/* back-ldap.h - ldap backend header file */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
 * Copyright 1999-2004 The OpenLDAP Foundation.
 * Portions Copyright 2000-2003 Pierangelo Masarati.
 * Portions Copyright 1999-2003 Howard Chu.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
 */
/* ACKNOWLEDGEMENTS:
 * This work was initially developed by the Howard Chu for inclusion
 * in OpenLDAP Software and subsequently enhanced by Pierangelo
 * Masarati.
 */

#ifndef SLAPD_LDAP_H
#define SLAPD_LDAP_H

#include "external.h"

/* String rewrite library */
#ifdef ENABLE_REWRITE
#include "rewrite.h"
#endif /* ENABLE_REWRITE */

#ifdef LDAP_DEVEL
#define LDAP_BACK_PROXY_AUTHZ
#endif

LDAP_BEGIN_DECL

struct slap_conn;
struct slap_op;
struct slap_backend_db;

struct ldapconn {
	struct slap_conn	*conn;
	LDAP		*ld;
	struct berval	cred;
	struct berval 	bound_dn;
	struct berval	local_dn;
	int		bound;
	ldap_pvt_thread_mutex_t		lc_mutex;
};

struct ldapmap {
	int drop_missing;

	Avlnode *map;
	Avlnode *remap;
};

struct ldapmapping {
	struct berval src;
	struct berval dst;
};

struct ldaprwmap {
	/*
	 * DN rewriting
	 */
#ifdef ENABLE_REWRITE
	struct rewrite_info *rwm_rw;
#else /* !ENABLE_REWRITE */
	/* some time the suffix massaging without librewrite
	 * will be disabled */
	BerVarray rwm_suffix_massage;
#endif /* !ENABLE_REWRITE */

	/*
	 * Attribute/objectClass mapping
	 */
	struct ldapmap rwm_oc;
	struct ldapmap rwm_at;
};

struct ldapauth {
	struct berval	la_authcID;
	struct berval	la_authcDN;
	struct berval	la_passwd;

	struct berval	la_authzID;
	
	int		la_authmethod;
	int		la_sasl_flags;
	struct berval	la_sasl_mech;
	struct berval	la_sasl_realm;
	
/* FIXME: required until I find a nice way to determine
 * whether a SASL mechanism is able to authz natively */
#define LDAP_BACK_HOW_TO_DETECT_SASL_NATIVE_AUTHZ

#ifdef LDAP_BACK_HOW_TO_DETECT_SASL_NATIVE_AUTHZ
#define LDAP_BACK_AUTH_NONE		0x00
#define	LDAP_BACK_AUTH_NATIVE_AUTHZ	0x01
	int		la_flags;
#endif /* LDAP_BACK_HOW_TO_DETECT_SASL_NATIVE_AUTHZ */
};

struct ldapinfo {
	char		*url;
	LDAPURLDesc	*lud;
	struct ldapauth acl_la;
#define	acl_authcDN	acl_la.la_authcDN
#define	acl_passwd	acl_la.la_passwd

#ifdef LDAP_BACK_PROXY_AUTHZ
	/* ID assert stuff */
	int		idassert_mode;
#define	LDAP_BACK_IDASSERT_LEGACY	0
#define	LDAP_BACK_IDASSERT_NOASSERT	1
#define	LDAP_BACK_IDASSERT_ANONYMOUS	2
#define	LDAP_BACK_IDASSERT_SELF		3
#define	LDAP_BACK_IDASSERT_OTHERDN	4
#define	LDAP_BACK_IDASSERT_OTHERID	5

	struct ldapauth	idassert_la;
#define	idassert_authcID	idassert_la.la_authcID
#define	idassert_authcDN	idassert_la.la_authcDN
#define	idassert_passwd		idassert_la.la_passwd
#define	idassert_authzID	idassert_la.la_authzID
#define	idassert_authmethod	idassert_la.la_authmethod
#define	idassert_sasl_flags	idassert_la.la_sasl_flags
#define	idassert_sasl_mech	idassert_la.la_sasl_mech
#define	idassert_sasl_realm	idassert_la.la_sasl_realm
#define	idassert_flags		idassert_la.la_flags
	BerVarray	idassert_authz;
	
	int		idassert_ppolicy;
	/* end of ID assert stuff */
#endif /* LDAP_BACK_PROXY_AUTHZ */

	ldap_pvt_thread_mutex_t		conn_mutex;
	int savecred;
	Avlnode *conntree;

#if 0
#ifdef ENABLE_REWRITE
	struct rewrite_info *rwinfo;
#else /* !ENABLE_REWRITE */
	BerVarray suffix_massage;
#endif /* !ENABLE_REWRITE */

	struct ldapmap oc_map;
	struct ldapmap at_map;
#endif

	struct ldaprwmap rwmap;
};

/* Whatever context ldap_back_dn_massage needs... */
typedef struct dncookie {
	struct ldaprwmap *rwmap;

#ifdef ENABLE_REWRITE
	Connection *conn;
	char *ctx;
	SlapReply *rs;
#else
	int normalized;
	int tofrom;
#endif
} dncookie;

struct ldapconn *ldap_back_getconn(struct slap_op *op, struct slap_rep *rs);
int ldap_back_dobind(struct ldapconn *lc, Operation *op, SlapReply *rs);
int ldap_back_map_result(SlapReply *rs);
int ldap_back_op_result(struct ldapconn *lc, Operation *op, SlapReply *rs,
	ber_int_t msgid, int sendok);
int	back_ldap_LTX_init_module(int argc, char *argv[]);

int ldap_back_dn_massage(dncookie *dc, struct berval *dn,
	struct berval *res);

extern int ldap_back_conn_cmp( const void *c1, const void *c2);
extern int ldap_back_conn_dup( void *c1, void *c2 );
extern void ldap_back_conn_free( void *c );

/* attributeType/objectClass mapping */
int mapping_cmp (const void *, const void *);
int mapping_dup (void *, void *);

void ldap_back_map_init ( struct ldapmap *lm, struct ldapmapping ** );
void ldap_back_map ( struct ldapmap *map, struct berval *s, struct berval *m,
	int remap );
#define BACKLDAP_MAP	0
#define BACKLDAP_REMAP	1
char *
ldap_back_map_filter(
		struct ldapmap *at_map,
		struct ldapmap *oc_map,
		struct berval *f,
		int remap
);

int
ldap_back_map_attrs(
		struct ldapmap *at_map,
		AttributeName *a,
		int remap,
		char ***mapped_attrs
);

extern void mapping_free ( void *mapping );

extern int ldap_back_map_config(
		struct ldapmap	*oc_map,
		struct ldapmap	*at_map,
		const char	*fname,
		int		lineno,
		int		argc,
		char		**argv );

extern int
ldap_back_filter_map_rewrite(
		dncookie		*dc,
		Filter			*f,
		struct berval		*fstr,
		int			remap );

/* suffix massaging by means of librewrite */
#ifdef ENABLE_REWRITE
extern int suffix_massage_config( struct rewrite_info *info,
		struct berval *pvnc, struct berval *nvnc,
		struct berval *prnc, struct berval *nrnc);
#endif /* ENABLE_REWRITE */
extern int ldap_dnattr_rewrite( dncookie *dc, BerVarray a_vals );
extern int ldap_dnattr_result_rewrite( dncookie *dc, BerVarray a_vals );

#ifdef LDAP_BACK_PROXY_AUTHZ
extern int
ldap_back_proxy_authz_ctrl(
		struct ldapconn	*lc,
		Operation	*op,
		SlapReply	*rs,
		LDAPControl	***pctrls );
#endif /* LDAP_BACK_PROXY_AUTHZ */

LDAP_END_DECL

#endif /* SLAPD_LDAP_H */