Back to index

openldap  2.4.31
back-ldap.h
Go to the documentation of this file.
00001 /* back-ldap.h - ldap backend header file */
00002 /* $OpenLDAP$ */
00003 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00004  *
00005  * Copyright 1999-2012 The OpenLDAP Foundation.
00006  * Portions Copyright 2000-2003 Pierangelo Masarati.
00007  * Portions Copyright 1999-2003 Howard Chu.
00008  * All rights reserved.
00009  *
00010  * Redistribution and use in source and binary forms, with or without
00011  * modification, are permitted only as authorized by the OpenLDAP
00012  * Public License.
00013  *
00014  * A copy of this license is available in the file LICENSE in the
00015  * top-level directory of the distribution or, alternatively, at
00016  * <http://www.OpenLDAP.org/license.html>.
00017  */
00018 /* ACKNOWLEDGEMENTS:
00019  * This work was initially developed by the Howard Chu for inclusion
00020  * in OpenLDAP Software and subsequently enhanced by Pierangelo
00021  * Masarati.
00022  */
00023 
00024 #ifndef SLAPD_LDAP_H
00025 #define SLAPD_LDAP_H
00026 
00027 #include "../back-monitor/back-monitor.h"
00028 
00029 LDAP_BEGIN_DECL
00030 
00031 struct ldapinfo_t;
00032 
00033 /* stuff required for monitoring */
00034 typedef struct ldap_monitor_info_t {
00035        monitor_subsys_t     lmi_mss;
00036        struct ldapinfo_t    *lmi_li;
00037 
00038        struct berval        lmi_rdn;
00039        struct berval        lmi_nrdn;
00040        monitor_callback_t   *lmi_cb;
00041        struct berval        lmi_base;
00042        int                  lmi_scope;
00043        struct berval        lmi_filter;
00044        struct berval        lmi_more_filter;
00045 } ldap_monitor_info_t;
00046 
00047 enum {
00048        /* even numbers are connection types */
00049        LDAP_BACK_PCONN_FIRST = 0,
00050        LDAP_BACK_PCONN_ROOTDN = LDAP_BACK_PCONN_FIRST,
00051        LDAP_BACK_PCONN_ANON = 2,
00052        LDAP_BACK_PCONN_BIND = 4,
00053 
00054        /* add the TLS bit */
00055        LDAP_BACK_PCONN_TLS = 0x1U,
00056 
00057        LDAP_BACK_PCONN_ROOTDN_TLS = (LDAP_BACK_PCONN_ROOTDN|LDAP_BACK_PCONN_TLS),
00058        LDAP_BACK_PCONN_ANON_TLS = (LDAP_BACK_PCONN_ANON|LDAP_BACK_PCONN_TLS),
00059        LDAP_BACK_PCONN_BIND_TLS = (LDAP_BACK_PCONN_BIND|LDAP_BACK_PCONN_TLS),
00060 
00061        LDAP_BACK_PCONN_LAST
00062 };
00063 
00064 typedef struct ldapconn_base_t {
00065        Connection           *lcb_conn;
00066 #define       LDAP_BACK_CONN2PRIV(lc)            ((unsigned long)(lc)->lc_conn)
00067 #define LDAP_BACK_PCONN_ISPRIV(lc) (((void *)(lc)->lc_conn) >= ((void *)LDAP_BACK_PCONN_FIRST) \
00068                                           && ((void *)(lc)->lc_conn) < ((void *)LDAP_BACK_PCONN_LAST))
00069 #define LDAP_BACK_PCONN_ISROOTDN(lc)      (LDAP_BACK_PCONN_ISPRIV((lc)) \
00070                                           && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON))
00071 #define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
00072                                           && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_BIND) \
00073                                           && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_ANON))
00074 #define LDAP_BACK_PCONN_ISBIND(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \
00075                                           && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND))
00076 #define LDAP_BACK_PCONN_ISTLS(lc)  (LDAP_BACK_PCONN_ISPRIV((lc)) \
00077                                           && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS))
00078 #ifdef HAVE_TLS
00079 #define       LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
00080        ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN))
00081 #define       LDAP_BACK_PCONN_ANON_SET(lc, op) \
00082        ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON))
00083 #define       LDAP_BACK_PCONN_BIND_SET(lc, op) \
00084        ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND))
00085 #else /* ! HAVE_TLS */
00086 #define       LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \
00087        ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN)
00088 #define       LDAP_BACK_PCONN_ANON_SET(lc, op) \
00089        ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ANON)
00090 #define       LDAP_BACK_PCONN_BIND_SET(lc, op) \
00091        ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_BIND)
00092 #endif /* ! HAVE_TLS */
00093 #define       LDAP_BACK_PCONN_SET(lc, op) \
00094        (BER_BVISEMPTY(&(op)->o_ndn) ? \
00095               LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op)))
00096 
00097        struct berval        lcb_local_ndn;
00098        unsigned             lcb_refcnt;
00099        time_t               lcb_create_time;
00100        time_t               lcb_time;
00101 } ldapconn_base_t;
00102 
00103 typedef struct ldapconn_t {
00104        ldapconn_base_t             lc_base;
00105 #define       lc_conn                     lc_base.lcb_conn
00106 #define       lc_local_ndn         lc_base.lcb_local_ndn
00107 #define       lc_refcnt            lc_base.lcb_refcnt
00108 #define       lc_create_time              lc_base.lcb_create_time
00109 #define       lc_time                     lc_base.lcb_time
00110 
00111        LDAP_TAILQ_ENTRY(ldapconn_t)       lc_q;
00112 
00113        unsigned             lc_lcflags;
00114 #define LDAP_BACK_CONN_ISSET_F(fp,f)      (*(fp) & (f))
00115 #define       LDAP_BACK_CONN_SET_F(fp,f)  (*(fp) |= (f))
00116 #define       LDAP_BACK_CONN_CLEAR_F(fp,f)       (*(fp) &= ~(f))
00117 #define       LDAP_BACK_CONN_CPY_F(fp,f,mfp) \
00118        do { \
00119               if ( ((f) & *(mfp)) == (f) ) { \
00120                      *(fp) |= (f); \
00121               } else { \
00122                      *(fp) &= ~(f); \
00123               } \
00124        } while ( 0 )
00125 
00126 #define LDAP_BACK_CONN_ISSET(lc,f) LDAP_BACK_CONN_ISSET_F(&(lc)->lc_lcflags, (f))
00127 #define       LDAP_BACK_CONN_SET(lc,f)    LDAP_BACK_CONN_SET_F(&(lc)->lc_lcflags, (f))
00128 #define       LDAP_BACK_CONN_CLEAR(lc,f)  LDAP_BACK_CONN_CLEAR_F(&(lc)->lc_lcflags, (f))
00129 #define       LDAP_BACK_CONN_CPY(lc,f,mlc)       LDAP_BACK_CONN_CPY_F(&(lc)->lc_lcflags, (f), &(mlc)->lc_lcflags)
00130 
00131 /* 0xFFF00000U are reserved for back-meta */
00132 
00133 #define       LDAP_BACK_FCONN_ISBOUND     (0x00000001U)
00134 #define       LDAP_BACK_FCONN_ISANON      (0x00000002U)
00135 #define       LDAP_BACK_FCONN_ISBMASK     (LDAP_BACK_FCONN_ISBOUND|LDAP_BACK_FCONN_ISANON)
00136 #define       LDAP_BACK_FCONN_ISPRIV      (0x00000004U)
00137 #define       LDAP_BACK_FCONN_ISTLS       (0x00000008U)
00138 #define       LDAP_BACK_FCONN_BINDING     (0x00000010U)
00139 #define       LDAP_BACK_FCONN_TAINTED     (0x00000020U)
00140 #define       LDAP_BACK_FCONN_ABANDON     (0x00000040U)
00141 #define       LDAP_BACK_FCONN_ISIDASR     (0x00000080U)
00142 #define       LDAP_BACK_FCONN_CACHED      (0x00000100U)
00143 
00144 #define       LDAP_BACK_CONN_ISBOUND(lc)         LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND)
00145 #define       LDAP_BACK_CONN_ISBOUND_SET(lc)            LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND)
00146 #define       LDAP_BACK_CONN_ISBOUND_CLEAR(lc)   LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISBMASK)
00147 #define       LDAP_BACK_CONN_ISBOUND_CPY(lc, mlc)       LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISBOUND, (mlc))
00148 #define       LDAP_BACK_CONN_ISANON(lc)          LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISANON)
00149 #define       LDAP_BACK_CONN_ISANON_SET(lc)             LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISANON)
00150 #define       LDAP_BACK_CONN_ISANON_CLEAR(lc)           LDAP_BACK_CONN_ISBOUND_CLEAR((lc))
00151 #define       LDAP_BACK_CONN_ISANON_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISANON, (mlc))
00152 #define       LDAP_BACK_CONN_ISPRIV(lc)          LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISPRIV)
00153 #define       LDAP_BACK_CONN_ISPRIV_SET(lc)             LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISPRIV)
00154 #define       LDAP_BACK_CONN_ISPRIV_CLEAR(lc)           LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISPRIV)
00155 #define       LDAP_BACK_CONN_ISPRIV_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISPRIV, (mlc))
00156 #define       LDAP_BACK_CONN_ISTLS(lc)           LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISTLS)
00157 #define       LDAP_BACK_CONN_ISTLS_SET(lc)              LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISTLS)
00158 #define       LDAP_BACK_CONN_ISTLS_CLEAR(lc)            LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISTLS)
00159 #define       LDAP_BACK_CONN_ISTLS_CPY(lc, mlc)  LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISTLS, (mlc))
00160 #define       LDAP_BACK_CONN_BINDING(lc)         LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_BINDING)
00161 #define       LDAP_BACK_CONN_BINDING_SET(lc)            LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_BINDING)
00162 #define       LDAP_BACK_CONN_BINDING_CLEAR(lc)   LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_BINDING)
00163 #define       LDAP_BACK_CONN_TAINTED(lc)         LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED)
00164 #define       LDAP_BACK_CONN_TAINTED_SET(lc)            LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED)
00165 #define       LDAP_BACK_CONN_TAINTED_CLEAR(lc)   LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED)
00166 #define       LDAP_BACK_CONN_ABANDON(lc)         LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON)
00167 #define       LDAP_BACK_CONN_ABANDON_SET(lc)            LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON)
00168 #define       LDAP_BACK_CONN_ABANDON_CLEAR(lc)   LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON)
00169 #define       LDAP_BACK_CONN_ISIDASSERT(lc)             LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR)
00170 #define       LDAP_BACK_CONN_ISIDASSERT_SET(lc)  LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR)
00171 #define       LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc)       LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR)
00172 #define       LDAP_BACK_CONN_ISIDASSERT_CPY(lc, mlc)    LDAP_BACK_CONN_CPY((lc), LDAP_BACK_FCONN_ISIDASR, (mlc))
00173 #define       LDAP_BACK_CONN_CACHED(lc)          LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_CACHED)
00174 #define       LDAP_BACK_CONN_CACHED_SET(lc)             LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED)
00175 #define       LDAP_BACK_CONN_CACHED_CLEAR(lc)           LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED)
00176 
00177        LDAP                 *lc_ld;
00178        struct berval        lc_cred;
00179        struct berval               lc_bound_ndn;
00180        unsigned             lc_flags;
00181 } ldapconn_t;
00182 
00183 typedef struct ldap_avl_info_t {
00184        ldap_pvt_thread_mutex_t            lai_mutex;
00185        Avlnode                            *lai_tree;
00186 } ldap_avl_info_t;
00187 
00188 typedef struct slap_retry_info_t {
00189        time_t        *ri_interval;
00190        int           *ri_num;
00191        int           ri_idx;
00192        int           ri_count;
00193        time_t        ri_last;
00194 
00195 #define SLAP_RETRYNUM_FOREVER      (-1)          /* retry forever */
00196 #define SLAP_RETRYNUM_TAIL  (-2)          /* end of retrynum array */
00197 #define SLAP_RETRYNUM_VALID(n)     ((n) >= SLAP_RETRYNUM_FOREVER)     /* valid retrynum */
00198 #define SLAP_RETRYNUM_FINITE(n)    ((n) > SLAP_RETRYNUM_FOREVER)      /* not forever */
00199 } slap_retry_info_t;
00200 
00201 /*
00202  * identity assertion modes
00203  */
00204 typedef enum {
00205        LDAP_BACK_IDASSERT_LEGACY = 1,
00206        LDAP_BACK_IDASSERT_NOASSERT,
00207        LDAP_BACK_IDASSERT_ANONYMOUS,
00208        LDAP_BACK_IDASSERT_SELF,
00209        LDAP_BACK_IDASSERT_OTHERDN,
00210        LDAP_BACK_IDASSERT_OTHERID
00211 } slap_idassert_mode_t;
00212 
00213 /* ID assert stuff */
00214 typedef struct slap_idassert_t {
00215        slap_idassert_mode_t si_mode;
00216 #define       li_idassert_mode     li_idassert.si_mode
00217 
00218        slap_bindconf si_bc;
00219 #define       li_idassert_authcID  li_idassert.si_bc.sb_authcId
00220 #define       li_idassert_authcDN  li_idassert.si_bc.sb_binddn
00221 #define       li_idassert_passwd   li_idassert.si_bc.sb_cred
00222 #define       li_idassert_authzID  li_idassert.si_bc.sb_authzId
00223 #define       li_idassert_authmethod      li_idassert.si_bc.sb_method
00224 #define       li_idassert_sasl_mech       li_idassert.si_bc.sb_saslmech
00225 #define       li_idassert_sasl_realm      li_idassert.si_bc.sb_realm
00226 #define       li_idassert_secprops li_idassert.si_bc.sb_secprops
00227 #define       li_idassert_tls             li_idassert.si_bc.sb_tls
00228 
00229        unsigned      si_flags;
00230 #define LDAP_BACK_AUTH_NONE                      (0x00U)
00231 #define       LDAP_BACK_AUTH_NATIVE_AUTHZ               (0x01U)
00232 #define       LDAP_BACK_AUTH_OVERRIDE                          (0x02U)
00233 #define       LDAP_BACK_AUTH_PRESCRIPTIVE               (0x04U)
00234 #define       LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ              (0x08U)
00235 #define       LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND      (0x10U)
00236 #define       LDAP_BACK_AUTH_AUTHZ_ALL                  (0x20U)
00237 #define       LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL        (0x40U)
00238 #define       li_idassert_flags    li_idassert.si_flags
00239 
00240        BerVarray     si_authz;
00241 #define       li_idassert_authz    li_idassert.si_authz
00242 
00243        BerVarray     si_passthru;
00244 #define       li_idassert_passthru li_idassert.si_passthru
00245 } slap_idassert_t;
00246 
00247 /*
00248  * Hook to allow mucking with ldapinfo_t when quarantine is over
00249  */
00250 typedef int (*ldap_back_quarantine_f)( struct ldapinfo_t *, void * );
00251 
00252 typedef struct ldapinfo_t {
00253        /* li_uri: the string that goes into ldap_initialize()
00254         * TODO: use li_acl.sb_uri instead */
00255        char                 *li_uri;
00256        /* li_bvuri: an array of each single URI that is equivalent;
00257         * to be checked for the presence of a certain item */
00258        BerVarray            li_bvuri;
00259        ldap_pvt_thread_mutex_t     li_uri_mutex;
00260        /* hack because when TLS is used we need to lock and let 
00261         * the li_urllist_f function to know it's locked */
00262        int                  li_uri_mutex_do_not_lock;
00263 
00264        LDAP_REBIND_PROC     *li_rebind_f;
00265        LDAP_URLLIST_PROC    *li_urllist_f;
00266        void                 *li_urllist_p;
00267 
00268        /* we only care about the TLS options here */
00269        slap_bindconf        li_tls;
00270 
00271        slap_bindconf        li_acl;
00272 #define       li_acl_authcID              li_acl.sb_authcId
00273 #define       li_acl_authcDN              li_acl.sb_binddn
00274 #define       li_acl_passwd        li_acl.sb_cred
00275 #define       li_acl_authzID              li_acl.sb_authzId
00276 #define       li_acl_authmethod    li_acl.sb_method
00277 #define       li_acl_sasl_mech     li_acl.sb_saslmech
00278 #define       li_acl_sasl_realm    li_acl.sb_realm
00279 #define       li_acl_secprops             li_acl.sb_secprops
00280 
00281        /* ID assert stuff */
00282        slap_idassert_t             li_idassert;
00283        /* end of ID assert stuff */
00284 
00285        int                  li_nretries;
00286 #define LDAP_BACK_RETRY_UNDEFINED  (-2)
00287 #define LDAP_BACK_RETRY_FOREVER           (-1)
00288 #define LDAP_BACK_RETRY_NEVER             (0)
00289 #define LDAP_BACK_RETRY_DEFAULT           (3)
00290 
00291        unsigned             li_flags;
00292 
00293 /* 0xFFF00000U are reserved for back-meta */
00294 
00295 #define LDAP_BACK_F_NONE           (0x00000000U)
00296 #define LDAP_BACK_F_SAVECRED              (0x00000001U)
00297 #define LDAP_BACK_F_USE_TLS        (0x00000002U)
00298 #define LDAP_BACK_F_PROPAGATE_TLS  (0x00000004U)
00299 #define LDAP_BACK_F_TLS_CRITICAL   (0x00000008U)
00300 #define LDAP_BACK_F_TLS_LDAPS             (0x00000010U)
00301 
00302 #define LDAP_BACK_F_TLS_USE_MASK   (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL)
00303 #define LDAP_BACK_F_TLS_PROPAGATE_MASK    (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
00304 #define LDAP_BACK_F_TLS_MASK              (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS)
00305 #define LDAP_BACK_F_CHASE_REFERRALS       (0x00000020U)
00306 #define LDAP_BACK_F_PROXY_WHOAMI   (0x00000040U)
00307 
00308 #define       LDAP_BACK_F_T_F                    (0x00000080U)
00309 #define       LDAP_BACK_F_T_F_DISCOVER    (0x00000100U)
00310 #define       LDAP_BACK_F_T_F_MASK        (LDAP_BACK_F_T_F)
00311 #define       LDAP_BACK_F_T_F_MASK2              (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER)
00312 
00313 #define LDAP_BACK_F_MONITOR        (0x00000200U)
00314 #define       LDAP_BACK_F_SINGLECONN             (0x00000400U)
00315 #define LDAP_BACK_F_USE_TEMPORARIES       (0x00000800U)
00316 
00317 #define       LDAP_BACK_F_ISOPEN          (0x00001000U)
00318 
00319 #define       LDAP_BACK_F_CANCEL_ABANDON  (0x00000000U)
00320 #define       LDAP_BACK_F_CANCEL_IGNORE   (0x00002000U)
00321 #define       LDAP_BACK_F_CANCEL_EXOP            (0x00004000U)
00322 #define       LDAP_BACK_F_CANCEL_EXOP_DISCOVER   (0x00008000U)
00323 #define       LDAP_BACK_F_CANCEL_MASK            (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP)
00324 #define       LDAP_BACK_F_CANCEL_MASK2    (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER)
00325 
00326 #define       LDAP_BACK_F_QUARANTINE             (0x00010000U)
00327 
00328 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
00329 #define       LDAP_BACK_F_ST_REQUEST             (0x00020000U)
00330 #define       LDAP_BACK_F_ST_RESPONSE            (0x00040000U)
00331 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
00332 
00333 #define LDAP_BACK_F_NOREFS         (0x00080000U)
00334 #define LDAP_BACK_F_NOUNDEFFILTER  (0x00100000U)
00335 
00336 #define       LDAP_BACK_ISSET_F(ff,f)            ( ( (ff) & (f) ) == (f) )
00337 #define       LDAP_BACK_ISMASK_F(ff,m,f)  ( ( (ff) & (m) ) == (f) )
00338 
00339 #define       LDAP_BACK_ISSET(li,f)              LDAP_BACK_ISSET_F( (li)->li_flags, (f) )
00340 #define       LDAP_BACK_ISMASK(li,m,f)    LDAP_BACK_ISMASK_F( (li)->li_flags, (m), (f) )
00341 
00342 #define LDAP_BACK_SAVECRED(li)            LDAP_BACK_ISSET( (li), LDAP_BACK_F_SAVECRED )
00343 #define LDAP_BACK_USE_TLS(li)             LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TLS )
00344 #define LDAP_BACK_PROPAGATE_TLS(li)       LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROPAGATE_TLS )
00345 #define LDAP_BACK_TLS_CRITICAL(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_TLS_CRITICAL )
00346 #define LDAP_BACK_CHASE_REFERRALS(li)     LDAP_BACK_ISSET( (li), LDAP_BACK_F_CHASE_REFERRALS )
00347 #define LDAP_BACK_PROXY_WHOAMI(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_PROXY_WHOAMI )
00348 
00349 #define LDAP_BACK_USE_TLS_F(ff)           LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_USE_TLS )
00350 #define LDAP_BACK_PROPAGATE_TLS_F(ff)     LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_PROPAGATE_TLS )
00351 #define LDAP_BACK_TLS_CRITICAL_F(ff)      LDAP_BACK_ISSET_F( (ff), LDAP_BACK_F_TLS_CRITICAL )
00352 
00353 #define       LDAP_BACK_T_F(li)           LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
00354 #define       LDAP_BACK_T_F_DISCOVER(li)  LDAP_BACK_ISMASK( (li), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
00355 
00356 #define LDAP_BACK_MONITOR(li)             LDAP_BACK_ISSET( (li), LDAP_BACK_F_MONITOR )
00357 #define       LDAP_BACK_SINGLECONN(li)    LDAP_BACK_ISSET( (li), LDAP_BACK_F_SINGLECONN )
00358 #define       LDAP_BACK_USE_TEMPORARIES(li)      LDAP_BACK_ISSET( (li), LDAP_BACK_F_USE_TEMPORARIES)
00359 
00360 #define       LDAP_BACK_ISOPEN(li)        LDAP_BACK_ISSET( (li), LDAP_BACK_F_ISOPEN )
00361 
00362 #define       LDAP_BACK_ABANDON(li)              LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_ABANDON )
00363 #define       LDAP_BACK_IGNORE(li)        LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
00364 #define       LDAP_BACK_CANCEL(li)        LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
00365 #define       LDAP_BACK_CANCEL_DISCOVER(li)      LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
00366 
00367 #define       LDAP_BACK_QUARANTINE(li)    LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE )
00368 
00369 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
00370 #define       LDAP_BACK_ST_REQUEST(li)    LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST)
00371 #define       LDAP_BACK_ST_RESPONSE(li)   LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE)
00372 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
00373 
00374 #define       LDAP_BACK_NOREFS(li)        LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS)
00375 #define       LDAP_BACK_NOUNDEFFILTER(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER)
00376 
00377        int                  li_version;
00378 
00379        /* cached connections; 
00380         * special conns are in tailq rather than in tree */
00381        ldap_avl_info_t             li_conninfo;
00382        struct {
00383               int                                       lic_num;
00384               LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t)      lic_priv;
00385        }                    li_conn_priv[ LDAP_BACK_PCONN_LAST ];
00386        int                  li_conn_priv_max;
00387 #define       LDAP_BACK_CONN_PRIV_MIN            (1)
00388 #define       LDAP_BACK_CONN_PRIV_MAX            (256)
00389        /* must be between LDAP_BACK_CONN_PRIV_MIN
00390         * and LDAP_BACK_CONN_PRIV_MAX ! */
00391 #define       LDAP_BACK_CONN_PRIV_DEFAULT (16)
00392 
00393        ldap_monitor_info_t  li_monitor_info;
00394 
00395        sig_atomic_t         li_isquarantined;
00396 #define       LDAP_BACK_FQ_NO             (0)
00397 #define       LDAP_BACK_FQ_YES     (1)
00398 #define       LDAP_BACK_FQ_RETRYING       (2)
00399 
00400        slap_retry_info_t    li_quarantine;
00401        ldap_pvt_thread_mutex_t     li_quarantine_mutex;
00402        ldap_back_quarantine_f      li_quarantine_f;
00403        void                 *li_quarantine_p;
00404 
00405        time_t               li_network_timeout;
00406        time_t               li_conn_ttl;
00407        time_t               li_idle_timeout;
00408        time_t               li_timeout[ SLAP_OP_LAST ];
00409 } ldapinfo_t;
00410 
00411 #define       LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
00412 
00413 typedef enum ldap_back_send_t {
00414        LDAP_BACK_DONTSEND          = 0x00,
00415        LDAP_BACK_SENDOK            = 0x01,
00416        LDAP_BACK_SENDERR           = 0x02,
00417        LDAP_BACK_SENDRESULT        = (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR),
00418        LDAP_BACK_BINDING           = 0x04,
00419 
00420        LDAP_BACK_BIND_DONTSEND            = (LDAP_BACK_BINDING),
00421        LDAP_BACK_BIND_SOK          = (LDAP_BACK_BINDING|LDAP_BACK_SENDOK),
00422        LDAP_BACK_BIND_SERR         = (LDAP_BACK_BINDING|LDAP_BACK_SENDERR),
00423        LDAP_BACK_BIND_SRES         = (LDAP_BACK_BINDING|LDAP_BACK_SENDRESULT),
00424 
00425        LDAP_BACK_RETRYING          = 0x08,
00426        LDAP_BACK_RETRY_DONTSEND    = (LDAP_BACK_RETRYING),
00427        LDAP_BACK_RETRY_SOK         = (LDAP_BACK_RETRYING|LDAP_BACK_SENDOK),
00428        LDAP_BACK_RETRY_SERR        = (LDAP_BACK_RETRYING|LDAP_BACK_SENDERR),
00429        LDAP_BACK_RETRY_SRES        = (LDAP_BACK_RETRYING|LDAP_BACK_SENDRESULT),
00430 
00431        LDAP_BACK_GETCONN           = 0x10
00432 } ldap_back_send_t;
00433 
00434 /* define to use asynchronous StartTLS */
00435 #define SLAP_STARTTLS_ASYNCHRONOUS
00436 
00437 /* timeout to use when calling ldap_result() */
00438 #define       LDAP_BACK_RESULT_TIMEOUT    (0)
00439 #define       LDAP_BACK_RESULT_UTIMEOUT   (100000)
00440 #define       LDAP_BACK_TV_SET(tv) \
00441        do { \
00442               (tv)->tv_sec = LDAP_BACK_RESULT_TIMEOUT; \
00443               (tv)->tv_usec = LDAP_BACK_RESULT_UTIMEOUT; \
00444        } while ( 0 )
00445 
00446 #ifndef LDAP_BACK_PRINT_CONNTREE
00447 #define LDAP_BACK_PRINT_CONNTREE 0
00448 #endif /* !LDAP_BACK_PRINT_CONNTREE */
00449 
00450 typedef struct ldap_extra_t {
00451        int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn,
00452               int version, slap_idassert_t *si, LDAPControl    *ctrl );
00453        int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls );
00454        int (*idassert_authzfrom_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si );
00455        int (*idassert_passthru_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si );
00456        int (*idassert_parse_cf)( const char *fname, int lineno, int argc, char *argv[], slap_idassert_t *si );
00457        void (*retry_info_destroy)( slap_retry_info_t *ri );
00458        int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen );
00459        int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout );
00460        int (*connid2str)( const ldapconn_base_t *lc, char *buf, ber_len_t buflen );
00461 } ldap_extra_t;
00462 
00463 LDAP_END_DECL
00464 
00465 #include "proto-ldap.h"
00466 
00467 #endif /* SLAPD_LDAP_H */