/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2005 The OpenLDAP Foundation.
+ * Copyright 1998-2006 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
LDAP_BEGIN_DECL
-
-#ifdef LDAP_DEVEL
#define SLAP_LIGHTWEIGHT_DISPATCHER /* experimental slapd architecture */
#define SLAP_MULTI_CONN_ARRAY
#ifdef LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL
#define SLAP_SEM_LOAD_CONTROL
-#endif /* LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL */
+#endif
#define SLAP_ACL_HONOR_DISCLOSE /* partially implemented */
#define SLAP_ACL_HONOR_MANAGE /* not yet implemented */
-#define SLAP_DYNACL
#define SLAP_OVERLAY_ACCESS
#define LDAP_COMP_MATCH
#define LDAP_DYNAMIC_OBJECTS
#define LDAP_SYNC_TIMESTAMP
#define LDAP_COLLECTIVE_ATTRIBUTES
-#define SLAPD_CONF_UNKNOWN_BAILOUT
#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE
#define SLAP_ORDERED_PRETTYNORM
#ifdef ENABLE_REWRITE
#define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */
#endif
-#endif
#if defined(LDAP_SLAPI) && !defined(SLAP_OVERLAY_ACCESS)
#define SLAP_OVERLAY_ACCESS
#endif
-/*
- * ITS#3705: bail out if unknown config directives appear in slapd.conf
- */
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
-#define SLAPD_CONF_UNKNOWN_IGNORED ""
-#define SLAPD_DEBUG_CONFIG_ERROR LDAP_DEBUG_ANY
-#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
-#define SLAPD_CONF_UNKNOWN_IGNORED " (ignored)"
-#define SLAPD_DEBUG_CONFIG_ERROR LDAP_DEBUG_CONFIG
-#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
-
/*
* SLAPD Memory allocation macros
*
#define SLAPD_ROLE_ATTR "roleOccupant"
#define SLAPD_ROLE_CLASS "organizationalRole"
-#ifdef SLAPD_ACI_ENABLED
-#define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1"
-#endif /* SLAPD_ACI_ENABLED */
-
-/* change this to "OpenLDAPset" */
-#define SLAPD_ACI_SET_ATTR "template"
-
#define SLAPD_TOP_OID "2.5.6.0"
LDAP_SLAPD_V (int) slap_debug;
#define SLAP_MR_HIDE 0x8000U
#endif
+#define SLAP_MR_MUTATION_NORMALIZER 0x4000U
+
#define SLAP_MR_TYPE_MASK 0x0F00U
#define SLAP_MR_SUBTYPE_MASK 0x00F0U
#define SLAP_MR_USAGE 0x000FU
ACL_COMPARE,
ACL_SEARCH,
ACL_READ,
- ACL_WRITE,
+ ACL_WRITE_,
ACL_MANAGE,
/* always leave at end of levels but not greater than ACL_LEVEL_MASK */
ACL_QUALIFIER_MASK = 0x0f00,
/* write granularity */
- ACL_WADD = ACL_WRITE|ACL_QUALIFIER1,
- ACL_WDEL = ACL_WRITE|ACL_QUALIFIER2
+ ACL_WADD = ACL_WRITE_|ACL_QUALIFIER1,
+ ACL_WDEL = ACL_WRITE_|ACL_QUALIFIER2,
+
+ ACL_WRITE = ACL_WADD|ACL_WDEL
} slap_access_t;
typedef enum slap_control_e {
#ifdef SLAP_DYNACL
slap_dynacl_t *a_dynacl;
-#else /* ! SLAP_DYNACL */
-#ifdef SLAPD_ACI_ENABLED
- /* NOTE: ACIs have been moved under the "dynacl" interface,
- * which is currently built only when LDAP_DEVEL is defined.
- *
- * In any case, SLAPD_ACI_ENABLED, set by --enable-aci,
- * is required to enable ACI support.
- */
- AttributeDescription *a_aci_at;
-#endif /* SLAPD_ACI_ENABLED */
#endif /* SLAP_DYNACL */
/* ACL Groups */
struct slap_acl *acl_next;
} AccessControl;
+typedef enum {
+ ACL_STATE_NOT_RECORDED = 0x0,
+ ACL_STATE_RECORDED_VD = 0x1,
+ ACL_STATE_RECORDED_NV = 0x2,
+ ACL_STATE_RECORDED = ( ACL_STATE_RECORDED_VD | ACL_STATE_RECORDED_NV )
+} slap_acl_state_t;
+
typedef struct slap_acl_state {
- unsigned as_recorded;
-#define ACL_STATE_NOT_RECORDED 0x0
-#define ACL_STATE_RECORDED_VD 0x1
-#define ACL_STATE_RECORDED_NV 0x2
-#define ACL_STATE_RECORDED 0x3
+ slap_acl_state_t as_recorded;
/* Access state */
AccessControl *as_vd_acl;
#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, \
{ { 0, 0 } }, 0, NULL, 0, 0, NULL }
-#ifdef SLAPD_ACI_ENABLED
-typedef enum slap_aci_scope_t {
- SLAP_ACI_SCOPE_ENTRY = 0x1,
- SLAP_ACI_SCOPE_CHILDREN = 0x2,
- SLAP_ACI_SCOPE_SUBTREE = ( SLAP_ACI_SCOPE_ENTRY | SLAP_ACI_SCOPE_CHILDREN )
-} slap_aci_scope_t;
-#endif /* SLAPD_ACI_ENABLED */
-
/*
* Backend-info
* represents a backend
#define SLAP_TOOL_READMAIN 0x0200
#define SLAP_TOOL_READONLY 0x0400
#define SLAP_TOOL_QUICK 0x0800
+#define SLAP_TOOL_NO_SCHEMA_CHECK 0x1000
#define SB_TLS_DEFAULT (-1)
#define SB_TLS_OFF 0
struct berval sb_realm;
struct berval sb_authcId;
struct berval sb_authzId;
+#ifdef HAVE_TLS
+ void *sb_tls_ctx;
+ char *sb_tls_cert;
+ char *sb_tls_key;
+ char *sb_tls_cacert;
+ char *sb_tls_cacertdir;
+ char *sb_tls_reqcert;
+ char *sb_tls_cipher_suite;
+#ifdef HAVE_OPENSSL_CRL
+ char *sb_tls_crlcheck;
+#endif
+#endif
} slap_bindconf;
struct slap_replica_info {
/*
* define to honor hasSubordinates operational attribute in search filters
- * (in previous use there was a flaw with back-bdb and back-ldbm; now it
- * is fixed).
+ * (in previous use there was a flaw with back-bdb; now it is fixed).
*/
#define be_has_subordinates bd_info->bi_has_subordinates
#define SLAP_DBFLAG_GLUE_ADVERTISE 0x0080U /* advertise in rootDSE */
#define SLAP_DBFLAG_OVERLAY 0x0100U /* this db struct is an overlay */
#define SLAP_DBFLAG_GLOBAL_OVERLAY 0x0200U /* this db struct is a global overlay */
+#define SLAP_DBFLAG_DYNAMIC 0x0400U /* this db allows dynamicObjects */
#define SLAP_DBFLAG_SHADOW 0x8000U /* a shadow */
+#define SLAP_DBFLAG_SINGLE_SHADOW 0x4000U /* a single-master shadow */
#define SLAP_DBFLAG_SYNC_SHADOW 0x1000U /* a sync shadow */
#define SLAP_DBFLAG_SLURP_SHADOW 0x2000U /* a slurp shadow */
slap_mask_t be_flags;
#define SLAP_NOLASTMOD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD)
#define SLAP_LASTMOD(be) (!SLAP_NOLASTMOD(be))
#define SLAP_ISOVERLAY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_OVERLAY)
+#define SLAP_ISGLOBALOVERLAY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLOBAL_OVERLAY)
#define SLAP_NO_SCHEMA_CHECK(be) \
(SLAP_DBFLAGS(be) & SLAP_DBFLAG_NO_SCHEMA_CHECK)
#define SLAP_GLUE_INSTANCE(be) \
#define SLAP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SHADOW)
#define SLAP_SYNC_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SYNC_SHADOW)
#define SLAP_SLURP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SLURP_SHADOW)
+#define SLAP_SINGLE_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SINGLE_SHADOW)
+#define SLAP_MULTIMASTER(be) (!SLAP_SINGLE_SHADOW(be))
slap_mask_t be_restrictops; /* restriction operations */
#define SLAP_RESTRICT_OP_ADD 0x0001U
| SLAP_RESTRICT_OP_BIND \
| SLAP_RESTRICT_OP_EXTENDED )
-#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
+#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
#define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */
#define SLAP_ALLOW_BIND_ANON_DN 0x0004U /* dn should be empty */
#define SLAP_ALLOW_UPDATE_ANON 0x0008U /* allow anonymous updates */
+#define SLAP_ALLOW_PROXY_AUTHZ_ANON 0x0010U /* allow anonymous proxyAuthz */
#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
struct berval *rs_newSup;
struct berval *rs_nnewSup;
int rs_deleteoldrdn;
+ Modifications *rs_modlist;
} req_modrdn_s;
typedef struct req_add_s {
#define REP_ENTRY_MUSTBEFREED 0x0002U
#define REP_ENTRY_MUSTRELEASE 0x0004U
#define REP_MATCHED_MUSTBEFREED 0x0010U
-#define REP_REF_MUSTBEFREED 0x0020U
+#define REP_REF_MUSTBEFREED 0x0020U
+
+#define REP_NO_ENTRYDN 0x1000U
+#define REP_NO_SUBSCHEMA 0x2000U
+#define REP_NO_OPERATIONALS (REP_NO_ENTRYDN|REP_NO_SUBSCHEMA)
} SlapReply;
/* short hands for response members */
#define SLAP_BFLAG_SUBENTRIES 0x4000U
#define SLAP_BFLAG_DYNAMIC 0x8000U
+/* overlay specific */
+#define SLAPO_BFLAG_SINGLE 0x01000000U
+#define SLAPO_BFLAG_DBONLY 0x02000000U
+#define SLAPO_BFLAG_GLOBONLY 0x04000000U
+#define SLAPO_BFLAG_MASK 0xFF000000U
+
#define SLAP_BFLAGS(be) ((be)->bd_info->bi_flags)
#define SLAP_MONITOR(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR)
#define SLAP_CONFIG(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_CONFIG)
#define SLAP_ALIASES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES)
#define SLAP_REFERRALS(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS)
#define SLAP_SUBENTRIES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_SUBENTRIES)
-#define SLAP_DYNAMIC(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC)
+#define SLAP_DYNAMIC(be) ((SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC) || (SLAP_DBFLAGS(be) & SLAP_DBFLAG_DYNAMIC))
#define SLAP_NOLASTMODCMD(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_NOLASTMODCMD)
#define SLAP_LASTMODCMD(be) (!SLAP_NOLASTMODCMD(be))
+/* overlay specific */
+#define SLAPO_SINGLE(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_SINGLE)
+#define SLAPO_DBONLY(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_DBONLY)
+#define SLAPO_GLOBONLY(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_GLOBONLY)
+
char **bi_controls; /* supported controls */
char bi_ctrls[SLAP_MAX_CIDS + 1];
#endif
int sc_subentries;
int sc_treeDelete;
+#ifdef LDAP_X_TXN
+ int sc_txnSpec;
+#endif
int sc_valuesReturnFilter;
};
#define orr_newSup oq_modrdn.rs_newSup
#define orr_nnewSup oq_modrdn.rs_nnewSup
#define orr_deleteoldrdn oq_modrdn.rs_deleteoldrdn
+#define orr_modlist oq_modrdn.rs_modlist
#define orc_ava oq_compare.rs_ava
#define ora_e oq_add.rs_e
#define SLAP_CONTROL_DATA2 0x40
#define SLAP_CONTROL_DATA3 0x80
-
#define _SCM(x) ((x) & SLAP_CONTROL_MASK)
char o_ctrlflag[SLAP_MAX_CIDS]; /* per-control flags */
#define o_sortedresults o_ctrlflag[slap_cids.sc_sortedResults]
#endif
+#ifdef LDAP_X_TXN
+#define o_txnSpec o_ctrlflag[slap_cids.sc_txnSpec]
+#endif
+
#define o_sync o_ctrlflag[slap_cids.sc_LDAPsync]
AuthorizationInformation o_authz;
void *o_private; /* anything the backend needs */
- LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */
-
+ LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */
} Operation;
+
#define OPERATION_BUFFER_SIZE ( sizeof(Operation) + sizeof(Opheader) + \
SLAP_MAX_CIDS*sizeof(void *) )
void *c_sasl_extra; /* SASL session extra stuff */
struct slap_op *c_sasl_bindop; /* set to current op if it's a bind */
+#ifdef LDAP_X_TXN
+#define CONN_TXN_INACTIVE 0
+#define CONN_TXN_SPECIFY 1
+#define CONN_TXN_SETTLE -1
+ int c_txn;
+
+ Backend *c_txn_backend;
+ LDAP_STAILQ_HEAD(c_to, slap_op) c_txn_ops; /* list of operations in txn */
+#endif
+
PagedResultsState c_pagedresults_state; /* paged result state */
long c_n_ops_received; /* num of ops received (next op_id) */
long c_n_read; /* num of read calls */
long c_n_write; /* num of write calls */
- void *c_pb; /* Netscape plugin */
void *c_extensions; /* Netscape plugin */
/*
#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG)
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
- do { \
- if ( ldap_debug & (level) ) \
- fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
- if ( ldap_syslog & (level) ) \
- syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
- (arg2), (arg3) ); \
- } while (0)
+ Log5( (level), ldap_syslog_level, (fmt), (connid), (opid), (arg1), (arg2), (arg3) )
#define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level))
#elif defined(LDAP_DEBUG)
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
} while (0)
#define StatslogTest( level ) (ldap_debug & (level))
#else
-#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )
#define StatslogTest( level ) (0)
#endif
SlapReply *rs,
LDAPControl *ctrl ));
+typedef int (*SLAP_ENTRY_INFO_FN) LDAP_P(( void *arg, Entry *e ));
+
#define SLAP_SLAB_SIZE (1024*1024)
#define SLAP_SLAB_STACK 1
#define SLAP_SLAB_SOBLOCK 64
projects / openldap / blobdiff