BACK_IGNORE(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE ) 368 #define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP ) 369 #define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER ) 370 371 #define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE ) 372 373 #ifdef SLAP_CONTROL_X_SESSION_TRACKING 374 #define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST) 375 #define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE) 376 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */ 377 378 #define LDAP_BACK_NOREFS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS) 379 #define LDAP_BACK_NOUNDEFFILTER(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER) 380 #define LDAP_BACK_OMIT_UNKNOWN_SCHEMA(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_OMIT_UNKNOWN_SCHEMA) 381 #define LDAP_BACK_ONERR_STOP(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ONERR_STOP) 382 383 int li_version; 384 385 unsigned long li_conn_nextid; 386 387 /* cached connections; 388 * special conns are in tailq rather than in tree */ 389 ldap_avl_info_t li_conninfo; 390 struct { 391 int lic_num; 392 LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t) lic_priv; 393 } li_conn_priv[ LDAP_BACK_PCONN_LAST ]; 394 int li_conn_priv_max; 395 #define LDAP_BACK_CONN_PRIV_MIN (1) 396 #define LDAP_BACK_CONN_PRIV_MAX (256) 397 /* must be between LDAP_BACK_CONN_PRIV_MIN 398 * and LDAP_BACK_CONN_PRIV_MAX ! */ 399 #define LDAP_BACK_CONN_PRIV_DEFAULT (16) 400 401 ldap_monitor_info_t li_monitor_info; 402 403 sig_atomic_t li_isquarantined; 404 #define LDAP_BACK_FQ_NO (0) 405 #define LDAP_BACK_FQ_YES (1) 406 #define LDAP_BACK_FQ_RETRYING (2) 407 408 slap_retry_info_t li_quarantine; 409 ldap_pvt_thread_mutex_t li_quarantine_mutex; 410 ldap_back_quarantine_f li_quarantine_f; 411 void *li_quarantine_p; 412 413 time_t li_network_timeout; 414 time_t li_conn_ttl; 415 time_t li_idle_timeout; 416 time_t li_timeout[ SLAP_OP_LAST ]; 417 418 ldap_pvt_thread_mutex_t li_counter_mutex; 419 ldap_pvt_mp_t li_ops_completed[SLAP_OP_LAST]; 420 struct re_s* li_conn_expire_task; 421 } ldapinfo_t; 422 423 #define LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE) 424 425 typedef enum ldap_back_send_t { 426 LDAP_BACK_DONTSEND = 0x00, 427 LDAP_BACK_SENDOK = 0x01, 428 LDAP_BACK_SENDERR = 0x02, 429 LDAP_BACK_SENDRESULT = (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR), 430 LDAP_BACK_BINDING = 0x04, 431 432 LDAP_BACK_BIND_DONTSEND = (LDAP_BACK_BINDING), 433 LDAP_BACK_BIND_SOK = (LDAP_BACK_BINDING|LDAP_BACK_SENDOK), 434 LDAP_BACK_BIND_SERR = (LDAP_BACK_BINDING|LDAP_BACK_SENDERR), 435 LDAP_BACK_BIND_SRES = (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT), 436 437 LDAP_BACK_RETRYING = 0x08, 438 LDAP_BACK_RETRY_DONTSEND = (LDAP_BACK_RETRYING), 439 LDAP_BACK_RETRY_SOK = (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK), 440 LDAP_BACK_RETRY_SERR = (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR), 441 LDAP_BACK_RETRY_SRES = (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT), 442 443 LDAP_BACK_GETCONN = 0x10 444 } ldap_back_send_t; 445 446 /* define to use asynchronous StartTLS */ 447 #define SLAP_STARTTLS_ASYNCHRONOUS 448 449 /* timeout to use when calling ldap_result() */ 450 #define LDAP_BACK_RESULT_TIMEOUT (0) 451 #define LDAP_BACK_RESULT_UTIMEOUT (100000) 452 #define LDAP_BACK_TV_SET(tv) \ 453 do { \ 454 (tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \ 455 (tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \ 456 } while ( 0 ) 457 458 #ifndef LDAP_BACK_PRINT_CONNTREE 459 #define LDAP_BACK_PRINT_CONNTREE 0 460 #endif /* !LDAP_BACK_PRINT_CONNTREE */ 461 462 typedef struct ldap_extra_t { 463 int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn, 464 int version, slap_idassert_t *si, LDAPControl *ctrl ); 465 int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls ); 466 int (*idassert_authzfrom_parse)( struct config_args_s *ca, slap_idassert_t *si ); 467 int (*idassert_passthru_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si ); 468 int (*idassert_parse)( struct config_args_s *ca, slap_idassert_t *si ); 469 void (*retry_info_destroy)( slap_retry_info_t *ri ); 470 int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen ); 471 int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout ); 472 int (*connid2str)( const ldapconn_base_t *lc, char *buf, ber_len_t buflen ); 473 } ldap_extra_t; 474 475 LDAP_END_DECL 476 477 #include "proto-ldap.h" 478 479 #endif /* SLAPD_LDAP_H */ 480