/* slap.h - stand alone ldap server include file */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include <sys/types.h>
#include <ac/syslog.h>
#include <ac/regex.h>
+#include <ac/signal.h>
#include <ac/socket.h>
#include <ac/time.h>
#include <ac/param.h>
#include "ldap_pvt_thread.h"
#include "ldap_queue.h"
+#define SLAP_EXTENDED_SCHEMA 1
+
LDAP_BEGIN_DECL
/*
* SLAPD Memory allocation macros
*/
#define SLAP_MOD_SOFTADD 0x1000
-#define ON (1)
-#define OFF (-1)
-#define UNDEFINED (0)
-
-#define MAXREMATCHES (10)
+#define MAXREMATCHES (100)
#define SLAP_MAX_WORKER_THREADS (32)
+#define SLAP_SB_MAX_INCOMING_DEFAULT ((1<<18) - 1)
+#define SLAP_SB_MAX_INCOMING_AUTH ((1<<24) - 1)
+
#define SLAP_TEXT_BUFLEN (256)
/* psuedo error code indicating abandoned operation */
#define SLAPD_ROLE_ATTR "roleOccupant"
#define SLAPD_ROLE_CLASS "organizationalRole"
+#ifdef SLAPD_ACI_ENABLED
#define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1"
-#define SLAPD_ACI_ATTR "OpenLDAPaci"
+#endif
#define SLAPD_OCTETSTRING_SYNTAX "1.3.6.1.4.1.1466.115.121.1.40"
slap_ssf_t sss_update_transport;
slap_ssf_t sss_update_tls;
slap_ssf_t sss_update_sasl;
+ slap_ssf_t sss_simple_bind;
} slap_ssf_set_t;
+
+/* Flags for telling slap_sasl_getdn() what type of identity is being passed */
+#define SLAP_GETDN_AUTHCID 2
+#define SLAP_GETDN_AUTHZID 4
+
/*
* Index types
*/
#define SLAP_INDEX_DEFAULT SLAP_INDEX_EQUALITY
-#define IS_SLAP_INDEX(mask, type) (((mask) & (type)) == (type) )
+#define IS_SLAP_INDEX(mask, type) (((mask) & (type)) == (type))
#define SLAP_INDEX_SUBSTR_TYPE 0x0F00UL
#define SLAP_INDEX_FLAGS 0xF000UL
#define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */
-#define SLAP_INDEX_NOLANG 0x2000UL /* don't use index w/ lang */
-#define SLAP_INDEX_AUTO_SUBTYPES 0x4000UL /* use mask with lang subtypes */
+#define SLAP_INDEX_NOTAGS 0x2000UL /* don't use index w/ tags */
/*
* there is a single index for each attribute. these prefixes ensure
#define SLAP_INDEX_SUBSTR_INITIAL_PREFIX '^'
#define SLAP_INDEX_SUBSTR_FINAL_PREFIX '$'
#define SLAP_INDEX_CONT_PREFIX '.' /* prefix for continuation keys */
-#define SLAP_INDEX_UNKNOWN_PREFIX '?' /* prefix for unknown keys */
-#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
-#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
-#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
+#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
+#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
+#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
+#define SLAP_SYNTAX_MATCHINGRULEUSES_OID "1.3.6.1.4.1.1466.115.121.1.31"
+#define SLAP_SYNTAX_CONTENTRULE_OID "1.3.6.1.4.1.1466.115.121.1.16"
+
+#ifdef LDAP_CLIENT_UPDATE
+#define LCUP_COOKIE_OID "1.3.6.1.4.1.4203.666.10.1"
+#endif /* LDAP_CLIENT_UPDATE */
/*
* represents schema information for a database
*/
-#define SLAP_SCHERR_OUTOFMEM 1
-#define SLAP_SCHERR_CLASS_NOT_FOUND 2
-#define SLAP_SCHERR_CLASS_BAD_USAGE 3
-#define SLAP_SCHERR_ATTR_NOT_FOUND 4
-#define SLAP_SCHERR_ATTR_BAD_USAGE 5
-#define SLAP_SCHERR_DUP_CLASS 6
-#define SLAP_SCHERR_DUP_ATTR 7
-#define SLAP_SCHERR_DUP_SYNTAX 8
-#define SLAP_SCHERR_DUP_RULE 9
-#define SLAP_SCHERR_NO_NAME 10
-#define SLAP_SCHERR_ATTR_INCOMPLETE 11
-#define SLAP_SCHERR_MR_NOT_FOUND 12
-#define SLAP_SCHERR_SYN_NOT_FOUND 13
-#define SLAP_SCHERR_MR_INCOMPLETE 14
-#define SLAP_SCHERR_NOT_SUPPORTED 15
-#define SLAP_SCHERR_BAD_DESCR 16
+#define SLAP_SCHERR_OUTOFMEM 1
+#define SLAP_SCHERR_CLASS_NOT_FOUND 2
+#define SLAP_SCHERR_CLASS_BAD_USAGE 3
+#define SLAP_SCHERR_CLASS_BAD_SUP 4
+#define SLAP_SCHERR_CLASS_DUP 5
+#define SLAP_SCHERR_ATTR_NOT_FOUND 6
+#define SLAP_SCHERR_ATTR_BAD_MR 7
+#define SLAP_SCHERR_ATTR_BAD_USAGE 8
+#define SLAP_SCHERR_ATTR_BAD_SUP 9
+#define SLAP_SCHERR_ATTR_INCOMPLETE 10
+#define SLAP_SCHERR_ATTR_DUP 11
+#define SLAP_SCHERR_MR_NOT_FOUND 12
+#define SLAP_SCHERR_MR_INCOMPLETE 13
+#define SLAP_SCHERR_MR_DUP 14
+#define SLAP_SCHERR_SYN_NOT_FOUND 15
+#define SLAP_SCHERR_SYN_DUP 16
+#define SLAP_SCHERR_NO_NAME 17
+#define SLAP_SCHERR_NOT_SUPPORTED 18
+#define SLAP_SCHERR_BAD_DESCR 19
+#define SLAP_SCHERR_OIDM 20
+#define SLAP_SCHERR_CR_DUP 21
+#define SLAP_SCHERR_CR_BAD_STRUCT 22
+#define SLAP_SCHERR_CR_BAD_AUX 23
+#define SLAP_SCHERR_CR_BAD_AT 24
+#define SLAP_SCHERR_LAST SLAP_SCHERR_CR_BAD_AT
typedef union slap_sockaddr {
struct sockaddr sa_addr;
struct sockaddr_in sa_in_addr;
#ifdef LDAP_PF_INET6
+ struct sockaddr_storage sa_storage;
struct sockaddr_in6 sa_in6_addr;
#endif
#ifdef LDAP_PF_LOCAL
#endif
} Sockaddr;
+#ifdef LDAP_PF_INET6
+extern int slap_inet4or6;
+#endif
+
typedef struct slap_oid_macro {
struct berval som_oid;
char **som_names;
#define ssyn_oid ssyn_syn.syn_oid
#define ssyn_desc ssyn_syn.syn_desc
#define ssyn_extensions ssyn_syn.syn_extensions
+ /*
+ * Note: the former
ber_len_t ssyn_oidlen;
+ * has been replaced by a struct berval that uses the value
+ * provided by ssyn_syn.syn_oid; a macro that expands to
+ * the bv_len field of the berval is provided for backward
+ * compatibility. CAUTION: NEVER FREE THE BERVAL
+ */
+ struct berval ssyn_bvoid;
+#define ssyn_oidlen ssyn_bvoid.bv_len
unsigned int ssyn_flags;
#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
+typedef struct slap_syntax_defs_rec {
+ char *sd_desc;
+ int sd_flags;
+ slap_syntax_validate_func *sd_validate;
+ slap_syntax_transform_func *sd_normalize;
+ slap_syntax_transform_func *sd_pretty;
+#ifdef SLAPD_BINARY_CONVERSION
+ slap_syntax_transform_func *sd_ber2str;
+ slap_syntax_transform_func *sd_str2ber;
+#endif
+} slap_syntax_defs_rec;
+
/* X -> Y Converter */
typedef int slap_mr_convert_func LDAP_P((
struct berval * in,
struct slap_syntax *syntax, /* syntax of stored value */
struct slap_matching_rule *mr,
struct berval *prefix,
- BVarray values,
- BVarray *keys ));
+ BerVarray values,
+ BerVarray *keys ));
/* Filter index function */
typedef int slap_mr_filter_func LDAP_P((
struct slap_matching_rule *mr,
struct berval *prefix,
void * assertValue,
- BVarray *keys ));
+ BerVarray *keys ));
+
+typedef struct slap_matching_rule_use MatchingRuleUse;
typedef struct slap_matching_rule {
LDAPMatchingRule smr_mrule;
- ber_len_t smr_oidlen;
+ MatchingRuleUse *smr_mru;
+ /* RFC2252 string representation */
+ struct berval smr_str;
+ /*
+ * Note: the former
+ ber_len_t smr_oidlen;
+ * has been replaced by a struct berval that uses the value
+ * provided by smr_mrule.mr_oid; a macro that expands to
+ * the bv_len field of the berval is provided for backward
+ * compatibility. CAUTION: NEVER FREE THE BERVAL
+ */
+ struct berval smr_bvoid;
+#define smr_oidlen smr_bvoid.bv_len
+
slap_mask_t smr_usage;
#define SLAP_MR_HIDE 0x8000U
#define SLAP_MR_EQUALITY 0x0100U
#define SLAP_MR_ORDERING 0x0200U
#define SLAP_MR_SUBSTR 0x0400U
-#define SLAP_MR_EXT 0x0800U
+#define SLAP_MR_EXT 0x0800U /* implicitly extensible */
#define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U )
#define SLAP_MR_DN_FOLD 0x0008U
#define SLAP_MR_ASSERTION_SYNTAX_MATCH 0x0000U
#define SLAP_MR_VALUE_SYNTAX_MATCH 0x0001U
#define SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH 0x0003U
+#define SLAP_MR_VALUE_NORMALIZED_MATCH 0x0004U
#define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \
(!((usage) & SLAP_MR_VALUE_SYNTAX_MATCH))
slap_mr_indexer_func *smr_indexer;
slap_mr_filter_func *smr_filter;
+ /*
+ * null terminated list of syntaxes compatible with this syntax
+ * note: when MS_EXT is set, this MUST NOT contain the assertion
+ * syntax of the rule. When MS_EXT is not set, it MAY.
+ */
+ Syntax **smr_compat_syntaxes;
+
struct slap_matching_rule *smr_associated;
struct slap_matching_rule *smr_next;
#define smr_extensions smr_mrule.mr_extensions
} MatchingRule;
-struct slap_attr_desc;
+struct slap_matching_rule_use {
+ LDAPMatchingRuleUse smru_mruleuse;
+ MatchingRule *smru_mr;
+ /* RFC2252 string representation */
+ struct berval smru_str;
+
+ struct slap_matching_rule_use *smru_next;
+
+#define smru_oid smru_mruleuse.mru_oid
+#define smru_names smru_mruleuse.mru_names
+#define smru_desc smru_mruleuse.mru_desc
+#define smru_obsolete smru_mruleuse.mru_obsolete
+#define smru_applies_oids smru_mruleuse.mru_applies_oids
+
+#define smru_usage smru_mr->smr_usage
+} /* MatchingRuleUse */ ;
+
+typedef struct slap_mrule_defs_rec {
+ char * mrd_desc;
+ slap_mask_t mrd_usage;
+ char ** mrd_compat_syntaxes;
+ slap_mr_convert_func * mrd_convert;
+ slap_mr_normalize_func * mrd_normalize;
+ slap_mr_match_func * mrd_match;
+ slap_mr_indexer_func * mrd_indexer;
+ slap_mr_filter_func * mrd_filter;
+
+ char * mrd_associated;
+} slap_mrule_defs_rec;
+
+struct slap_backend_db;
+struct slap_entry;
+struct slap_attr;
typedef int (AttributeTypeSchemaCheckFN)(
+ struct slap_backend_db *be,
struct slap_entry *e,
struct slap_attr *attr,
const char** text,
MatchingRule *sat_approx;
MatchingRule *sat_ordering;
MatchingRule *sat_substr;
- Syntax *sat_syntax;
+ Syntax *sat_syntax;
+
AttributeTypeSchemaCheckFN *sat_check;
- struct slap_attr_desc *sat_ad;
+
+#define SLAP_AT_NONE 0x0000U
+#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */
+#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */
+#define SLAP_AT_HIDE 0x8000U /* hide attribute */
+ slap_mask_t sat_flags;
+
struct slap_attribute_type *sat_next;
- ldap_pvt_thread_mutex_t sat_ad_mutex;
-#define sat_oid sat_atype.at_oid
-#define sat_names sat_atype.at_names
-#define sat_desc sat_atype.at_desc
+
+#define sat_oid sat_atype.at_oid
+#define sat_names sat_atype.at_names
+#define sat_desc sat_atype.at_desc
#define sat_obsolete sat_atype.at_obsolete
-#define sat_sup_oid sat_atype.at_sup_oid
+#define sat_sup_oid sat_atype.at_sup_oid
#define sat_equality_oid sat_atype.at_equality_oid
#define sat_ordering_oid sat_atype.at_ordering_oid
#define sat_substr_oid sat_atype.at_substr_oid
#define sat_single_value sat_atype.at_single_value
#define sat_collective sat_atype.at_collective
#define sat_no_user_mod sat_atype.at_no_user_mod
-#define sat_usage sat_atype.at_usage
+#define sat_usage sat_atype.at_usage
#define sat_extensions sat_atype.at_extensions
+
+ struct slap_attr_desc *sat_ad;
+ ldap_pvt_thread_mutex_t sat_ad_mutex;
} AttributeType;
#define is_at_operational(at) ((at)->sat_usage)
#define is_at_obsolete(at) ((at)->sat_obsolete)
#define is_at_no_user_mod(at) ((at)->sat_no_user_mod)
+struct slap_object_class;
+
typedef int (ObjectClassSchemaCheckFN)(
+ struct slap_backend_db *be,
struct slap_entry *e,
struct slap_object_class *oc,
const char** text,
char *textbuf, size_t textlen );
typedef struct slap_object_class {
- LDAPObjectClass soc_oclass;
+ LDAPObjectClass soc_oclass;
+ struct berval soc_cname;
struct slap_object_class **soc_sups;
- AttributeType **soc_required;
- AttributeType **soc_allowed;
- ObjectClassSchemaCheckFN *sco_check;
- struct slap_object_class *soc_next;
-#define soc_oid soc_oclass.oc_oid
-#define soc_names soc_oclass.oc_names
-#define soc_desc soc_oclass.oc_desc
+ AttributeType **soc_required;
+ AttributeType **soc_allowed;
+ ObjectClassSchemaCheckFN *soc_check;
+ slap_mask_t soc_flags;
+#define soc_oid soc_oclass.oc_oid
+#define soc_names soc_oclass.oc_names
+#define soc_desc soc_oclass.oc_desc
#define soc_obsolete soc_oclass.oc_obsolete
#define soc_sup_oids soc_oclass.oc_sup_oids
-#define soc_kind soc_oclass.oc_kind
+#define soc_kind soc_oclass.oc_kind
#define soc_at_oids_must soc_oclass.oc_at_oids_must
#define soc_at_oids_may soc_oclass.oc_at_oids_may
#define soc_extensions soc_oclass.oc_extensions
+
+ struct slap_object_class *soc_next;
} ObjectClass;
+#define SLAP_OC_ALIAS 0x0001
+#define SLAP_OC_REFERRAL 0x0002
+#define SLAP_OC_SUBENTRY 0x0004
+#define SLAP_OC_DYNAMICOBJECT 0x0008
+#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x0010
+#define SLAP_OC__MASK 0x001F
+#define SLAP_OC__END 0x0020
+#define SLAP_OC_OPERATIONAL 0x4000
+#define SLAP_OC_HIDE 0x8000
/*
- * represents a recognized attribute description ( type + options )
+ * DIT content rule
*/
+typedef struct slap_content_rule {
+ LDAPContentRule scr_crule;
+ ObjectClass *scr_sclass;
+ ObjectClass **scr_auxiliaries; /* optional */
+ AttributeType **scr_required; /* optional */
+ AttributeType **scr_allowed; /* optional */
+ AttributeType **scr_precluded; /* optional */
+#define scr_oid scr_crule.cr_oid
+#define scr_names scr_crule.cr_names
+#define scr_desc scr_crule.cr_desc
+#define scr_obsolete scr_crule.cr_obsolete
+#define scr_oc_oids_aux scr_crule.cr_oc_oids_aux
+#define scr_at_oids_must scr_crule.cr_at_oids_must
+#define scr_at_oids_may scr_crule.cr_at_oids_may
+#define scr_at_oids_not scr_crule.cr_at_oids_not
+
+ struct slap_content_rule *scr_next;
+} ContentRule;
+
+/* Represents a recognized attribute description ( type + options ). */
typedef struct slap_attr_desc {
struct slap_attr_desc *ad_next;
AttributeType *ad_type; /* attribute type, must be specified */
struct berval ad_cname; /* canonical name, must be specified */
- struct berval ad_lang; /* empty if no language tags */
+ struct berval ad_tags; /* empty if no tagging options */
unsigned ad_flags;
-#define SLAP_DESC_NONE 0x0U
-#define SLAP_DESC_BINARY 0x1U
+#define SLAP_DESC_NONE 0x00U
+#define SLAP_DESC_BINARY 0x01U
+#define SLAP_DESC_TAG_RANGE 0x80U
} AttributeDescription;
typedef struct slap_attr_name {
struct berval an_name;
AttributeDescription *an_desc;
+ ObjectClass *an_oc;
} AttributeName;
-#define slap_ad_is_lang(ad) ( (ad)->ad_lang.bv_len != 0 )
-#define slap_ad_is_binary(ad) ( (int)((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
+#define slap_ad_is_tagged(ad) ( (ad)->ad_tags.bv_len != 0 )
+#define slap_ad_is_tag_range(ad) \
+ ( ((ad)->ad_flags & SLAP_DESC_TAG_RANGE) ? 1 : 0 )
+#define slap_ad_is_binary(ad) \
+ ( ((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
/*
* pointers to schema elements used internally
ObjectClass *si_oc_extensibleObject;
ObjectClass *si_oc_alias;
ObjectClass *si_oc_referral;
+ ObjectClass *si_oc_rootdse;
ObjectClass *si_oc_subentry;
ObjectClass *si_oc_subschema;
- ObjectClass *si_oc_rootdse;
+ ObjectClass *si_oc_monitor;
+ ObjectClass *si_oc_collectiveAttributeSubentry;
+ ObjectClass *si_oc_dynamicObject;
/* objectClass attribute descriptions */
AttributeDescription *si_ad_objectClass;
/* operational attribute descriptions */
AttributeDescription *si_ad_structuralObjectClass;
- AttributeDescription *si_ad_entryUUID;
- AttributeDescription *si_ad_entryCSN;
AttributeDescription *si_ad_creatorsName;
AttributeDescription *si_ad_createTimestamp;
AttributeDescription *si_ad_modifiersName;
AttributeDescription *si_ad_modifyTimestamp;
AttributeDescription *si_ad_hasSubordinates;
AttributeDescription *si_ad_subschemaSubentry;
+ AttributeDescription *si_ad_collectiveSubentries;
+ AttributeDescription *si_ad_collectiveExclusions;
+ AttributeDescription *si_ad_entryUUID;
+ AttributeDescription *si_ad_entryCSN;
+ AttributeDescription *si_ad_superiorUUID;
/* root DSE attribute descriptions */
+ AttributeDescription *si_ad_altServer;
AttributeDescription *si_ad_namingContexts;
AttributeDescription *si_ad_supportedControl;
AttributeDescription *si_ad_supportedExtension;
AttributeDescription *si_ad_supportedLDAPVersion;
AttributeDescription *si_ad_supportedSASLMechanisms;
AttributeDescription *si_ad_supportedFeatures;
+ AttributeDescription *si_ad_monitorContext;
+ AttributeDescription *si_ad_vendorName;
+ AttributeDescription *si_ad_vendorVersion;
+
+ /* subentry attribute descriptions */
+ AttributeDescription *si_ad_administrativeRole;
+ AttributeDescription *si_ad_subtreeSpecification;
/* subschema subentry attribute descriptions */
+ AttributeDescription *si_ad_ditStructureRules;
+ AttributeDescription *si_ad_ditContentRules;
+ AttributeDescription *si_ad_nameForms;
AttributeDescription *si_ad_objectClasses;
AttributeDescription *si_ad_attributeTypes;
AttributeDescription *si_ad_ldapSyntaxes;
AttributeDescription *si_ad_matchingRules;
- AttributeDescription *si_ad_matchingRulesUse;
+ AttributeDescription *si_ad_matchingRuleUse;
/* Aliases & Referrals */
AttributeDescription *si_ad_aliasedObjectName;
/* Access Control Internals */
AttributeDescription *si_ad_entry;
AttributeDescription *si_ad_children;
+ AttributeDescription *si_ad_saslAuthzTo;
+ AttributeDescription *si_ad_saslAuthzFrom;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *si_ad_aci;
#endif
+ /* dynamic entries */
+ AttributeDescription *si_ad_entryTtl;
+ AttributeDescription *si_ad_dynamicSubtrees;
+
/* Other attributes descriptions */
+ AttributeDescription *si_ad_distinguishedName;
AttributeDescription *si_ad_name;
AttributeDescription *si_ad_cn;
AttributeDescription *si_ad_userPassword;
MatchingRule *si_mr_integerMatch;
/* Syntaxes */
+ Syntax *si_syn_octetString;
Syntax *si_syn_distinguishedName;
Syntax *si_syn_integer;
};
#define f_sub_final f_un.f_un_ssa->sa_final
#define f_mra f_un.f_un_mra
#define f_mr_rule f_un.f_un_mra->ma_rule
-#define f_mr_rule_text f_un.f_un_mra->ma_rule_text
+#define f_mr_rule_text f_un.f_un_mra->ma_rule_text
#define f_mr_desc f_un.f_un_mra->ma_desc
#define f_mr_value f_un.f_un_mra->ma_value
#define f_mr_dnattrs f_un.f_un_mra->ma_dnattrs
/* compare routines can return undefined */
#define SLAPD_COMPARE_UNDEFINED ((ber_int_t) -1)
+typedef struct slap_valuesreturnfilter {
+ ber_tag_t f_choice;
+
+ union vrf_un_u {
+ /* precomputed result */
+ ber_int_t f_un_result;
+
+ /* DN */
+ char *f_un_dn;
+
+ /* present */
+ AttributeDescription *f_un_desc;
+
+ /* simple value assertion */
+ AttributeAssertion *f_un_ava;
+
+ /* substring assertion */
+ SubstringsAssertion *f_un_ssa;
+
+ /* matching rule assertion */
+ MatchingRuleAssertion *f_un_mra;
+ } f_un;
+
+ struct slap_valuesreturnfilter *f_next;
+} ValuesReturnFilter;
+
/*
* represents an attribute (description + values)
*/
typedef struct slap_attr {
AttributeDescription *a_desc;
- BVarray a_vals;
+ BerVarray a_vals;
struct slap_attr *a_next;
+ unsigned a_flags;
+#define SLAP_ATTR_IXADD 0x1U
+#define SLAP_ATTR_IXDEL 0x2U
} Attribute;
Attribute *e_attrs; /* list of attributes + values */
+ slap_mask_t e_ocflags;
+
+ struct berval e_bv; /* For entry_encode/entry_decode */
+
/* for use by the backend for any purpose */
void* e_private;
} Entry;
int sm_op;
AttributeDescription *sm_desc;
struct berval sm_type;
- BVarray sm_bvalues;
+ BerVarray sm_bvalues;
} Modification;
typedef struct slap_mod_list {
typedef struct slap_authz_info {
ber_tag_t sai_method; /* LDAP_AUTH_* from <ldap.h> */
- char * sai_mech; /* SASL Mechanism */
+ struct berval sai_mech; /* SASL Mechanism */
struct berval sai_dn; /* DN for reporting purposes */
struct berval sai_ndn; /* Normalized DN */
slap_style_t a_dn_style;
AttributeDescription *a_dn_at;
int a_dn_self;
+ int a_dn_expand;
slap_style_t a_peername_style;
- char *a_peername_pat;
+ struct berval a_peername_pat;
slap_style_t a_sockname_style;
- char *a_sockname_pat;
+ struct berval a_sockname_pat;
slap_style_t a_domain_style;
- char *a_domain_pat;
+ struct berval a_domain_pat;
+ int a_domain_expand;
+
slap_style_t a_sockurl_style;
- char *a_sockurl_pat;
+ struct berval a_sockurl_pat;
slap_style_t a_set_style;
struct berval a_set_pat;
struct slap_acl *acl_next;
} AccessControl;
+typedef struct slap_acl_state {
+ unsigned as_recorded;
+#define ACL_STATE_NOT_RECORDED 0x0
+#define ACL_STATE_RECORDED_VD 0x1
+#define ACL_STATE_RECORDED_NV 0x2
+#define ACL_STATE_RECORDED 0x3
+
+ /* Access state */
+ AccessControl *as_vd_acl;
+ AccessControl *as_vi_acl;
+ slap_mask_t as_vd_acl_mask;
+ regmatch_t as_vd_acl_matches[MAXREMATCHES];
+ int as_vd_acl_count;
+
+ Access *as_vd_access;
+ int as_vd_access_count;
+
+ int as_result;
+ AttributeDescription *as_vd_ad;
+} AccessControlState;
+#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, { { 0, 0 } }, 0, NULL, 0, 0, NULL }
+
/*
* replog moddn param structure
*/
struct slap_replica_info {
char *ri_host; /* supersedes be_replica */
- struct berval **ri_nsuffix; /* array of suffixes this replica accepts */
+ BerVarray ri_nsuffix; /* array of suffixes this replica accepts */
+ AttributeName *ri_attrs; /* attrs to replicate, NULL=all */
+ int ri_exclude; /* 1 => exclude ri_attrs */
};
struct slap_limits_set {
int lms_s_soft;
int lms_s_hard;
int lms_s_unchecked;
+ int lms_s_pr;
+ int lms_s_pr_hide;
};
struct slap_limits {
#define SLAP_LIMITS_REGEX 0x0005
#define SLAP_LIMITS_ANONYMOUS 0x0006
#define SLAP_LIMITS_USERS 0x0007
+#define SLAP_LIMITS_ANY 0x0008
regex_t lm_dn_regex; /* regex data for REGEX */
/*
#define be_attribute bd_info->bi_acl_attribute
#define be_operational bd_info->bi_operational
+/*
+ * define to honor hasSubordinates operational attribute in search filters
+ * (in previous use there was a flaw with back-bdb and back-ldbm; now it
+ * is fixed).
+ */
+
+#define be_has_subordinates bd_info->bi_has_subordinates
+
#define be_controls bd_info->bi_controls
#define be_connection_init bd_info->bi_connection_init
#define be_sync bd_info->bi_tool_sync
#endif
+#define SLAP_BFLAG_NOLASTMOD 0x0001U
+#define SLAP_BFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */
+#define SLAP_BFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */
+#define SLAP_BFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */
+#define SLAP_BFLAG_ALIASES 0x0100U
+#define SLAP_BFLAG_REFERRALS 0x0200U
+#define SLAP_BFLAG_SUBENTRIES 0x0400U
+#define SLAP_BFLAG_MONITOR 0x1000U
+#define SLAP_BFLAG_DYNAMIC 0x2000U
+ slap_mask_t be_flags;
+#define SLAP_LASTMOD(be) (!((be)->be_flags & SLAP_BFLAG_NOLASTMOD))
+#define SLAP_ALIASES(be) ((be)->be_flags & SLAP_BFLAG_ALIASES)
+#define SLAP_REFERRALS(be) ((be)->be_flags & SLAP_BFLAG_REFERRALS)
+#define SLAP_SUBENTRIES(be) ((be)->be_flags & SLAP_BFLAG_SUBENTRIES)
+#define SLAP_MONITOR(be) ((be)->be_flags & SLAP_BFLAG_MONITOR)
+#define SLAP_DYNAMIC(be) ((be)->be_flags & SLAP_BFLAG_DYNAMIC)
+
slap_mask_t be_restrictops; /* restriction operations */
#define SLAP_RESTRICT_OP_ADD 0x0001U
#define SLAP_RESTRICT_OP_BIND 0x0002U
#define SLAP_RESTRICT_OP_SEARCH 0x0080U
#define SLAP_RESTRICT_OP_READS \
- ( SLAP_RESTRICT_OP_COMPARE \
+ ( SLAP_RESTRICT_OP_COMPARE \
| SLAP_RESTRICT_OP_SEARCH )
#define SLAP_RESTRICT_OP_WRITES \
( SLAP_RESTRICT_OP_ADD \
#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
#define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */
-#define SLAP_ALLOW_BIND_ANON_DN 0x0003U /* dn should be empty */
+#define SLAP_ALLOW_BIND_ANON_DN 0x0004U /* dn should be empty */
+
+#define SLAP_ALLOW_UPDATE_ANON 0x0008U /* allow anonymous updates */
#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
-#define SLAP_DISALLOW_BIND_KRBV4 0x0004U /* Kerberos V4 authentication */
+#define SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED \
+ 0x0004U /* unprotected simple auth */
+#define SLAP_DISALLOW_BIND_KRBV4 0x0008U /* Kerberos V4 authentication */
#define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */
#define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */
+#define SLAP_DISALLOW_AUX_WO_CR 0x4000U
+
slap_mask_t be_requires; /* pre-operation requirements */
#define SLAP_REQUIRE_BIND 0x0001U /* bind before op */
#define SLAP_REQUIRE_LDAP_V3 0x0002U /* LDAPv3 before op */
slap_ssf_set_t be_ssf_set;
/* these should be renamed from be_ to bd_ */
- struct berval **be_suffix; /* the DN suffixes of data in this backend */
- struct berval **be_nsuffix; /* the normalized DN suffixes in this backend */
- struct berval **be_suffixAlias; /* pairs of DN suffix aliases and deref values */
+ BerVarray be_suffix; /* the DN suffixes of data in this backend */
+ BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */
+ BerVarray be_suffixAlias; /* pairs of DN suffix aliases and deref values */
+ struct berval be_schemadn; /* per-backend subschema subentry DN */
+ struct berval be_schemandn; /* normalized subschema DN */
struct berval be_rootdn; /* the magic "root" name (DN) for this db */
struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */
struct berval be_rootpw; /* the magic "root" password for this db */
- unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
+ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
#define be_sizelimit be_def_limit.lms_s_soft
#define be_timelimit be_def_limit.lms_t_soft
struct slap_limits_set be_def_limit; /* default limits */
struct slap_replica_info **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
struct berval be_update_ndn; /* allowed to make changes (in replicas) */
- BVarray be_update_refs; /* where to refer modifying clients to */
+ BerVarray be_update_refs; /* where to refer modifying clients to */
char *be_realm;
- int be_lastmod; /* keep track of lastmodified{by,time} */
-
-#define SLAP_GLUE_INSTANCE 0x01 /* a glue backend */
-#define SLAP_GLUE_SUBORDINATE 0x02 /* child of a glue hierarchy */
-#define SLAP_GLUE_LINKED 0x04 /* child is connected to parent */
-
- int be_glueflags; /* */
void *be_private; /* anything the backend database needs */
+
+ void *be_pb; /* Netscape plugin */
};
struct slap_conn;
ber_int_t msgid));
typedef int (BI_op_extended) LDAP_P((
- BackendDB *be,
- struct slap_conn *conn,
- struct slap_op *op,
+ BackendDB *be,
+ struct slap_conn *conn,
+ struct slap_op *op,
const char *reqoid,
- struct berval * reqdata,
+ struct berval * reqdata,
char **rspoid,
- struct berval ** rspdata,
+ struct berval ** rspdata,
LDAPControl *** rspctrls,
const char ** text,
- BVarray *refs ));
+ BerVarray *refs ));
typedef int (BI_entry_release_rw) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
struct slap_conn *c, struct slap_op *o,
Entry *e, struct berval *edn,
AttributeDescription *entry_at,
- BVarray *vals ));
+ BerVarray *vals ));
typedef int (BI_operational) LDAP_P((Backend *bd,
struct slap_conn *c, struct slap_op *o,
Entry *e, AttributeName *attrs, int opattrs, Attribute **a ));
+typedef int (BI_has_subordinates) LDAP_P((Backend *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e, int *has_subordinates ));
+
typedef int (BI_connection_init) LDAP_P((BackendDB *bd,
struct slap_conn *c));
typedef int (BI_connection_destroy) LDAP_P((BackendDB *bd,
typedef ID (BI_tool_entry_first) LDAP_P(( BackendDB *be ));
typedef ID (BI_tool_entry_next) LDAP_P(( BackendDB *be ));
typedef Entry* (BI_tool_entry_get) LDAP_P(( BackendDB *be, ID id ));
-typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e ));
+typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e,
+ struct berval *text ));
typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id ));
typedef int (BI_tool_sync) LDAP_P(( BackendDB *be ));
struct slap_backend_info {
- char *bi_type; /* type of backend */
+ char *bi_type; /* type of backend */
/*
* per backend type routines:
BI_acl_attribute *bi_acl_attribute;
BI_operational *bi_operational;
+ BI_has_subordinates *bi_has_subordinates;
BI_connection_init *bi_connection_init;
BI_connection_destroy *bi_connection_destroy;
#define o_tls_ssf o_authz.sai_tls_ssf
#define o_sasl_ssf o_authz.sai_sasl_ssf
-struct slap_op;
-struct slap_conn;
-
typedef void (slap_response)( struct slap_conn *, struct slap_op *,
ber_tag_t, ber_int_t, ber_int_t, const char *, const char *,
- BVarray, const char *, struct berval *,
+ BerVarray, const char *, struct berval *,
struct berval *, LDAPControl ** );
typedef void (slap_sresult)( struct slap_conn *, struct slap_op *,
- ber_int_t, const char *, const char *, BVarray,
+ ber_int_t, const char *, const char *, BerVarray,
LDAPControl **, int nentries);
+typedef int (slap_sendentry)( BackendDB *, struct slap_conn *,
+ struct slap_op *, Entry *, AttributeName *, int, LDAPControl **);
+
+typedef struct slap_callback {
+ slap_response *sc_response;
+ slap_sresult *sc_sresult;
+ slap_sendentry *sc_sendentry;
+ void *sc_private;
+} slap_callback;
+
/*
- * represents an operation pending from an ldap client
+ * Paged Results state
*/
-typedef struct slap_op {
- ber_int_t o_opid; /* id of this operation */
- ber_int_t o_msgid; /* msgid of the request */
-#ifdef LDAP_CONNECTIONLESS
- Sockaddr o_peeraddr; /* UDP peer address */
-#endif
-
- ldap_pvt_thread_t o_tid; /* thread handling this op */
+typedef unsigned long PagedResultsCookie;
+typedef struct slap_paged_state {
+ Backend *ps_be;
+ PagedResultsCookie ps_cookie;
+ ID ps_id;
+} PagedResultsState;
+
+
+#ifdef LDAP_CLIENT_UPDATE
+#define LCUP_PSEARCH_BY_ADD 0x01
+#define LCUP_PSEARCH_BY_DELETE 0x02
+#define LCUP_PSEARCH_BY_PREMODIFY 0x03
+#define LCUP_PSEARCH_BY_MODIFY 0x04
+#define LCUP_PSEARCH_BY_SCOPEOUT 0x05
+
+struct lcup_search_spec {
+ struct slap_op *op;
+ struct berval *base;
+ struct berval *nbase;
+ int scope;
+ int deref;
+ int slimit;
+ int tlimit;
+ Filter *filter;
+ struct berval *filterstr;
+ AttributeName *attrs;
+ int attrsonly;
+ struct lcup_entry *elist;
+ ldap_pvt_thread_mutex_t elist_mutex;
+ int entry_count;
+ LDAP_LIST_ENTRY(lcup_search_spec) link;
+};
- BerElement *o_ber; /* ber of the request */
+struct psid_entry {
+ struct lcup_search_spec* ps;
+ LDAP_LIST_ENTRY(psid_entry) link;
+};
+#endif /* LDAP_CLIENT_UPDATE */
- ber_tag_t o_tag; /* tag of the request */
- time_t o_time; /* time op was initiated */
- AuthorizationInformation o_authz;
+/*
+ * represents an operation pending from an ldap client
+ */
+typedef struct slap_op {
+ unsigned long o_opid; /* id of this operation */
+ unsigned long o_connid; /* id of conn initiating this op */
+ struct slap_conn *o_conn; /* connection spawning this op */
+ ber_int_t o_msgid; /* msgid of the request */
ber_int_t o_protocol; /* version of the LDAP protocol used by client */
+ ber_tag_t o_tag; /* tag of the request */
+ time_t o_time; /* time op was initiated */
- LDAPControl **o_ctrls; /* controls */
+ char * o_extendedop; /* extended operation OID */
- unsigned long o_connid; /* id of conn initiating this op */
+ ldap_pvt_thread_t o_tid; /* thread handling this op */
- ldap_pvt_thread_mutex_t o_abandonmutex; /* protects o_abandon */
- int o_abandon; /* abandon flag */
- slap_response *o_response; /* callback function */
- slap_sresult *o_sresult; /* search result callback */
+ volatile sig_atomic_t o_abandon; /* abandon flag */
- LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */
- void *o_private; /* anything the backend needs */
- void *o_glue; /* for the glue backend */
+ char o_do_not_cache; /* don't cache from this op */
#define SLAP_NO_CONTROL 0
#define SLAP_NONCRITICAL_CONTROL 1
#define SLAP_CRITICAL_CONTROL 2
-
char o_managedsait;
+ char o_noop;
+ char o_proxy_authz;
char o_subentries;
char o_subentries_visibility;
+ char o_valuesreturnfilter;
+
+ char o_pagedresults;
+ ber_int_t o_pagedresults_size;
+ PagedResultsState o_pagedresults_state;
+
+#ifdef LDAP_CLIENT_UPDATE
+ char o_clientupdate;
+ char o_clientupdate_type;
+#define SLAP_LCUP_NONE (0x0)
+#define SLAP_LCUP_SYNC (0x1)
+#define SLAP_LCUP_PERSIST (0x2)
+#define SLAP_LCUP_SYNC_AND_PERSIST (0x3)
+ ber_int_t o_clientupdate_interval;
+ struct berval o_clientupdate_state;
+ LDAP_LIST_HEAD(lss, lcup_search_spec) psearch_spec;
+ LDAP_LIST_HEAD(pe, psid_entry) premodify_list;
+ LDAP_LIST_ENTRY(slap_op) link;
+#endif /* LDAP_CLIENT_UPDATE */
+
+#ifdef LDAP_CONNECTIONLESS
+ Sockaddr o_peeraddr; /* UDP peer address */
+#endif
+ AuthorizationInformation o_authz;
+
+ BerElement *o_ber; /* ber of the request */
+ slap_callback *o_callback; /* callback pointers */
+ LDAPControl **o_ctrls; /* controls */
+
+ void *o_threadctx; /* thread pool thread context */
+ void *o_private; /* anything the backend needs */
+
+ LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */
+ ValuesReturnFilter *vrFilter; /* Structure represents ValuesReturnFilter */
+
+ void *o_pb; /* Netscape plugin */
+
} Operation;
#define get_manageDSAit(op) ((int)(op)->o_managedsait)
#define get_subentries(op) ((int)(op)->o_subentries)
#define get_subentries_visibility(op) ((int)(op)->o_subentries_visibility)
+#define get_pagedresults(op) ((int)(op)->o_pagedresults)
+
+
+
+typedef void (*SEND_LDAP_RESULT)(
+ struct slap_conn *conn,
+ struct slap_op *op,
+ ber_int_t err,
+ const char *matched,
+ const char *text,
+ BerVarray ref,
+ LDAPControl **ctrls
+ );
+
+#define send_ldap_result( conn, op, err, matched, text, ref, ctrls ) \
+(*conn->c_send_ldap_result)( conn, op, err, matched, text, ref, ctrls )
+
+
+typedef int (*SEND_SEARCH_ENTRY)(
+ struct slap_backend_db *be,
+ struct slap_conn *conn,
+ struct slap_op *op,
+ struct slap_entry *e,
+ AttributeName *attrs,
+ int attrsonly,
+ LDAPControl **ctrls
+ );
+
+#define send_search_entry( be, conn, op, e, attrs, attrsonly, ctrls) \
+(*conn->c_send_search_entry)( be, conn, op, e, attrs, attrsonly, ctrls)
+
+
+typedef void (*SEND_SEARCH_RESULT)(
+ struct slap_conn *conn,
+ struct slap_op *op,
+ ber_int_t err,
+ const char *matched,
+ const char *text,
+ BerVarray refs,
+ LDAPControl **ctrls,
+ int nentries
+ );
+
+#define send_search_result( conn, op, err, matched, text, refs, ctrls, nentries ) \
+(*conn->c_send_search_result)( conn, op, err, matched, text, refs, ctrls, nentries )
+
+
+typedef int (*SEND_SEARCH_REFERENCE)(
+ struct slap_backend_db *be,
+ struct slap_conn *conn,
+ struct slap_op *op,
+ struct slap_entry *e,
+ BerVarray refs,
+ LDAPControl **ctrls,
+ BerVarray *v2refs
+ );
+
+#define send_search_reference( be, conn, op, e, refs, ctrls, v2refs ) \
+(*conn->c_send_search_reference)( be, conn, op, e, refs, ctrls, v2refs )
+
+
+typedef void (*SEND_LDAP_EXTENDED)(
+ struct slap_conn *conn,
+ struct slap_op *op,
+ ber_int_t err,
+ const char *matched,
+ const char *text,
+ BerVarray refs,
+ const char *rspoid,
+ struct berval *rspdata,
+ LDAPControl **ctrls
+ );
+
+#define send_ldap_extended( conn, op, err, matched, text, refs, rspoid, rspdata, ctrls) \
+(*conn->c_send_ldap_extended)( conn, op, err, matched, text, refs, rspoid, rspdata, ctrls )
+
/*
* Caches the result of a backend_group check for ACL evaluation
*/
typedef struct slap_gacl {
- struct slap_gacl *next;
- Backend *be;
- ObjectClass *oc;
- AttributeDescription *at;
- int res;
- ber_len_t len;
- char ndn[1];
+ struct slap_gacl *ga_next;
+ Backend *ga_be;
+ ObjectClass *ga_oc;
+ AttributeDescription *ga_at;
+ int ga_res;
+ ber_len_t ga_len;
+ char ga_ndn[1];
} GroupAssertion;
+typedef struct slap_listener Listener;
+
/*
* represents a connection from an ldap client
*/
time_t c_activitytime; /* when the connection was last used */
unsigned long c_connid; /* id of this connection for stats*/
- char *c_listener_url; /* listener URL */
- char *c_peer_domain; /* DNS name of client */
- char *c_peer_name; /* peer name (trans=addr:port) */
- char *c_sock_name; /* sock name (trans=addr:port) */
+ struct berval c_peer_domain; /* DNS name of client */
+ struct berval c_peer_name; /* peer name (trans=addr:port) */
+ Listener *c_listener;
+#define c_listener_url c_listener->sl_url /* listener URL */
+#define c_sock_name c_listener->sl_name /* sock name (trans=addr:port) */
/* only can be changed by binding thread */
int c_sasl_bind_in_progress; /* multi-op bind in progress */
- char *c_sasl_bind_mech; /* mech in progress */
- struct berval c_cdn;
+ struct berval c_sasl_bind_mech; /* mech in progress */
+ struct berval c_sasl_dn; /* temporary storage */
- /* authentication backend */
- Backend *c_authc_backend;
-
- /* authorization backend - normally same as c_authc_backend */
+ /* authorization backend */
Backend *c_authz_backend;
AuthorizationInformation c_authz;
int c_sasl_layers; /* true if we need to install SASL i/o handlers */
void *c_sasl_context; /* SASL session context */
void *c_sasl_extra; /* SASL session extra stuff */
+ struct slap_op *c_sasl_bindop; /* set to current op if it's a bind */
+
+ PagedResultsState c_pagedresults_state; /* paged result state */
- long c_n_ops_received; /* num of ops received (next op_id) */
+ long c_n_ops_received; /* num of ops received (next op_id) */
long c_n_ops_executing; /* num of ops currently executing */
- long c_n_ops_pending; /* num of ops pending execution */
+ long c_n_ops_pending; /* num of ops pending execution */
long c_n_ops_completed; /* num of ops completed */
long c_n_get; /* num of get calls */
long c_n_read; /* num of read calls */
long c_n_write; /* num of write calls */
+
+ void *c_pb; /* Netscape plugin */
+
+ /*
+ * These are the "callbacks" that are available for back-ends to
+ * supply data back to connected clients that are connected
+ * through the "front-end".
+ */
+ SEND_LDAP_RESULT c_send_ldap_result;
+ SEND_SEARCH_ENTRY c_send_search_entry;
+ SEND_SEARCH_RESULT c_send_search_result;
+ SEND_SEARCH_REFERENCE c_send_search_reference;
+ SEND_LDAP_EXTENDED c_send_ldap_extended;
+
} Connection;
#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG)
fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
if ( ldap_syslog & (level) ) \
syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
- (arg2), (arg3) ); \
+ (arg2), (arg3) ); \
+ } while (0)
+#define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level))
+#elif defined(LDAP_DEBUG)
+#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
+ do { \
+ if ( ldap_debug & (level) ) \
+ fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
+ } while (0)
+#define StatslogTest( level ) (ldap_debug & (level))
+#elif defined(LDAP_SYSLOG)
+#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
+ do { \
+ if ( ldap_syslog & (level) ) \
+ syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
+ (arg2), (arg3) ); \
} while (0)
+#define StatslogTest( level ) (ldap_syslog & (level))
#else
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )
+#define StatslogTest( level ) (0)
#endif
+/*
+ * listener; need to access it from monitor backend
+ */
+struct slap_listener {
+ struct berval sl_url;
+ struct berval sl_name;
+ mode_t sl_perms;
+#ifdef HAVE_TLS
+ int sl_is_tls;
+#endif
+#ifdef LDAP_CONNECTIONLESS
+ int sl_is_udp; /* UDP listener is also data port */
+#endif
+ ber_socket_t sl_sd;
+ Sockaddr sl_sa;
+#define sl_addr sl_sa.sa_in_addr
+};
-#define SASLREGEX_REPLACE 10
-#define SASL_AUTHZ_SOURCE_ATTR "saslAuthzTo"
-#define SASL_AUTHZ_DEST_ATTR "saslAuthzFrom"
+#ifdef SLAPD_MONITOR
+/*
+ * Operation indices
+ */
+enum {
+ SLAP_OP_BIND = 0,
+ SLAP_OP_UNBIND,
+ SLAP_OP_ADD,
+ SLAP_OP_DELETE,
+ SLAP_OP_MODRDN,
+ SLAP_OP_MODIFY,
+ SLAP_OP_COMPARE,
+ SLAP_OP_SEARCH,
+ SLAP_OP_ABANDON,
+ SLAP_OP_EXTENDED,
+ SLAP_OP_LAST
+};
+#endif /* SLAPD_MONITOR */
-typedef struct sasl_regexp {
- char *match; /* regexp match pattern */
- char *replace; /* regexp replace pattern */
- regex_t workspace; /* workspace for regexp engine */
- regmatch_t strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */
- int offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */
-} SaslRegexp_t;
+/*
+ * Better know these all around slapd
+ */
+#define SLAP_LDAPDN_PRETTY 0x1
+#define SLAP_LDAPDN_MAXLEN 8192
-/* Flags for telling slap_sasl_getdn() what type of identity is being passed */
-#define FLAG_GETDN_FINAL 1
-#define FLAG_GETDN_AUTHCID 2
-#define FLAG_GETDN_AUTHZID 4
+/*
+ * Macros for LCUP
+ */
+#ifdef LDAP_CLIENT_UPDATE
+#define SLAP_LCUP_STATE_UPDATE_TRUE 1
+#define SLAP_LCUP_STATE_UPDATE_FALSE 0
+#define SLAP_LCUP_ENTRY_DELETED_TRUE 1
+#define SLAP_LCUP_ENTRY_DELETED_FALSE 0
+#endif /* LDAP_CLIENT_UPDATE */
LDAP_END_DECL