X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Fback-ldap%2Fback-ldap.h;h=244e5e8e811ab966e0c721381e1e91d20bcce821;hb=22e5e49f267add520e92baa7abe683c9a58bbdf7;hp=e0c6b62d41897d932f545665a2807b089ef6737b;hpb=3297be046b4efeebc74cc2d29495a85d49bf9aa9;p=openldap diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h index e0c6b62d41..244e5e8e81 100644 --- a/servers/slapd/back-ldap/back-ldap.h +++ b/servers/slapd/back-ldap/back-ldap.h @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1999-2007 The OpenLDAP Foundation. + * Copyright 1999-2010 The OpenLDAP Foundation. * Portions Copyright 2000-2003 Pierangelo Masarati. * Portions Copyright 1999-2003 Howard Chu. * All rights reserved. @@ -61,11 +61,11 @@ enum { LDAP_BACK_PCONN_LAST }; -typedef struct ldapconn_t { - Connection *lc_conn; +typedef struct ldapconn_base_t { + Connection *lcb_conn; #define LDAP_BACK_CONN2PRIV(lc) ((unsigned long)(lc)->lc_conn) -#define LDAP_BACK_PCONN_ISPRIV(lc) ((void *)(lc)->lc_conn >= (void *)LDAP_BACK_PCONN_FIRST \ - && (void *)(lc)->lc_conn < (void *)LDAP_BACK_PCONN_LAST) +#define LDAP_BACK_PCONN_ISPRIV(lc) (((void *)(lc)->lc_conn) >= ((void *)LDAP_BACK_PCONN_FIRST) \ + && ((void *)(lc)->lc_conn) < ((void *)LDAP_BACK_PCONN_LAST)) #define LDAP_BACK_PCONN_ISROOTDN(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ && (LDAP_BACK_CONN2PRIV((lc)) < LDAP_BACK_PCONN_ANON)) #define LDAP_BACK_PCONN_ISANON(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ @@ -75,8 +75,6 @@ typedef struct ldapconn_t { && (LDAP_BACK_CONN2PRIV((lc)) >= LDAP_BACK_PCONN_BIND)) #define LDAP_BACK_PCONN_ISTLS(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) \ && (LDAP_BACK_CONN2PRIV((lc)) & LDAP_BACK_PCONN_TLS)) -#define LDAP_BACK_PCONN_ID(lc) (LDAP_BACK_PCONN_ISPRIV((lc)) ? \ - ( -1 - (long)(lc)->lc_conn ) : (lc)->lc_conn->c_connid ) #ifdef HAVE_TLS #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN)) @@ -96,10 +94,22 @@ typedef struct ldapconn_t { (BER_BVISEMPTY(&(op)->o_ndn) ? \ LDAP_BACK_PCONN_ANON_SET((lc), (op)) : LDAP_BACK_PCONN_ROOTDN_SET((lc), (op))) - LDAP *lc_ld; - struct berval lc_cred; - struct berval lc_bound_ndn; - struct berval lc_local_ndn; + struct berval lcb_local_ndn; + unsigned lcb_refcnt; + time_t lcb_create_time; + time_t lcb_time; +} ldapconn_base_t; + +typedef struct ldapconn_t { + ldapconn_base_t lc_base; +#define lc_conn lc_base.lcb_conn +#define lc_local_ndn lc_base.lcb_local_ndn +#define lc_refcnt lc_base.lcb_refcnt +#define lc_create_time lc_base.lcb_create_time +#define lc_time lc_base.lcb_time + + LDAP_TAILQ_ENTRY(ldapconn_t) lc_q; + unsigned lc_lcflags; #define LDAP_BACK_CONN_ISSET_F(fp,f) (*(fp) & (f)) #define LDAP_BACK_CONN_SET_F(fp,f) (*(fp) |= (f)) @@ -164,12 +174,10 @@ typedef struct ldapconn_t { #define LDAP_BACK_CONN_CACHED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_CACHED) #define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED) - unsigned lc_refcnt; + LDAP *lc_ld; + struct berval lc_cred; + struct berval lc_bound_ndn; unsigned lc_flags; - time_t lc_create_time; - time_t lc_time; - - LDAP_TAILQ_ENTRY(ldapconn_t) lc_q; } ldapconn_t; typedef struct ldap_avl_info_t { @@ -226,10 +234,14 @@ typedef struct slap_idassert_t { #define LDAP_BACK_AUTH_OBSOLETE_PROXY_AUTHZ (0x08U) #define LDAP_BACK_AUTH_OBSOLETE_ENCODING_WORKAROUND (0x10U) #define LDAP_BACK_AUTH_AUTHZ_ALL (0x20U) +#define LDAP_BACK_AUTH_PROXYAUTHZ_CRITICAL (0x40U) #define li_idassert_flags li_idassert.si_flags BerVarray si_authz; #define li_idassert_authz li_idassert.si_authz + + BerVarray si_passthru; +#define li_idassert_passthru li_idassert.si_passthru } slap_idassert_t; /* @@ -245,6 +257,9 @@ typedef struct ldapinfo_t { * to be checked for the presence of a certain item */ BerVarray li_bvuri; ldap_pvt_thread_mutex_t li_uri_mutex; + /* hack because when TLS is used we need to lock and let + * the li_urllist_f function to know it's locked */ + int li_uri_mutex_do_not_lock; LDAP_REBIND_PROC *li_rebind_f; LDAP_URLLIST_PROC *li_urllist_f; @@ -308,6 +323,16 @@ typedef struct ldapinfo_t { #define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP) #define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER) +#define LDAP_BACK_F_QUARANTINE (0x00010000U) + +#ifdef SLAP_CONTROL_X_SESSION_TRACKING +#define LDAP_BACK_F_ST_REQUEST (0x00020000U) +#define LDAP_BACK_F_ST_RESPONSE (0x00040000U) +#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ + +#define LDAP_BACK_F_NOREFS (0x00080000U) +#define LDAP_BACK_F_NOUNDEFFILTER (0x00100000U) + #define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) ) #define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) ) @@ -339,6 +364,16 @@ typedef struct ldapinfo_t { #define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP ) #define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER ) +#define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE ) + +#ifdef SLAP_CONTROL_X_SESSION_TRACKING +#define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST) +#define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE) +#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ + +#define LDAP_BACK_NOREFS(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS) +#define LDAP_BACK_NOUNDEFFILTER(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER) + int li_version; /* cached connections; @@ -363,7 +398,6 @@ typedef struct ldapinfo_t { #define LDAP_BACK_FQ_RETRYING (2) slap_retry_info_t li_quarantine; -#define LDAP_BACK_QUARANTINE(li) ( (li)->li_quarantine.ri_num != NULL ) ldap_pvt_thread_mutex_t li_quarantine_mutex; ldap_back_quarantine_f li_quarantine_f; void *li_quarantine_p; @@ -374,6 +408,8 @@ typedef struct ldapinfo_t { time_t li_timeout[ SLAP_OP_LAST ]; } ldapinfo_t; +#define LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE) + typedef enum ldap_back_send_t { LDAP_BACK_DONTSEND = 0x00, LDAP_BACK_SENDOK = 0x01, @@ -411,6 +447,19 @@ typedef enum ldap_back_send_t { #define LDAP_BACK_PRINT_CONNTREE 0 #endif /* !LDAP_BACK_PRINT_CONNTREE */ +typedef struct ldap_extra_t { + int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn, + int version, slap_idassert_t *si, LDAPControl *ctrl ); + int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls ); + int (*idassert_authzfrom_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si ); + int (*idassert_passthru_parse_cf)( const char *fname, int lineno, const char *arg, slap_idassert_t *si ); + int (*idassert_parse_cf)( const char *fname, int lineno, int argc, char *argv[], slap_idassert_t *si ); + void (*retry_info_destroy)( slap_retry_info_t *ri ); + int (*retry_info_parse)( char *in, slap_retry_info_t *ri, char *buf, ber_len_t buflen ); + int (*retry_info_unparse)( slap_retry_info_t *ri, struct berval *bvout ); + int (*connid2str)( const ldapconn_base_t *lc, char *buf, ber_len_t buflen ); +} ldap_extra_t; + LDAP_END_DECL #include "proto-ldap.h"