ITS#8054 operation duration logging

[openldap] / include / ldap.h

diff --git a/include/ldap.h b/include/ldap.h
index f51d2b4c9fd6724d59a7d9e0379714b98e2afda1..c05489766510af132e562a60418fc27d5f2aae50 100644 (file)
--- a/include/ldap.h
+++ b/include/ldap.h
@@ -1,7 +1,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2009 The OpenLDAP Foundation.
+ * Copyright 1998-2015 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -59,7 +59,9 @@ LDAP_BEGIN_DECL
                defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE ) )
        /* -lldap may or may not be thread safe */
        /* -lldap_r, if available, is always thread safe */
-#      define  LDAP_API_FEATURE_THREAD_SAFE 1
+#      define  LDAP_API_FEATURE_THREAD_SAFE            1
+#      define  LDAP_API_FEATURE_SESSION_THREAD_SAFE    1
+#      define  LDAP_API_FEATURE_OPERATION_THREAD_SAFE  1
 #endif
 #if defined( LDAP_THREAD_SAFE ) && \
        defined( LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE )
@@ -135,6 +137,7 @@ LDAP_BEGIN_DECL
 #define LDAP_OPT_DEFBASE               0x5009  /* searchbase */
 #define        LDAP_OPT_CONNECT_ASYNC          0x5010  /* create connections asynchronously */
 #define        LDAP_OPT_CONNECT_CB                     0x5011  /* connection callbacks */
+#define        LDAP_OPT_SESSION_REFCNT         0x5012  /* session reference count */
 
 /* OpenLDAP TLS options */
 #define LDAP_OPT_X_TLS                         0x6000
@@ -154,6 +157,11 @@ LDAP_BEGIN_DECL
 #define LDAP_OPT_X_TLS_DHFILE          0x600e
 #define LDAP_OPT_X_TLS_NEWCTX          0x600f
 #define LDAP_OPT_X_TLS_CRLFILE         0x6010  /* GNUtls only */
+#define LDAP_OPT_X_TLS_PACKAGE         0x6011
+#define LDAP_OPT_X_TLS_ECNAME          0x6012
+#define LDAP_OPT_X_TLS_VERSION         0x6013  /* read-only */
+#define LDAP_OPT_X_TLS_CIPHER          0x6014  /* read-only */
+#define LDAP_OPT_X_TLS_PEERCERT                0x6015  /* read-only */
 
 #define LDAP_OPT_X_TLS_NEVER   0
 #define LDAP_OPT_X_TLS_HARD            1
@@ -187,6 +195,7 @@ LDAP_BEGIN_DECL
 #define LDAP_OPT_X_SASL_MECHLIST               0x610a /* read-only */
 #define LDAP_OPT_X_SASL_NOCANON                        0x610b
 #define LDAP_OPT_X_SASL_USERNAME               0x610c /* read-only */
+#define LDAP_OPT_X_SASL_GSS_CREDS              0x610d
 
 /* OpenLDAP GSSAPI options */
 #define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT      0x6200
@@ -260,6 +269,9 @@ typedef struct ldapcontrol {
 /*     non-standard track controls */
 #define LDAP_CONTROL_PAGEDRESULTS      "1.2.840.113556.1.4.319"   /* RFC 2696 */
 
+#define LDAP_CONTROL_AUTHZID_REQUEST   "2.16.840.1.113730.4.16"   /* RFC 3829 */
+#define LDAP_CONTROL_AUTHZID_RESPONSE   "2.16.840.1.113730.4.15"   /* RFC 3829 */
+
 /* LDAP Content Synchronization Operation -- RFC 4533 */
 #define LDAP_SYNC_OID                  "1.3.6.1.4.1.4203.1.9.1"
 #define LDAP_CONTROL_SYNC              LDAP_SYNC_OID ".1"
@@ -291,6 +303,8 @@ typedef struct ldapcontrol {
 #define LDAP_SYNC_DELETE                               3
 #define LDAP_SYNC_NEW_COOKIE                   4
 
+/* LDAP Don't Use Copy Control (RFC 6171) */
+#define LDAP_CONTROL_DONTUSECOPY               "1.3.6.1.1.22"
 
 /* Password policy Controls *//* work in progress */
 /* ITS#3458: released; disabled by default */
@@ -304,7 +318,6 @@ typedef struct ldapcontrol {
 #define LDAP_CONTROL_MANAGEDIT                 LDAP_CONTROL_RELAX
 #define LDAP_CONTROL_SLURP                             "1.3.6.1.4.1.4203.666.5.13"
 #define LDAP_CONTROL_VALSORT                   "1.3.6.1.4.1.4203.666.5.14"
-#define LDAP_CONTROL_DONTUSECOPY               "1.3.6.1.4.1.4203.666.5.15"
 #define        LDAP_CONTROL_X_DEREF                    "1.3.6.1.4.1.4203.666.5.16"
 #define        LDAP_CONTROL_X_WHATFAILED               "1.3.6.1.4.1.4203.666.5.17"
 
@@ -319,6 +332,7 @@ typedef struct ldapcontrol {
 #define LDAP_REFERRALS_REQUIRED                                3
 
 /* MS Active Directory controls (for compatibility) */
+#define LDAP_CONTROL_X_LAZY_COMMIT                     "1.2.840.113556.1.4.619"
 #define LDAP_CONTROL_X_INCREMENTAL_VALUES      "1.2.840.113556.1.4.802"
 #define LDAP_CONTROL_X_DOMAIN_SCOPE                    "1.2.840.113556.1.4.1339"
 #define LDAP_CONTROL_X_PERMISSIVE_MODIFY       "1.2.840.113556.1.4.1413"
@@ -330,7 +344,6 @@ typedef struct ldapcontrol {
 /* MS Active Directory controls - not implemented in slapd(8) */
 #define LDAP_CONTROL_X_EXTENDED_DN             "1.2.840.113556.1.4.529"
 
-#ifdef LDAP_DEVEL
 /* <draft-wahl-ldap-session> */
 #define LDAP_CONTROL_X_SESSION_TRACKING                "1.3.6.1.4.1.21008.108.63.1"
 #define LDAP_CONTROL_X_SESSION_TRACKING_RADIUS_ACCT_SESSION_ID \
@@ -339,9 +352,8 @@ typedef struct ldapcontrol {
                                                LDAP_CONTROL_X_SESSION_TRACKING ".2"
 #define LDAP_CONTROL_X_SESSION_TRACKING_USERNAME \
                                                LDAP_CONTROL_X_SESSION_TRACKING ".3"
-#endif /* LDAP_DEVEL */
-
 /* various expired works */
+
 /* LDAP Duplicated Entry Control Extension *//* not implemented in slapd(8) */
 #define LDAP_CONTROL_DUPENT_REQUEST            "2.16.840.1.113719.1.27.101.1"
 #define LDAP_CONTROL_DUPENT_RESPONSE   "2.16.840.1.113719.1.27.101.2"
@@ -379,7 +391,14 @@ typedef struct ldapcontrol {
 #define        LDAP_EXOP_REFRESH               "1.3.6.1.4.1.1466.101.119.1"    /* RFC 2589 */
 #define        LDAP_TAG_EXOP_REFRESH_REQ_DN    ((ber_tag_t) 0x80U)
 #define        LDAP_TAG_EXOP_REFRESH_REQ_TTL   ((ber_tag_t) 0x81U)
-#define        LDAP_TAG_EXOP_REFRESH_RES_TTL   ((ber_tag_t) 0x80U)
+#define        LDAP_TAG_EXOP_REFRESH_RES_TTL   ((ber_tag_t) 0x81U)
+
+#define LDAP_EXOP_VERIFY_CREDENTIALS   "1.3.6.1.4.1.4203.666.6.5"
+#define LDAP_EXOP_X_VERIFY_CREDENTIALS LDAP_EXOP_VERIFY_CREDENTIALS
+
+#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE         ((ber_tag_t) 0x80U)
+#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS         ((ber_tag_t) 0x81U)
+#define LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ((ber_tag_t) 0xa2U) /* context specific + constructed + 2 */
 
 #define LDAP_EXOP_WHO_AM_I             "1.3.6.1.4.1.4203.1.11.3"               /* RFC 4532 */
 #define LDAP_EXOP_X_WHO_AM_I   LDAP_EXOP_WHO_AM_I
@@ -404,13 +423,17 @@ typedef struct ldapcontrol {
 #define LDAP_URLEXT_X_SEARCHEDSUBTREE  "x-searchedSubtree"
 #define LDAP_URLEXT_X_FAILEDNAME       "x-failedName"
 
-#ifdef LDAP_DEVEL
-#define LDAP_X_TXN                                             "1.3.6.1.4.1.4203.666.11.7" /* tmp */
-#define LDAP_EXOP_X_TXN_START                  LDAP_X_TXN ".1"
-#define LDAP_CONTROL_X_TXN_SPEC                        LDAP_X_TXN ".2"
-#define LDAP_EXOP_X_TXN_END                            LDAP_X_TXN ".3"
-#define LDAP_EXOP_X_TXN_ABORTED_NOTICE LDAP_X_TXN ".4"
-#endif
+#define LDAP_TXN                                               "1.3.6.1.1.21" /* RFC 5805 */
+#define LDAP_EXOP_TXN_START                            LDAP_X_TXN ".1"
+#define LDAP_CONTROL_TXN_SPEC                  LDAP_X_TXN ".2"
+#define LDAP_EXOP_TXN_END                              LDAP_X_TXN ".3"
+#define LDAP_EXOP_TXN_ABORTED_NOTICE   LDAP_X_TXN ".4"
+
+#define        LDAP_X_TXN      LDAP_TXN
+#define LDAP_EXOP_X_TXN_START                  LDAP_EXOP_TXN_START
+#define LDAP_CONTROL_X_TXN_SPEC                        LDAP_CONTROL_TXN_SPEC
+#define LDAP_EXOP_X_TXN_END                            LDAP_EXOP_TXN_END
+#define LDAP_EXOP_X_TXN_ABORTED_NOTICE LDAP_EXOP_TXN_ABORTED_NOTICE
 
 /* LDAP Features */
 #define LDAP_FEATURE_ALL_OP_ATTRS      "1.3.6.1.4.1.4203.1.5.1"        /* RFC 3673 */
@@ -1185,6 +1208,26 @@ ldap_sasl_bind LDAP_P((
 typedef int (LDAP_SASL_INTERACT_PROC) LDAP_P((
        LDAP *ld, unsigned flags, void* defaults, void *interact ));
 
+LDAP_F( int )
+ldap_sasl_interactive_bind LDAP_P((
+       LDAP *ld,
+       LDAP_CONST char *dn, /* usually NULL */
+       LDAP_CONST char *saslMechanism,
+       LDAPControl **serverControls,
+       LDAPControl **clientControls,
+
+       /* should be client controls */
+       unsigned flags,
+       LDAP_SASL_INTERACT_PROC *proc,
+       void *defaults,
+       
+       /* as obtained from ldap_result() */
+       LDAPMessage *result,
+
+       /* returned during bind processing */
+       const char **rmech,
+       int *msgid ));
+
 LDAP_F( int )
 ldap_sasl_interactive_bind_s LDAP_P((
        LDAP *ld,
@@ -1331,7 +1374,7 @@ ldap_parse_result LDAP_P((
        LDAPMessage             *res,
        int                             *errcodep,
        char                    **matcheddnp,
-       char                    **errmsgp,
+       char                    **diagmsgp,
        char                    ***referralsp,
        LDAPControl             ***serverctrls,
        int                             freeit ));
@@ -1498,6 +1541,10 @@ ldap_initialize LDAP_P((
        LDAP **ldp,
        LDAP_CONST char *url ));
 
+LDAP_F( LDAP * )
+ldap_dup LDAP_P((
+       LDAP *old ));
+
 /*
  * in tls.c
  */
@@ -1910,6 +1957,10 @@ ldap_unbind_ext_s LDAP_P((
        LDAPControl             **serverctrls,
        LDAPControl             **clientctrls));
 
+LDAP_F( int )
+ldap_destroy LDAP_P((
+       LDAP                    *ld));
+
 #if LDAP_DEPRECATED
 LDAP_F( int )
 ldap_unbind LDAP_P(( /* deprecated, use ldap_unbind_ext */
@@ -2182,6 +2233,76 @@ ldap_parse_vlvresponse_control LDAP_P((
        struct berval **contextp,
        int           *errcodep ));
 
+/*
+ * LDAP Verify Credentials
+ */
+#define LDAP_API_FEATURE_VERIFY_CREDENTIALS 1000
+
+LDAP_F( int )
+ldap_verify_credentials LDAP_P((
+       LDAP            *ld,
+       struct berval   *cookie,
+       LDAP_CONST char *dn,
+       LDAP_CONST char *mechanism,
+       struct berval   *cred,
+       LDAPControl     **ctrls,
+       LDAPControl     **serverctrls,
+       LDAPControl     **clientctrls,
+       int             *msgidp ));
+
+LDAP_F( int )
+ldap_verify_credentials_s LDAP_P((
+       LDAP            *ld,
+       struct berval   *cookie,
+       LDAP_CONST char *dn,
+       LDAP_CONST char *mechanism,
+       struct berval   *cred,
+       LDAPControl     **vcictrls,
+       LDAPControl     **serverctrls,
+       LDAPControl     **clientctrls,
+       int                             *code,
+       char                    **diagmsgp,
+       struct berval   **scookie,
+       struct berval   **servercredp,
+       LDAPControl     ***vcoctrls));
+       
+
+LDAP_F( int )
+ldap_parse_verify_credentials LDAP_P((
+       LDAP            *ld,
+       LDAPMessage     *res,
+       int                     *code,
+       char                    **diagmsgp,
+       struct berval   **cookie,
+       struct berval   **servercredp,
+       LDAPControl     ***vcctrls));
+
+/* not yet implemented */
+/* #define LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE 1000 */
+#ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE
+LDAP_F( int )
+ldap_verify_credentials_interactive LDAP_P((
+       LDAP *ld,
+       LDAP_CONST char *dn, /* usually NULL */
+       LDAP_CONST char *saslMechanism,
+       LDAPControl **vcControls,
+       LDAPControl **serverControls,
+       LDAPControl **clientControls,
+
+       /* should be client controls */
+       unsigned flags,
+       LDAP_SASL_INTERACT_PROC *proc,
+       void *defaults,
+       void *context,
+       
+       /* as obtained from ldap_result() */
+       LDAPMessage *result,
+
+       /* returned during bind processing */
+       const char **rmech,
+       int *msgid ));
+#endif
+
 /*
  * LDAP Who Am I?
  *     in whoami.c
@@ -2400,7 +2521,7 @@ ldap_create_session_tracking_value LDAP_P((
        struct berval   *value ));
 
 LDAP_F( int )
-ldap_create_session_tracking LDAP_P((
+ldap_create_session_tracking_control LDAP_P((
        LDAP            *ld,
        char            *sessionSourceIp,
        char            *sessionSourceName,
@@ -2498,15 +2619,33 @@ typedef struct ldifrecord {
        struct berval lr_dn; /* DN of operation */
        LDAPControl **lr_ctrls; /* controls specified for operation */
        /* some ops such as LDAP_REQ_DELETE require only a DN */
-       LDAPMod **lr_mods; /* list of mods for LDAP_REQ_MODIFY, LDAP_REQ_ADD */
-       struct berval lr_newrdn; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
-       struct berval lr_newsuperior; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
-       int lr_deleteoldrdn; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
-       /* the following are for future support */
-       struct berval lr_extop_oid; /* LDAP_REQ_EXTENDED */
-       struct berval lr_extop_data; /* LDAP_REQ_EXTENDED */
-       struct berval lr_cmp_attr; /* LDAP_REQ_COMPARE */
-       struct berval lr_cmp_bvalue; /* LDAP_REQ_COMPARE */
+       /* other ops require different data - the ldif_ops union
+          is used to specify the data for each type of operation */
+       union ldif_ops_u {
+               LDAPMod **lr_mods; /* list of mods for LDAP_REQ_MODIFY, LDAP_REQ_ADD */
+#define lrop_mods ldif_ops.lr_mods
+               struct ldif_op_rename_s {
+                       struct berval lr_newrdn; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
+#define lrop_newrdn ldif_ops.ldif_op_rename.lr_newrdn
+                       struct berval lr_newsuperior; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
+#define lrop_newsup ldif_ops.ldif_op_rename.lr_newsuperior
+                       int lr_deleteoldrdn; /* LDAP_REQ_MODDN, LDAP_REQ_MODRDN, LDAP_REQ_RENAME */
+#define lrop_delold ldif_ops.ldif_op_rename.lr_deleteoldrdn
+               } ldif_op_rename; /* rename/moddn/modrdn */
+               /* the following are for future support */
+               struct ldif_op_ext_s {
+                       struct berval lr_extop_oid; /* LDAP_REQ_EXTENDED */
+#define lrop_extop_oid ldif_ops.ldif_op_ext.lr_extop_oid
+                       struct berval lr_extop_data; /* LDAP_REQ_EXTENDED */
+#define lrop_extop_data ldif_ops.ldif_op_ext.lr_extop_data
+               } ldif_op_ext; /* extended operation */
+               struct ldif_op_cmp_s {
+                       struct berval lr_cmp_attr; /* LDAP_REQ_COMPARE */
+#define lrop_cmp_attr ldif_ops.ldif_op_cmp.lr_cmp_attr
+                       struct berval lr_cmp_bvalue; /* LDAP_REQ_COMPARE */
+#define lrop_cmp_bval ldif_ops.ldif_op_cmp.lr_cmp_bvalue
+               } ldif_op_cmp; /* compare operation */
+       } ldif_ops;
        /* PRIVATE STUFF - DO NOT TOUCH */
        /* for efficiency, the implementation allocates memory */
        /* in large blobs, and makes the above fields point to */
@@ -2533,7 +2672,7 @@ ldap_ldif_record_done LDAP_P((
 LDAP_F( int )
 ldap_parse_ldif_record LDAP_P((
        struct berval *rbuf,
-       int linenum,
+       unsigned long linenum,
        LDIFRecord *lr,
        const char *errstr,
        unsigned int flags ));