source4/ldap_server/ldap_server.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3    LDAP server
   4    Copyright (C) Volker Lendecke 2004
   5    Copyright (C) Stefan Metzmacher 2004
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "libcli/ldap/libcli_ldap.h"
  22 #include "lib/socket/socket.h"
  23 #include "lib/stream/packet.h"
  24 #include "system/network.h"
  25 #include "lib/param/loadparm.h"
  26
  27 enum ldap_server_referral_scheme {
  28         LDAP_REFERRAL_SCHEME_LDAP,
  29         LDAP_REFERRAL_SCHEME_LDAPS
  30 };
  31
  32 struct ldapsrv_connection {
  33         struct ldapsrv_connection *next, *prev;
  34         struct loadparm_context *lp_ctx;
  35         struct stream_connection *connection;
  36         struct gensec_security *gensec;
  37         struct auth_session_info *session_info;
  38         struct ldapsrv_service *service;
  39         struct cli_credentials *server_credentials;
  40         struct ldb_context *ldb;
  41
  42         struct {
  43                 struct tevent_queue *send_queue;
  44                 struct tevent_req *read_req;
  45                 struct tstream_context *raw;
  46                 struct tstream_context *tls;
  47                 struct tstream_context *sasl;
  48                 struct tstream_context *active;
  49         } sockets;
  50
  51         bool global_catalog;
  52         bool is_privileged;
  53         bool is_ldapi;
  54         enum ldap_server_require_strong_auth require_strong_auth;
  55         bool authz_logged;
  56         enum ldap_server_referral_scheme referral_scheme;
  57
  58         struct {
  59                 int initial_timeout;
  60                 int conn_idle_time;
  61                 int max_page_size;
  62                 int max_notifications;
  63                 int search_timeout;
  64                 struct timeval endtime;
  65                 struct timeval expire_time; /* Krb5 ticket expiry */
  66                 const char *reason;
  67         } limits;
  68
  69         struct tevent_req *active_call;
  70         struct tevent_req *deferred_expire_disconnect;
  71
  72         struct ldapsrv_call *pending_calls;
  73 };
  74
  75 struct ldapsrv_call {
  76         struct ldapsrv_call *prev, *next;
  77         struct ldapsrv_connection *conn;
  78         struct ldap_message *request;
  79         struct ldapsrv_reply {
  80                 struct ldapsrv_reply *prev, *next;
  81                 struct ldap_message *msg;
  82                 DATA_BLOB blob;
  83         } *replies;
  84         struct iovec *out_iov;
  85         size_t iov_count;
  86         size_t reply_size;
  87
  88         struct tevent_req *(*wait_send)(TALLOC_CTX *mem_ctx,
  89                                         struct tevent_context *ev,
  90                                         void *private_data);
  91         NTSTATUS (*wait_recv)(struct tevent_req *req);
  92         void *wait_private;
  93
  94         struct tevent_req *(*postprocess_send)(TALLOC_CTX *mem_ctx,
  95                                                struct tevent_context *ev,
  96                                                void *private_data);
  97         NTSTATUS (*postprocess_recv)(struct tevent_req *req);
  98         void *postprocess_private;
  99
 100         struct {
 101                 bool busy;
 102                 uint64_t generation;
 103         } notification;
 104 };
 105
 106 /*
 107  * This matches the previous implicit size limit via talloc's maximum
 108  * allocation size
 109  */
 110 #define LDAP_SERVER_MAX_REPLY_SIZE ((size_t)(256 * 1024 * 1024))
 111
 112 /*
 113  * Start writing to the network before we hit this size
 114  */
 115 #define LDAP_SERVER_MAX_CHUNK_SIZE ((size_t)(25 * 1024 * 1024))
 116
 117 struct ldapsrv_service {
 118         const char *dns_host_name;
 119         pid_t parent_pid;
 120         struct tstream_tls_params *tls_params;
 121         struct tevent_queue *call_queue;
 122         struct ldapsrv_connection *connections;
 123         struct {
 124                 uint64_t generation;
 125                 struct tevent_req *retry;
 126         } notification;
 127
 128         struct loadparm_context *lp_ctx;
 129         struct tevent_context *current_ev;
 130         struct imessaging_context *current_msg;
 131         struct ldb_context *sam_ctx;
 132 };
 133
 134 #include "ldap_server/proto.h"