X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-ldap%2Fback-ldap.h;h=d33ea3c1830f28e2bfbb14e443babba5cfb3843f;hb=00dae75f7b48b6bab23503d211deb7650aba8c1b;hp=8ecbd4ffd70a034ebb655ebac818004cb221f720;hpb=dc0eacd40b625258355eea866d62188e5aa7ce3b;p=openldap diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h index 8ecbd4ffd7..d33ea3c183 100644 --- a/servers/slapd/back-ldap/back-ldap.h +++ b/servers/slapd/back-ldap/back-ldap.h @@ -24,12 +24,6 @@ #ifndef SLAPD_LDAP_H #define SLAPD_LDAP_H -#include "proto-ldap.h" - -#ifdef LDAP_DEVEL -#define LDAP_BACK_PROXY_AUTHZ -#endif - LDAP_BEGIN_DECL struct slap_conn; @@ -43,94 +37,101 @@ struct ldapconn { struct berval lc_bound_ndn; struct berval lc_local_ndn; int lc_bound; + int lc_ispriv; ldap_pvt_thread_mutex_t lc_mutex; + unsigned lc_refcnt; }; -struct ldapauth { - struct berval la_authcID; - struct berval la_authcDN; - struct berval la_passwd; - - struct berval la_authzID; - - int la_authmethod; - int la_sasl_flags; - struct berval la_sasl_mech; - struct berval la_sasl_realm; - -#define LDAP_BACK_AUTH_NONE 0x00U -#define LDAP_BACK_AUTH_NATIVE_AUTHZ 0x01U -#define LDAP_BACK_AUTH_OVERRIDE 0x02U - unsigned la_flags; +/* + * identity assertion modes + */ +enum { + LDAP_BACK_IDASSERT_LEGACY = 1, + LDAP_BACK_IDASSERT_NOASSERT, + LDAP_BACK_IDASSERT_ANONYMOUS, + LDAP_BACK_IDASSERT_SELF, + LDAP_BACK_IDASSERT_OTHERDN, + LDAP_BACK_IDASSERT_OTHERID }; struct ldapinfo { char *url; LDAPURLDesc *lud; - struct ldapauth acl_la; -#define acl_authcDN acl_la.la_authcDN -#define acl_passwd acl_la.la_passwd -#ifdef LDAP_BACK_PROXY_AUTHZ + slap_bindconf acl_sb; +#define acl_authcID acl_sb.sb_authcId +#define acl_authcDN acl_sb.sb_binddn +#define acl_passwd acl_sb.sb_cred +#define acl_authzID acl_sb.sb_authzId +#define acl_authmethod acl_sb.sb_method +#define acl_sasl_mech acl_sb.sb_saslmech +#define acl_sasl_realm acl_sb.sb_realm +#define acl_secprops acl_sb.sb_secprops + /* ID assert stuff */ int idassert_mode; -#define LDAP_BACK_IDASSERT_LEGACY 0 -#define LDAP_BACK_IDASSERT_NOASSERT 1 -#define LDAP_BACK_IDASSERT_ANONYMOUS 2 -#define LDAP_BACK_IDASSERT_SELF 3 -#define LDAP_BACK_IDASSERT_OTHERDN 4 -#define LDAP_BACK_IDASSERT_OTHERID 5 - - struct ldapauth idassert_la; -#define idassert_authcID idassert_la.la_authcID -#define idassert_authcDN idassert_la.la_authcDN -#define idassert_passwd idassert_la.la_passwd -#define idassert_authzID idassert_la.la_authzID -#define idassert_authmethod idassert_la.la_authmethod -#define idassert_sasl_flags idassert_la.la_sasl_flags -#define idassert_sasl_mech idassert_la.la_sasl_mech -#define idassert_sasl_realm idassert_la.la_sasl_realm -#define idassert_flags idassert_la.la_flags + + slap_bindconf idassert_sb; +#define idassert_authcID idassert_sb.sb_authcId +#define idassert_authcDN idassert_sb.sb_binddn +#define idassert_passwd idassert_sb.sb_cred +#define idassert_authzID idassert_sb.sb_authzId +#define idassert_authmethod idassert_sb.sb_method +#define idassert_sasl_mech idassert_sb.sb_saslmech +#define idassert_sasl_realm idassert_sb.sb_realm +#define idassert_secprops idassert_sb.sb_secprops + + unsigned idassert_flags; +#define LDAP_BACK_AUTH_NONE 0x00U +#define LDAP_BACK_AUTH_NATIVE_AUTHZ 0x01U +#define LDAP_BACK_AUTH_OVERRIDE 0x02U +#define LDAP_BACK_AUTH_PRESCRIPTIVE 0x04U + BerVarray idassert_authz; - - int idassert_ppolicy; /* end of ID assert stuff */ -#endif /* LDAP_BACK_PROXY_AUTHZ */ ldap_pvt_thread_mutex_t conn_mutex; - int savecred; + unsigned flags; +#define LDAP_BACK_F_NONE 0x00U +#define LDAP_BACK_F_SAVECRED 0x01U +#define LDAP_BACK_F_USE_TLS 0x02U +#define LDAP_BACK_F_PROPAGATE_TLS 0x04U +#define LDAP_BACK_F_TLS_CRITICAL 0x08U +#define LDAP_BACK_F_TLS_USE_MASK (LDAP_BACK_F_USE_TLS|LDAP_BACK_F_TLS_CRITICAL) +#define LDAP_BACK_F_TLS_PROPAGATE_MASK (LDAP_BACK_F_PROPAGATE_TLS|LDAP_BACK_F_TLS_CRITICAL) +#define LDAP_BACK_F_TLS_MASK (LDAP_BACK_F_TLS_USE_MASK|LDAP_BACK_F_TLS_PROPAGATE_MASK) +#define LDAP_BACK_F_CHASE_REFERRALS 0x10U +#define LDAP_BACK_F_PROXY_WHOAMI 0x20U + +#define LDAP_BACK_F_SUPPORT_T_F 0x80U +#define LDAP_BACK_F_SUPPORT_T_F_DISCOVER 0x40U +#define LDAP_BACK_F_SUPPORT_T_F_MASK (LDAP_BACK_F_SUPPORT_T_F|LDAP_BACK_F_SUPPORT_T_F_DISCOVER) + +#define LDAP_BACK_SAVECRED(li) ( (li)->flags & LDAP_BACK_F_SAVECRED ) +#define LDAP_BACK_USE_TLS(li) ( (li)->flags & LDAP_BACK_F_USE_TLS ) +#define LDAP_BACK_PROPAGATE_TLS(li) ( (li)->flags & LDAP_BACK_F_PROPAGATE_TLS ) +#define LDAP_BACK_TLS_CRITICAL(li) ( (li)->flags & LDAP_BACK_F_TLS_CRITICAL ) +#define LDAP_BACK_CHASE_REFERRALS(li) ( (li)->flags & LDAP_BACK_F_CHASE_REFERRALS ) + + int version; + Avlnode *conntree; int rwm_started; }; -int ldap_back_freeconn( Operation *op, struct ldapconn *lc ); -struct ldapconn *ldap_back_getconn(struct slap_op *op, struct slap_rep *rs); -int ldap_back_dobind(struct ldapconn *lc, Operation *op, SlapReply *rs); -int ldap_back_retry(struct ldapconn *lc, Operation *op, SlapReply *rs); -int ldap_back_map_result(SlapReply *rs); -int ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs, - ber_int_t msgid, int sendok); -int back_ldap_LTX_init_module(int argc, char *argv[]); - -extern int ldap_back_conn_cmp( const void *c1, const void *c2); -extern int ldap_back_conn_dup( void *c1, void *c2 ); -extern void ldap_back_conn_free( void *c ); - -#ifdef LDAP_BACK_PROXY_AUTHZ -extern int -ldap_back_proxy_authz_ctrl( - struct ldapconn *lc, - Operation *op, - SlapReply *rs, - LDAPControl ***pctrls ); - -extern int -ldap_back_proxy_authz_ctrl_free( - Operation *op, - LDAPControl ***pctrls ); -#endif /* LDAP_BACK_PROXY_AUTHZ */ +typedef enum ldap_back_send_t { + LDAP_BACK_DONTSEND = 0x00, + LDAP_BACK_SENDOK = 0x01, + LDAP_BACK_SENDERR = 0x02, + LDAP_BACK_SENDRESULT = (LDAP_BACK_SENDOK|LDAP_BACK_SENDERR) +} ldap_back_send_t; + +/* define to use asynchronous StartTLS */ +#define SLAP_STARTTLS_ASYNCHRONOUS LDAP_END_DECL +#include "proto-ldap.h" + #endif /* SLAPD_LDAP_H */