/* slap.h - stand alone ldap server include file */
+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef _SLAP_H_
+#define _SLAP_H_
-#ifndef _SLDAPD_H_
-#define _SLDAPD_H_
+#include "ldap_defaults.h"
-#define LDAP_SYSLOG
+#include <stdio.h>
+#include <ac/stdlib.h>
+
+#include <sys/types.h>
+#include <ac/syslog.h>
+#include <ac/regex.h>
+#include <ac/signal.h>
+#include <ac/socket.h>
+#include <ac/time.h>
+#include <ac/param.h>
-#include <syslog.h>
#include "avl.h"
-#include "lber.h"
-#include "ldap.h"
-#include "lthread.h"
-#include "ldif.h"
-#define DN_DNS 0
-#define DN_X500 1
+#ifndef ldap_debug
+#define ldap_debug slap_debug
+#endif
+
+#include "ldap_log.h"
+
+#include <ldap.h>
+#include <ldap_schema.h>
+
+#include "ldap_pvt_thread.h"
+#include "ldap_queue.h"
+
+LDAP_BEGIN_DECL
+/*
+ * SLAPD Memory allocation macros
+ *
+ * Unlike ch_*() routines, these routines do not assert() upon
+ * allocation error. They are intended to be used instead of
+ * ch_*() routines where the caller has implemented proper
+ * checking for and handling of allocation errors.
+ *
+ * Patches to convert ch_*() calls to SLAP_*() calls welcomed.
+ */
+#define SLAP_MALLOC(s) ber_memalloc((s))
+#define SLAP_CALLOC(n,s) ber_memcalloc((n),(s))
+#define SLAP_REALLOC(p,s) ber_memrealloc((p),(s))
+#define SLAP_FREE(p) ber_memfree((p))
+#define SLAP_VFREE(v) ber_memvfree((void**)(v))
+#define SLAP_STRDUP(s) ber_strdup((s))
+#define SLAP_STRNDUP(s,l) ber_strndup((s),(l))
+
+#ifdef f_next
+#undef f_next /* name conflict between sys/file.h on SCO and struct filter */
+#endif
+
+#define SERVICE_NAME OPENLDAP_PACKAGE "-slapd"
+#define SLAPD_ANONYMOUS "cn=anonymous"
+
+/* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h!
+ *
+ * This is a value used internally by the backends. It is needed to allow
+ * adding values that already exist without getting an error as required by
+ * modrdn when the new rdn was already an attribute value itself.
+ * JCG 05/1999 (gomez@engr.sgi.com)
+ */
+#define SLAP_MOD_SOFTADD 0x1000
+
+#define MAXREMATCHES (100)
+
+#define SLAP_MAX_WORKER_THREADS (32)
+
+#define SLAP_SB_MAX_INCOMING_DEFAULT ((1<<18) - 1)
+#define SLAP_SB_MAX_INCOMING_AUTH ((1<<24) - 1)
+
+#define SLAP_TEXT_BUFLEN (256)
+
+/* psuedo error code indicating abandoned operation */
+#define SLAPD_ABANDON (-1)
+
+/* psuedo error code indicating disconnect */
+#define SLAPD_DISCONNECT (-2)
+
+
+/* We assume "C" locale, that is US-ASCII */
+#define ASCII_SPACE(c) ( (c) == ' ' )
+#define ASCII_LOWER(c) ( (c) >= 'a' && (c) <= 'z' )
+#define ASCII_UPPER(c) ( (c) >= 'A' && (c) <= 'Z' )
+#define ASCII_ALPHA(c) ( ASCII_LOWER(c) || ASCII_UPPER(c) )
+#define ASCII_DIGIT(c) ( (c) >= '0' && (c) <= '9' )
+#define ASCII_ALNUM(c) ( ASCII_ALPHA(c) || ASCII_DIGIT(c) )
+#define ASCII_PRINTABLE(c) ( (c) >= ' ' && (c) <= '~' )
+
+#define SLAP_NIBBLE(c) ((c)&0x0f)
+#define SLAP_ESCAPE_CHAR ('\\')
+#define SLAP_ESCAPE_LO(c) ( "0123456789ABCDEF"[SLAP_NIBBLE(c)] )
+#define SLAP_ESCAPE_HI(c) ( SLAP_ESCAPE_LO((c)>>4) )
+
+#define FILTER_ESCAPE(c) ( (c) == '*' || (c) == '\\' \
+ || (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) )
+
+#define DN_ESCAPE(c) ((c) == SLAP_ESCAPE_CHAR)
+#define DN_SEPARATOR(c) ((c) == ',' || (c) == ';')
+#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */
+#define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c))
+#define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"')
+
+#define DESC_LEADCHAR(c) ( ASCII_ALPHA(c) )
+#define DESC_CHAR(c) ( ASCII_ALNUM(c) || (c) == '-' )
+#define OID_LEADCHAR(c) ( ASCII_DIGIT(c) )
+#define OID_SEPARATOR(c) ( (c) == '.' )
+#define OID_CHAR(c) ( OID_LEADCHAR(c) || OID_SEPARATOR(c) )
+
+#define ATTR_LEADCHAR(c) ( DESC_LEADCHAR(c) || OID_LEADCHAR(c) )
+#define ATTR_CHAR(c) ( DESC_CHAR((c)) || (c) == '.' )
+
+#define AD_LEADCHAR(c) ( ATTR_CHAR(c) )
+#define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' )
+
+#define SLAP_NUMERIC(c) ( ASCII_DIGIT(c) || ASCII_SPACE(c) )
+
+#define SLAP_PRINTABLE(c) ( ASCII_ALNUM(c) || (c) == '\'' || \
+ (c) == '(' || (c) == ')' || (c) == '+' || (c) == ',' || \
+ (c) == '-' || (c) == '.' || (c) == '/' || (c) == ':' || \
+ (c) == '?' || (c) == ' ' || (c) == '=' )
+#define SLAP_PRINTABLES(c) ( SLAP_PRINTABLE(c) || (c) == '$' )
+
+/* must match in schema_init.c */
+#define SLAPD_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
+#define SLAPD_NAMEUID_SYNTAX "1.3.6.1.4.1.1466.115.121.1.34"
+#define SLAPD_GROUP_ATTR "member"
+#define SLAPD_GROUP_CLASS "groupOfNames"
+#define SLAPD_ROLE_ATTR "roleOccupant"
+#define SLAPD_ROLE_CLASS "organizationalRole"
+
+#ifdef SLAPD_ACI_ENABLED
+#define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1"
+#endif
+
+#define SLAPD_OCTETSTRING_SYNTAX "1.3.6.1.4.1.1466.115.121.1.40"
+
+/* change this to "OpenLDAPset" */
+#define SLAPD_ACI_SET_ATTR "template"
+
+#define SLAPD_TOP_OID "2.5.6.0"
+
+LDAP_SLAPD_V (int) slap_debug;
+
+typedef unsigned long slap_mask_t;
+
+/* Security Strength Factor */
+typedef unsigned slap_ssf_t;
+
+typedef struct slap_ssf_set {
+ slap_ssf_t sss_ssf;
+ slap_ssf_t sss_transport;
+ slap_ssf_t sss_tls;
+ slap_ssf_t sss_sasl;
+ slap_ssf_t sss_update_ssf;
+ slap_ssf_t sss_update_transport;
+ slap_ssf_t sss_update_tls;
+ slap_ssf_t sss_update_sasl;
+} slap_ssf_set_t;
+
+/*
+ * Index types
+ */
+#define SLAP_INDEX_TYPE 0x00FFUL
+#define SLAP_INDEX_UNDEFINED 0x0001UL
+#define SLAP_INDEX_PRESENT 0x0002UL
+#define SLAP_INDEX_EQUALITY 0x0004UL
+#define SLAP_INDEX_APPROX 0x0008UL
+#define SLAP_INDEX_SUBSTR 0x0010UL
+#define SLAP_INDEX_EXTENDED 0x0020UL
+
+#define SLAP_INDEX_DEFAULT SLAP_INDEX_EQUALITY
+
+#define IS_SLAP_INDEX(mask, type) (((mask) & (type)) == (type))
+
+#define SLAP_INDEX_SUBSTR_TYPE 0x0F00UL
+
+#define SLAP_INDEX_SUBSTR_INITIAL ( SLAP_INDEX_SUBSTR | 0x0100UL )
+#define SLAP_INDEX_SUBSTR_ANY ( SLAP_INDEX_SUBSTR | 0x0200UL )
+#define SLAP_INDEX_SUBSTR_FINAL ( SLAP_INDEX_SUBSTR | 0x0400UL )
+#define SLAP_INDEX_SUBSTR_DEFAULT \
+ ( SLAP_INDEX_SUBSTR \
+ | SLAP_INDEX_SUBSTR_INITIAL \
+ | SLAP_INDEX_SUBSTR_ANY \
+ | SLAP_INDEX_SUBSTR_FINAL )
+
+#define SLAP_INDEX_SUBSTR_MINLEN 2
+#define SLAP_INDEX_SUBSTR_MAXLEN 4
+#define SLAP_INDEX_SUBSTR_STEP 2
+
+#define SLAP_INDEX_FLAGS 0xF000UL
+#define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */
+#define SLAP_INDEX_NOLANG 0x2000UL /* don't use index w/ lang */
+
+/*
+ * there is a single index for each attribute. these prefixes ensure
+ * that there is no collision among keys.
+ */
+#define SLAP_INDEX_EQUALITY_PREFIX '=' /* prefix for equality keys */
+#define SLAP_INDEX_APPROX_PREFIX '~' /* prefix for approx keys */
+#define SLAP_INDEX_SUBSTR_PREFIX '*' /* prefix for substring keys */
+#define SLAP_INDEX_SUBSTR_INITIAL_PREFIX '^'
+#define SLAP_INDEX_SUBSTR_FINAL_PREFIX '$'
+#define SLAP_INDEX_CONT_PREFIX '.' /* prefix for continuation keys */
+
+#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
+#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
+#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
+
+/*
+ * represents schema information for a database
+ */
+#define SLAP_SCHERR_OUTOFMEM 1
+#define SLAP_SCHERR_CLASS_NOT_FOUND 2
+#define SLAP_SCHERR_CLASS_BAD_USAGE 3
+#define SLAP_SCHERR_CLASS_BAD_SUP 4
+#define SLAP_SCHERR_CLASS_DUP 5
+#define SLAP_SCHERR_ATTR_NOT_FOUND 6
+#define SLAP_SCHERR_ATTR_BAD_USAGE 7
+#define SLAP_SCHERR_ATTR_BAD_SUP 8
+#define SLAP_SCHERR_ATTR_INCOMPLETE 9
+#define SLAP_SCHERR_ATTR_DUP 10
+#define SLAP_SCHERR_MR_NOT_FOUND 11
+#define SLAP_SCHERR_MR_INCOMPLETE 12
+#define SLAP_SCHERR_MR_DUP 13
+#define SLAP_SCHERR_SYN_NOT_FOUND 14
+#define SLAP_SCHERR_SYN_DUP 15
+#define SLAP_SCHERR_NO_NAME 16
+#define SLAP_SCHERR_NOT_SUPPORTED 17
+#define SLAP_SCHERR_BAD_DESCR 18
+#define SLAP_SCHERR_OIDM 19
+#define SLAP_SCHERR_LAST SLAP_SCHERR_OIDM
+
+typedef union slap_sockaddr {
+ struct sockaddr sa_addr;
+ struct sockaddr_in sa_in_addr;
+#ifdef LDAP_PF_INET6
+ struct sockaddr_in6 sa_in6_addr;
+#endif
+#ifdef LDAP_PF_LOCAL
+ struct sockaddr_un sa_un_addr;
+#endif
+} Sockaddr;
+
+#ifdef LDAP_PF_INET6
+extern int slap_inet4or6;
+#endif
+
+typedef struct slap_oid_macro {
+ struct berval som_oid;
+ char **som_names;
+ struct slap_oid_macro *som_next;
+} OidMacro;
+
+/* forward declarations */
+struct slap_syntax;
+struct slap_matching_rule;
+
+typedef int slap_syntax_validate_func LDAP_P((
+ struct slap_syntax *syntax,
+ struct berval * in));
+
+typedef int slap_syntax_transform_func LDAP_P((
+ struct slap_syntax *syntax,
+ struct berval * in,
+ struct berval * out));
+
+typedef struct slap_syntax {
+ LDAPSyntax ssyn_syn;
+#define ssyn_oid ssyn_syn.syn_oid
+#define ssyn_desc ssyn_syn.syn_desc
+#define ssyn_extensions ssyn_syn.syn_extensions
+ ber_len_t ssyn_oidlen;
+
+ unsigned int ssyn_flags;
+
+#define SLAP_SYNTAX_NONE 0x0000U
+#define SLAP_SYNTAX_BLOB 0x0001U /* syntax treated as blob (audio) */
+#define SLAP_SYNTAX_BINARY 0x0002U /* binary transfer required (certificate) */
+#define SLAP_SYNTAX_BER 0x0004U /* stored in BER encoding (certificate) */
+#define SLAP_SYNTAX_HIDE 0x8000U /* hide (do not publish) */
+
+ slap_syntax_validate_func *ssyn_validate;
+ slap_syntax_transform_func *ssyn_normalize;
+ slap_syntax_transform_func *ssyn_pretty;
+
+#ifdef SLAPD_BINARY_CONVERSION
+ /* convert to and from binary */
+ slap_syntax_transform_func *ssyn_ber2str;
+ slap_syntax_transform_func *ssyn_str2ber;
+#endif
+
+ struct slap_syntax *ssyn_next;
+} Syntax;
+
+#define slap_syntax_is_flag(s,flag) ((int)((s)->ssyn_flags & (flag)) ? 1 : 0)
+#define slap_syntax_is_blob(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BLOB)
+#define slap_syntax_is_binary(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BINARY)
+#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
+#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
+
+/* X -> Y Converter */
+typedef int slap_mr_convert_func LDAP_P((
+ struct berval * in,
+ struct berval * out ));
-#define ON 1
-#define OFF (-1)
+/* Normalizer */
+typedef int slap_mr_normalize_func LDAP_P((
+ slap_mask_t use,
+ struct slap_syntax *syntax, /* NULL if in is asserted value */
+ struct slap_matching_rule *mr,
+ struct berval * in,
+ struct berval * out ));
+
+/* Match (compare) function */
+typedef int slap_mr_match_func LDAP_P((
+ int *match,
+ slap_mask_t use,
+ struct slap_syntax *syntax, /* syntax of stored value */
+ struct slap_matching_rule *mr,
+ struct berval * value,
+ void * assertValue ));
+
+/* Index generation function */
+typedef int slap_mr_indexer_func LDAP_P((
+ slap_mask_t use,
+ slap_mask_t mask,
+ struct slap_syntax *syntax, /* syntax of stored value */
+ struct slap_matching_rule *mr,
+ struct berval *prefix,
+ BerVarray values,
+ BerVarray *keys ));
+
+/* Filter index function */
+typedef int slap_mr_filter_func LDAP_P((
+ slap_mask_t use,
+ slap_mask_t mask,
+ struct slap_syntax *syntax, /* syntax of stored value */
+ struct slap_matching_rule *mr,
+ struct berval *prefix,
+ void * assertValue,
+ BerVarray *keys ));
+
+typedef struct slap_matching_rule {
+ LDAPMatchingRule smr_mrule;
+ ber_len_t smr_oidlen;
+ slap_mask_t smr_usage;
+
+#define SLAP_MR_HIDE 0x8000U
+
+#define SLAP_MR_TYPE_MASK 0x0F00U
+#define SLAP_MR_SUBTYPE_MASK 0x00F0U
+#define SLAP_MR_USAGE 0x000FU
+
+#define SLAP_MR_NONE 0x0000U
+#define SLAP_MR_EQUALITY 0x0100U
+#define SLAP_MR_ORDERING 0x0200U
+#define SLAP_MR_SUBSTR 0x0400U
+#define SLAP_MR_EXT 0x0800U
+
+#define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U )
+#define SLAP_MR_DN_FOLD 0x0008U
+
+#define SLAP_MR_SUBSTR_INITIAL ( SLAP_MR_SUBSTR | 0x0010U )
+#define SLAP_MR_SUBSTR_ANY ( SLAP_MR_SUBSTR | 0x0020U )
+#define SLAP_MR_SUBSTR_FINAL ( SLAP_MR_SUBSTR | 0x0040U )
/*
- * represents an attribute value assertion (i.e., attr=value)
+ * normally the provided value is expected to conform to
+ * assertion syntax specified in the matching rule, however
+ * at times (such as during individual value modification),
+ * the provided value is expected to conform to the
+ * attribute's value syntax.
*/
-typedef struct ava {
- char *ava_type;
- struct berval ava_value;
-} Ava;
+#define SLAP_MR_ASSERTION_SYNTAX_MATCH 0x0000U
+#define SLAP_MR_VALUE_SYNTAX_MATCH 0x0001U
+#define SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH 0x0003U
+
+#define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \
+ (!((usage) & SLAP_MR_VALUE_SYNTAX_MATCH))
+#define SLAP_IS_MR_VALUE_SYNTAX_MATCH( usage ) \
+ ((usage) & SLAP_MR_VALUE_SYNTAX_MATCH)
+
+#define SLAP_IS_MR_VALUE_SYNTAX_CONVERTED_MATCH( usage ) \
+ (((usage) & SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH) \
+ == SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH)
+#define SLAP_IS_MR_VALUE_SYNTAX_NONCONVERTED_MATCH( usage ) \
+ (((usage) & SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH) \
+ == SLAP_MR_VALUE_SYNTAX_MATCH)
+
+ Syntax *smr_syntax;
+ slap_mr_convert_func *smr_convert;
+ slap_mr_normalize_func *smr_normalize;
+ slap_mr_match_func *smr_match;
+ slap_mr_indexer_func *smr_indexer;
+ slap_mr_filter_func *smr_filter;
+
+ struct slap_matching_rule *smr_associated;
+ struct slap_matching_rule *smr_next;
+
+#define smr_oid smr_mrule.mr_oid
+#define smr_names smr_mrule.mr_names
+#define smr_desc smr_mrule.mr_desc
+#define smr_obsolete smr_mrule.mr_obsolete
+#define smr_syntax_oid smr_mrule.mr_syntax_oid
+#define smr_extensions smr_mrule.mr_extensions
+} MatchingRule;
+
+struct slap_backend_db;
+struct slap_entry;
+struct slap_attr;
+
+typedef int (AttributeTypeSchemaCheckFN)(
+ struct slap_backend_db *be,
+ struct slap_entry *e,
+ struct slap_attr *attr,
+ const char** text,
+ char *textbuf, size_t textlen );
+
+typedef struct slap_attribute_type {
+ LDAPAttributeType sat_atype;
+ struct berval sat_cname;
+ struct slap_attribute_type *sat_sup;
+ struct slap_attribute_type **sat_subtypes;
+ MatchingRule *sat_equality;
+ MatchingRule *sat_approx;
+ MatchingRule *sat_ordering;
+ MatchingRule *sat_substr;
+ Syntax *sat_syntax;
+
+ AttributeTypeSchemaCheckFN *sat_check;
+
+#define SLAP_AT_NONE 0x0000U
+#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */
+#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */
+#define SLAP_AT_HIDE 0x8000U /* hide attribute */
+ slap_mask_t sat_flags;
+
+ struct slap_attribute_type *sat_next;
+
+#define sat_oid sat_atype.at_oid
+#define sat_names sat_atype.at_names
+#define sat_desc sat_atype.at_desc
+#define sat_obsolete sat_atype.at_obsolete
+#define sat_sup_oid sat_atype.at_sup_oid
+#define sat_equality_oid sat_atype.at_equality_oid
+#define sat_ordering_oid sat_atype.at_ordering_oid
+#define sat_substr_oid sat_atype.at_substr_oid
+#define sat_syntax_oid sat_atype.at_syntax_oid
+#define sat_single_value sat_atype.at_single_value
+#define sat_collective sat_atype.at_collective
+#define sat_no_user_mod sat_atype.at_no_user_mod
+#define sat_usage sat_atype.at_usage
+#define sat_extensions sat_atype.at_extensions
+
+ struct slap_attr_desc *sat_ad;
+ ldap_pvt_thread_mutex_t sat_ad_mutex;
+} AttributeType;
+
+#define is_at_operational(at) ((at)->sat_usage)
+#define is_at_single_value(at) ((at)->sat_single_value)
+#define is_at_collective(at) ((at)->sat_collective)
+#define is_at_obsolete(at) ((at)->sat_obsolete)
+#define is_at_no_user_mod(at) ((at)->sat_no_user_mod)
+
+struct slap_object_class;
+
+typedef int (ObjectClassSchemaCheckFN)(
+ struct slap_backend_db *be,
+ struct slap_entry *e,
+ struct slap_object_class *oc,
+ const char** text,
+ char *textbuf, size_t textlen );
+
+typedef struct slap_object_class {
+ LDAPObjectClass soc_oclass;
+ struct slap_object_class **soc_sups;
+ AttributeType **soc_required;
+ AttributeType **soc_allowed;
+ ObjectClassSchemaCheckFN *soc_check;
+ slap_mask_t soc_flags;
+#define soc_oid soc_oclass.oc_oid
+#define soc_names soc_oclass.oc_names
+#define soc_desc soc_oclass.oc_desc
+#define soc_obsolete soc_oclass.oc_obsolete
+#define soc_sup_oids soc_oclass.oc_sup_oids
+#define soc_kind soc_oclass.oc_kind
+#define soc_at_oids_must soc_oclass.oc_at_oids_must
+#define soc_at_oids_may soc_oclass.oc_at_oids_may
+#define soc_extensions soc_oclass.oc_extensions
+
+ struct slap_object_class *soc_next;
+} ObjectClass;
+
+#define SLAP_OC_ALIAS 0x0001
+#define SLAP_OC_REFERRAL 0x0002
+#define SLAP_OC_SUBENTRY 0x0004
+#define SLAP_OC_DYNAMICOBJECT 0x0008
+#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x0010
+#define SLAP_OC__MASK 0x001F
+#define SLAP_OC__END 0x0020
+#define SLAP_OC_OPERATIONAL 0x4000
+#define SLAP_OC_HIDE 0x8000
+
+#ifdef LDAP_EXTENDED_SCHEMA
+/*
+ * DIT content rule
+ */
+typedef struct slap_content_rule {
+ LDAPContentRule scr_crule;
+ ObjectClass *scr_sclass;
+ ObjectClass **scr_auxiliaries; /* optional */
+ AttributeType **scr_required; /* optional */
+ AttributeType **scr_allowed; /* optional */
+ AttributeType **scr_precluded; /* optional */
+#define scr_oid scr_crule.cr_oid
+#define scr_names scr_crule.cr_names
+#define scr_desc scr_crule.cr_desc
+#define scr_obsolete soc_oclass.cr_obsolete
+#define scr_cr_oids_aux soc_oclass.cr_oc_oids_aux
+#define scr_cr_oids_must soc_oclass.cr_at_oids_must
+#define scr_cr_oids_may soc_oclass.cr_at_oids_may
+#define scr_cr_oids_not soc_oclass.cr_at_oids_not
+} ContentRule;
+#endif
+
+/*
+ * represents a recognized attribute description ( type + options )
+ */
+typedef struct slap_attr_desc {
+ struct slap_attr_desc *ad_next;
+ AttributeType *ad_type; /* attribute type, must be specified */
+ struct berval ad_cname; /* canonical name, must be specified */
+ struct berval ad_lang; /* empty if no language tags */
+ unsigned ad_flags;
+#define SLAP_DESC_NONE 0x00U
+#define SLAP_DESC_BINARY 0x01U
+#define SLAP_DESC_LANG_RANGE 0x80U
+} AttributeDescription;
+
+typedef struct slap_attr_name {
+ struct berval an_name;
+ AttributeDescription *an_desc;
+ ObjectClass *an_oc;
+} AttributeName;
+
+#define slap_ad_is_lang(ad) ( (ad)->ad_lang.bv_len != 0 )
+#define slap_ad_is_lang_range(ad) \
+ ( ((ad)->ad_flags & SLAP_DESC_LANG_RANGE) ? 1 : 0 )
+#define slap_ad_is_binary(ad) \
+ ( ((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
+
+/*
+ * pointers to schema elements used internally
+ */
+struct slap_internal_schema {
+ /* objectClass */
+ ObjectClass *si_oc_top;
+ ObjectClass *si_oc_extensibleObject;
+ ObjectClass *si_oc_alias;
+ ObjectClass *si_oc_referral;
+ ObjectClass *si_oc_rootdse;
+ ObjectClass *si_oc_subentry;
+ ObjectClass *si_oc_subschema;
+ ObjectClass *si_oc_monitor;
+
+ /* objectClass attribute descriptions */
+ AttributeDescription *si_ad_objectClass;
+
+ /* operational attribute descriptions */
+ AttributeDescription *si_ad_structuralObjectClass;
+ AttributeDescription *si_ad_creatorsName;
+ AttributeDescription *si_ad_createTimestamp;
+ AttributeDescription *si_ad_modifiersName;
+ AttributeDescription *si_ad_modifyTimestamp;
+ AttributeDescription *si_ad_hasSubordinates;
+ AttributeDescription *si_ad_subschemaSubentry;
+ AttributeDescription *si_ad_entryUUID;
+ AttributeDescription *si_ad_entryCSN;
+
+ /* root DSE attribute descriptions */
+ AttributeDescription *si_ad_altServer;
+ AttributeDescription *si_ad_namingContexts;
+ AttributeDescription *si_ad_supportedControl;
+ AttributeDescription *si_ad_supportedExtension;
+ AttributeDescription *si_ad_supportedLDAPVersion;
+ AttributeDescription *si_ad_supportedSASLMechanisms;
+ AttributeDescription *si_ad_supportedFeatures;
+ AttributeDescription *si_ad_monitorContext;
+ AttributeDescription *si_ad_vendorName;
+ AttributeDescription *si_ad_vendorVersion;
+
+ /* subentry attribute descriptions */
+ AttributeDescription *si_ad_administrativeRole;
+ AttributeDescription *si_ad_subtreeSpecification;
+
+ /* subschema subentry attribute descriptions */
+ AttributeDescription *si_ad_ditStructureRules;
+ AttributeDescription *si_ad_ditContentRules;
+ AttributeDescription *si_ad_nameForms;
+ AttributeDescription *si_ad_objectClasses;
+ AttributeDescription *si_ad_attributeTypes;
+ AttributeDescription *si_ad_ldapSyntaxes;
+ AttributeDescription *si_ad_matchingRules;
+ AttributeDescription *si_ad_matchingRuleUse;
+
+ /* Aliases & Referrals */
+ AttributeDescription *si_ad_aliasedObjectName;
+ AttributeDescription *si_ad_ref;
+
+ /* Access Control Internals */
+ AttributeDescription *si_ad_entry;
+ AttributeDescription *si_ad_children;
+ AttributeDescription *si_ad_saslAuthzTo;
+ AttributeDescription *si_ad_saslAuthzFrom;
+#ifdef SLAPD_ACI_ENABLED
+ AttributeDescription *si_ad_aci;
+#endif
+
+ /* Other attributes descriptions */
+ AttributeDescription *si_ad_distinguishedName;
+ AttributeDescription *si_ad_name;
+ AttributeDescription *si_ad_cn;
+ AttributeDescription *si_ad_userPassword;
+#ifdef SLAPD_AUTHPASSWD
+ AttributeDescription *si_ad_authPassword;
+#endif
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ AttributeDescription *si_ad_krbName;
+#endif
+
+ /* Undefined Attribute Type */
+ AttributeType *si_at_undefined;
+
+ /* Matching Rules */
+ MatchingRule *si_mr_distinguishedNameMatch;
+ MatchingRule *si_mr_integerMatch;
+
+ /* Syntaxes */
+ Syntax *si_syn_octetString;
+ Syntax *si_syn_distinguishedName;
+ Syntax *si_syn_integer;
+};
+
+typedef struct slap_attr_assertion {
+ AttributeDescription *aa_desc;
+ struct berval aa_value;
+} AttributeAssertion;
+
+typedef struct slap_ss_assertion {
+ AttributeDescription *sa_desc;
+ struct berval sa_initial;
+ struct berval *sa_any;
+ struct berval sa_final;
+} SubstringsAssertion;
+
+typedef struct slap_mr_assertion {
+ MatchingRule *ma_rule; /* optional */
+ struct berval ma_rule_text; /* optional */
+ AttributeDescription *ma_desc; /* optional */
+ int ma_dnattrs; /* boolean */
+ struct berval ma_value; /* required */
+} MatchingRuleAssertion;
/*
* represents a search filter
*/
-typedef struct filter {
- unsigned long f_choice; /* values taken from ldap.h */
+typedef struct slap_filter {
+ ber_tag_t f_choice; /* values taken from ldap.h, plus: */
+#define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1)
+#define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2)
+#define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3)
+
+ union f_un_u {
+ /* precomputed result */
+ ber_int_t f_un_result;
+
+ /* DN */
+ struct berval *f_un_dn;
- union {
/* present */
- char *f_un_type;
+ AttributeDescription *f_un_desc;
+
+ /* simple value assertion */
+ AttributeAssertion *f_un_ava;
+
+ /* substring assertion */
+ SubstringsAssertion *f_un_ssa;
+
+ /* matching rule assertion */
+ MatchingRuleAssertion *f_un_mra;
- /* equality, lessorequal, greaterorequal, approx */
- Ava f_un_ava;
+#define f_dn f_un.f_un_dn
+#define f_desc f_un.f_un_desc
+#define f_ava f_un.f_un_ava
+#define f_av_desc f_un.f_un_ava->aa_desc
+#define f_av_value f_un.f_un_ava->aa_value
+#define f_sub f_un.f_un_ssa
+#define f_sub_desc f_un.f_un_ssa->sa_desc
+#define f_sub_initial f_un.f_un_ssa->sa_initial
+#define f_sub_any f_un.f_un_ssa->sa_any
+#define f_sub_final f_un.f_un_ssa->sa_final
+#define f_mra f_un.f_un_mra
+#define f_mr_rule f_un.f_un_mra->ma_rule
+#define f_mr_rule_text f_un.f_un_mra->ma_rule_text
+#define f_mr_desc f_un.f_un_mra->ma_desc
+#define f_mr_value f_un.f_un_mra->ma_value
+#define f_mr_dnattrs f_un.f_un_mra->ma_dnattrs
/* and, or, not */
- struct filter *f_un_complex;
-
- /* substrings */
- struct sub {
- char *f_un_sub_type;
- char *f_un_sub_initial;
- char **f_un_sub_any;
- char *f_un_sub_final;
- } f_un_sub;
+ struct slap_filter *f_un_complex;
} f_un;
-#define f_type f_un.f_un_type
-#define f_ava f_un.f_un_ava
-#define f_avtype f_un.f_un_ava.ava_type
-#define f_avvalue f_un.f_un_ava.ava_value
+
+#define f_result f_un.f_un_result
#define f_and f_un.f_un_complex
#define f_or f_un.f_un_complex
#define f_not f_un.f_un_complex
#define f_list f_un.f_un_complex
-#define f_sub f_un.f_un_sub
-#define f_sub_type f_un.f_un_sub.f_un_sub_type
-#define f_sub_initial f_un.f_un_sub.f_un_sub_initial
-#define f_sub_any f_un.f_un_sub.f_un_sub_any
-#define f_sub_final f_un.f_un_sub.f_un_sub_final
- struct filter *f_next;
+ struct slap_filter *f_next;
} Filter;
+/* compare routines can return undefined */
+#define SLAPD_COMPARE_UNDEFINED ((ber_int_t) -1)
+
+typedef struct slap_valuesreturnfilter {
+ ber_tag_t f_choice;
+
+ union vrf_un_u {
+ /* precomputed result */
+ ber_int_t f_un_result;
+
+ /* DN */
+ char *f_un_dn;
+
+ /* present */
+ AttributeDescription *f_un_desc;
+
+ /* simple value assertion */
+ AttributeAssertion *f_un_ava;
+
+ /* substring assertion */
+ SubstringsAssertion *f_un_ssa;
+
+ /* matching rule assertion */
+ MatchingRuleAssertion *f_un_mra;
+ } f_un;
+
+ struct slap_valuesreturnfilter *f_next;
+} ValuesReturnFilter;
+
/*
- * represents an attribute (type + values + syntax)
+ * represents an attribute (description + values)
*/
-typedef struct attr {
- char *a_type;
- struct berval **a_vals;
- int a_syntax;
- struct attr *a_next;
+typedef struct slap_attr {
+ AttributeDescription *a_desc;
+ BerVarray a_vals;
+ struct slap_attr *a_next;
+ unsigned a_flags;
+#define SLAP_ATTR_IXADD 0x1U
+#define SLAP_ATTR_IXDEL 0x2U
} Attribute;
-/*
- * the attr_syntax() routine returns one of these values
- * telling what kind of syntax an attribute supports.
- */
-#define SYNTAX_CIS 0x01 /* case insensitive string */
-#define SYNTAX_CES 0x02 /* case sensitive string */
-#define SYNTAX_BIN 0x04 /* binary data */
-#define SYNTAX_TEL 0x08 /* telephone number string */
-#define SYNTAX_DN 0x10 /* dn string */
/*
* the id used in the indexes to refer to an entry
*/
typedef unsigned long ID;
-#define NOID ((unsigned long)-1)
+#define NOID ((ID)~0)
/*
* represents an entry in core
*/
-typedef struct entry {
- char *e_dn; /* DN of this entry */
- Attribute *e_attrs; /* list of attributes + values */
-
- ID e_id; /* id of this entry - this should */
- /* really be private to back-ldbm */
- char e_state; /* for the cache */
-#define ENTRY_STATE_DELETED 1
-#define ENTRY_STATE_CREATING 2
- int e_refcnt; /* # threads ref'ing this entry */
- struct entry *e_lrunext; /* for cache lru list */
- struct entry *e_lruprev;
+typedef struct slap_entry {
+ /*
+ * The ID field should only be changed before entry is
+ * inserted into a cache. The ID value is backend
+ * specific.
+ */
+ ID e_id;
+
+ struct berval e_name; /* name (DN) of this entry */
+ struct berval e_nname; /* normalized name (DN) of this entry */
+
+ /* for migration purposes */
+#define e_dn e_name.bv_val
+#define e_ndn e_nname.bv_val
+
+ Attribute *e_attrs; /* list of attributes + values */
+
+ slap_mask_t e_ocflags;
+
+ struct berval e_bv; /* For entry_encode/entry_decode */
+
+ /* for use by the backend for any purpose */
+ void* e_private;
} Entry;
+/*
+ * A list of LDAPMods
+ */
+typedef struct slap_mod {
+ int sm_op;
+ AttributeDescription *sm_desc;
+ struct berval sm_type;
+ BerVarray sm_bvalues;
+} Modification;
+
+typedef struct slap_mod_list {
+ Modification sml_mod;
+#define sml_op sml_mod.sm_op
+#define sml_desc sml_mod.sm_desc
+#define sml_type sml_mod.sm_type
+#define sml_bvalues sml_mod.sm_bvalues
+ struct slap_mod_list *sml_next;
+} Modifications;
+
+typedef struct slap_ldap_modlist {
+ LDAPMod ml_mod;
+ struct slap_ldap_modlist *ml_next;
+#define ml_op ml_mod.mod_op
+#define ml_type ml_mod.mod_type
+#define ml_values ml_mod.mod_values
+#define ml_bvalues ml_mod.mod_bvalues
+} LDAPModList;
+
/*
* represents an access control list
*/
+typedef enum slap_access_e {
+ ACL_INVALID_ACCESS = -1,
+ ACL_NONE = 0,
+ ACL_AUTH,
+ ACL_COMPARE,
+ ACL_SEARCH,
+ ACL_READ,
+ ACL_WRITE
+} slap_access_t;
+
+typedef enum slap_control_e {
+ ACL_INVALID_CONTROL = 0,
+ ACL_STOP,
+ ACL_CONTINUE,
+ ACL_BREAK
+} slap_control_t;
+
+typedef enum slap_style_e {
+ ACL_STYLE_REGEX = 0,
+ ACL_STYLE_BASE,
+ ACL_STYLE_ONE,
+ ACL_STYLE_SUBTREE,
+ ACL_STYLE_CHILDREN,
+ ACL_STYLE_ATTROF,
+
+ /* alternate names */
+ ACL_STYLE_EXACT = ACL_STYLE_BASE
+} slap_style_t;
+
+typedef struct slap_authz_info {
+ ber_tag_t sai_method; /* LDAP_AUTH_* from <ldap.h> */
+ struct berval sai_mech; /* SASL Mechanism */
+ struct berval sai_dn; /* DN for reporting purposes */
+ struct berval sai_ndn; /* Normalized DN */
+
+ /* Security Strength Factors */
+ slap_ssf_t sai_ssf; /* Overall SSF */
+ slap_ssf_t sai_transport_ssf; /* Transport SSF */
+ slap_ssf_t sai_tls_ssf; /* TLS SSF */
+ slap_ssf_t sai_sasl_ssf; /* SASL SSF */
+} AuthorizationInformation;
/* the "by" part */
-struct access {
- char *a_dnpat;
- char *a_addrpat;
- char *a_domainpat;
- char *a_dnattr;
- long a_access;
-#define ACL_NONE 0x01
-#define ACL_COMPARE 0x02
-#define ACL_SEARCH 0x04
-#define ACL_READ 0x08
-#define ACL_WRITE 0x10
-#define ACL_SELF 0x40
- struct access *a_next;
-};
+typedef struct slap_access {
+ slap_control_t a_type;
+
+#define ACL_ACCESS2PRIV(access) (0x01U << (access))
+
+#define ACL_PRIV_NONE ACL_ACCESS2PRIV( ACL_NONE )
+#define ACL_PRIV_AUTH ACL_ACCESS2PRIV( ACL_AUTH )
+#define ACL_PRIV_COMPARE ACL_ACCESS2PRIV( ACL_COMPARE )
+#define ACL_PRIV_SEARCH ACL_ACCESS2PRIV( ACL_SEARCH )
+#define ACL_PRIV_READ ACL_ACCESS2PRIV( ACL_READ )
+#define ACL_PRIV_WRITE ACL_ACCESS2PRIV( ACL_WRITE )
+
+#define ACL_PRIV_MASK 0x00ffUL
+
+/* priv flags */
+#define ACL_PRIV_LEVEL 0x1000UL
+#define ACL_PRIV_ADDITIVE 0x2000UL
+#define ACL_PRIV_SUBSTRACTIVE 0x4000UL
+
+/* invalid privs */
+#define ACL_PRIV_INVALID 0x0UL
+
+#define ACL_PRIV_ISSET(m,p) (((m) & (p)) == (p))
+#define ACL_PRIV_ASSIGN(m,p) do { (m) = (p); } while(0)
+#define ACL_PRIV_SET(m,p) do { (m) |= (p); } while(0)
+#define ACL_PRIV_CLR(m,p) do { (m) &= ~(p); } while(0)
+
+#define ACL_INIT(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_NONE)
+#define ACL_INVALIDATE(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_INVALID)
+
+#define ACL_GRANT(m,a) ACL_PRIV_ISSET((m),ACL_ACCESS2PRIV(a))
+
+#define ACL_IS_INVALID(m) ((m) == ACL_PRIV_INVALID)
+
+#define ACL_IS_LEVEL(m) ACL_PRIV_ISSET((m),ACL_PRIV_LEVEL)
+#define ACL_IS_ADDITIVE(m) ACL_PRIV_ISSET((m),ACL_PRIV_ADDITIVE)
+#define ACL_IS_SUBTRACTIVE(m) ACL_PRIV_ISSET((m),ACL_PRIV_SUBSTRACTIVE)
+
+#define ACL_LVL_NONE (ACL_PRIV_NONE|ACL_PRIV_LEVEL)
+#define ACL_LVL_AUTH (ACL_PRIV_AUTH|ACL_LVL_NONE)
+#define ACL_LVL_COMPARE (ACL_PRIV_COMPARE|ACL_LVL_AUTH)
+#define ACL_LVL_SEARCH (ACL_PRIV_SEARCH|ACL_LVL_COMPARE)
+#define ACL_LVL_READ (ACL_PRIV_READ|ACL_LVL_SEARCH)
+#define ACL_LVL_WRITE (ACL_PRIV_WRITE|ACL_LVL_READ)
+
+#define ACL_LVL(m,l) (((m)&ACL_PRIV_MASK) == ((l)&ACL_PRIV_MASK))
+#define ACL_LVL_IS_NONE(m) ACL_LVL((m),ACL_LVL_NONE)
+#define ACL_LVL_IS_AUTH(m) ACL_LVL((m),ACL_LVL_AUTH)
+#define ACL_LVL_IS_COMPARE(m) ACL_LVL((m),ACL_LVL_COMPARE)
+#define ACL_LVL_IS_SEARCH(m) ACL_LVL((m),ACL_LVL_SEARCH)
+#define ACL_LVL_IS_READ(m) ACL_LVL((m),ACL_LVL_READ)
+#define ACL_LVL_IS_WRITE(m) ACL_LVL((m),ACL_LVL_WRITE)
+
+#define ACL_LVL_ASSIGN_NONE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_NONE)
+#define ACL_LVL_ASSIGN_AUTH(m) ACL_PRIV_ASSIGN((m),ACL_LVL_AUTH)
+#define ACL_LVL_ASSIGN_COMPARE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_COMPARE)
+#define ACL_LVL_ASSIGN_SEARCH(m) ACL_PRIV_ASSIGN((m),ACL_LVL_SEARCH)
+#define ACL_LVL_ASSIGN_READ(m) ACL_PRIV_ASSIGN((m),ACL_LVL_READ)
+#define ACL_LVL_ASSIGN_WRITE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WRITE)
+
+ slap_mask_t a_access_mask;
+
+ AuthorizationInformation a_authz;
+#define a_dn_pat a_authz.sai_dn
+
+ slap_style_t a_dn_style;
+ AttributeDescription *a_dn_at;
+ int a_dn_self;
+ int a_dn_expand;
+
+ slap_style_t a_peername_style;
+ struct berval a_peername_pat;
+ slap_style_t a_sockname_style;
+ struct berval a_sockname_pat;
+
+ slap_style_t a_domain_style;
+ struct berval a_domain_pat;
+ int a_domain_expand;
+
+ slap_style_t a_sockurl_style;
+ struct berval a_sockurl_pat;
+ slap_style_t a_set_style;
+ struct berval a_set_pat;
+
+#ifdef SLAPD_ACI_ENABLED
+ AttributeDescription *a_aci_at;
+#endif
+
+ /* ACL Groups */
+ slap_style_t a_group_style;
+ struct berval a_group_pat;
+ ObjectClass *a_group_oc;
+ AttributeDescription *a_group_at;
+
+ struct slap_access *a_next;
+} Access;
/* the "to" part */
-struct acl {
+typedef struct slap_acl {
/* "to" part: the entries this acl applies to */
Filter *acl_filter;
- char *acl_dnpat;
- char **acl_attrs;
+ slap_style_t acl_dn_style;
+ regex_t acl_dn_re;
+ struct berval acl_dn_pat;
+ AttributeName *acl_attrs;
/* "by" part: list of who has what access to the entries */
- struct access *acl_access;
+ Access *acl_access;
- struct acl *acl_next;
-};
+ struct slap_acl *acl_next;
+} AccessControl;
+
+typedef struct slap_acl_state {
+ unsigned as_recorded;
+#define ACL_STATE_NOT_RECORDED 0x0
+#define ACL_STATE_RECORDED_VD 0x1
+#define ACL_STATE_RECORDED_NV 0x2
+#define ACL_STATE_RECORDED 0x3
+
+ /* Access state */
+ AccessControl *as_vd_acl;
+ slap_mask_t as_vd_acl_mask;
+ regmatch_t as_vd_acl_matches[MAXREMATCHES];
+ int as_vd_acl_count;
+
+ Access *as_vd_access;
+ int as_vd_access_count;
+
+ int as_result;
+} AccessControlState;
+#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, 0UL, { { 0, 0 } }, 0, NULL, 0, 0 }
/*
- * represents schema information for a database
+ * replog moddn param structure
*/
-
-struct objclass {
- char *oc_name;
- char **oc_required;
- char **oc_allowed;
- struct objclass *oc_next;
+struct slap_replog_moddn {
+ struct berval *newrdn;
+ int deloldrdn;
+ struct berval *newsup;
};
/*
- * represents a "database"
+ * Backend-info
+ * represents a backend
*/
-typedef struct backend {
- char **be_suffix; /* the DN suffixes of data in this backend */
- char *be_rootdn; /* the magic "root" dn for this db */
- char *be_rootpw; /* the magic "root" password for this db */
- int be_readonly; /* 1 => db is in "read only" mode */
- int be_sizelimit; /* size limit for this backend */
- int be_timelimit; /* time limit for this backend */
- struct acl *be_acl; /* access control list for this backend */
- int be_dfltaccess; /* access given if no acl matches */
- char **be_replica; /* replicas of this backend (in master) */
+typedef struct slap_backend_info BackendInfo; /* per backend type */
+typedef struct slap_backend_db BackendDB; /* per backend database */
+
+LDAP_SLAPD_V (int) nBackendInfo;
+LDAP_SLAPD_V (int) nBackendDB;
+LDAP_SLAPD_V (BackendInfo *) backendInfo;
+LDAP_SLAPD_V (BackendDB *) backendDB;
+
+LDAP_SLAPD_V (int) slapMode;
+#define SLAP_UNDEFINED_MODE 0x0000
+#define SLAP_SERVER_MODE 0x0001
+#define SLAP_TOOL_MODE 0x0002
+#define SLAP_MODE 0x0003
+
+#define SLAP_TRUNCATE_MODE 0x0100
+
+struct slap_replica_info {
+ char *ri_host; /* supersedes be_replica */
+ BerVarray ri_nsuffix; /* array of suffixes this replica accepts */
+ AttributeName *ri_attrs; /* attrs to replicate, NULL=all */
+ int ri_exclude; /* 1 => exclude ri_attrs */
+};
+
+struct slap_limits_set {
+ /* time limits */
+ int lms_t_soft;
+ int lms_t_hard;
+
+ /* size limits */
+ int lms_s_soft;
+ int lms_s_hard;
+ int lms_s_unchecked;
+};
+
+struct slap_limits {
+ int lm_type; /* type of pattern */
+#define SLAP_LIMITS_UNDEFINED 0x0000
+#define SLAP_LIMITS_EXACT 0x0001
+#define SLAP_LIMITS_BASE SLAP_LIMITS_EXACT
+#define SLAP_LIMITS_ONE 0x0002
+#define SLAP_LIMITS_SUBTREE 0x0003
+#define SLAP_LIMITS_CHILDREN 0x0004
+#define SLAP_LIMITS_REGEX 0x0005
+#define SLAP_LIMITS_ANONYMOUS 0x0006
+#define SLAP_LIMITS_USERS 0x0007
+#define SLAP_LIMITS_ANY 0x0008
+ regex_t lm_dn_regex; /* regex data for REGEX */
+
+ /*
+ * normalized DN for EXACT, BASE, ONE, SUBTREE, CHILDREN;
+ * pattern for REGEX; NULL for ANONYMOUS, USERS
+ */
+ struct berval lm_dn_pat;
+
+ struct slap_limits_set lm_limits;
+};
+
+/* temporary aliases */
+typedef BackendDB Backend;
+#define nbackends nBackendDB
+#define backends backendDB
+
+struct slap_backend_db {
+ BackendInfo *bd_info; /* pointer to shared backend info */
+
+ /* BackendInfo accessors */
+#define be_config bd_info->bi_db_config
+#define be_type bd_info->bi_type
+
+#define be_bind bd_info->bi_op_bind
+#define be_unbind bd_info->bi_op_unbind
+#define be_add bd_info->bi_op_add
+#define be_compare bd_info->bi_op_compare
+#define be_delete bd_info->bi_op_delete
+#define be_modify bd_info->bi_op_modify
+#define be_modrdn bd_info->bi_op_modrdn
+#define be_search bd_info->bi_op_search
+
+#define be_extended bd_info->bi_extended
+
+#define be_release bd_info->bi_entry_release_rw
+#define be_chk_referrals bd_info->bi_chk_referrals
+#define be_group bd_info->bi_acl_group
+#define be_attribute bd_info->bi_acl_attribute
+#define be_operational bd_info->bi_operational
+
+#define be_controls bd_info->bi_controls
+
+#define be_connection_init bd_info->bi_connection_init
+#define be_connection_destroy bd_info->bi_connection_destroy
+
+#ifdef SLAPD_TOOLS
+#define be_entry_open bd_info->bi_tool_entry_open
+#define be_entry_close bd_info->bi_tool_entry_close
+#define be_entry_first bd_info->bi_tool_entry_first
+#define be_entry_next bd_info->bi_tool_entry_next
+#define be_entry_reindex bd_info->bi_tool_entry_reindex
+#define be_entry_get bd_info->bi_tool_entry_get
+#define be_entry_put bd_info->bi_tool_entry_put
+#define be_sync bd_info->bi_tool_sync
+#endif
+
+#define SLAP_BFLAG_NOLASTMOD 0x0001U
+#define SLAP_BFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */
+#define SLAP_BFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */
+#define SLAP_BFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */
+#define SLAP_BFLAG_ALIASES 0x0100U
+#define SLAP_BFLAG_REFERRALS 0x0200U
+#define SLAP_BFLAG_SUBENTRIES 0x0400U
+#define SLAP_BFLAG_MONITOR 0x1000U
+#define SLAP_BFLAG_DYNAMIC 0x2000U
+ slap_mask_t be_flags;
+#define SLAP_LASTMOD(be) (!((be)->be_flags & SLAP_BFLAG_NOLASTMOD))
+#define SLAP_ALIASES(be) ((be)->be_flags & SLAP_BFLAG_ALIASES)
+#define SLAP_REFERRALS(be) ((be)->be_flags & SLAP_BFLAG_REFERRALS)
+#define SLAP_SUBENTRIES(be) ((be)->be_flags & SLAP_BFLAG_SUBENTRIES)
+#define SLAP_MONITOR(be) ((be)->be_flags & SLAP_BFLAG_MONITOR)
+#define SLAP_DYNAMIC(be) ((be)->be_flags & SLAP_BFLAG_DYNAMIC)
+
+ slap_mask_t be_restrictops; /* restriction operations */
+#define SLAP_RESTRICT_OP_ADD 0x0001U
+#define SLAP_RESTRICT_OP_BIND 0x0002U
+#define SLAP_RESTRICT_OP_COMPARE 0x0004U
+#define SLAP_RESTRICT_OP_DELETE 0x0008U
+#define SLAP_RESTRICT_OP_EXTENDED 0x0010U
+#define SLAP_RESTRICT_OP_MODIFY 0x0020U
+#define SLAP_RESTRICT_OP_RENAME 0x0040U
+#define SLAP_RESTRICT_OP_SEARCH 0x0080U
+
+#define SLAP_RESTRICT_OP_READS \
+ ( SLAP_RESTRICT_OP_COMPARE \
+ | SLAP_RESTRICT_OP_SEARCH )
+#define SLAP_RESTRICT_OP_WRITES \
+ ( SLAP_RESTRICT_OP_ADD \
+ | SLAP_RESTRICT_OP_DELETE \
+ | SLAP_RESTRICT_OP_MODIFY \
+ | SLAP_RESTRICT_OP_RENAME )
+
+#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
+#define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */
+#define SLAP_ALLOW_BIND_ANON_DN 0x0003U /* dn should be empty */
+
+#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
+#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
+#define SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED \
+ 0x0004U /* unprotected simple auth */
+#define SLAP_DISALLOW_BIND_KRBV4 0x0008U /* Kerberos V4 authentication */
+
+#define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */
+#define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */
+
+ slap_mask_t be_requires; /* pre-operation requirements */
+#define SLAP_REQUIRE_BIND 0x0001U /* bind before op */
+#define SLAP_REQUIRE_LDAP_V3 0x0002U /* LDAPv3 before op */
+#define SLAP_REQUIRE_AUTHC 0x0004U /* authentication before op */
+#define SLAP_REQUIRE_SASL 0x0008U /* SASL before op */
+#define SLAP_REQUIRE_STRONG 0x0010U /* strong authentication before op */
+
+ /* Required Security Strength Factor */
+ slap_ssf_set_t be_ssf_set;
+
+ /* these should be renamed from be_ to bd_ */
+ BerVarray be_suffix; /* the DN suffixes of data in this backend */
+ BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */
+ BerVarray be_suffixAlias; /* pairs of DN suffix aliases and deref values */
+ struct berval be_rootdn; /* the magic "root" name (DN) for this db */
+ struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */
+ struct berval be_rootpw; /* the magic "root" password for this db */
+ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
+#define be_sizelimit be_def_limit.lms_s_soft
+#define be_timelimit be_def_limit.lms_t_soft
+ struct slap_limits_set be_def_limit; /* default limits */
+ struct slap_limits **be_limits; /* regex-based size and time limits */
+ AccessControl *be_acl; /* access control list for this backend */
+ slap_access_t be_dfltaccess; /* access given if no acl matches */
+ struct slap_replica_info **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
- char *be_updatedn; /* allowed to make changes (in replicas) */
- int be_lastmod; /* keep track of lastmodified{by,time} */
- char *be_type; /* type of database */
-
- void *be_private; /* anything the backend needs */
-
- IFP be_bind; /* backend bind routine */
- IFP be_unbind; /* backend unbind routine */
- IFP be_search; /* backend search routine */
- IFP be_compare; /* backend compare routine */
- IFP be_modify; /* backend modify routine */
- IFP be_modrdn; /* backend modrdn routine */
- IFP be_add; /* backend add routine */
- IFP be_delete; /* backend delete routine */
- IFP be_abandon; /* backend abandon routine */
- IFP be_config; /* backend config routine */
- IFP be_init; /* backend init routine */
- IFP be_close; /* backend close routine */
-} Backend;
+ struct berval be_update_ndn; /* allowed to make changes (in replicas) */
+ BerVarray be_update_refs; /* where to refer modifying clients to */
+ char *be_realm;
+ void *be_private; /* anything the backend database needs */
+};
+
+struct slap_conn;
+struct slap_op;
+
+/* Backend function typedefs */
+typedef int (BI_init) LDAP_P((BackendInfo *bi));
+typedef int (BI_config) LDAP_P((BackendInfo *bi,
+ const char *fname, int lineno,
+ int argc, char **argv));
+typedef int (BI_open) LDAP_P((BackendInfo *bi));
+typedef int (BI_close) LDAP_P((BackendInfo *bi));
+typedef int (BI_destroy) LDAP_P((BackendInfo *bi));
+
+typedef int (BI_db_init) LDAP_P((Backend *bd));
+typedef int (BI_db_config) LDAP_P((Backend *bd,
+ const char *fname, int lineno,
+ int argc, char **argv));
+typedef int (BI_db_open) LDAP_P((Backend *bd));
+typedef int (BI_db_close) LDAP_P((Backend *bd));
+typedef int (BI_db_destroy) LDAP_P((Backend *bd));
+
+typedef int (BI_op_bind) LDAP_P(( BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ struct berval *dn, struct berval *ndn, int method,
+ struct berval *cred, struct berval *edn ));
+typedef int (BI_op_unbind) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o ));
+typedef int (BI_op_search) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ struct berval *base, struct berval *nbase,
+ int scope, int deref,
+ int slimit, int tlimit,
+ Filter *f, struct berval *filterstr,
+ AttributeName *attrs, int attrsonly));
+typedef int (BI_op_compare)LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ struct berval *dn, struct berval *ndn,
+ AttributeAssertion *ava));
+typedef int (BI_op_modify) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ struct berval *dn, struct berval *ndn,
+ Modifications *m));
+typedef int (BI_op_modrdn) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ struct berval *dn, struct berval *ndn,
+ struct berval *newrdn, struct berval *nnewrdn,
+ int deleteoldrdn,
+ struct berval *newSup, struct berval *nnewSup ));
+typedef int (BI_op_add) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e));
+typedef int (BI_op_delete) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ struct berval *dn, struct berval *ndn));
+typedef int (BI_op_abandon) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ ber_int_t msgid));
+
+typedef int (BI_op_extended) LDAP_P((
+ BackendDB *be,
+ struct slap_conn *conn,
+ struct slap_op *op,
+ const char *reqoid,
+ struct berval * reqdata,
+ char **rspoid,
+ struct berval ** rspdata,
+ LDAPControl *** rspctrls,
+ const char ** text,
+ BerVarray *refs ));
+
+typedef int (BI_entry_release_rw) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e, int rw));
+
+typedef int (BI_chk_referrals) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ struct berval *dn, struct berval *ndn,
+ const char **text ));
+
+typedef int (BI_acl_group) LDAP_P((Backend *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e,
+ struct berval *bdn,
+ struct berval *edn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at ));
+
+typedef int (BI_acl_attribute) LDAP_P((Backend *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e, struct berval *edn,
+ AttributeDescription *entry_at,
+ BerVarray *vals ));
+
+typedef int (BI_operational) LDAP_P((Backend *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e, AttributeName *attrs, int opattrs, Attribute **a ));
+
+typedef int (BI_connection_init) LDAP_P((BackendDB *bd,
+ struct slap_conn *c));
+typedef int (BI_connection_destroy) LDAP_P((BackendDB *bd,
+ struct slap_conn *c));
+
+typedef int (BI_tool_entry_open) LDAP_P(( BackendDB *be, int mode ));
+typedef int (BI_tool_entry_close) LDAP_P(( BackendDB *be ));
+typedef ID (BI_tool_entry_first) LDAP_P(( BackendDB *be ));
+typedef ID (BI_tool_entry_next) LDAP_P(( BackendDB *be ));
+typedef Entry* (BI_tool_entry_get) LDAP_P(( BackendDB *be, ID id ));
+typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e,
+ struct berval *text ));
+typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id ));
+typedef int (BI_tool_sync) LDAP_P(( BackendDB *be ));
+
+struct slap_backend_info {
+ char *bi_type; /* type of backend */
+
+ /*
+ * per backend type routines:
+ * bi_init: called to allocate a backend_info structure,
+ * called once BEFORE configuration file is read.
+ * bi_init() initializes this structure hence is
+ * called directly from be_initialize()
+ * bi_config: called per 'backend' specific option
+ * all such options must before any 'database' options
+ * bi_config() is called only from read_config()
+ * bi_open: called to open each database, called
+ * once AFTER configuration file is read but
+ * BEFORE any bi_db_open() calls.
+ * bi_open() is called from backend_startup()
+ * bi_close: called to close each database, called
+ * once during shutdown after all bi_db_close calls.
+ * bi_close() is called from backend_shutdown()
+ * bi_destroy: called to destroy each database, called
+ * once during shutdown after all bi_db_destroy calls.
+ * bi_destory() is called from backend_destroy()
+ */
+ BI_init *bi_init;
+ BI_config *bi_config;
+ BI_open *bi_open;
+ BI_close *bi_close;
+ BI_destroy *bi_destroy;
+
+ /*
+ * per database routines:
+ * bi_db_init: called to initialize each database,
+ * called upon reading 'database <type>'
+ * called only from backend_db_init()
+ * bi_db_config: called to configure each database,
+ * called per database to handle per database options
+ * called only from read_config()
+ * bi_db_open: called to open each database
+ * called once per database immediately AFTER bi_open()
+ * calls but before daemon startup.
+ * called only by backend_startup()
+ * bi_db_close: called to close each database
+ * called once per database during shutdown but BEFORE
+ * any bi_close call.
+ * called only by backend_shutdown()
+ * bi_db_destroy: called to destroy each database
+ * called once per database during shutdown AFTER all
+ * bi_close calls but before bi_destory calls.
+ * called only by backend_destory()
+ */
+ BI_db_init *bi_db_init;
+ BI_db_config *bi_db_config;
+ BI_db_open *bi_db_open;
+ BI_db_close *bi_db_close;
+ BI_db_destroy *bi_db_destroy;
+
+ /* LDAP Operations Handling Routines */
+ BI_op_bind *bi_op_bind;
+ BI_op_unbind *bi_op_unbind;
+ BI_op_search *bi_op_search;
+ BI_op_compare *bi_op_compare;
+ BI_op_modify *bi_op_modify;
+ BI_op_modrdn *bi_op_modrdn;
+ BI_op_add *bi_op_add;
+ BI_op_delete *bi_op_delete;
+ BI_op_abandon *bi_op_abandon;
+
+ /* Extended Operations Helper */
+ BI_op_extended *bi_extended;
+
+ /* Auxilary Functions */
+ BI_entry_release_rw *bi_entry_release_rw;
+ BI_chk_referrals *bi_chk_referrals;
+
+ BI_acl_group *bi_acl_group;
+ BI_acl_attribute *bi_acl_attribute;
+
+ BI_operational *bi_operational;
+
+ BI_connection_init *bi_connection_init;
+ BI_connection_destroy *bi_connection_destroy;
+
+ /* hooks for slap tools */
+ BI_tool_entry_open *bi_tool_entry_open;
+ BI_tool_entry_close *bi_tool_entry_close;
+ BI_tool_entry_first *bi_tool_entry_first;
+ BI_tool_entry_next *bi_tool_entry_next;
+ BI_tool_entry_get *bi_tool_entry_get;
+ BI_tool_entry_put *bi_tool_entry_put;
+ BI_tool_entry_reindex *bi_tool_entry_reindex;
+ BI_tool_sync *bi_tool_sync;
+
+#define SLAP_INDEX_ADD_OP 0x0001
+#define SLAP_INDEX_DELETE_OP 0x0002
+
+ char **bi_controls; /* supported controls */
+
+ unsigned int bi_nDB; /* number of databases of this type */
+ void *bi_private; /* anything the backend type needs */
+};
+
+#define c_authtype c_authz.sai_method
+#define c_authmech c_authz.sai_mech
+#define c_dn c_authz.sai_dn
+#define c_ndn c_authz.sai_ndn
+#define c_ssf c_authz.sai_ssf
+#define c_transport_ssf c_authz.sai_transport_ssf
+#define c_tls_ssf c_authz.sai_tls_ssf
+#define c_sasl_ssf c_authz.sai_sasl_ssf
+
+#define o_authtype o_authz.sai_method
+#define o_authmech o_authz.sai_mech
+#define o_dn o_authz.sai_dn
+#define o_ndn o_authz.sai_ndn
+#define o_ssf o_authz.sai_ssf
+#define o_transport_ssf o_authz.sai_transport_ssf
+#define o_tls_ssf o_authz.sai_tls_ssf
+#define o_sasl_ssf o_authz.sai_sasl_ssf
+
+typedef void (slap_response)( struct slap_conn *, struct slap_op *,
+ ber_tag_t, ber_int_t, ber_int_t, const char *, const char *,
+ BerVarray, const char *, struct berval *,
+ struct berval *, LDAPControl ** );
+
+typedef void (slap_sresult)( struct slap_conn *, struct slap_op *,
+ ber_int_t, const char *, const char *, BerVarray,
+ LDAPControl **, int nentries);
+
+typedef int (slap_sendentry)( BackendDB *, struct slap_conn *,
+ struct slap_op *, Entry *, AttributeName *, int, LDAPControl **);
+
+typedef struct slap_callback {
+ slap_response *sc_response;
+ slap_sresult *sc_sresult;
+ slap_sendentry *sc_sendentry;
+ void *sc_private;
+} slap_callback;
+
+/*
+ * Paged Results state
+ */
+typedef unsigned long PagedResultsCookie;
+typedef struct slap_paged_state {
+ Backend *ps_be;
+ PagedResultsCookie ps_cookie;
+ ID ps_id;
+} PagedResultsState;
/*
* represents an operation pending from an ldap client
*/
+typedef struct slap_op {
+ unsigned long o_opid; /* id of this operation */
+ unsigned long o_connid; /* id of conn initiating this op */
-typedef struct op {
- BerElement *o_ber; /* ber of the request */
- long o_msgid; /* msgid of the request */
- unsigned long o_tag; /* tag of the request */
- time_t o_time; /* time op was initiated */
- char *o_dn; /* dn bound when op was initiated */
- int o_authtype; /* auth method used to bind dn */
- /* values taken from ldap.h */
- /* LDAP_AUTH_* */
- int o_opid; /* id of this operation */
- int o_connid; /* id of conn initiating this op */
-#ifdef CLDAP
- int o_cldap; /* != 0 if this came in via CLDAP */
- struct sockaddr o_clientaddr; /* client address if via CLDAP */
- char o_searchbase; /* search base if via CLDAP */
+ ber_int_t o_msgid; /* msgid of the request */
+ ber_int_t o_protocol; /* version of the LDAP protocol used by client */
+ ber_tag_t o_tag; /* tag of the request */
+ time_t o_time; /* time op was initiated */
+
+ ldap_pvt_thread_t o_tid; /* thread handling this op */
+
+ volatile sig_atomic_t o_abandon; /* abandon flag */
+
+#define SLAP_NO_CONTROL 0
+#define SLAP_NONCRITICAL_CONTROL 1
+#define SLAP_CRITICAL_CONTROL 2
+ char o_managedsait;
+ char o_noop;
+ char o_subentries;
+ char o_subentries_visibility;
+ char o_valuesreturnfilter;
+
+ char o_pagedresults;
+ ber_int_t o_pagedresults_size;
+ PagedResultsState o_pagedresults_state;
+
+#ifdef LDAP_CONNECTIONLESS
+ Sockaddr o_peeraddr; /* UDP peer address */
#endif
- struct op *o_next; /* next operation pending */
- pthread_t o_tid; /* thread handling this op */
- int o_abandon; /* signals op has been abandoned */
- pthread_mutex_t o_abandonmutex; /* signals op has been abandoned */
+ AuthorizationInformation o_authz;
+
+ BerElement *o_ber; /* ber of the request */
+ slap_callback *o_callback; /* callback pointers */
+ LDAPControl **o_ctrls; /* controls */
+
+ void *o_private; /* anything the backend needs */
- int o_private; /* anything the backend needs */
+ LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */
+ ValuesReturnFilter *vrFilter; /* Structure represents ValuesReturnFilter */
} Operation;
+#define get_manageDSAit(op) ((int)(op)->o_managedsait)
+#define get_subentries(op) ((int)(op)->o_subentries)
+#define get_subentries_visibility(op) ((int)(op)->o_subentries_visibility)
+
+/*
+ * Caches the result of a backend_group check for ACL evaluation
+ */
+typedef struct slap_gacl {
+ struct slap_gacl *ga_next;
+ Backend *ga_be;
+ ObjectClass *ga_oc;
+ AttributeDescription *ga_at;
+ int ga_res;
+ ber_len_t ga_len;
+ char ga_ndn[1];
+} GroupAssertion;
+
/*
* represents a connection from an ldap client
*/
+typedef struct slap_conn {
+ int c_struct_state; /* structure management state */
+ int c_conn_state; /* connection state */
-typedef struct conn {
- Sockbuf c_sb; /* ber connection stuff */
- char *c_dn; /* current DN bound to this conn */
- pthread_mutex_t c_dnmutex; /* mutex for c_dn field */
- int c_authtype; /* auth method used to bind c_dn */
-#ifdef COMPAT
- int c_version; /* for compatibility w/2.0, 3.0 */
-#endif
- char *c_addr; /* address of client on this conn */
- char *c_domain; /* domain of client on this conn */
- Operation *c_ops; /* list of pending operations */
- pthread_mutex_t c_opsmutex; /* mutex for c_ops list & stats */
- pthread_mutex_t c_pdumutex; /* only one pdu written at a time */
- pthread_cond_t c_wcv; /* used to wait for sd write-ready*/
- int c_gettingber; /* in the middle of ber_get_next */
- BerElement *c_currentber; /* ber we're getting */
- int c_writewaiter; /* signals write-ready sd waiter */
- int c_pduwaiters; /* signals threads waiting 4 pdu */
+ ldap_pvt_thread_mutex_t c_mutex; /* protect the connection */
+ Sockbuf *c_sb; /* ber connection stuff */
+
+ /* only can be changed by connect_init */
time_t c_starttime; /* when the connection was opened */
- int c_connid; /* id of this connection for stats*/
- int c_opsinitiated; /* # ops initiated/next op id */
- int c_opscompleted; /* # ops completed */
+ time_t c_activitytime; /* when the connection was last used */
+ unsigned long c_connid; /* id of this connection for stats*/
+
+ struct berval c_listener_url; /* listener URL */
+ struct berval c_peer_domain; /* DNS name of client */
+ struct berval c_peer_name; /* peer name (trans=addr:port) */
+ struct berval c_sock_name; /* sock name (trans=addr:port) */
+
+ /* only can be changed by binding thread */
+ int c_sasl_bind_in_progress; /* multi-op bind in progress */
+ struct berval c_sasl_bind_mech; /* mech in progress */
+ struct berval c_sasl_dn; /* temporary storage */
+
+ /* authorization backend */
+ Backend *c_authz_backend;
+
+ AuthorizationInformation c_authz;
+ GroupAssertion *c_groups;
+
+ ber_int_t c_protocol; /* version of the LDAP protocol used by client */
+
+ LDAP_STAILQ_HEAD(c_o, slap_op) c_ops; /* list of operations being processed */
+ LDAP_STAILQ_HEAD(c_po, slap_op) c_pending_ops; /* list of pending operations */
+
+ ldap_pvt_thread_mutex_t c_write_mutex; /* only one pdu written at a time */
+ ldap_pvt_thread_cond_t c_write_cv; /* used to wait for sd write-ready*/
+
+ BerElement *c_currentber; /* ber we're attempting to read */
+ int c_writewaiter; /* true if writer is waiting */
+
+#ifdef LDAP_CONNECTIONLESS
+ int c_is_udp; /* true if this is (C)LDAP over UDP */
+#endif
+#ifdef HAVE_TLS
+ int c_is_tls; /* true if this LDAP over raw TLS */
+ int c_needs_tls_accept; /* true if SSL_accept should be called */
+#endif
+ int c_sasl_layers; /* true if we need to install SASL i/o handlers */
+ void *c_sasl_context; /* SASL session context */
+ void *c_sasl_extra; /* SASL session extra stuff */
+
+ PagedResultsState c_pagedresults_state; /* paged result state */
+
+ long c_n_ops_received; /* num of ops received (next op_id) */
+ long c_n_ops_executing; /* num of ops currently executing */
+ long c_n_ops_pending; /* num of ops pending execution */
+ long c_n_ops_completed; /* num of ops completed */
+
+ long c_n_get; /* num of get calls */
+ long c_n_read; /* num of read calls */
+ long c_n_write; /* num of write calls */
} Connection;
#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG)
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
- { \
- if ( ldap_debug & level ) \
- fprintf( stderr, fmt, connid, opid, arg1, arg2, arg3 );\
- if ( ldap_syslog & level ) \
- syslog( ldap_syslog_level, fmt, connid, opid, arg1, \
- arg2, arg3 ); \
- }
+ do { \
+ if ( ldap_debug & (level) ) \
+ fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
+ if ( ldap_syslog & (level) ) \
+ syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
+ (arg2), (arg3) ); \
+ } while (0)
#else
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )
#endif
-#ifdef NEEDPROTOS
-#include "proto-slap.h"
+/*
+ * listener; need to access it from monitor backend
+ */
+typedef struct slap_listener {
+ char* sl_url;
+ char* sl_name;
+#ifdef HAVE_TLS
+ int sl_is_tls;
+#endif
+#ifdef LDAP_CONNECTIONLESS
+ int sl_is_udp; /* UDP listener is also data port */
#endif
+ ber_socket_t sl_sd;
+ Sockaddr sl_sa;
+#define sl_addr sl_sa.sa_in_addr
+} Listener;
+
+#ifdef SLAPD_MONITOR
+/*
+ * Operation indices
+ */
+enum {
+ SLAP_OP_BIND = 0,
+ SLAP_OP_UNBIND,
+ SLAP_OP_ADD,
+ SLAP_OP_DELETE,
+ SLAP_OP_MODRDN,
+ SLAP_OP_MODIFY,
+ SLAP_OP_COMPARE,
+ SLAP_OP_SEARCH,
+ SLAP_OP_ABANDON,
+ SLAP_OP_EXTENDED,
+ SLAP_OP_LAST
+};
+#endif /* SLAPD_MONITOR */
+
+LDAP_END_DECL
+
+#include "proto-slap.h"
-#endif /* _slap_h_ */
+#endif /* _SLAP_H_ */