#include <ac/syslog.h>
#include <ac/regex.h>
#include <ac/socket.h>
+#include <ac/time.h>
#include "avl.h"
struct berval ava_value;
} Ava;
+typedef struct mra {
+ char *mra_rule;
+ char *mra_type;
+ char *mra_value;
+ int mra_dnattrs;
+} Mra;
+
/*
* represents a search filter
*/
/* equality, lessorequal, greaterorequal, approx */
Ava f_un_ava;
+ /* extensible */
+ Mra f_un_fra;
+
/* and, or, not */
struct filter *f_un_complex;
#define f_ava f_un.f_un_ava
#define f_avtype f_un.f_un_ava.ava_type
#define f_avvalue f_un.f_un_ava.ava_value
+#define f_mra f_un.f_un_mra
+#define f_mrtype f_un.f_un_mra.mra_type
+#define f_mrvalue f_un.f_un_mra.mra_value
+#define f_mrdnaddrs f_un.f_un_mra.mra_dnattrs
#define f_and f_un.f_un_complex
#define f_or f_un.f_un_complex
#define f_not f_un.f_un_complex
/* the "by" part */
struct access {
-#define ACL_NONE 0x0001
-/* #define SLAPD_ACLAUTH 1 */
-#ifdef SLAPD_ACLAUTH
-#define ACL_AUTH 0x0002
-#endif
-#define ACL_COMPARE 0x0004
-#define ACL_SEARCH 0x0008
-#define ACL_READ 0x0010
-#define ACL_WRITE 0x0020
-#define ACL_SELF 0x4000
-#define ACL_INVALID -1
+
+#define ACL_NONE 0x0001
+#define ACL_AUTH 0x0004
+#define ACL_COMPARE 0x0008
+#define ACL_SEARCH 0x0010
+#define ACL_READ 0x0020
+#define ACL_WRITE 0x0040
+#define ACL_PRIV_MASK 0x00ff
+
+#define ACL_SELF 0x4000
+#define ACL_INVALID (-1)
#define ACL_IS(a,lvl) (((a) & (lvl)) == (lvl))
#define ACL_IS_READ(a) ACL_IS((a),ACL_READ)
#define ACL_IS_WRITE(a) ACL_IS((a),ACL_WRITE)
#define ACL_IS_SELF(a) ACL_IS((a),ACL_SELF)
-#define ACL_IS_INVALID(a) ACL_IS((a),ACL_INVALID)
-
+#define ACL_IS_INVALID(a) ((a) == ACL_INVALID)
#define ACL_CLR(a) ((a) = 0)
#define ACL_SET(a,lvl) ((a) |= (lvl))
#define ACL_SET_READ(a) ACL_SET((a),ACL_READ)
#define ACL_SET_WRITE(a) ACL_SET((a),ACL_WRITE)
#define ACL_SET_SELF(a) ACL_SET((a),ACL_SELF)
-#define ACL_SET_INVALID(a) ACL_SET((a),ACL_INVALID)
+#define ACL_SET_INVALID(a) ((a) = ACL_INVALID)
-#define ACL_PRIV_MASK 0x00ff
-#define ACL_PRIV(a) ((a) & ACL_PRIV_MASK)
+#define ACL_PRIV(a) ((a) & ACL_PRIV_MASK)
#define ACL_GRANT(a,lvl) (ACL_PRIV(a) >= (lvl))
-#define ACL_TEST
-
int a_access;
char *a_domainpat;
char *a_dnattr;
-#ifdef SLAPD_ACLGROUPS
- char *a_group;
- char *a_group_oc;
- char *a_group_at;
-#endif
+ /* ACL Groups */
+ char *a_group;
+ char *a_group_oc;
+ char *a_group_at;
+
struct access *a_next;
};
/* these should be renamed from be_ to bd_ */
char **be_suffix; /* the DN suffixes of data in this backend */
char **be_nsuffix; /* the normalized DN suffixes in this backend */
- char **be_suffixAlias; /* the DN suffix aliases of data in this backend */
char *be_root_dn; /* the magic "root" dn for this db */
char *be_root_ndn; /* the magic "root" normalized dn for this db */
char *be_root_pw; /* the magic "root" password for this db */
int be_readonly; /* 1 => db is in "read only" mode */
- int be_maxDerefDepth; /* limit for depth of an alias deref */
+ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
int be_sizelimit; /* size limit for this backend */
int be_timelimit; /* time limit for this backend */
struct acl *be_acl; /* access control list for this backend */
char **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
char *be_update_ndn; /* allowed to make changes (in replicas) */
+ struct berval **be_update_refs; /* where to refer modifying clients to */
int be_lastmod; /* keep track of lastmodified{by,time} */
char *be_realm;
int (*bi_op_delete) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
char *dn));
- /* Bug: be_op_abandon in unused! */
int (*bi_op_abandon) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
ber_int_t msgid));
/* Auxilary Functions */
int (*bi_entry_release_rw) LDAP_P((BackendDB *bd, Entry *e, int rw));
-#ifdef SLAPD_ACLGROUPS
+
int (*bi_acl_group) LDAP_P((Backend *bd,
Entry *e, char *bdn, char *edn,
char *objectclassValue, char *groupattrName ));
-#endif
int (*bi_connection_init) LDAP_P((BackendDB *bd,
struct slap_conn *c));
LDAPControl **o_ctrls; /* controls */
-/* long o_connid; *//* id of conn initiating this op */
+ unsigned long o_connid; /* id of conn initiating this op */
#ifdef LDAP_CONNECTIONLESS
int o_cldap; /* != 0 if this came in via CLDAP */
BerElement *c_currentber; /* ber we're attempting to read */
int c_writewaiter; /* true if writer is waiting */
+ int c_is_tls; /* true if this LDAP over raw TLS */
+ int c_needs_tls_accept; /* true if SSL_accept should be called */
+
long c_n_ops_received; /* num of ops received (next op_id) */
long c_n_ops_executing; /* num of ops currently executing */
long c_n_ops_pending; /* num of ops pending execution */