X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fback-meta%2Fback-meta.h;h=63441dc728d0a88ead50a01d9679611e5d2f01e7;hb=caf751fbb20fbccf535b900df1dabef0f40e0222;hp=0771431096e637238147334705bf314bfb870742;hpb=f8d1a618668499d9b0dbdb9e3cd24e2aa0bafa0f;p=openldap
diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h
index 0771431096..63441dc728 100644
--- a/servers/slapd/back-meta/back-meta.h
+++ b/servers/slapd/back-meta/back-meta.h
@@ -1,7 +1,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 1999-2006 The OpenLDAP Foundation.
+ * Copyright 1999-2012 The OpenLDAP Foundation.
* Portions Copyright 2001-2003 Pierangelo Masarati.
* Portions Copyright 1999-2003 Howard Chu.
* All rights reserved.
@@ -27,10 +27,15 @@
#ifndef SLAPD_META_H
#define SLAPD_META_H
+#ifdef LDAP_DEVEL
+#define SLAPD_META_CLIENT_PR 1
+#endif /* LDAP_DEVEL */
+
#include "proto-meta.h"
/* String rewrite library */
#include "rewrite.h"
+
LDAP_BEGIN_DECL
/*
@@ -40,9 +45,6 @@ LDAP_BEGIN_DECL
#define META_BACK_PRINT_CONNTREE 0
#endif /* !META_BACK_PRINT_CONNTREE */
-struct slap_conn;
-struct slap_op;
-
/* from back-ldap.h before rwm removal */
struct ldapmap {
int drop_missing;
@@ -67,12 +69,14 @@ struct ldaprwmap {
* will be disabled */
BerVarray rwm_suffix_massage;
#endif /* !ENABLE_REWRITE */
+ BerVarray rwm_bva_rewrite;
/*
* Attribute/objectClass mapping
*/
struct ldapmap rwm_oc;
struct ldapmap rwm_at;
+ BerVarray rwm_bva_map;
};
/* Whatever context ldap_back_dn_massage needs... */
@@ -116,25 +120,19 @@ ldap_back_map_filter(
int
ldap_back_map_attrs(
+ Operation *op,
struct ldapmap *at_map,
AttributeName *a,
int remap,
char ***mapped_attrs );
-extern int ldap_back_map_config(
- struct ldapmap *oc_map,
- struct ldapmap *at_map,
- const char *fname,
- int lineno,
- int argc,
- char **argv );
-
extern int
ldap_back_filter_map_rewrite(
dncookie *dc,
Filter *f,
struct berval *fstr,
- int remap );
+ int remap,
+ void *memctx );
/* suffix massaging by means of librewrite */
#ifdef ENABLE_REWRITE
@@ -148,7 +146,8 @@ suffix_massage_config( struct rewrite_info *info,
extern int
ldap_back_referral_result_rewrite(
dncookie *dc,
- BerVarray a_vals );
+ BerVarray a_vals,
+ void *memctx );
extern int
ldap_dnattr_rewrite(
dncookie *dc,
@@ -160,14 +159,43 @@ ldap_dnattr_result_rewrite(
/* (end of) from back-ldap.h before rwm removal */
+/*
+ * A metasingleconn_t can be in the following, mutually exclusive states:
+ *
+ * - none (0x0U)
+ * - creating META_BACK_FCONN_CREATING
+ * - initialized META_BACK_FCONN_INITED
+ * - binding LDAP_BACK_FCONN_BINDING
+ * - bound/anonymous LDAP_BACK_FCONN_ISBOUND/LDAP_BACK_FCONN_ISANON
+ *
+ * possible modifiers are:
+ *
+ * - privileged LDAP_BACK_FCONN_ISPRIV
+ * - privileged, TLS LDAP_BACK_FCONN_ISTLS
+ * - subjected to idassert LDAP_BACK_FCONN_ISIDASR
+ * - tainted LDAP_BACK_FCONN_TAINTED
+ */
+
+#define META_BACK_FCONN_INITED (0x00100000U)
+#define META_BACK_FCONN_CREATING (0x00200000U)
+
+#define META_BACK_CONN_INITED(lc) LDAP_BACK_CONN_ISSET((lc), META_BACK_FCONN_INITED)
+#define META_BACK_CONN_INITED_SET(lc) LDAP_BACK_CONN_SET((lc), META_BACK_FCONN_INITED)
+#define META_BACK_CONN_INITED_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), META_BACK_FCONN_INITED)
+#define META_BACK_CONN_INITED_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), META_BACK_FCONN_INITED, (mlc))
+#define META_BACK_CONN_CREATING(lc) LDAP_BACK_CONN_ISSET((lc), META_BACK_FCONN_CREATING)
+#define META_BACK_CONN_CREATING_SET(lc) LDAP_BACK_CONN_SET((lc), META_BACK_FCONN_CREATING)
+#define META_BACK_CONN_CREATING_CLEAR(lc) LDAP_BACK_CONN_CLEAR((lc), META_BACK_FCONN_CREATING)
+#define META_BACK_CONN_CREATING_CPY(lc, mlc) LDAP_BACK_CONN_CPY((lc), META_BACK_FCONN_CREATING, (mlc))
+
struct metainfo_t;
-typedef struct metasingleconn_t {
- int msc_candidate;
-#define META_NOT_CANDIDATE ((ber_tag_t)0x0)
-#define META_CANDIDATE ((ber_tag_t)0x1)
-#define META_BINDING ((ber_tag_t)0x2)
+#define META_NOT_CANDIDATE ((ber_tag_t)0x0)
+#define META_CANDIDATE ((ber_tag_t)0x1)
+#define META_BINDING ((ber_tag_t)0x2)
+#define META_RETRYING ((ber_tag_t)0x4)
+typedef struct metasingleconn_t {
#define META_CND_ISSET(rs,f) ( ( (rs)->sr_tag & (f) ) == (f) )
#define META_CND_SET(rs,f) ( (rs)->sr_tag |= (f) )
#define META_CND_CLEAR(rs,f) ( (rs)->sr_tag &= ~(f) )
@@ -179,6 +207,9 @@ typedef struct metasingleconn_t {
#define META_IS_BINDING(rs) META_CND_ISSET( (rs), META_BINDING )
#define META_BINDING_SET(rs) META_CND_SET( (rs), META_BINDING )
#define META_BINDING_CLEAR(rs) META_CND_CLEAR( (rs), META_BINDING )
+#define META_IS_RETRYING(rs) META_CND_ISSET( (rs), META_RETRYING )
+#define META_RETRYING_SET(rs) META_CND_SET( (rs), META_RETRYING )
+#define META_RETRYING_CLEAR(rs) META_CND_CLEAR( (rs), META_RETRYING )
LDAP *msc_ld;
time_t msc_time;
@@ -188,19 +219,19 @@ typedef struct metasingleconn_t {
/* NOTE: lc_lcflags is redefined to msc_mscflags to reuse the macros
* defined for back-ldap */
#define lc_lcflags msc_mscflags
-
- struct metainfo_t *msc_info;
} metasingleconn_t;
typedef struct metaconn_t {
- struct slap_conn *mc_conn;
-#define lc_conn mc_conn
- unsigned mc_refcnt;
-
- time_t mc_create_time;
- time_t mc_time;
+ ldapconn_base_t lc_base;
+#define mc_base lc_base
+#define mc_conn mc_base.lcb_conn
+#define mc_local_ndn mc_base.lcb_local_ndn
+#define mc_refcnt mc_base.lcb_refcnt
+#define mc_create_time mc_base.lcb_create_time
+#define mc_time mc_base.lcb_time
- struct berval mc_local_ndn;
+ LDAP_TAILQ_ENTRY(metaconn_t) mc_q;
+
/* NOTE: msc_mscflags is used to recycle the #define
* in metasingleconn_t */
unsigned msc_mscflags;
@@ -212,6 +243,9 @@ typedef struct metaconn_t {
int mc_authz_target;
#define META_BOUND_NONE (-1)
#define META_BOUND_ALL (-2)
+
+ struct metainfo_t *mc_info;
+
/* supersedes the connection stuff */
metasingleconn_t mc_conns[ 1 ];
/* NOTE: mc_conns must be last, because
@@ -219,6 +253,67 @@ typedef struct metaconn_t {
* in one block with the metaconn_t structure */
} metaconn_t;
+typedef enum meta_st_t {
+#if 0 /* todo */
+ META_ST_EXACT = LDAP_SCOPE_BASE,
+#endif
+ META_ST_SUBTREE = LDAP_SCOPE_SUBTREE,
+ META_ST_SUBORDINATE = LDAP_SCOPE_SUBORDINATE,
+ META_ST_REGEX /* last + 1 */
+} meta_st_t;
+
+typedef struct metasubtree_t {
+ meta_st_t ms_type;
+ union {
+ struct berval msu_dn;
+ struct {
+ struct berval msr_regex_pattern;
+ regex_t msr_regex;
+ } msu_regex;
+ } ms_un;
+#define ms_dn ms_un.msu_dn
+#define ms_regex ms_un.msu_regex.msr_regex
+#define ms_regex_pattern ms_un.msu_regex.msr_regex_pattern
+
+ struct metasubtree_t *ms_next;
+} metasubtree_t;
+
+typedef struct metacommon_t {
+ int mc_version;
+ int mc_nretries;
+#define META_RETRY_UNDEFINED (-2)
+#define META_RETRY_FOREVER (-1)
+#define META_RETRY_NEVER (0)
+#define META_RETRY_DEFAULT (10)
+
+ unsigned mc_flags;
+#define META_BACK_CMN_ISSET(mc,f) ( ( (mc)->mc_flags & (f) ) == (f) )
+#define META_BACK_CMN_QUARANTINE(mc) META_BACK_CMN_ISSET( (mc), LDAP_BACK_F_QUARANTINE )
+#define META_BACK_CMN_CHASE_REFERRALS(mc) META_BACK_CMN_ISSET( (mc), LDAP_BACK_F_CHASE_REFERRALS )
+#define META_BACK_CMN_NOREFS(mc) META_BACK_CMN_ISSET( (mc), LDAP_BACK_F_NOREFS )
+#define META_BACK_CMN_NOUNDEFFILTER(mc) META_BACK_CMN_ISSET( (mc), LDAP_BACK_F_NOUNDEFFILTER )
+#define META_BACK_CMN_SAVECRED(mc) META_BACK_CMN_ISSET( (mc), LDAP_BACK_F_SAVECRED )
+#define META_BACK_CMN_ST_REQUEST(mc) META_BACK_CMN_ISSET( (mc), LDAP_BACK_F_ST_REQUEST )
+
+#ifdef SLAPD_META_CLIENT_PR
+ /*
+ * client-side paged results:
+ * -1: accept unsolicited paged results responses
+ * 0: off
+ * >0: always request paged results with size == mt_ps
+ */
+#define META_CLIENT_PR_DISABLE (0)
+#define META_CLIENT_PR_ACCEPT_UNSOLICITED (-1)
+ ber_int_t mc_ps;
+#endif /* SLAPD_META_CLIENT_PR */
+
+ slap_retry_info_t mc_quarantine;
+ time_t mc_network_timeout;
+ struct timeval mc_bind_timeout;
+#define META_BIND_TIMEOUT LDAP_BACK_RESULT_UTIMEOUT
+ time_t mc_timeout[ SLAP_OP_LAST ];
+} metacommon_t;
+
typedef struct metatarget_t {
char *mt_uri;
ldap_pvt_thread_mutex_t mt_uri_mutex;
@@ -229,7 +324,10 @@ typedef struct metatarget_t {
LDAP_URLLIST_PROC *mt_urllist_f;
void *mt_urllist_p;
- BerVarray mt_subtree_exclude;
+ metasubtree_t *mt_subtree;
+ /* F: subtree-include; T: subtree-exclude */
+ int mt_subtree_exclude;
+
int mt_scope;
struct berval mt_psuffix; /* pretty suffix */
@@ -238,6 +336,9 @@ typedef struct metatarget_t {
struct berval mt_binddn;
struct berval mt_bindpw;
+ /* we only care about the TLS options here */
+ slap_bindconf mt_tls;
+
slap_idassert_t mt_idassert;
#define mt_idassert_mode mt_idassert.si_mode
#define mt_idassert_authcID mt_idassert.si_bc.sb_authcId
@@ -252,23 +353,32 @@ typedef struct metatarget_t {
#define mt_idassert_flags mt_idassert.si_flags
#define mt_idassert_authz mt_idassert.si_authz
- int mt_nretries;
-#define META_RETRY_UNDEFINED (-2)
-#define META_RETRY_FOREVER (-1)
-#define META_RETRY_NEVER (0)
-#define META_RETRY_DEFAULT (10)
-
struct ldaprwmap mt_rwmap;
sig_atomic_t mt_isquarantined;
- slap_retry_info_t mt_quarantine;
ldap_pvt_thread_mutex_t mt_quarantine_mutex;
-#define META_BACK_TGT_QUARANTINE(mt) ( (mt)->mt_quarantine.ri_num != NULL )
- unsigned mt_flags;
+ metacommon_t mt_mc;
+#define mt_nretries mt_mc.mc_nretries
+#define mt_flags mt_mc.mc_flags
+#define mt_version mt_mc.mc_version
+#define mt_ps mt_mc.mc_ps
+#define mt_network_timeout mt_mc.mc_network_timeout
+#define mt_bind_timeout mt_mc.mc_bind_timeout
+#define mt_timeout mt_mc.mc_timeout
+#define mt_quarantine mt_mc.mc_quarantine
+
#define META_BACK_TGT_ISSET(mt,f) ( ( (mt)->mt_flags & (f) ) == (f) )
#define META_BACK_TGT_ISMASK(mt,m,f) ( ( (mt)->mt_flags & (m) ) == (f) )
+#define META_BACK_TGT_SAVECRED(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_SAVECRED )
+
+#define META_BACK_TGT_USE_TLS(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_USE_TLS )
+#define META_BACK_TGT_PROPAGATE_TLS(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_PROPAGATE_TLS )
+#define META_BACK_TGT_TLS_CRITICAL(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_TLS_CRITICAL )
+
+#define META_BACK_TGT_CHASE_REFERRALS(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_CHASE_REFERRALS )
+
#define META_BACK_TGT_T_F(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_T_F_MASK, LDAP_BACK_F_T_F )
#define META_BACK_TGT_T_F_DISCOVER(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_T_F_MASK2, LDAP_BACK_F_T_F_DISCOVER )
@@ -276,12 +386,18 @@ typedef struct metatarget_t {
#define META_BACK_TGT_IGNORE(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_IGNORE )
#define META_BACK_TGT_CANCEL(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK, LDAP_BACK_F_CANCEL_EXOP )
#define META_BACK_TGT_CANCEL_DISCOVER(mt) META_BACK_TGT_ISMASK( (mt), LDAP_BACK_F_CANCEL_MASK2, LDAP_BACK_F_CANCEL_EXOP_DISCOVER )
+#define META_BACK_TGT_QUARANTINE(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_QUARANTINE )
+
+#ifdef SLAP_CONTROL_X_SESSION_TRACKING
+#define META_BACK_TGT_ST_REQUEST(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_ST_REQUEST )
+#define META_BACK_TGT_ST_RESPONSE(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_ST_RESPONSE )
+#endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+
+#define META_BACK_TGT_NOREFS(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_NOREFS )
+#define META_BACK_TGT_NOUNDEFFILTER(mt) META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_NOUNDEFFILTER )
+
+ slap_mask_t mt_rep_flags;
- int mt_version;
- time_t mt_network_timeout;
- struct timeval mt_bind_timeout;
-#define META_BIND_TIMEOUT LDAP_BACK_RESULT_UTIMEOUT
- time_t mt_timeout[ SLAP_OP_LAST ];
} metatarget_t;
typedef struct metadncache_t {
@@ -307,7 +423,15 @@ typedef struct metainfo_t {
int mi_ntargets;
int mi_defaulttarget;
#define META_DEFAULT_TARGET_NONE (-1)
- int mi_nretries;
+
+#define mi_nretries mi_mc.mc_nretries
+#define mi_flags mi_mc.mc_flags
+#define mi_version mi_mc.mc_version
+#define mi_ps mi_mc.mc_ps
+#define mi_network_timeout mi_mc.mc_network_timeout
+#define mi_bind_timeout mi_mc.mc_bind_timeout
+#define mi_timeout mi_mc.mc_timeout
+#define mi_quarantine mi_mc.mc_quarantine
metatarget_t **mi_targets;
metacandidates_t *mi_candidates;
@@ -317,32 +441,46 @@ typedef struct metainfo_t {
metadncache_t mi_cache;
+ /* cached connections;
+ * special conns are in tailq rather than in tree */
ldap_avl_info_t mi_conninfo;
+ struct {
+ int mic_num;
+ LDAP_TAILQ_HEAD(mc_conn_priv_q, metaconn_t) mic_priv;
+ } mi_conn_priv[ LDAP_BACK_PCONN_LAST ];
+ int mi_conn_priv_max;
/* NOTE: quarantine uses the connection mutex */
- slap_retry_info_t mi_quarantine;
-
-#define META_BACK_QUARANTINE(mi) ( (mi)->mi_quarantine.ri_num != NULL )
meta_back_quarantine_f mi_quarantine_f;
void *mi_quarantine_p;
- unsigned mi_flags;
#define li_flags mi_flags
/* uses flags as defined in */
-#define META_BACK_F_ONERR_STOP (0x00010000U)
-#define META_BACK_F_DEFER_ROOTDN_BIND (0x00020000U)
+#define META_BACK_F_ONERR_STOP (0x01000000U)
+#define META_BACK_F_ONERR_REPORT (0x02000000U)
+#define META_BACK_F_ONERR_MASK (META_BACK_F_ONERR_STOP|META_BACK_F_ONERR_REPORT)
+#define META_BACK_F_DEFER_ROOTDN_BIND (0x04000000U)
+#define META_BACK_F_PROXYAUTHZ_ALWAYS (0x08000000U) /* users always proxyauthz */
+#define META_BACK_F_PROXYAUTHZ_ANON (0x10000000U) /* anonymous always proxyauthz */
+#define META_BACK_F_PROXYAUTHZ_NOANON (0x20000000U) /* anonymous remains anonymous */
+
+#define META_BACK_ONERR_STOP(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_STOP )
+#define META_BACK_ONERR_REPORT(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_REPORT )
+#define META_BACK_ONERR_CONTINUE(mi) ( !LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_MASK ) )
-#define META_BACK_ONERR_STOP(mi) ( (mi)->mi_flags & META_BACK_F_ONERR_STOP )
-#define META_BACK_ONERR_CONTINUE(mi) ( !META_BACK_ONERR_CONTINUE( (mi) ) )
+#define META_BACK_DEFER_ROOTDN_BIND(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_DEFER_ROOTDN_BIND )
+#define META_BACK_PROXYAUTHZ_ALWAYS(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_ALWAYS )
+#define META_BACK_PROXYAUTHZ_ANON(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_ANON )
+#define META_BACK_PROXYAUTHZ_NOANON(mi) LDAP_BACK_ISSET( (mi), META_BACK_F_PROXYAUTHZ_NOANON )
-#define META_BACK_DEFER_ROOTDN_BIND(mi) ( (mi)->mi_flags & META_BACK_F_DEFER_ROOTDN_BIND )
+#define META_BACK_QUARANTINE(mi) LDAP_BACK_ISSET( (mi), LDAP_BACK_F_QUARANTINE )
- int mi_version;
- time_t mi_network_timeout;
time_t mi_conn_ttl;
time_t mi_idle_timeout;
- struct timeval mi_bind_timeout;
- time_t mi_timeout[ SLAP_OP_LAST ];
+
+ metacommon_t mi_mc;
+ ldap_extra_t *mi_ldap_extra;
+
} metainfo_t;
typedef enum meta_op_type {
@@ -363,10 +501,10 @@ meta_back_getconn(
extern void
meta_back_release_conn_lock(
- Operation *op,
+ metainfo_t *mi,
metaconn_t *mc,
int dolock );
-#define meta_back_release_conn(op, mc) meta_back_release_conn_lock( (op), (mc), 1 )
+#define meta_back_release_conn(mi, mc) meta_back_release_conn_lock( (mi), (mc), 1 )
extern int
meta_back_retry(
@@ -383,7 +521,7 @@ meta_back_conn_free(
#if META_BACK_PRINT_CONNTREE > 0
extern void
meta_back_print_conntree(
- Avlnode *root,
+ metainfo_t *mi,
char *msg );
#endif
@@ -394,7 +532,8 @@ meta_back_init_one_conn(
metaconn_t *mc,
int candidate,
int ispriv,
- ldap_back_send_t sendok );
+ ldap_back_send_t sendok,
+ int dolock );
extern void
meta_back_quarantine(
@@ -449,6 +588,14 @@ meta_back_op_result(
time_t timeout,
ldap_back_send_t sendok );
+extern int
+meta_back_controls_add(
+ Operation *op,
+ SlapReply *rs,
+ metaconn_t *mc,
+ int candidate,
+ LDAPControl ***pctrls );
+
extern int
back_meta_LTX_init_module(
int argc,
@@ -490,12 +637,9 @@ meta_clear_unused_candidates(
extern int
meta_clear_one_candidate(
- metasingleconn_t *mc );
-
-extern int
-meta_clear_candidates(
Operation *op,
- metaconn_t *mc );
+ metaconn_t *mc,
+ int candidate );
/*
* Dn cache stuff (experimental)
@@ -531,6 +675,12 @@ meta_dncache_delete_entry(
extern void
meta_dncache_free( void *entry );
+extern void
+meta_back_map_free( struct ldapmap *lm );
+
+extern int
+meta_subtree_destroy( metasubtree_t *ms );
+
extern LDAP_REBIND_PROC meta_back_default_rebind;
extern LDAP_URLLIST_PROC meta_back_default_urllist;