/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2009 The OpenLDAP Foundation.
+ * Copyright 1998-2010 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#define SLAP_CONTROL_X_SESSION_TRACKING
#define SLAP_CONTROL_X_WHATFAILED
#define SLAP_CONFIG_DELETE
+#ifndef SLAP_SCHEMA_EXPOSE
+#define SLAP_SCHEMA_EXPOSE
+#endif
#endif
#define LDAP_DYNAMIC_OBJECTS
#define SLAP_SYNTAX_BLOB 0x0001U /* syntax treated as blob (audio) */
#define SLAP_SYNTAX_BINARY 0x0002U /* binary transfer required (certificate) */
#define SLAP_SYNTAX_BER 0x0004U /* stored in BER encoding (certificate) */
-#ifdef LDAP_DEVEL
+#ifdef SLAP_SCHEMA_EXPOSE
#define SLAP_SYNTAX_HIDE 0x0000U /* publish everything */
#else
#define SLAP_SYNTAX_HIDE 0x8000U /* hide (do not publish) */
slap_mask_t smr_usage;
-#ifdef LDAP_DEVEL
+#ifdef SLAP_SCHEMA_EXPOSE
#define SLAP_MR_HIDE 0x0000U
#else
#define SLAP_MR_HIDE 0x8000U
#define SLAP_AT_NONE 0x0000U
#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */
#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */
-#ifdef LDAP_DEVEL
+#ifdef SLAP_SCHEMA_EXPOSE
#define SLAP_AT_HIDE 0x0000U /* publish everything */
#else
#define SLAP_AT_HIDE 0x8000U /* hide attribute */
#define SLAP_OC__MASK 0x00FF
#define SLAP_OC__END 0x0100
#define SLAP_OC_OPERATIONAL 0x4000
-#ifdef LDAP_DEVEL
+#ifdef SLAP_SCHEMA_EXPOSE
#define SLAP_OC_HIDE 0x0000
#else
#define SLAP_OC_HIDE 0x8000
struct AccessControl *acl_next;
} AccessControl;
-typedef enum {
- ACL_STATE_NOT_RECORDED = 0x0,
- ACL_STATE_RECORDED_VD = 0x1,
- ACL_STATE_RECORDED_NV = 0x2,
- ACL_STATE_RECORDED = ( ACL_STATE_RECORDED_VD | ACL_STATE_RECORDED_NV )
-} slap_acl_state_t;
-
typedef struct AccessControlState {
/* Access state */
- AccessControl *as_vi_acl;
- AccessControl *as_vd_acl;
- AttributeDescription *as_vd_ad;
+ /* The stored state is valid when requesting as_access access
+ * to the as_desc attributes. */
+ AttributeDescription *as_desc;
+ slap_access_t as_access;
- slap_acl_state_t as_recorded;
+ /* Value dependent acl where processing can restart */
+ AccessControl *as_vd_acl;
int as_vd_acl_count;
+ slap_mask_t as_vd_mask;
+
+ /* The cached result after evaluating a value independent attr.
+ * Only valid when != -1 and as_vd_acl == NULL */
int as_result;
+
+ /* True if started to process frontend ACLs */
int as_fe_done;
} AccessControlState;
-#define ACL_STATE_INIT { NULL, NULL, NULL, \
- ACL_STATE_NOT_RECORDED, 0, 0, 0 }
+#define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, ACL_PRIV_NONE, -1, 0 }
typedef struct AclRegexMatches {
int dn_count;
void *aux;
} slap_cf_aux_table;
+typedef int
+slap_cf_aux_table_parse_x LDAP_P((
+ struct berval *val,
+ void *bc,
+ slap_cf_aux_table *tab0,
+ const char *tabmsg,
+ int unparse ));
+
#define SLAP_LIMIT_TIME 1
#define SLAP_LIMIT_SIZE 2
#define SLAP_SYNC_RID_MAX 999
#define SLAP_SYNC_SID_MAX 4095 /* based on liblutil/csn.c field width */
+
+/* fake conn connid constructed as rid; real connids start
+ * at SLAPD_SYNC_CONN_OFFSET */
+#define SLAPD_SYNC_SYNCCONN_OFFSET (SLAP_SYNC_RID_MAX + 1)
+#define SLAPD_SYNC_IS_SYNCCONN(connid) ((connid) < SLAPD_SYNC_SYNCCONN_OFFSET)
+#define SLAPD_SYNC_RID2SYNCCONN(rid) (rid)
+
#define SLAP_SYNCUUID_SET_SIZE 256
struct sync_cookie {
#define SLAP_DBFLAG_SHADOW_MASK (SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SINGLE_SHADOW|SLAP_DBFLAG_SYNC_SHADOW|SLAP_DBFLAG_SLURP_SHADOW)
#define SLAP_DBFLAG_CLEAN 0x10000U /* was cleanly shutdown */
#define SLAP_DBFLAG_ACL_ADD 0x20000U /* check attr ACLs on adds */
+#define SLAP_DBFLAG_SYNC_SUBENTRY 0x40000U /* use subentry for context */
slap_mask_t be_flags;
#define SLAP_DBFLAGS(be) ((be)->be_flags)
#define SLAP_NOLASTMOD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD)
#define SLAP_MULTIMASTER(be) (!SLAP_SINGLE_SHADOW(be))
#define SLAP_DBCLEAN(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_CLEAN)
#define SLAP_DBACL_ADD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_ACL_ADD)
+#define SLAP_SYNC_SUBENTRY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SYNC_SUBENTRY)
slap_mask_t be_restrictops; /* restriction operations */
#define SLAP_RESTRICT_OP_ADD 0x0001U
ber_int_t rs_msgid;
} req_abandon_s;
-#ifdef LDAP_DEVEL
+#ifdef SLAP_SCHEMA_EXPOSE
#define SLAP_EXOP_HIDE 0x0000
#else
#define SLAP_EXOP_HIDE 0x8000
BerVarray sr_ref;
LDAPControl **sr_ctrls;
union sr_u {
+ rep_search_s sru_search;
rep_sasl_s sru_sasl;
rep_extended_s sru_extended;
- rep_search_s sru_search;
} sr_un;
slap_mask_t sr_flags;
#define REP_ENTRY_MODIFIABLE 0x0001U
#define REP_ENTRY_MUSTBEFREED 0x0002U
#define REP_ENTRY_MUSTRELEASE 0x0004U
#define REP_ENTRY_MASK (REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED|REP_ENTRY_MUSTRELEASE)
+#define REP_ENTRY_MUSTFLUSH (REP_ENTRY_MUSTBEFREED|REP_ENTRY_MUSTRELEASE)
#define REP_MATCHED_MUSTBEFREED 0x0010U
#define REP_MATCHED_MASK (REP_MATCHED_MUSTBEFREED)
} slap_overinfo;
/* Should successive callbacks in a chain be processed? */
-#define SLAP_CB_FREEME 0x04000
#define SLAP_CB_BYPASS 0x08800
#define SLAP_CB_CONTINUE 0x08000
#define send_ldap_intermediate( op, rs ) \
((op)->o_conn->c_send_ldap_intermediate)( op, rs )
-typedef struct slap_listener Listener;
+typedef struct Listener Listener;
/*
* represents a connection from an ldap client
*/
+/* structure state (protected by connections_mutex) */
+enum sc_struct_state {
+ SLAP_C_UNINITIALIZED = 0, /* MUST BE ZERO (0) */
+ SLAP_C_UNUSED,
+ SLAP_C_USED,
+ SLAP_C_PENDING
+};
+
+/* connection state (protected by c_mutex ) */
+enum sc_conn_state {
+ SLAP_C_INVALID = 0, /* MUST BE ZERO (0) */
+ SLAP_C_INACTIVE, /* zero threads */
+ SLAP_C_CLOSING, /* closing */
+ SLAP_C_ACTIVE, /* one or more threads */
+ SLAP_C_BINDING, /* binding */
+ SLAP_C_CLIENT /* outbound client conn */
+};
struct Connection {
- int c_struct_state; /* structure management state */
- int c_conn_state; /* connection state */
+ enum sc_struct_state c_struct_state; /* structure management state */
+ enum sc_conn_state c_conn_state; /* connection state */
int c_conn_idx; /* slot in connections array */
ber_socket_t c_sd;
const char *c_close_reason; /* why connection is closing */
/*
* listener; need to access it from monitor backend
*/
-struct slap_listener {
+struct Listener {
struct berval sl_url;
struct berval sl_name;
mode_t sl_perms;
ber_socket_t sl_sd;
Sockaddr sl_sa;
#define sl_addr sl_sa.sa_in_addr
+#ifdef LDAP_DEVEL
+#define LDAP_TCP_BUFFER
+#endif
+#ifdef LDAP_TCP_BUFFER
+ int sl_tcp_rmem; /* custom TCP read buffer size */
+ int sl_tcp_wmem; /* custom TCP write buffer size */
+#endif
};
/*
/* number of response controls supported */
#define SLAP_MAX_RESPONSE_CONTROLS 6
-#ifdef LDAP_DEVEL
+#ifdef SLAP_SCHEMA_EXPOSE
#define SLAP_CTRL_HIDE 0x00000000U
#else
#define SLAP_CTRL_HIDE 0x80000000U