X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fback-ldap.h;h=d33ea3c1830f28e2bfbb14e443babba5cfb3843f;hb=00dae75f7b48b6bab23503d211deb7650aba8c1b;hp=48b2e949ad14c4f1e718cfd72ec087037dbf5d00;hpb=43138aa500eeac429841dcc0b45a675ce22307fa;p=openldap

diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h
index 48b2e949ad..d33ea3c183 100644
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@@ -37,56 +37,57 @@ struct ldapconn {
 	struct berval 		lc_bound_ndn;
 	struct berval		lc_local_ndn;
 	int			lc_bound;
+	int			lc_ispriv;
 	ldap_pvt_thread_mutex_t	lc_mutex;
+	unsigned		lc_refcnt;
 };
 
-struct ldapauth {
-	struct berval	la_authcID;
-	struct berval	la_authcDN;
-	struct berval	la_passwd;
-
-	struct berval	la_authzID;
-	
-	int		la_authmethod;
-	int		la_sasl_flags;
-	struct berval	la_sasl_mech;
-	struct berval	la_sasl_realm;
-	
-#define LDAP_BACK_AUTH_NONE		0x00U
-#define	LDAP_BACK_AUTH_NATIVE_AUTHZ	0x01U
-#define	LDAP_BACK_AUTH_OVERRIDE		0x02U
-	unsigned 	la_flags;
+/*
+ * identity assertion modes
+ */
+enum {
+	LDAP_BACK_IDASSERT_LEGACY = 1,
+	LDAP_BACK_IDASSERT_NOASSERT,
+	LDAP_BACK_IDASSERT_ANONYMOUS,
+	LDAP_BACK_IDASSERT_SELF,
+	LDAP_BACK_IDASSERT_OTHERDN,
+	LDAP_BACK_IDASSERT_OTHERID
 };
 
 struct ldapinfo {
 	char		*url;
 	LDAPURLDesc	*lud;
-	struct ldapauth acl_la;
-#define	acl_authcDN	acl_la.la_authcDN
-#define	acl_passwd	acl_la.la_passwd
+
+	slap_bindconf	acl_sb;
+#define	acl_authcID	acl_sb.sb_authcId
+#define	acl_authcDN	acl_sb.sb_binddn
+#define	acl_passwd	acl_sb.sb_cred
+#define	acl_authzID	acl_sb.sb_authzId
+#define	acl_authmethod	acl_sb.sb_method
+#define	acl_sasl_mech	acl_sb.sb_saslmech
+#define	acl_sasl_realm	acl_sb.sb_realm
+#define	acl_secprops	acl_sb.sb_secprops
 
 	/* ID assert stuff */
 	int		idassert_mode;
-#define	LDAP_BACK_IDASSERT_LEGACY	0
-#define	LDAP_BACK_IDASSERT_NOASSERT	1
-#define	LDAP_BACK_IDASSERT_ANONYMOUS	2
-#define	LDAP_BACK_IDASSERT_SELF		3
-#define	LDAP_BACK_IDASSERT_OTHERDN	4
-#define	LDAP_BACK_IDASSERT_OTHERID	5
-
-	struct ldapauth	idassert_la;
-#define	idassert_authcID	idassert_la.la_authcID
-#define	idassert_authcDN	idassert_la.la_authcDN
-#define	idassert_passwd		idassert_la.la_passwd
-#define	idassert_authzID	idassert_la.la_authzID
-#define	idassert_authmethod	idassert_la.la_authmethod
-#define	idassert_sasl_flags	idassert_la.la_sasl_flags
-#define	idassert_sasl_mech	idassert_la.la_sasl_mech
-#define	idassert_sasl_realm	idassert_la.la_sasl_realm
-#define	idassert_flags		idassert_la.la_flags
+
+	slap_bindconf	idassert_sb;
+#define	idassert_authcID	idassert_sb.sb_authcId
+#define	idassert_authcDN	idassert_sb.sb_binddn
+#define	idassert_passwd		idassert_sb.sb_cred
+#define	idassert_authzID	idassert_sb.sb_authzId
+#define	idassert_authmethod	idassert_sb.sb_method
+#define	idassert_sasl_mech	idassert_sb.sb_saslmech
+#define	idassert_sasl_realm	idassert_sb.sb_realm
+#define	idassert_secprops	idassert_sb.sb_secprops
+
+	unsigned 	idassert_flags;
+#define LDAP_BACK_AUTH_NONE		0x00U
+#define	LDAP_BACK_AUTH_NATIVE_AUTHZ	0x01U
+#define	LDAP_BACK_AUTH_OVERRIDE		0x02U
+#define	LDAP_BACK_AUTH_PRESCRIPTIVE	0x04U
+
 	BerVarray	idassert_authz;
-	
-	int		idassert_ppolicy;
 	/* end of ID assert stuff */
 
 	ldap_pvt_thread_mutex_t		conn_mutex;
@@ -96,7 +97,15 @@ struct ldapinfo {
 #define LDAP_BACK_F_USE_TLS		0x02U
 #define LDAP_BACK_F_PROPAGATE_TLS	0x04U
 #define LDAP_BACK_F_TLS_CRITICAL	0x08U
+#define LDAP_BACK_F_TLS_USE_MASK	(LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL)
+#define LDAP_BACK_F_TLS_PROPAGATE_MASK	(LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL)
+#define LDAP_BACK_F_TLS_MASK		(LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK)
 #define LDAP_BACK_F_CHASE_REFERRALS	0x10U
+#define LDAP_BACK_F_PROXY_WHOAMI	0x20U
+
+#define	LDAP_BACK_F_SUPPORT_T_F			0x80U
+#define	LDAP_BACK_F_SUPPORT_T_F_DISCOVER	0x40U
+#define	LDAP_BACK_F_SUPPORT_T_F_MASK		(LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER)
 
 #define LDAP_BACK_SAVECRED(li)		( (li)->flags & LDAP_BACK_F_SAVECRED )
 #define LDAP_BACK_USE_TLS(li)		( (li)->flags & LDAP_BACK_F_USE_TLS )
@@ -104,6 +113,8 @@ struct ldapinfo {
 #define LDAP_BACK_TLS_CRITICAL(li)	( (li)->flags & LDAP_BACK_F_TLS_CRITICAL )
 #define LDAP_BACK_CHASE_REFERRALS(li)	( (li)->flags & LDAP_BACK_F_CHASE_REFERRALS )
 
+	int		version;
+
 	Avlnode		*conntree;
 
 	int		rwm_started;
@@ -116,6 +127,9 @@ typedef enum ldap_back_send_t {
 	LDAP_BACK_SENDRESULT		= (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR)
 } ldap_back_send_t;
 
+/* define to use asynchronous StartTLS */
+#define SLAP_STARTTLS_ASYNCHRONOUS
+
 LDAP_END_DECL
 
 #include "proto-ldap.h"