X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fback-ldap.h;h=9098d40841bd356e206692776a33fac9a173a7bf;hb=86c4dca647a164dd7d24d13194f5a9c1f6414a22;hp=12cc7fa41430d894be4aa1ac46041b6c1569c853;hpb=7e8242d50d829776caeebd04bbc06bc92e6f7da7;p=openldap diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h index 12cc7fa414..9098d40841 100644 --- a/servers/slapd/back-ldap/back-ldap.h +++ b/servers/slapd/back-ldap/back-ldap.h @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1999-2006 The OpenLDAP Foundation. + * Copyright 1999-2008 The OpenLDAP Foundation. * Portions Copyright 2000-2003 Pierangelo Masarati. * Portions Copyright 1999-2003 Howard Chu. * All rights reserved. @@ -79,11 +79,11 @@ typedef struct ldapconn_t { ( -1 - (long)(lc)->lc_conn ) : (lc)->lc_conn->c_connid ) #ifdef HAVE_TLS #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ - ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? LDAP_BACK_PCONN_ROOTDN_TLS : LDAP_BACK_PCONN_ROOTDN)) + ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ROOTDN_TLS : (void *) LDAP_BACK_PCONN_ROOTDN)) #define LDAP_BACK_PCONN_ANON_SET(lc, op) \ - ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? LDAP_BACK_PCONN_ANON_TLS : LDAP_BACK_PCONN_ANON)) + ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_ANON_TLS : (void *) LDAP_BACK_PCONN_ANON)) #define LDAP_BACK_PCONN_BIND_SET(lc, op) \ - ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? LDAP_BACK_PCONN_BIND_TLS : LDAP_BACK_PCONN_BIND)) + ((lc)->lc_conn = (void *)((op)->o_conn->c_is_tls ? (void *) LDAP_BACK_PCONN_BIND_TLS : (void *) LDAP_BACK_PCONN_BIND)) #else /* ! HAVE_TLS */ #define LDAP_BACK_PCONN_ROOTDN_SET(lc, op) \ ((lc)->lc_conn = (void *)LDAP_BACK_PCONN_ROOTDN) @@ -127,8 +127,9 @@ typedef struct ldapconn_t { #define LDAP_BACK_FCONN_ISTLS (0x00000008U) #define LDAP_BACK_FCONN_BINDING (0x00000010U) #define LDAP_BACK_FCONN_TAINTED (0x00000020U) -#define LDAP_BACK_FCONN_ISIDASR (0x00000040U) -#define LDAP_BACK_FCONN_CACHED (0x00000080U) +#define LDAP_BACK_FCONN_ABANDON (0x00000040U) +#define LDAP_BACK_FCONN_ISIDASR (0x00000080U) +#define LDAP_BACK_FCONN_CACHED (0x00000100U) #define LDAP_BACK_CONN_ISBOUND(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISBOUND) #define LDAP_BACK_CONN_ISBOUND_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISBOUND) @@ -152,6 +153,9 @@ typedef struct ldapconn_t { #define LDAP_BACK_CONN_TAINTED(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_TAINTED) #define LDAP_BACK_CONN_TAINTED_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_TAINTED) #define LDAP_BACK_CONN_TAINTED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_TAINTED) +#define LDAP_BACK_CONN_ABANDON(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ABANDON) +#define LDAP_BACK_CONN_ABANDON_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ABANDON) +#define LDAP_BACK_CONN_ABANDON_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ABANDON) #define LDAP_BACK_CONN_ISIDASSERT(lc) LDAP_BACK_CONN_ISSET((lc), LDAP_BACK_FCONN_ISIDASR) #define LDAP_BACK_CONN_ISIDASSERT_SET(lc) LDAP_BACK_CONN_SET((lc), LDAP_BACK_FCONN_ISIDASR) #define LDAP_BACK_CONN_ISIDASSERT_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_ISIDASR) @@ -161,7 +165,6 @@ typedef struct ldapconn_t { #define LDAP_BACK_CONN_CACHED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), LDAP_BACK_FCONN_CACHED) unsigned lc_refcnt; - unsigned lc_binding; unsigned lc_flags; time_t lc_create_time; time_t lc_time; @@ -247,27 +250,30 @@ typedef struct ldapinfo_t { LDAP_URLLIST_PROC *li_urllist_f; void *li_urllist_p; - slap_bindconf li_acl; -#define li_acl_authcID li_acl.sb_authcId -#define li_acl_authcDN li_acl.sb_binddn -#define li_acl_passwd li_acl.sb_cred -#define li_acl_authzID li_acl.sb_authzId + /* we only care about the TLS options here */ + slap_bindconf li_tls; + + slap_bindconf li_acl; +#define li_acl_authcID li_acl.sb_authcId +#define li_acl_authcDN li_acl.sb_binddn +#define li_acl_passwd li_acl.sb_cred +#define li_acl_authzID li_acl.sb_authzId #define li_acl_authmethod li_acl.sb_method #define li_acl_sasl_mech li_acl.sb_saslmech #define li_acl_sasl_realm li_acl.sb_realm -#define li_acl_secprops li_acl.sb_secprops +#define li_acl_secprops li_acl.sb_secprops /* ID assert stuff */ - slap_idassert_t li_idassert; + slap_idassert_t li_idassert; /* end of ID assert stuff */ - int li_nretries; + int li_nretries; #define LDAP_BACK_RETRY_UNDEFINED (-2) #define LDAP_BACK_RETRY_FOREVER (-1) #define LDAP_BACK_RETRY_NEVER (0) #define LDAP_BACK_RETRY_DEFAULT (3) - unsigned li_flags; + unsigned li_flags; /* 0xFFF00000U are reserved for back-meta */ @@ -276,30 +282,39 @@ typedef struct ldapinfo_t { #define LDAP_BACK_F_USE_TLS (0x00000002U) #define LDAP_BACK_F_PROPAGATE_TLS (0x00000004U) #define LDAP_BACK_F_TLS_CRITICAL (0x00000008U) +#define LDAP_BACK_F_TLS_LDAPS (0x00000010U) + #define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL) #define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL) -#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK) -#define LDAP_BACK_F_CHASE_REFERRALS (0x00000010U) -#define LDAP_BACK_F_PROXY_WHOAMI (0x00000020U) +#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK|LDAP_BACK_F_TLS_LDAPS) +#define LDAP_BACK_F_CHASE_REFERRALS (0x00000020U) +#define LDAP_BACK_F_PROXY_WHOAMI (0x00000040U) -#define LDAP_BACK_F_T_F (0x00000040U) -#define LDAP_BACK_F_T_F_DISCOVER (0x00000080U) +#define LDAP_BACK_F_T_F (0x00000080U) +#define LDAP_BACK_F_T_F_DISCOVER (0x00000100U) #define LDAP_BACK_F_T_F_MASK (LDAP_BACK_F_T_F) #define LDAP_BACK_F_T_F_MASK2 (LDAP_BACK_F_T_F_MASK|LDAP_BACK_F_T_F_DISCOVER) -#define LDAP_BACK_F_MONITOR (0x00000100U) -#define LDAP_BACK_F_SINGLECONN (0x00000200U) -#define LDAP_BACK_F_USE_TEMPORARIES (0x00000400U) +#define LDAP_BACK_F_MONITOR (0x00000200U) +#define LDAP_BACK_F_SINGLECONN (0x00000400U) +#define LDAP_BACK_F_USE_TEMPORARIES (0x00000800U) -#define LDAP_BACK_F_ISOPEN (0x00000800U) +#define LDAP_BACK_F_ISOPEN (0x00001000U) #define LDAP_BACK_F_CANCEL_ABANDON (0x00000000U) -#define LDAP_BACK_F_CANCEL_IGNORE (0x00001000U) -#define LDAP_BACK_F_CANCEL_EXOP (0x00002000U) -#define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00004000U) +#define LDAP_BACK_F_CANCEL_IGNORE (0x00002000U) +#define LDAP_BACK_F_CANCEL_EXOP (0x00004000U) +#define LDAP_BACK_F_CANCEL_EXOP_DISCOVER (0x00008000U) #define LDAP_BACK_F_CANCEL_MASK (LDAP_BACK_F_CANCEL_IGNORE|LDAP_BACK_F_CANCEL_EXOP) #define LDAP_BACK_F_CANCEL_MASK2 (LDAP_BACK_F_CANCEL_MASK|LDAP_BACK_F_CANCEL_EXOP_DISCOVER) +#define LDAP_BACK_F_QUARANTINE (0x00010000U) + +#ifdef SLAP_CONTROL_X_SESSION_TRACKING +#define LDAP_BACK_F_ST_REQUEST (0x00020000U) +#define LDAP_BACK_F_ST_RESPONSE (0x00040000U) +#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ + #define LDAP_BACK_ISSET_F(ff,f) ( ( (ff) & (f) ) == (f) ) #define LDAP_BACK_ISMASK_F(ff,m,f) ( ( (ff) & (m) ) == (f) ) @@ -331,40 +346,45 @@ typedef struct ldapinfo_t { #define LDAP_BACK_CANCEL(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP ) #define LDAP_BACK_CANCEL_DISCOVER(li) LDAP_BACK_ISMASK( (li), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER ) - int li_version; +#define LDAP_BACK_QUARANTINE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_QUARANTINE ) - /* cached connections; - * special conns are in tailq rather than in tree */ - ldap_avl_info_t li_conninfo; +#ifdef SLAP_CONTROL_X_SESSION_TRACKING +#define LDAP_BACK_ST_REQUEST(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_REQUEST) +#define LDAP_BACK_ST_RESPONSE(li) LDAP_BACK_ISSET( (li), LDAP_BACK_F_ST_RESPONSE) +#endif /* SLAP_CONTROL_X_SESSION_TRACKING */ - ldap_monitor_info_t li_monitor_info; + int li_version; + /* cached connections; + * special conns are in tailq rather than in tree */ + ldap_avl_info_t li_conninfo; struct { int lic_num; LDAP_TAILQ_HEAD(lc_conn_priv_q, ldapconn_t) lic_priv; - } li_conn_priv[ LDAP_BACK_PCONN_LAST ]; - int li_conn_priv_max; + } li_conn_priv[ LDAP_BACK_PCONN_LAST ]; + int li_conn_priv_max; #define LDAP_BACK_CONN_PRIV_MIN (1) #define LDAP_BACK_CONN_PRIV_MAX (256) /* must be between LDAP_BACK_CONN_PRIV_MIN * and LDAP_BACK_CONN_PRIV_MAX ! */ #define LDAP_BACK_CONN_PRIV_DEFAULT (16) + ldap_monitor_info_t li_monitor_info; + sig_atomic_t li_isquarantined; #define LDAP_BACK_FQ_NO (0) #define LDAP_BACK_FQ_YES (1) #define LDAP_BACK_FQ_RETRYING (2) slap_retry_info_t li_quarantine; -#define LDAP_BACK_QUARANTINE(li) ( (li)->li_quarantine.ri_num != NULL ) ldap_pvt_thread_mutex_t li_quarantine_mutex; ldap_back_quarantine_f li_quarantine_f; void *li_quarantine_p; - time_t li_network_timeout; - time_t li_conn_ttl; - time_t li_idle_timeout; - time_t li_timeout[ SLAP_OP_LAST ]; + time_t li_network_timeout; + time_t li_conn_ttl; + time_t li_idle_timeout; + time_t li_timeout[ SLAP_OP_LAST ]; } ldapinfo_t; typedef enum ldap_back_send_t { @@ -404,6 +424,12 @@ typedef enum ldap_back_send_t { #define LDAP_BACK_PRINT_CONNTREE 0 #endif /* !LDAP_BACK_PRINT_CONNTREE */ +typedef struct ldap_extra_t { + int (*proxy_authz_ctrl)( Operation *op, SlapReply *rs, struct berval *bound_ndn, + int version, slap_idassert_t *si, LDAPControl *ctrl ); + int (*controls_free)( Operation *op, SlapReply *rs, LDAPControl ***pctrls ); +} ldap_extra_t; + LDAP_END_DECL #include "proto-ldap.h"