/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#define LDAP_OPT_REFERRALS 0x0008
#define LDAP_OPT_RESTART 0x0009
/* 0x0a - 0x10 not defined */
-#define LDAP_OPT_PROTOCOL_VERSION 0x0011
-#define LDAP_OPT_SERVER_CONTROLS 0x0012
-#define LDAP_OPT_CLIENT_CONTROLS 0x0013
+#define LDAP_OPT_PROTOCOL_VERSION 0x0011
+#define LDAP_OPT_SERVER_CONTROLS 0x0012
+#define LDAP_OPT_CLIENT_CONTROLS 0x0013
/* 0x14 not defined */
-#define LDAP_OPT_API_FEATURE_INFO 0x0015
+#define LDAP_OPT_API_FEATURE_INFO 0x0015
/* 0x16 - 0x2f not defined */
#define LDAP_OPT_HOST_NAME 0x0030
-#define LDAP_OPT_RESULT_CODE 0x0031
-#define LDAP_OPT_ERROR_NUMBER LDAP_OPT_RESULT_CODE
-#define LDAP_OPT_ERROR_STRING 0x0032
+#define LDAP_OPT_RESULT_CODE 0x0031
+#define LDAP_OPT_ERROR_NUMBER LDAP_OPT_RESULT_CODE
+#define LDAP_OPT_DIAGNOSTIC_MESSAGE 0x0032
+#define LDAP_OPT_ERROR_STRING LDAP_OPT_DIAGNOSTIC_MESSAGE
#define LDAP_OPT_MATCHED_DN 0x0033
/* 0x0034 - 0x3fff not defined */
#define LDAP_OPT_REFERRAL_URLS 0x5007 /* Referral URLs */
#define LDAP_OPT_SOCKBUF 0x5008 /* sockbuf */
#define LDAP_OPT_DEFBASE 0x5009 /* searchbase */
+#define LDAP_OPT_CONNECT_ASYNC 0x5010 /* create connections asynchronously */
/* OpenLDAP TLS options */
#define LDAP_OPT_X_TLS 0x6000
#define LDAP_OPT_X_TLS_CONNECT_ARG 0x600d
#define LDAP_OPT_X_TLS_DHFILE 0x600e
#define LDAP_OPT_X_TLS_NEWCTX 0x600f
+#define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */
#define LDAP_OPT_X_TLS_NEVER 0
#define LDAP_OPT_X_TLS_HARD 1
#define LDAP_CONTROL_X_SEARCH_OPTIONS "1.2.840.113556.1.4.1340"
#define LDAP_SEARCH_FLAG_DOMAIN_SCOPE 1 /* do not generate referrals */
#define LDAP_SEARCH_FLAG_PHANTOM_ROOT 2 /* search all subordinate NCs */
+#define LDAP_CONTROL_X_TREE_DELETE "1.2.840.113556.1.4.805"
/* MS Active Directory controls - not implemented in slapd(8) */
-#define LDAP_CONTROL_X_TREE_DELETE "1.2.840.113556.1.4.805"
#define LDAP_CONTROL_X_EXTENDED_DN "1.2.840.113556.1.4.529"
+#ifdef LDAP_DEVEL
+/* <draft-wahl-ldap-session> */
+#define LDAP_CONTROL_X_SESSION_TRACKING "1.3.6.1.4.1.21008.108.63.1"
+#define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_SESSION_ID \
+ LDAP_CONTROL_X_SESSION_TRACKING ".1"
+#define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_MULTI_SESSION_ID \
+ LDAP_CONTROL_X_SESSION_TRACKING ".2"
+#define LDAP_CONTROL_X_SESSION_TRACKING_USERNAME \
+ LDAP_CONTROL_X_SESSION_TRACKING ".3"
+#endif /* LDAP_DEVEL */
+
/* various expired works */
/* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */
#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"
#define LDAP_MORE_RESULTS_TO_RETURN (-15) /* Obsolete */
#define LDAP_CLIENT_LOOP (-16)
#define LDAP_REFERRAL_LIMIT_EXCEEDED (-17)
+#define LDAP_X_CONNECTING (-18)
/*
#define LDAP_URL_ERR_BADFILTER 0x09 /* bad or missing filter */
#define LDAP_URL_ERR_BADEXTS 0x0a /* bad or missing extensions */
+/*
+ * LDAP sync (RFC4533) API
+ */
+
+typedef struct ldap_sync_t ldap_sync_t;
+
+typedef enum {
+ /* these are private - the client should never see them */
+ LDAP_SYNC_CAPI_NONE = -1,
+
+ LDAP_SYNC_CAPI_PHASE_FLAG = 0x10U,
+ LDAP_SYNC_CAPI_IDSET_FLAG = 0x20U,
+ LDAP_SYNC_CAPI_DONE_FLAG = 0x40U,
+
+ /* these are passed to ls_search_entry() */
+ LDAP_SYNC_CAPI_PRESENT = LDAP_SYNC_PRESENT,
+ LDAP_SYNC_CAPI_ADD = LDAP_SYNC_ADD,
+ LDAP_SYNC_CAPI_MODIFY = LDAP_SYNC_MODIFY,
+ LDAP_SYNC_CAPI_DELETE = LDAP_SYNC_DELETE,
+
+ /* these are passed to ls_intermediate() */
+ LDAP_SYNC_CAPI_PRESENTS = ( LDAP_SYNC_CAPI_PHASE_FLAG | LDAP_SYNC_CAPI_PRESENT ),
+ LDAP_SYNC_CAPI_DELETES = ( LDAP_SYNC_CAPI_PHASE_FLAG | LDAP_SYNC_CAPI_DELETE ),
+
+ LDAP_SYNC_CAPI_PRESENTS_IDSET = ( LDAP_SYNC_CAPI_PRESENTS | LDAP_SYNC_CAPI_IDSET_FLAG ),
+ LDAP_SYNC_CAPI_DELETES_IDSET = ( LDAP_SYNC_CAPI_DELETES | LDAP_SYNC_CAPI_IDSET_FLAG ),
+
+ LDAP_SYNC_CAPI_DONE = ( LDAP_SYNC_CAPI_DONE_FLAG | LDAP_SYNC_CAPI_PRESENTS )
+} ldap_sync_refresh_t;
+
+/*
+ * Called when an entry is returned by ldap_result().
+ * If phase is LDAP_SYNC_CAPI_ADD or LDAP_SYNC_CAPI_MODIFY,
+ * the entry has been either added or modified, and thus
+ * the complete view of the entry should be in the LDAPMessage.
+ * If phase is LDAP_SYNC_CAPI_PRESENT or LDAP_SYNC_CAPI_DELETE,
+ * only the DN should be in the LDAPMessage.
+ */
+typedef int (*ldap_sync_search_entry_f) LDAP_P((
+ ldap_sync_t *ls,
+ LDAPMessage *msg,
+ struct berval *entryUUID,
+ ldap_sync_refresh_t phase ));
+
+/*
+ * Called when a reference is returned; the client should know
+ * what to do with it.
+ */
+typedef int (*ldap_sync_search_reference_f) LDAP_P((
+ ldap_sync_t *ls,
+ LDAPMessage *msg ));
+
+/*
+ * Called when specific intermediate/final messages are returned.
+ * If phase is LDAP_SYNC_CAPI_PRESENTS or LDAP_SYNC_CAPI_DELETES,
+ * a "presents" or "deletes" phase begins.
+ * If phase is LDAP_SYNC_CAPI_DONE, a special "presents" phase
+ * with refreshDone set to "TRUE" has been returned, to indicate
+ * that the refresh phase of a refreshAndPersist is complete.
+ * In the above cases, syncUUIDs is NULL.
+ *
+ * If phase is LDAP_SYNC_CAPI_PRESENTS_IDSET or
+ * LDAP_SYNC_CAPI_DELETES_IDSET, syncUUIDs is an array of UUIDs
+ * that are either present or have been deleted.
+ */
+typedef int (*ldap_sync_intermediate_f) LDAP_P((
+ ldap_sync_t *ls,
+ LDAPMessage *msg,
+ BerVarray syncUUIDs,
+ ldap_sync_refresh_t phase ));
+
+/*
+ * Called when a searchResultDone is returned. In refreshAndPersist,
+ * this can only occur if the search for any reason is being terminated
+ * by the server.
+ */
+typedef int (*ldap_sync_search_result_f) LDAP_P((
+ ldap_sync_t *ls,
+ LDAPMessage *msg,
+ int refreshDeletes ));
+
+/*
+ * This structure contains all information about the persistent search;
+ * the caller is responsible for connecting, setting version, binding, tls...
+ */
+struct ldap_sync_t {
+ /* conf search params */
+ char *ls_base;
+ int ls_scope;
+ char *ls_filter;
+ char **ls_attrs;
+ int ls_timelimit;
+ int ls_sizelimit;
+
+ /* poll timeout */
+ int ls_timeout;
+
+ /* helpers - add as appropriate */
+ ldap_sync_search_entry_f ls_search_entry;
+ ldap_sync_search_reference_f ls_search_reference;
+ ldap_sync_intermediate_f ls_intermediate;
+ ldap_sync_search_result_f ls_search_result;
+
+ /* set by the caller as appropriate */
+ void *ls_private;
+
+ /* conn stuff */
+ LDAP *ls_ld;
+
+ /* --- the parameters below are private - do not modify --- */
+
+ /* FIXME: make the structure opaque, and provide an interface
+ * to modify the public values? */
+
+ /* result stuff */
+ int ls_msgid;
+
+ /* sync stuff */
+ /* needed by refreshOnly */
+ int ls_reloadHint;
+
+ /* opaque - need to pass between sessions, updated by the API */
+ struct berval ls_cookie;
+
+ /* state variable - do not modify */
+ ldap_sync_refresh_t ls_refreshPhase;
+};
+
+/*
+ * End of LDAP sync (RFC4533) API
+ */
+
/*
* The API draft spec says we should declare (or cause to be declared)
* 'struct timeval'. We don't. See IETF LDAPext discussions.
/*
* in controls.c:
*/
+#if LDAP_DEPRECATED
LDAP_F( int )
-ldap_create_control LDAP_P((
+ldap_create_control LDAP_P(( /* deprecated, use ldap_control_create */
LDAP_CONST char *requestOID,
BerElement *ber,
int iscritical,
LDAPControl **ctrlp ));
LDAP_F( LDAPControl * )
-ldap_find_control LDAP_P((
+ldap_find_control LDAP_P(( /* deprecated, use ldap_control_find */
LDAP_CONST char *oid,
LDAPControl **ctrls ));
+#endif
+
+LDAP_F( int )
+ldap_control_create LDAP_P((
+ LDAP_CONST char *requestOID,
+ int iscritical,
+ struct berval *value,
+ int dupval,
+ LDAPControl **ctrlp ));
+
+LDAP_F( LDAPControl * )
+ldap_control_find LDAP_P((
+ LDAP_CONST char *oid,
+ LDAPControl **ctrls,
+ LDAPControl ***nextctrlp ));
LDAP_F( void )
ldap_control_free LDAP_P((
ldap_controls_free LDAP_P((
LDAPControl **ctrls ));
+LDAP_F( LDAPControl ** )
+ldap_controls_dup LDAP_P((
+ LDAPControl *LDAP_CONST *controls ));
+
+LDAP_F( LDAPControl * )
+ldap_control_dup LDAP_P((
+ LDAP_CONST LDAPControl *c ));
+
/*
* in dnssrv.c:
*/
LDAP_CONST char *who,
LDAP_CONST char *passwd ));
-
-/*
- * in kbind.c:
- * (deprecated - use SASL instead)
- */
-LDAP_F( int )
-ldap_kerberos_bind_s LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind1 LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind1_s LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind2 LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
-
-LDAP_F( int )
-ldap_kerberos_bind2_s LDAP_P(( /* deprecated */
- LDAP *ld,
- LDAP_CONST char *who ));
#endif
char **vals ));
LDAP_F( void )
-ldap_value_free LDAP_P(( /* deprecated, use ldap_values_free_len */
+ldap_value_free LDAP_P(( /* deprecated, use ldap_value_free_len */
char **vals ));
#endif
int *retidp ));
#endif
+/*
+ * in ldap_sync.c
+ */
+
+/*
+ * initialize the persistent search structure
+ */
+LDAP_F( ldap_sync_t * )
+ldap_sync_initialize LDAP_P((
+ ldap_sync_t *ls ));
+
+/*
+ * destroy the persistent search structure
+ */
+LDAP_F( void )
+ldap_sync_destroy LDAP_P((
+ ldap_sync_t *ls,
+ int freeit ));
+
+/*
+ * initialize a refreshOnly sync
+ */
+LDAP_F( int )
+ldap_sync_init LDAP_P((
+ ldap_sync_t *ls,
+ int mode ));
+
+/*
+ * initialize a refreshOnly sync
+ */
+LDAP_F( int )
+ldap_sync_init_refresh_only LDAP_P((
+ ldap_sync_t *ls ));
+
+/*
+ * initialize a refreshAndPersist sync
+ */
+LDAP_F( int )
+ldap_sync_init_refresh_and_persist LDAP_P((
+ ldap_sync_t *ls ));
+
+/*
+ * poll for new responses
+ */
+LDAP_F( int )
+ldap_sync_poll LDAP_P((
+ ldap_sync_t *ls ));
+
+#ifdef LDAP_CONTROL_X_SESSION_TRACKING
+
+/*
+ * in stctrl.c
+ */
+LDAP_F( int )
+ldap_create_session_tracking_value LDAP_P((
+ LDAP *ld,
+ char *sessionSourceIp,
+ char *sessionSourceName,
+ char *formatOID,
+ struct berval *sessionTrackingIdentifier,
+ struct berval *value ));
+
+LDAP_F( int )
+ldap_create_session_tracking LDAP_P((
+ LDAP *ld,
+ char *sessionSourceIp,
+ char *sessionSourceName,
+ char *formatOID,
+ struct berval *sessionTrackingIdentifier,
+ LDAPControl **ctrlp ));
+
+LDAP_F( int )
+ldap_parse_session_tracking_control LDAP_P((
+ LDAP *ld,
+ LDAPControl *ctrl,
+ struct berval *ip,
+ struct berval *name,
+ struct berval *oid,
+ struct berval *id ));
+
+#endif /* LDAP_CONTROL_X_SESSION_TRACKING */
+
LDAP_END_DECL
#endif /* _LDAP_H */
projects / openldap / blobdiff