X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=56a36e3ef98201bd122a08672498b209854fc203;hb=1a9bc6655ddf9a1d08ee4f5e6e4ef6a7707ca5f7;hp=6042e3e808f6f6da94a57990f0bcc3091a9da3ae;hpb=8c152396b9ff4fa0f2618435441550c1f12df461;p=openldap
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 6042e3e808..56a36e3ef9 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1,8 +1,27 @@
/* slap.h - stand alone ldap server include file */
/* $OpenLDAP$ */
-/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* This work is part of OpenLDAP Software .
+ *
+ * Copyright 1998-2004 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
*/
#ifndef _SLAP_H_
@@ -32,6 +51,7 @@
#include
#include
+#include "lber_pvt.h"
#include "ldap_pvt_thread.h"
#include "ldap_queue.h"
@@ -62,29 +82,34 @@ LDAP_BEGIN_DECL
#define SLAPD_ANONYMOUS "cn=anonymous"
/* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h!
- *
* This is a value used internally by the backends. It is needed to allow
* adding values that already exist without getting an error as required by
* modrdn when the new rdn was already an attribute value itself.
- * JCG 05/1999 (gomez@engr.sgi.com)
*/
#define SLAP_MOD_SOFTADD 0x1000
#define MAXREMATCHES (100)
-#define SLAP_MAX_WORKER_THREADS (32)
+#define SLAP_MAX_WORKER_THREADS (16)
+
+#define SLAP_MAX_SYNCREPL_THREADS (8)
#define SLAP_SB_MAX_INCOMING_DEFAULT ((1<<18) - 1)
#define SLAP_SB_MAX_INCOMING_AUTH ((1<<24) - 1)
+#define SLAP_CONN_MAX_PENDING_DEFAULT 100
+#define SLAP_CONN_MAX_PENDING_AUTH 1000
+
#define SLAP_TEXT_BUFLEN (256)
/* psuedo error code indicating abandoned operation */
-#define SLAPD_ABANDON (-1)
+#define SLAPD_ABANDON (-1024)
/* psuedo error code indicating disconnect */
-#define SLAPD_DISCONNECT (-2)
+#define SLAPD_DISCONNECT (-1025)
+/* unknown config file directive */
+#define SLAP_CONF_UNKNOWN (-1026)
/* We assume "C" locale, that is US-ASCII */
#define ASCII_SPACE(c) ( (c) == ' ' )
@@ -92,6 +117,10 @@ LDAP_BEGIN_DECL
#define ASCII_UPPER(c) ( (c) >= 'A' && (c) <= 'Z' )
#define ASCII_ALPHA(c) ( ASCII_LOWER(c) || ASCII_UPPER(c) )
#define ASCII_DIGIT(c) ( (c) >= '0' && (c) <= '9' )
+#define ASCII_HEXLOWER(c) ( (c) >= 'a' && (c) <= 'f' )
+#define ASCII_HEXUPPER(c) ( (c) >= 'A' && (c) <= 'F' )
+#define ASCII_HEX(c) ( ASCII_DIGIT(c) || \
+ ASCII_HEXLOWER(c) || ASCII_HEXUPPER(c) )
#define ASCII_ALNUM(c) ( ASCII_ALPHA(c) || ASCII_DIGIT(c) )
#define ASCII_PRINTABLE(c) ( (c) >= ' ' && (c) <= '~' )
@@ -132,6 +161,7 @@ LDAP_BEGIN_DECL
/* must match in schema_init.c */
#define SLAPD_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
#define SLAPD_NAMEUID_SYNTAX "1.3.6.1.4.1.1466.115.121.1.34"
+#define SLAPD_INTEGER_SYNTAX "1.3.6.1.4.1.1466.115.121.1.27"
#define SLAPD_GROUP_ATTR "member"
#define SLAPD_GROUP_CLASS "groupOfNames"
#define SLAPD_ROLE_ATTR "roleOccupant"
@@ -141,8 +171,6 @@ LDAP_BEGIN_DECL
#define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1"
#endif
-#define SLAPD_OCTETSTRING_SYNTAX "1.3.6.1.4.1.1466.115.121.1.40"
-
/* change this to "OpenLDAPset" */
#define SLAPD_ACI_SET_ATTR "template"
@@ -164,8 +192,13 @@ typedef struct slap_ssf_set {
slap_ssf_t sss_update_transport;
slap_ssf_t sss_update_tls;
slap_ssf_t sss_update_sasl;
+ slap_ssf_t sss_simple_bind;
} slap_ssf_set_t;
+/* Flags for telling slap_sasl_getdn() what type of identity is being passed */
+#define SLAP_GETDN_AUTHCID 2
+#define SLAP_GETDN_AUTHZID 4
+
/*
* Index types
*/
@@ -198,7 +231,7 @@ typedef struct slap_ssf_set {
#define SLAP_INDEX_FLAGS 0xF000UL
#define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */
-#define SLAP_INDEX_NOLANG 0x2000UL /* don't use index w/ lang */
+#define SLAP_INDEX_NOTAGS 0x2000UL /* don't use index w/ tags */
/*
* there is a single index for each attribute. these prefixes ensure
@@ -211,36 +244,46 @@ typedef struct slap_ssf_set {
#define SLAP_INDEX_SUBSTR_FINAL_PREFIX '$'
#define SLAP_INDEX_CONT_PREFIX '.' /* prefix for continuation keys */
-#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
-#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
-#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
+#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
+#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
+#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
+#define SLAP_SYNTAX_MATCHINGRULEUSES_OID "1.3.6.1.4.1.1466.115.121.1.31"
+#define SLAP_SYNTAX_CONTENTRULE_OID "1.3.6.1.4.1.1466.115.121.1.16"
/*
* represents schema information for a database
*/
-#define SLAP_SCHERR_OUTOFMEM 1
-#define SLAP_SCHERR_CLASS_NOT_FOUND 2
-#define SLAP_SCHERR_CLASS_BAD_USAGE 3
-#define SLAP_SCHERR_ATTR_NOT_FOUND 4
-#define SLAP_SCHERR_ATTR_BAD_USAGE 5
-#define SLAP_SCHERR_DUP_CLASS 6
-#define SLAP_SCHERR_DUP_ATTR 7
-#define SLAP_SCHERR_DUP_SYNTAX 8
-#define SLAP_SCHERR_DUP_RULE 9
-#define SLAP_SCHERR_NO_NAME 10
-#define SLAP_SCHERR_ATTR_INCOMPLETE 11
-#define SLAP_SCHERR_MR_NOT_FOUND 12
-#define SLAP_SCHERR_SYN_NOT_FOUND 13
-#define SLAP_SCHERR_MR_INCOMPLETE 14
-#define SLAP_SCHERR_NOT_SUPPORTED 15
-#define SLAP_SCHERR_BAD_DESCR 16
-#define SLAP_SCHERR_OIDM 17
-#define SLAP_SCHERR_LAST SLAP_SCHERR_OIDM
+#define SLAP_SCHERR_OUTOFMEM 1
+#define SLAP_SCHERR_CLASS_NOT_FOUND 2
+#define SLAP_SCHERR_CLASS_BAD_USAGE 3
+#define SLAP_SCHERR_CLASS_BAD_SUP 4
+#define SLAP_SCHERR_CLASS_DUP 5
+#define SLAP_SCHERR_ATTR_NOT_FOUND 6
+#define SLAP_SCHERR_ATTR_BAD_MR 7
+#define SLAP_SCHERR_ATTR_BAD_USAGE 8
+#define SLAP_SCHERR_ATTR_BAD_SUP 9
+#define SLAP_SCHERR_ATTR_INCOMPLETE 10
+#define SLAP_SCHERR_ATTR_DUP 11
+#define SLAP_SCHERR_MR_NOT_FOUND 12
+#define SLAP_SCHERR_MR_INCOMPLETE 13
+#define SLAP_SCHERR_MR_DUP 14
+#define SLAP_SCHERR_SYN_NOT_FOUND 15
+#define SLAP_SCHERR_SYN_DUP 16
+#define SLAP_SCHERR_NO_NAME 17
+#define SLAP_SCHERR_NOT_SUPPORTED 18
+#define SLAP_SCHERR_BAD_DESCR 19
+#define SLAP_SCHERR_OIDM 20
+#define SLAP_SCHERR_CR_DUP 21
+#define SLAP_SCHERR_CR_BAD_STRUCT 22
+#define SLAP_SCHERR_CR_BAD_AUX 23
+#define SLAP_SCHERR_CR_BAD_AT 24
+#define SLAP_SCHERR_LAST SLAP_SCHERR_CR_BAD_AT
typedef union slap_sockaddr {
struct sockaddr sa_addr;
struct sockaddr_in sa_in_addr;
#ifdef LDAP_PF_INET6
+ struct sockaddr_storage sa_storage;
struct sockaddr_in6 sa_in6_addr;
#endif
#ifdef LDAP_PF_LOCAL
@@ -248,10 +291,14 @@ typedef union slap_sockaddr {
#endif
} Sockaddr;
+#ifdef LDAP_PF_INET6
+extern int slap_inet4or6;
+#endif
+
typedef struct slap_oid_macro {
struct berval som_oid;
char **som_names;
- struct slap_oid_macro *som_next;
+ LDAP_SLIST_ENTRY(slap_oid_macro) som_next;
} OidMacro;
/* forward declarations */
@@ -265,14 +312,24 @@ typedef int slap_syntax_validate_func LDAP_P((
typedef int slap_syntax_transform_func LDAP_P((
struct slap_syntax *syntax,
struct berval * in,
- struct berval * out));
+ struct berval * out,
+ void *memctx));
typedef struct slap_syntax {
LDAPSyntax ssyn_syn;
#define ssyn_oid ssyn_syn.syn_oid
#define ssyn_desc ssyn_syn.syn_desc
-#define ssyn_extensions ssyn_syn.syn_extensions
+#define ssyn_extensions ssyn_syn.syn_extensions
+ /*
+ * Note: the former
ber_len_t ssyn_oidlen;
+ * has been replaced by a struct berval that uses the value
+ * provided by ssyn_syn.syn_oid; a macro that expands to
+ * the bv_len field of the berval is provided for backward
+ * compatibility. CAUTION: NEVER FREE THE BERVAL
+ */
+ struct berval ssyn_bvoid;
+#define ssyn_oidlen ssyn_bvoid.bv_len
unsigned int ssyn_flags;
@@ -280,10 +337,13 @@ typedef struct slap_syntax {
#define SLAP_SYNTAX_BLOB 0x0001U /* syntax treated as blob (audio) */
#define SLAP_SYNTAX_BINARY 0x0002U /* binary transfer required (certificate) */
#define SLAP_SYNTAX_BER 0x0004U /* stored in BER encoding (certificate) */
+#ifdef LDAP_DEVEL
+#define SLAP_SYNTAX_HIDE 0x0000U /* publish everything */
+#else
#define SLAP_SYNTAX_HIDE 0x8000U /* hide (do not publish) */
+#endif
slap_syntax_validate_func *ssyn_validate;
- slap_syntax_transform_func *ssyn_normalize;
slap_syntax_transform_func *ssyn_pretty;
#ifdef SLAPD_BINARY_CONVERSION
@@ -292,7 +352,7 @@ typedef struct slap_syntax {
slap_syntax_transform_func *ssyn_str2ber;
#endif
- struct slap_syntax *ssyn_next;
+ LDAP_SLIST_ENTRY(slap_syntax) ssyn_next;
} Syntax;
#define slap_syntax_is_flag(s,flag) ((int)((s)->ssyn_flags & (flag)) ? 1 : 0)
@@ -301,10 +361,22 @@ typedef struct slap_syntax {
#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
+typedef struct slap_syntax_defs_rec {
+ char *sd_desc;
+ int sd_flags;
+ slap_syntax_validate_func *sd_validate;
+ slap_syntax_transform_func *sd_pretty;
+#ifdef SLAPD_BINARY_CONVERSION
+ slap_syntax_transform_func *sd_ber2str;
+ slap_syntax_transform_func *sd_str2ber;
+#endif
+} slap_syntax_defs_rec;
+
/* X -> Y Converter */
typedef int slap_mr_convert_func LDAP_P((
struct berval * in,
- struct berval * out ));
+ struct berval * out,
+ void *memctx ));
/* Normalizer */
typedef int slap_mr_normalize_func LDAP_P((
@@ -312,7 +384,8 @@ typedef int slap_mr_normalize_func LDAP_P((
struct slap_syntax *syntax, /* NULL if in is asserted value */
struct slap_matching_rule *mr,
struct berval * in,
- struct berval * out ));
+ struct berval * out,
+ void *memctx ));
/* Match (compare) function */
typedef int slap_mr_match_func LDAP_P((
@@ -331,7 +404,8 @@ typedef int slap_mr_indexer_func LDAP_P((
struct slap_matching_rule *mr,
struct berval *prefix,
BerVarray values,
- BerVarray *keys ));
+ BerVarray *keys,
+ void *memctx ));
/* Filter index function */
typedef int slap_mr_filter_func LDAP_P((
@@ -341,14 +415,34 @@ typedef int slap_mr_filter_func LDAP_P((
struct slap_matching_rule *mr,
struct berval *prefix,
void * assertValue,
- BerVarray *keys ));
+ BerVarray *keys,
+ void *memctx ));
+
+typedef struct slap_matching_rule_use MatchingRuleUse;
typedef struct slap_matching_rule {
LDAPMatchingRule smr_mrule;
- ber_len_t smr_oidlen;
+ MatchingRuleUse *smr_mru;
+ /* RFC2252 string representation */
+ struct berval smr_str;
+ /*
+ * Note: the former
+ * ber_len_t smr_oidlen;
+ * has been replaced by a struct berval that uses the value
+ * provided by smr_mrule.mr_oid; a macro that expands to
+ * the bv_len field of the berval is provided for backward
+ * compatibility. CAUTION: NEVER FREE THE BERVAL
+ */
+ struct berval smr_bvoid;
+#define smr_oidlen smr_bvoid.bv_len
+
slap_mask_t smr_usage;
+#ifdef LDAP_DEVEL
+#define SLAP_MR_HIDE 0x0000U
+#else
#define SLAP_MR_HIDE 0x8000U
+#endif
#define SLAP_MR_TYPE_MASK 0x0F00U
#define SLAP_MR_SUBTYPE_MASK 0x00F0U
@@ -358,37 +452,63 @@ typedef struct slap_matching_rule {
#define SLAP_MR_EQUALITY 0x0100U
#define SLAP_MR_ORDERING 0x0200U
#define SLAP_MR_SUBSTR 0x0400U
-#define SLAP_MR_EXT 0x0800U
+#define SLAP_MR_EXT 0x0800U /* implicitly extensible */
#define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U )
-#define SLAP_MR_DN_FOLD 0x0008U
#define SLAP_MR_SUBSTR_INITIAL ( SLAP_MR_SUBSTR | 0x0010U )
#define SLAP_MR_SUBSTR_ANY ( SLAP_MR_SUBSTR | 0x0020U )
#define SLAP_MR_SUBSTR_FINAL ( SLAP_MR_SUBSTR | 0x0040U )
+
/*
- * normally the provided value is expected to conform to
- * assertion syntax specified in the matching rule, however
- * at times (such as during individual value modification),
- * the provided value is expected to conform to the
- * attribute's value syntax.
+ * The asserted value, depending on the particular usage,
+ * is expected to conform to either the assertion syntax
+ * or the attribute syntax. In some cases, the syntax of
+ * the value is known. If so, these flags indicate which
+ * syntax the value is expected to conform to. If not,
+ * neither of these flags is set (until the syntax of the
+ * provided value is determined). If the value is of the
+ * attribute syntax, the flag is changed once a value of
+ * the assertion syntax is derived from the provided value.
+ */
+#define SLAP_MR_VALUE_OF_ASSERTION_SYNTAX 0x0001U
+#define SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX 0x0002U
+#define SLAP_MR_VALUE_OF_SYNTAX 0x0003U
+
+#define SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX( usage ) \
+ ((usage) & SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX )
+#define SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX( usage ) \
+ ((usage) & SLAP_MR_VALUE_OF_ASSERTION_SYNTAX )
+#ifdef LDAP_DEBUG
+#define SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) \
+ ((usage) & SLAP_MR_VALUE_OF_SYNTAX)
+#else
+#define SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) (1)
+#endif
+
+/* either or both the asserted value or attribute value
+ * may be provided in normalized form
*/
-#define SLAP_MR_ASSERTION_SYNTAX_MATCH 0x0000U
-#define SLAP_MR_VALUE_SYNTAX_MATCH 0x0001U
-#define SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH 0x0003U
+#define SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH 0x0004U
+#define SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH 0x0008U
#define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \
- (!((usage) & SLAP_MR_VALUE_SYNTAX_MATCH))
-#define SLAP_IS_MR_VALUE_SYNTAX_MATCH( usage ) \
- ((usage) & SLAP_MR_VALUE_SYNTAX_MATCH)
-
-#define SLAP_IS_MR_VALUE_SYNTAX_CONVERTED_MATCH( usage ) \
- (((usage) & SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH) \
- == SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH)
-#define SLAP_IS_MR_VALUE_SYNTAX_NONCONVERTED_MATCH( usage ) \
- (((usage) & SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH) \
- == SLAP_MR_VALUE_SYNTAX_MATCH)
+ (!((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_MATCH))
+#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_MATCH( usage ) \
+ ((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_MATCH)
+
+#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH( usage ) \
+ (((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH) \
+ == SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH)
+#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_NONCONVERTED_MATCH( usage ) \
+ (((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH) \
+ == SLAP_MR_ATTRIBUTE_SYNTAX_MATCH)
+
+#define SLAP_IS_MR_ASSERTED_VALUE_NORMALIZED_MATCH( usage ) \
+ ((usage) & SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH )
+#define SLAP_IS_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH( usage ) \
+ ((usage) & SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH )
Syntax *smr_syntax;
slap_mr_convert_func *smr_convert;
@@ -397,8 +517,23 @@ typedef struct slap_matching_rule {
slap_mr_indexer_func *smr_indexer;
slap_mr_filter_func *smr_filter;
+ /*
+ * null terminated array of syntaxes compatible with this syntax
+ * note: when MS_EXT is set, this MUST NOT contain the assertion
+ * syntax of the rule. When MS_EXT is not set, it MAY.
+ */
+ Syntax **smr_compat_syntaxes;
+
+ /*
+ * For equality rules, refers to an associated approximate rule.
+ * For non-equality rules, refers to an associated equality rule.
+ */
struct slap_matching_rule *smr_associated;
- struct slap_matching_rule *smr_next;
+
+#define SLAP_MR_ASSOCIATED(mr,amr) (((mr) == (amr)) || \
+ ((mr)->smr_associated == (amr)))
+
+ LDAP_SLIST_ENTRY(slap_matching_rule)smr_next;
#define smr_oid smr_mrule.mr_oid
#define smr_names smr_mrule.mr_names
@@ -408,6 +543,38 @@ typedef struct slap_matching_rule {
#define smr_extensions smr_mrule.mr_extensions
} MatchingRule;
+struct slap_matching_rule_use {
+ LDAPMatchingRuleUse smru_mruleuse;
+ MatchingRule *smru_mr;
+ /* RFC2252 string representation */
+ struct berval smru_str;
+
+ LDAP_SLIST_ENTRY(slap_matching_rule_use) smru_next;
+
+#define smru_oid smru_mruleuse.mru_oid
+#define smru_names smru_mruleuse.mru_names
+#define smru_desc smru_mruleuse.mru_desc
+#define smru_obsolete smru_mruleuse.mru_obsolete
+#define smru_applies_oids smru_mruleuse.mru_applies_oids
+
+#define smru_usage smru_mr->smr_usage
+} /* MatchingRuleUse */ ;
+
+typedef struct slap_mrule_defs_rec {
+ char * mrd_desc;
+ slap_mask_t mrd_usage;
+ char ** mrd_compat_syntaxes;
+ slap_mr_convert_func * mrd_convert;
+ slap_mr_normalize_func * mrd_normalize;
+ slap_mr_match_func * mrd_match;
+ slap_mr_indexer_func * mrd_indexer;
+ slap_mr_filter_func * mrd_filter;
+
+ /* For equality rule, this may refer to an associated approximate rule */
+ /* For non-equality rule, this may refer to an associated equality rule */
+ char * mrd_associated;
+} slap_mrule_defs_rec;
+
struct slap_backend_db;
struct slap_entry;
struct slap_attr;
@@ -431,9 +598,18 @@ typedef struct slap_attribute_type {
Syntax *sat_syntax;
AttributeTypeSchemaCheckFN *sat_check;
+
+#define SLAP_AT_NONE 0x0000U
+#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */
+#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */
+#ifdef LDAP_DEVEL
+#define SLAP_AT_HIDE 0x0000U /* publish everything */
+#else
+#define SLAP_AT_HIDE 0x8000U /* hide attribute */
+#endif
slap_mask_t sat_flags;
- struct slap_attribute_type *sat_next;
+ LDAP_SLIST_ENTRY(slap_attribute_type) sat_next;
#define sat_oid sat_atype.at_oid
#define sat_names sat_atype.at_names
@@ -470,7 +646,8 @@ typedef int (ObjectClassSchemaCheckFN)(
char *textbuf, size_t textlen );
typedef struct slap_object_class {
- LDAPObjectClass soc_oclass;
+ LDAPObjectClass soc_oclass;
+ struct berval soc_cname;
struct slap_object_class **soc_sups;
AttributeType **soc_required;
AttributeType **soc_allowed;
@@ -486,18 +663,26 @@ typedef struct slap_object_class {
#define soc_at_oids_may soc_oclass.oc_at_oids_may
#define soc_extensions soc_oclass.oc_extensions
- struct slap_object_class *soc_next;
+ LDAP_SLIST_ENTRY(slap_object_class) soc_next;
} ObjectClass;
-#define SLAP_OC_ALIAS 0x01
-#define SLAP_OC_REFERRAL 0x02
-#define SLAP_OC_SUBENTRY 0x04
-#define SLAP_OC_DYNAMICOBJECT 0x08
-#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x10
-#define SLAP_OC__MASK 0x1F
-#define SLAP_OC__END 0x20
+#define SLAP_OC_ALIAS 0x0001
+#define SLAP_OC_REFERRAL 0x0002
+#define SLAP_OC_SUBENTRY 0x0004
+#define SLAP_OC_DYNAMICOBJECT 0x0008
+#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x0010
+#define SLAP_OC_GLUE 0x0020
+#define SLAP_OC_SYNCPROVIDERSUBENTRY 0x0040
+#define SLAP_OC_SYNCCONSUMERSUBENTRY 0x0080
+#define SLAP_OC__MASK 0x00FF
+#define SLAP_OC__END 0x0100
+#define SLAP_OC_OPERATIONAL 0x4000
+#ifdef LDAP_DEVEL
+#define SLAP_OC_HIDE 0x0000
+#else
+#define SLAP_OC_HIDE 0x8000
+#endif
-#ifdef LDAP_EXTENDED_SCHEMA
/*
* DIT content rule
*/
@@ -508,40 +693,40 @@ typedef struct slap_content_rule {
AttributeType **scr_required; /* optional */
AttributeType **scr_allowed; /* optional */
AttributeType **scr_precluded; /* optional */
-#define scr_oid scr_crule.cr_oid
-#define scr_names scr_crule.cr_names
-#define scr_desc scr_crule.cr_desc
-#define scr_obsolete soc_oclass.cr_obsolete
-#define scr_cr_oids_aux soc_oclass.cr_oc_oids_aux
-#define scr_cr_oids_must soc_oclass.cr_at_oids_must
-#define scr_cr_oids_may soc_oclass.cr_at_oids_may
-#define scr_cr_oids_not soc_oclass.cr_at_oids_not
+#define scr_oid scr_crule.cr_oid
+#define scr_names scr_crule.cr_names
+#define scr_desc scr_crule.cr_desc
+#define scr_obsolete scr_crule.cr_obsolete
+#define scr_oc_oids_aux scr_crule.cr_oc_oids_aux
+#define scr_at_oids_must scr_crule.cr_at_oids_must
+#define scr_at_oids_may scr_crule.cr_at_oids_may
+#define scr_at_oids_not scr_crule.cr_at_oids_not
+
+ LDAP_SLIST_ENTRY( slap_content_rule ) scr_next;
} ContentRule;
-#endif
-/*
- * represents a recognized attribute description ( type + options )
- */
+/* Represents a recognized attribute description ( type + options ). */
typedef struct slap_attr_desc {
struct slap_attr_desc *ad_next;
AttributeType *ad_type; /* attribute type, must be specified */
struct berval ad_cname; /* canonical name, must be specified */
- struct berval ad_lang; /* empty if no language tags */
+ struct berval ad_tags; /* empty if no tagging options */
unsigned ad_flags;
#define SLAP_DESC_NONE 0x00U
#define SLAP_DESC_BINARY 0x01U
-#define SLAP_DESC_LANG_RANGE 0x80U
+#define SLAP_DESC_TAG_RANGE 0x80U
} AttributeDescription;
typedef struct slap_attr_name {
struct berval an_name;
AttributeDescription *an_desc;
+ int an_oc_exclude;
ObjectClass *an_oc;
} AttributeName;
-#define slap_ad_is_lang(ad) ( (ad)->ad_lang.bv_len != 0 )
-#define slap_ad_is_lang_range(ad) \
- ( ((ad)->ad_flags & SLAP_DESC_LANG_RANGE) ? 1 : 0 )
+#define slap_ad_is_tagged(ad) ( (ad)->ad_tags.bv_len != 0 )
+#define slap_ad_is_tag_range(ad) \
+ ( ((ad)->ad_flags & SLAP_DESC_TAG_RANGE) ? 1 : 0 )
#define slap_ad_is_binary(ad) \
( ((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
@@ -557,10 +742,13 @@ struct slap_internal_schema {
ObjectClass *si_oc_rootdse;
ObjectClass *si_oc_subentry;
ObjectClass *si_oc_subschema;
- ObjectClass *si_oc_monitor;
ObjectClass *si_oc_collectiveAttributeSubentry;
ObjectClass *si_oc_dynamicObject;
+ ObjectClass *si_oc_glue;
+ ObjectClass *si_oc_syncConsumerSubentry;
+ ObjectClass *si_oc_syncProviderSubentry;
+
/* objectClass attribute descriptions */
AttributeDescription *si_ad_objectClass;
@@ -576,6 +764,13 @@ struct slap_internal_schema {
AttributeDescription *si_ad_collectiveExclusions;
AttributeDescription *si_ad_entryUUID;
AttributeDescription *si_ad_entryCSN;
+ AttributeDescription *si_ad_namingCSN;
+ AttributeDescription *si_ad_superiorUUID;
+
+ AttributeDescription *si_ad_dseType;
+ AttributeDescription *si_ad_syncreplCookie;
+ AttributeDescription *si_ad_syncTimestamp;
+ AttributeDescription *si_ad_contextCSN;
/* root DSE attribute descriptions */
AttributeDescription *si_ad_altServer;
@@ -585,6 +780,7 @@ struct slap_internal_schema {
AttributeDescription *si_ad_supportedLDAPVersion;
AttributeDescription *si_ad_supportedSASLMechanisms;
AttributeDescription *si_ad_supportedFeatures;
+ AttributeDescription *si_ad_monitorContext;
AttributeDescription *si_ad_vendorName;
AttributeDescription *si_ad_vendorVersion;
@@ -609,6 +805,8 @@ struct slap_internal_schema {
/* Access Control Internals */
AttributeDescription *si_ad_entry;
AttributeDescription *si_ad_children;
+ AttributeDescription *si_ad_saslAuthzTo;
+ AttributeDescription *si_ad_saslAuthzFrom;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *si_ad_aci;
#endif
@@ -622,24 +820,31 @@ struct slap_internal_schema {
AttributeDescription *si_ad_name;
AttributeDescription *si_ad_cn;
AttributeDescription *si_ad_userPassword;
+ AttributeDescription *si_ad_labeledURI;
#ifdef SLAPD_AUTHPASSWD
AttributeDescription *si_ad_authPassword;
#endif
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
AttributeDescription *si_ad_krbName;
#endif
-
+
/* Undefined Attribute Type */
AttributeType *si_at_undefined;
/* Matching Rules */
MatchingRule *si_mr_distinguishedNameMatch;
+ MatchingRule *si_mr_caseExactMatch;
+ MatchingRule *si_mr_caseExactSubstringsMatch;
+ MatchingRule *si_mr_caseExactIA5Match;
MatchingRule *si_mr_integerMatch;
+ MatchingRule *si_mr_integerFirstComponentMatch;
+ MatchingRule *si_mr_objectIdentifierFirstComponentMatch;
/* Syntaxes */
- Syntax *si_syn_octetString;
+ Syntax *si_syn_directoryString;
Syntax *si_syn_distinguishedName;
Syntax *si_syn_integer;
+ Syntax *si_syn_octetString;
};
typedef struct slap_attr_assertion {
@@ -667,9 +872,10 @@ typedef struct slap_mr_assertion {
*/
typedef struct slap_filter {
ber_tag_t f_choice; /* values taken from ldap.h, plus: */
-#define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1)
-#define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2)
-#define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3)
+#define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1)
+#define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2)
+#define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3)
+#define SLAPD_FILTER_DN_CHILDREN ((ber_tag_t) -4)
union f_un_u {
/* precomputed result */
@@ -724,29 +930,50 @@ typedef struct slap_filter {
#define SLAPD_COMPARE_UNDEFINED ((ber_int_t) -1)
typedef struct slap_valuesreturnfilter {
- ber_tag_t f_choice;
+ ber_tag_t vrf_choice;
union vrf_un_u {
/* precomputed result */
- ber_int_t f_un_result;
+ ber_int_t vrf_un_result;
/* DN */
- char *f_un_dn;
+ char *vrf_un_dn;
/* present */
- AttributeDescription *f_un_desc;
+ AttributeDescription *vrf_un_desc;
/* simple value assertion */
- AttributeAssertion *f_un_ava;
+ AttributeAssertion *vrf_un_ava;
/* substring assertion */
- SubstringsAssertion *f_un_ssa;
+ SubstringsAssertion *vrf_un_ssa;
/* matching rule assertion */
- MatchingRuleAssertion *f_un_mra;
- } f_un;
-
- struct slap_valuesreturnfilter *f_next;
+ MatchingRuleAssertion *vrf_un_mra;
+
+#define vrf_result vrf_un.vrf_un_result
+#define vrf_dn vrf_un.vrf_un_dn
+#define vrf_desc vrf_un.vrf_un_desc
+#define vrf_ava vrf_un.vrf_un_ava
+#define vrf_av_desc vrf_un.vrf_un_ava->aa_desc
+#define vrf_av_value vrf_un.vrf_un_ava->aa_value
+#define vrf_ssa vrf_un.vrf_un_ssa
+#define vrf_sub vrf_un.vrf_un_ssa
+#define vrf_sub_desc vrf_un.vrf_un_ssa->sa_desc
+#define vrf_sub_initial vrf_un.vrf_un_ssa->sa_initial
+#define vrf_sub_any vrf_un.vrf_un_ssa->sa_any
+#define vrf_sub_final vrf_un.vrf_un_ssa->sa_final
+#define vrf_mra vrf_un.vrf_un_mra
+#define vrf_mr_rule vrf_un.vrf_un_mra->ma_rule
+#define vrf_mr_rule_text vrf_un.vrf_un_mra->ma_rule_text
+#define vrf_mr_desc vrf_un.vrf_un_mra->ma_desc
+#define vrf_mr_value vrf_un.vrf_un_mra->ma_value
+#define vrf_mr_dnattrs vrf_un.vrf_un_mra->ma_dnattrs
+
+
+ } vrf_un;
+
+ struct slap_valuesreturnfilter *vrf_next;
} ValuesReturnFilter;
/*
@@ -754,8 +981,9 @@ typedef struct slap_valuesreturnfilter {
*/
typedef struct slap_attr {
AttributeDescription *a_desc;
- BerVarray a_vals;
- struct slap_attr *a_next;
+ BerVarray a_vals; /* preserved values */
+ BerVarray a_nvals; /* normalized values */
+ struct slap_attr *a_next;
unsigned a_flags;
#define SLAP_ATTR_IXADD 0x1U
#define SLAP_ATTR_IXDEL 0x2U
@@ -803,7 +1031,9 @@ typedef struct slap_mod {
int sm_op;
AttributeDescription *sm_desc;
struct berval sm_type;
- BerVarray sm_bvalues;
+ BerVarray sm_values;
+#define sm_bvalues sm_values
+ BerVarray sm_nvalues;
} Modification;
typedef struct slap_mod_list {
@@ -811,7 +1041,9 @@ typedef struct slap_mod_list {
#define sml_op sml_mod.sm_op
#define sml_desc sml_mod.sm_desc
#define sml_type sml_mod.sm_type
-#define sml_bvalues sml_mod.sm_bvalues
+#define sml_bvalues sml_mod.sm_values
+#define sml_values sml_mod.sm_values
+#define sml_nvalues sml_mod.sm_nvalues
struct slap_mod_list *sml_next;
} Modifications;
@@ -821,7 +1053,7 @@ typedef struct slap_ldap_modlist {
#define ml_op ml_mod.mod_op
#define ml_type ml_mod.mod_type
#define ml_values ml_mod.mod_values
-#define ml_bvalues ml_mod.mod_bvalues
+#define ml_bvalues ml_mod.mod_values
} LDAPModList;
/*
@@ -850,14 +1082,11 @@ typedef enum slap_style_e {
ACL_STYLE_ONE,
ACL_STYLE_SUBTREE,
ACL_STYLE_CHILDREN,
- ACL_STYLE_ATTROF,
-
- /* alternate names */
- ACL_STYLE_EXACT = ACL_STYLE_BASE
+ ACL_STYLE_ATTROF
} slap_style_t;
typedef struct slap_authz_info {
- ber_tag_t sai_method; /* LDAP_AUTH_* from */
+ ber_tag_t sai_method; /* LDAP_AUTH_* from */
struct berval sai_mech; /* SASL Mechanism */
struct berval sai_dn; /* DN for reporting purposes */
struct berval sai_ndn; /* Normalized DN */
@@ -975,6 +1204,9 @@ typedef struct slap_acl {
regex_t acl_dn_re;
struct berval acl_dn_pat;
AttributeName *acl_attrs;
+ slap_style_t acl_attrval_style;
+ regex_t acl_attrval_re;
+ struct berval acl_attrval;
/* "by" part: list of who has what access to the entries */
Access *acl_access;
@@ -991,6 +1223,7 @@ typedef struct slap_acl_state {
/* Access state */
AccessControl *as_vd_acl;
+ AccessControl *as_vi_acl;
slap_mask_t as_vd_acl_mask;
regmatch_t as_vd_acl_matches[MAXREMATCHES];
int as_vd_acl_count;
@@ -999,17 +1232,10 @@ typedef struct slap_acl_state {
int as_vd_access_count;
int as_result;
+ AttributeDescription *as_vd_ad;
} AccessControlState;
-#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, 0UL, { { 0, 0 } }, 0, NULL, 0, 0 }
-
-/*
- * replog moddn param structure
- */
-struct slap_replog_moddn {
- struct berval *newrdn;
- int deloldrdn;
- struct berval *newsup;
-};
+#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, \
+ { { 0, 0 } }, 0, NULL, 0, 0, NULL }
/*
* Backend-info
@@ -1031,6 +1257,8 @@ LDAP_SLAPD_V (int) slapMode;
#define SLAP_MODE 0x0003
#define SLAP_TRUNCATE_MODE 0x0100
+#define SLAP_TOOL_READMAIN 0x0200
+#define SLAP_TOOL_READONLY 0x0400
struct slap_replica_info {
char *ri_host; /* supersedes be_replica */
@@ -1048,20 +1276,22 @@ struct slap_limits_set {
int lms_s_soft;
int lms_s_hard;
int lms_s_unchecked;
+ int lms_s_pr;
+ int lms_s_pr_hide;
};
struct slap_limits {
int lm_type; /* type of pattern */
#define SLAP_LIMITS_UNDEFINED 0x0000
-#define SLAP_LIMITS_EXACT 0x0001
-#define SLAP_LIMITS_BASE SLAP_LIMITS_EXACT
-#define SLAP_LIMITS_ONE 0x0002
-#define SLAP_LIMITS_SUBTREE 0x0003
+#define SLAP_LIMITS_EXACT 0x0001
+#define SLAP_LIMITS_BASE SLAP_LIMITS_EXACT
+#define SLAP_LIMITS_ONE 0x0002
+#define SLAP_LIMITS_SUBTREE 0x0003
#define SLAP_LIMITS_CHILDREN 0x0004
-#define SLAP_LIMITS_REGEX 0x0005
+#define SLAP_LIMITS_REGEX 0x0005
#define SLAP_LIMITS_ANONYMOUS 0x0006
-#define SLAP_LIMITS_USERS 0x0007
-#define SLAP_LIMITS_ANY 0x0008
+#define SLAP_LIMITS_USERS 0x0007
+#define SLAP_LIMITS_ANY 0x0008
regex_t lm_dn_regex; /* regex data for REGEX */
/*
@@ -1078,6 +1308,68 @@ typedef BackendDB Backend;
#define nbackends nBackendDB
#define backends backendDB
+/*
+ * syncinfo structure for syncrepl
+ */
+
+#define SLAP_SYNC_SID_SIZE 3
+#define SLAP_SYNC_RID_SIZE 3
+#define SLAP_SYNCUUID_SET_SIZE 256
+
+struct nonpresent_entry {
+ struct berval *npe_name;
+ struct berval *npe_nname;
+ LDAP_LIST_ENTRY(nonpresent_entry) npe_link;
+};
+
+struct sync_cookie {
+ struct berval *ctxcsn;
+ long sid;
+ struct berval *octet_str;
+ long rid;
+ LDAP_STAILQ_ENTRY(sync_cookie) sc_next;
+};
+
+LDAP_STAILQ_HEAD( slap_sync_cookie_s, sync_cookie );
+
+typedef struct syncinfo_s {
+ struct slap_backend_db *si_be;
+ long si_rid;
+ char *si_provideruri;
+ BerVarray si_provideruri_bv;
+#define SYNCINFO_TLS_OFF 0
+#define SYNCINFO_TLS_ON 1
+#define SYNCINFO_TLS_CRITICAL 2
+ int si_tls;
+ struct berval si_updatedn;
+ int si_bindmethod;
+ char *si_binddn;
+ char *si_passwd;
+ char *si_saslmech;
+ char *si_secprops;
+ char *si_realm;
+ char *si_authcId;
+ char *si_authzId;
+ int si_schemachecking;
+ Filter *si_filter;
+ struct berval si_filterstr;
+ struct berval si_base;
+ int si_scope;
+ int si_attrsonly;
+ char **si_attrs;
+ int si_type;
+ time_t si_interval;
+ struct sync_cookie si_syncCookie;
+ int si_manageDSAit;
+ int si_slimit;
+ int si_tlimit;
+ struct berval si_syncUUID_ndn;
+ Avlnode *si_presentlist;
+ LDAP *si_ld;
+ LDAP_LIST_HEAD(np, nonpresent_entry) si_nonpresentlist;
+ LDAP_STAILQ_ENTRY( syncinfo_s ) si_next;
+} syncinfo_t;
+
struct slap_backend_db {
BackendInfo *bd_info; /* pointer to shared backend info */
@@ -1093,15 +1385,25 @@ struct slap_backend_db {
#define be_modify bd_info->bi_op_modify
#define be_modrdn bd_info->bi_op_modrdn
#define be_search bd_info->bi_op_search
+#define be_abandon bd_info->bi_op_abandon
+#define be_cancel bd_info->bi_op_cancel
#define be_extended bd_info->bi_extended
+#define be_fetch bd_info->bi_entry_get_rw
#define be_release bd_info->bi_entry_release_rw
#define be_chk_referrals bd_info->bi_chk_referrals
#define be_group bd_info->bi_acl_group
#define be_attribute bd_info->bi_acl_attribute
#define be_operational bd_info->bi_operational
+/*
+ * define to honor hasSubordinates operational attribute in search filters
+ * (in previous use there was a flaw with back-bdb and back-ldbm; now it
+ * is fixed).
+ */
+#define be_has_subordinates bd_info->bi_has_subordinates
+
#define be_controls bd_info->bi_controls
#define be_connection_init bd_info->bi_connection_init
@@ -1116,25 +1418,39 @@ struct slap_backend_db {
#define be_entry_get bd_info->bi_tool_entry_get
#define be_entry_put bd_info->bi_tool_entry_put
#define be_sync bd_info->bi_tool_sync
+#define be_dn2id_get bd_info->bi_tool_dn2id_get
+#define be_id2entry_get bd_info->bi_tool_id2entry_get
+#define be_entry_modify bd_info->bi_tool_entry_modify
#endif
#define SLAP_BFLAG_NOLASTMOD 0x0001U
+#define SLAP_BFLAG_NO_SCHEMA_CHECK 0x0002U
#define SLAP_BFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */
#define SLAP_BFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */
#define SLAP_BFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */
-#define SLAP_BFLAG_ALIASES 0x0100U
-#define SLAP_BFLAG_REFERRALS 0x0200U
-#define SLAP_BFLAG_SUBENTRIES 0x0400U
-#define SLAP_BFLAG_MONITOR 0x1000U
-#define SLAP_BFLAG_DYNAMIC 0x2000U
+#define SLAP_BFLAG_MONITOR 0x0080U /* a monitor backend */
+#define SLAP_BFLAG_INCREMENT 0x0100U
+#define SLAP_BFLAG_ALIASES 0x1000U
+#define SLAP_BFLAG_REFERRALS 0x2000U
+#define SLAP_BFLAG_SUBENTRIES 0x4000U
+#define SLAP_BFLAG_DYNAMIC 0x8000U
slap_mask_t be_flags;
#define SLAP_LASTMOD(be) (!((be)->be_flags & SLAP_BFLAG_NOLASTMOD))
+#define SLAP_NO_SCHEMA_CHECK(be) (((be)->be_flags & SLAP_BFLAG_NO_SCHEMA_CHECK))
+#define SLAP_GLUE_INSTANCE(be) ((be)->be_flags & SLAP_BFLAG_GLUE_INSTANCE)
+#define SLAP_GLUE_SUBORDINATE(be) \
+ ((be)->be_flags & SLAP_BFLAG_GLUE_SUBORDINATE)
+#define SLAP_GLUE_LINKED(be) ((be)->be_flags & SLAP_BFLAG_GLUE_LINKED)
+
+#define SLAP_MONITOR(be) ((be)->be_flags & SLAP_BFLAG_MONITOR)
+#define SLAP_INCREMENT(be) ((be)->be_flags & SLAP_BFLAG_INCREMENT)
+
#define SLAP_ALIASES(be) ((be)->be_flags & SLAP_BFLAG_ALIASES)
#define SLAP_REFERRALS(be) ((be)->be_flags & SLAP_BFLAG_REFERRALS)
#define SLAP_SUBENTRIES(be) ((be)->be_flags & SLAP_BFLAG_SUBENTRIES)
-#define SLAP_MONITOR(be) ((be)->be_flags & SLAP_BFLAG_MONITOR)
#define SLAP_DYNAMIC(be) ((be)->be_flags & SLAP_BFLAG_DYNAMIC)
+
slap_mask_t be_restrictops; /* restriction operations */
#define SLAP_RESTRICT_OP_ADD 0x0001U
#define SLAP_RESTRICT_OP_BIND 0x0002U
@@ -1146,7 +1462,7 @@ struct slap_backend_db {
#define SLAP_RESTRICT_OP_SEARCH 0x0080U
#define SLAP_RESTRICT_OP_READS \
- ( SLAP_RESTRICT_OP_COMPARE \
+ ( SLAP_RESTRICT_OP_COMPARE \
| SLAP_RESTRICT_OP_SEARCH )
#define SLAP_RESTRICT_OP_WRITES \
( SLAP_RESTRICT_OP_ADD \
@@ -1156,7 +1472,9 @@ struct slap_backend_db {
#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
#define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */
-#define SLAP_ALLOW_BIND_ANON_DN 0x0003U /* dn should be empty */
+#define SLAP_ALLOW_BIND_ANON_DN 0x0004U /* dn should be empty */
+
+#define SLAP_ALLOW_UPDATE_ANON 0x0008U /* allow anonymous updates */
#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
@@ -1165,6 +1483,8 @@ struct slap_backend_db {
#define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */
#define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */
+#define SLAP_DISALLOW_AUX_WO_CR 0x4000U
+
slap_mask_t be_requires; /* pre-operation requirements */
#define SLAP_REQUIRE_BIND 0x0001U /* bind before op */
#define SLAP_REQUIRE_LDAP_V3 0x0002U /* LDAPv3 before op */
@@ -1178,11 +1498,12 @@ struct slap_backend_db {
/* these should be renamed from be_ to bd_ */
BerVarray be_suffix; /* the DN suffixes of data in this backend */
BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */
- BerVarray be_suffixAlias; /* pairs of DN suffix aliases and deref values */
+ struct berval be_schemadn; /* per-backend subschema subentry DN */
+ struct berval be_schemandn; /* normalized subschema DN */
struct berval be_rootdn; /* the magic "root" name (DN) for this db */
struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */
struct berval be_rootpw; /* the magic "root" password for this db */
- unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
+ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
#define be_sizelimit be_def_limit.lms_s_soft
#define be_timelimit be_def_limit.lms_t_soft
struct slap_limits_set be_def_limit; /* default limits */
@@ -1195,6 +1516,13 @@ struct slap_backend_db {
BerVarray be_update_refs; /* where to refer modifying clients to */
char *be_realm;
void *be_private; /* anything the backend database needs */
+
+ void *be_pb; /* Netscape plugin */
+ LDAP_TAILQ_HEAD( pcl, slap_csn_entry ) be_pending_csn_list;
+ ldap_pvt_thread_mutex_t be_pcl_mutex;
+ struct berval be_context_csn;
+ ldap_pvt_thread_mutex_t be_context_csn_mutex;
+ LDAP_STAILQ_HEAD( be_si, syncinfo_s ) be_syncinfo; /* For syncrepl */
};
struct slap_conn;
@@ -1217,81 +1545,124 @@ typedef int (BI_db_open) LDAP_P((Backend *bd));
typedef int (BI_db_close) LDAP_P((Backend *bd));
typedef int (BI_db_destroy) LDAP_P((Backend *bd));
-typedef int (BI_op_bind) LDAP_P(( BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- struct berval *dn, struct berval *ndn, int method,
- struct berval *cred, struct berval *edn ));
-typedef int (BI_op_unbind) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o ));
-typedef int (BI_op_search) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- struct berval *base, struct berval *nbase,
- int scope, int deref,
- int slimit, int tlimit,
- Filter *f, struct berval *filterstr,
- AttributeName *attrs, int attrsonly));
-typedef int (BI_op_compare)LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- struct berval *dn, struct berval *ndn,
- AttributeAssertion *ava));
-typedef int (BI_op_modify) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- struct berval *dn, struct berval *ndn,
- Modifications *m));
-typedef int (BI_op_modrdn) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- struct berval *dn, struct berval *ndn,
- struct berval *newrdn, struct berval *nnewrdn,
- int deleteoldrdn,
- struct berval *newSup, struct berval *nnewSup ));
-typedef int (BI_op_add) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- Entry *e));
-typedef int (BI_op_delete) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- struct berval *dn, struct berval *ndn));
-typedef int (BI_op_abandon) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- ber_int_t msgid));
-
-typedef int (BI_op_extended) LDAP_P((
- BackendDB *be,
- struct slap_conn *conn,
- struct slap_op *op,
- const char *reqoid,
- struct berval * reqdata,
- char **rspoid,
- struct berval ** rspdata,
- LDAPControl *** rspctrls,
- const char ** text,
- BerVarray *refs ));
-
-typedef int (BI_entry_release_rw) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- Entry *e, int rw));
-
-typedef int (BI_chk_referrals) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- struct berval *dn, struct berval *ndn,
- const char **text ));
-
-typedef int (BI_acl_group) LDAP_P((Backend *bd,
- struct slap_conn *c, struct slap_op *o,
- Entry *e,
- struct berval *bdn,
- struct berval *edn,
- ObjectClass *group_oc,
- AttributeDescription *group_at ));
-
-typedef int (BI_acl_attribute) LDAP_P((Backend *bd,
- struct slap_conn *c, struct slap_op *o,
- Entry *e, struct berval *edn,
- AttributeDescription *entry_at,
- BerVarray *vals ));
-
-typedef int (BI_operational) LDAP_P((Backend *bd,
- struct slap_conn *c, struct slap_op *o,
- Entry *e, AttributeName *attrs, int opattrs, Attribute **a ));
+typedef struct req_bind_s {
+ int rb_method;
+ struct berval rb_cred;
+ struct berval rb_edn;
+ slap_ssf_t rb_ssf;
+} req_bind_s;
+
+typedef struct req_search_s {
+ int rs_scope;
+ int rs_deref;
+ int rs_slimit;
+ int rs_tlimit;
+ int rs_attrsonly;
+ AttributeName *rs_attrs;
+ Filter *rs_filter;
+ struct berval rs_filterstr;
+} req_search_s;
+
+typedef struct req_compare_s {
+ AttributeAssertion *rs_ava;
+} req_compare_s;
+
+typedef struct req_modify_s {
+ Modifications *rs_modlist;
+} req_modify_s;
+
+typedef struct req_modrdn_s {
+ struct berval rs_newrdn;
+ struct berval rs_nnewrdn;
+ struct berval *rs_newSup;
+ struct berval *rs_nnewSup;
+ int rs_deleteoldrdn;
+} req_modrdn_s;
+
+typedef struct req_add_s {
+ Entry *rs_e;
+} req_add_s;
+
+typedef struct req_abandon_s {
+ ber_int_t rs_msgid;
+} req_abandon_s;
+
+typedef struct req_extended_s {
+ struct berval rs_reqoid;
+ struct berval *rs_reqdata;
+} req_extended_s;
+
+typedef enum slap_reply_e {
+ REP_RESULT,
+ REP_SASL,
+ REP_EXTENDED,
+ REP_SEARCH,
+ REP_SEARCHREF,
+ REP_INTERMEDIATE
+} slap_reply_t;
+
+typedef struct rep_sasl_s {
+ struct berval *r_sasldata;
+} rep_sasl_s;
+
+typedef struct rep_extended_s {
+ const char *r_rspoid;
+ struct berval *r_rspdata;
+} rep_extended_s;
+
+typedef struct rep_search_s {
+ Entry *r_entry;
+ AttributeName *r_attrs;
+ int r_nentries;
+ BerVarray r_v2ref;
+} rep_search_s;
+
+typedef struct slap_rep {
+ slap_reply_t sr_type;
+ ber_tag_t sr_tag;
+ ber_int_t sr_msgid;
+ ber_int_t sr_err;
+ const char *sr_matched;
+ const char *sr_text;
+ BerVarray sr_ref;
+ LDAPControl **sr_ctrls;
+ union sr_u {
+ rep_sasl_s sru_sasl;
+ rep_extended_s sru_extended;
+ rep_search_s sru_search;
+ } sr_un;
+ slap_mask_t sr_flags;
+#define REP_ENTRY_MODIFIABLE 0x00000001
+#define REP_ENTRY_MUSTBEFREED 0x00000002
+#define REP_MATCHED_MUSTBEFREED 0x00000010
+} SlapReply;
+
+/* short hands for response members */
+#define sr_attrs sr_un.sru_search.r_attrs
+#define sr_entry sr_un.sru_search.r_entry
+#define sr_v2ref sr_un.sru_search.r_v2ref
+#define sr_nentries sr_un.sru_search.r_nentries
+#define sr_rspoid sr_un.sru_extended.r_rspoid
+#define sr_rspdata sr_un.sru_extended.r_rspdata
+#define sr_sasldata sr_un.sru_sasl.r_sasldata
+
+typedef int (BI_op_bind) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_op_unbind) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_op_search) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_op_compare) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_op_modify) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_op_modrdn) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_op_add) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_op_delete) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_op_abandon) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_op_cancel) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_op_extended) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_entry_release_rw) LDAP_P(( struct slap_op *op, Entry *e, int rw ));
+typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn,
+ ObjectClass *oc, AttributeDescription *at, int rw, Entry **e ));
+typedef int (BI_chk_referrals) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
+typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs, int opattrs, Attribute **ap ));
+typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, Entry *e, int *hasSubs ));
typedef int (BI_connection_init) LDAP_P((BackendDB *bd,
struct slap_conn *c));
@@ -1307,6 +1678,10 @@ typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e,
struct berval *text ));
typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id ));
typedef int (BI_tool_sync) LDAP_P(( BackendDB *be ));
+typedef ID (BI_tool_dn2id_get) LDAP_P(( BackendDB *be, struct berval *dn ));
+typedef int (BI_tool_id2entry_get) LDAP_P(( BackendDB *be, ID id, Entry **e ));
+typedef ID (BI_tool_entry_modify) LDAP_P(( BackendDB *be, Entry *e,
+ struct berval *text ));
struct slap_backend_info {
char *bi_type; /* type of backend */
@@ -1374,31 +1749,34 @@ struct slap_backend_info {
BI_op_add *bi_op_add;
BI_op_delete *bi_op_delete;
BI_op_abandon *bi_op_abandon;
+ BI_op_cancel *bi_op_cancel;
/* Extended Operations Helper */
BI_op_extended *bi_extended;
/* Auxilary Functions */
+ BI_entry_get_rw *bi_entry_get_rw;
BI_entry_release_rw *bi_entry_release_rw;
BI_chk_referrals *bi_chk_referrals;
- BI_acl_group *bi_acl_group;
- BI_acl_attribute *bi_acl_attribute;
-
BI_operational *bi_operational;
+ BI_has_subordinates *bi_has_subordinates;
BI_connection_init *bi_connection_init;
BI_connection_destroy *bi_connection_destroy;
/* hooks for slap tools */
- BI_tool_entry_open *bi_tool_entry_open;
- BI_tool_entry_close *bi_tool_entry_close;
- BI_tool_entry_first *bi_tool_entry_first;
- BI_tool_entry_next *bi_tool_entry_next;
- BI_tool_entry_get *bi_tool_entry_get;
- BI_tool_entry_put *bi_tool_entry_put;
+ BI_tool_entry_open *bi_tool_entry_open;
+ BI_tool_entry_close *bi_tool_entry_close;
+ BI_tool_entry_first *bi_tool_entry_first;
+ BI_tool_entry_next *bi_tool_entry_next;
+ BI_tool_entry_get *bi_tool_entry_get;
+ BI_tool_entry_put *bi_tool_entry_put;
BI_tool_entry_reindex *bi_tool_entry_reindex;
- BI_tool_sync *bi_tool_sync;
+ BI_tool_sync *bi_tool_sync;
+ BI_tool_dn2id_get *bi_tool_dn2id_get;
+ BI_tool_id2entry_get *bi_tool_id2entry_get;
+ BI_tool_entry_modify *bi_tool_entry_modify;
#define SLAP_INDEX_ADD_OP 0x0001
#define SLAP_INDEX_DELETE_OP 0x0002
@@ -1427,25 +1805,33 @@ struct slap_backend_info {
#define o_tls_ssf o_authz.sai_tls_ssf
#define o_sasl_ssf o_authz.sai_sasl_ssf
-typedef void (slap_response)( struct slap_conn *, struct slap_op *,
- ber_tag_t, ber_int_t, ber_int_t, const char *, const char *,
- BerVarray, const char *, struct berval *,
- struct berval *, LDAPControl ** );
-
-typedef void (slap_sresult)( struct slap_conn *, struct slap_op *,
- ber_int_t, const char *, const char *, BerVarray,
- LDAPControl **, int nentries);
-
-typedef int (slap_sendentry)( BackendDB *, struct slap_conn *,
- struct slap_op *, Entry *, AttributeName *, int, LDAPControl **);
+typedef int (slap_response)( struct slap_op *, struct slap_rep * );
typedef struct slap_callback {
+ struct slap_callback *sc_next;
slap_response *sc_response;
- slap_sresult *sc_sresult;
- slap_sendentry *sc_sendentry;
+ slap_response *sc_cleanup;
void *sc_private;
} slap_callback;
+struct slap_overinfo;
+
+typedef struct slap_overinst {
+ BackendInfo on_bi;
+ slap_response *on_response;
+ struct slap_overinfo *on_info;
+ struct slap_overinst *on_next;
+} slap_overinst;
+
+typedef struct slap_overinfo {
+ BackendInfo oi_bi;
+ BackendDB oi_bd;
+ slap_overinst *oi_list;
+} slap_overinfo;
+
+/* Should successive callbacks in a chain be processed? */
+#define SLAP_CB_CONTINUE 0x8000
+
/*
* Paged Results state
*/
@@ -1456,66 +1842,264 @@ typedef struct slap_paged_state {
ID ps_id;
} PagedResultsState;
+
+#define LDAP_PSEARCH_BY_ADD 0x01
+#define LDAP_PSEARCH_BY_DELETE 0x02
+#define LDAP_PSEARCH_BY_PREMODIFY 0x03
+#define LDAP_PSEARCH_BY_MODIFY 0x04
+#define LDAP_PSEARCH_BY_SCOPEOUT 0x05
+
+struct psid_entry {
+ struct slap_op *ps_op;
+ LDAP_LIST_ENTRY(psid_entry) ps_link;
+};
+
+struct slog_entry {
+ struct berval sl_uuid;
+ struct berval sl_name;
+ struct berval sl_csn;
+ LDAP_STAILQ_ENTRY(slog_entry) sl_link;
+};
+
+/* session lists */
+struct slap_session_entry {
+ int se_id;
+ int se_size;
+ struct berval se_spec;
+ LDAP_LIST_ENTRY( slap_session_entry ) se_link;
+};
+
+struct slap_csn_entry {
+ struct berval *csn;
+ unsigned long opid;
+ unsigned long connid;
+#define SLAP_CSN_PENDING 1
+#define SLAP_CSN_COMMIT 2
+ long state;
+ LDAP_TAILQ_ENTRY (slap_csn_entry) csn_link;
+};
+
+/*
+ * Caches the result of a backend_group check for ACL evaluation
+ */
+typedef struct slap_gacl {
+ struct slap_gacl *ga_next;
+ Backend *ga_be;
+ ObjectClass *ga_oc;
+ AttributeDescription *ga_at;
+ int ga_res;
+ ber_len_t ga_len;
+ char ga_ndn[1];
+} GroupAssertion;
+
/*
* represents an operation pending from an ldap client
*/
typedef struct slap_op {
unsigned long o_opid; /* id of this operation */
unsigned long o_connid; /* id of conn initiating this op */
+ struct slap_conn *o_conn; /* connection spawning this op */
+ BackendDB *o_bd; /* backend DB processing this op */
ber_int_t o_msgid; /* msgid of the request */
ber_int_t o_protocol; /* version of the LDAP protocol used by client */
ber_tag_t o_tag; /* tag of the request */
time_t o_time; /* time op was initiated */
+ struct berval o_req_dn; /* DN of target of request */
+ struct berval o_req_ndn;
+
+ union o_req_u {
+ req_add_s oq_add;
+ req_bind_s oq_bind;
+ req_compare_s oq_compare;
+ req_modify_s oq_modify;
+ req_modrdn_s oq_modrdn;
+ req_search_s oq_search;
+ req_abandon_s oq_abandon;
+ req_abandon_s oq_cancel;
+ req_extended_s oq_extended;
+ } o_request;
+
+/* short hands for union members */
+#define oq_add o_request.oq_add
+#define oq_bind o_request.oq_bind
+#define oq_compare o_request.oq_compare
+#define oq_modify o_request.oq_modify
+#define oq_modrdn o_request.oq_modrdn
+#define oq_search o_request.oq_search
+#define oq_abandon o_request.oq_abandon
+#define oq_cancel o_request.oq_cancel
+#define oq_extended o_request.oq_extended
+
+/* short hands for inner request members */
+#define orb_method oq_bind.rb_method
+#define orb_cred oq_bind.rb_cred
+#define orb_edn oq_bind.rb_edn
+#define orb_ssf oq_bind.rb_ssf
+
+#define ors_scope oq_search.rs_scope
+#define ors_deref oq_search.rs_deref
+#define ors_slimit oq_search.rs_slimit
+#define ors_tlimit oq_search.rs_tlimit
+#define ors_attrsonly oq_search.rs_attrsonly
+#define ors_attrs oq_search.rs_attrs
+#define ors_filter oq_search.rs_filter
+#define ors_filterstr oq_search.rs_filterstr
+
+#define orr_newrdn oq_modrdn.rs_newrdn
+#define orr_nnewrdn oq_modrdn.rs_nnewrdn
+#define orr_newSup oq_modrdn.rs_newSup
+#define orr_nnewSup oq_modrdn.rs_nnewSup
+#define orr_deleteoldrdn oq_modrdn.rs_deleteoldrdn
+
+#define orc_ava oq_compare.rs_ava
+#define ora_e oq_add.rs_e
+#define orn_msgid oq_abandon.rs_msgid
+#define orm_modlist oq_modify.rs_modlist
+
+#define ore_reqoid oq_extended.rs_reqoid
+#define ore_reqdata oq_extended.rs_reqdata
+
ldap_pvt_thread_t o_tid; /* thread handling this op */
volatile sig_atomic_t o_abandon; /* abandon flag */
+ volatile sig_atomic_t o_cancel; /* cancel flag */
+#define SLAP_CANCEL_NONE 0x00
+#define SLAP_CANCEL_REQ 0x01
+#define SLAP_CANCEL_ACK 0x02
+#define SLAP_CANCEL_DONE 0x03
+
+ GroupAssertion *o_groups;
+ char o_do_not_cache; /* don't cache groups from this op */
+ char o_is_auth_check; /* authorization in progress */
#define SLAP_NO_CONTROL 0
#define SLAP_NONCRITICAL_CONTROL 1
#define SLAP_CRITICAL_CONTROL 2
char o_managedsait;
+#define get_manageDSAit(op) ((int)(op)->o_managedsait)
+
char o_noop;
+ char o_proxy_authz;
+
char o_subentries;
+#define get_subentries(op) ((int)(op)->o_subentries)
char o_subentries_visibility;
+#define get_subentries_visibility(op) ((int)(op)->o_subentries_visibility)
+
+ char o_assert;
+#define get_assert(op) ((int)(op)->o_assert)
+
char o_valuesreturnfilter;
+#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY
+ char o_permissive_modify;
+#define get_permissiveModify(op) ((int)(op)->o_permissive_modify)
+#else
+#define get_permissiveModify(op) (0)
+#endif
+
+#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE
+ char o_domain_scope;
+#define get_domainScope(op) ((int)(op)->o_domain_scope)
+#else
+#define get_domainScope(op) (0)
+#endif
+
+ char o_preread;
+ char o_postread;
+ AttributeName *o_preread_attrs;
+ AttributeName *o_postread_attrs;
+
char o_pagedresults;
+#define get_pagedresults(op) ((int)(op)->o_pagedresults)
ber_int_t o_pagedresults_size;
PagedResultsState o_pagedresults_state;
-#ifdef LDAP_CONNECTIONLESS
- Sockaddr o_peeraddr; /* UDP peer address */
-#endif
+ char o_sync;
+ char o_sync_mode;
+#define SLAP_SYNC_NONE LDAP_SYNC_NONE
+#define SLAP_SYNC_REFRESH LDAP_SYNC_REFRESH_ONLY
+#define SLAP_SYNC_PERSIST LDAP_SYNC_RESERVED
+#define SLAP_SYNC_REFRESH_AND_PERSIST LDAP_SYNC_REFRESH_AND_PERSIST
+ struct sync_cookie o_sync_state;
+ int o_sync_rhint;
+ struct berval o_sync_cid;
+ int o_sync_slog_size;
+ struct berval o_sync_csn;
+ struct berval o_sync_slog_omitcsn;
+ int o_sync_slog_len;
+ LDAP_STAILQ_HEAD(sl, slog_entry) o_sync_slog_list;
+
+ int o_ps_entries;
+ int o_no_psearch;
+ LDAP_LIST_ENTRY(slap_op) o_ps_link;
+ LDAP_LIST_HEAD(pe, psid_entry) o_pm_list;
+
AuthorizationInformation o_authz;
- BerElement *o_ber; /* ber of the request */
- slap_callback *o_callback; /* callback pointers */
+ BerElement *o_ber; /* ber of the request */
+ BerElement *o_res_ber; /* ber of the CLDAP reply or readback control */
+ slap_callback *o_callback; /* callback pointers */
LDAPControl **o_ctrls; /* controls */
+ void *o_threadctx; /* thread pool thread context */
+ void *o_tmpmemctx; /* slab malloc context */
+ BerMemoryFunctions *o_tmpmfuncs;
+#define o_tmpalloc o_tmpmfuncs->bmf_malloc
+#define o_tmpcalloc o_tmpmfuncs->bmf_calloc
+#define o_tmprealloc o_tmpmfuncs->bmf_realloc
+#define o_tmpfree o_tmpmfuncs->bmf_free
void *o_private; /* anything the backend needs */
LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */
- ValuesReturnFilter *vrFilter; /* Structure represents ValuesReturnFilter */
+
+ Filter *o_assertion; /* Assert control filter */
+#define get_assertion(op) ((op)->o_assertion)
+
+ ValuesReturnFilter *o_vrFilter; /* ValuesReturnFilter */
+
+ int o_nocaching;
+
+#ifdef LDAP_SLAPI
+ void *o_pb; /* NS-SLAPI plugin */
+ void *o_extensions; /* NS-SLAPI plugin */
+#endif
} Operation;
-#define get_manageDSAit(op) ((int)(op)->o_managedsait)
-#define get_subentries(op) ((int)(op)->o_subentries)
-#define get_subentries_visibility(op) ((int)(op)->o_subentries_visibility)
+#define send_ldap_error( op, rs, err, text ) do { \
+ (rs)->sr_err = err; (rs)->sr_text = text; \
+ (op->o_conn->c_send_ldap_result)( op, rs ); \
+ } while (0)
+#define send_ldap_discon( op, rs, err, text ) do { \
+ (rs)->sr_err = err; (rs)->sr_text = text; \
+ send_ldap_disconnect( op, rs ); \
+ } while (0)
-/*
- * Caches the result of a backend_group check for ACL evaluation
- */
-typedef struct slap_gacl {
- struct slap_gacl *ga_next;
- Backend *ga_be;
- ObjectClass *ga_oc;
- AttributeDescription *ga_at;
- int ga_res;
- ber_len_t ga_len;
- char ga_ndn[1];
-} GroupAssertion;
+typedef void (SEND_LDAP_RESULT)(
+ struct slap_op *op, struct slap_rep *rs);
+typedef int (SEND_SEARCH_ENTRY)(
+ struct slap_op *op, struct slap_rep *rs);
+typedef int (SEND_SEARCH_REFERENCE)(
+ struct slap_op *op, struct slap_rep *rs);
+typedef void (SEND_LDAP_EXTENDED)(
+ struct slap_op *op, struct slap_rep *rs);
+typedef void (SEND_LDAP_INTERMEDIATE)(
+ struct slap_op *op, struct slap_rep *rs);
+
+#define send_ldap_result( op, rs ) \
+ (op->o_conn->c_send_ldap_result)( op, rs )
+#define send_search_entry( op, rs ) \
+ (op->o_conn->c_send_search_entry)( op, rs )
+#define send_search_reference( op, rs ) \
+ (op->o_conn->c_send_search_reference)( op, rs )
+#define send_ldap_extended( op, rs ) \
+ (op->o_conn->c_send_ldap_extended)( op, rs )
+#define send_ldap_intermediate( op, rs ) \
+ (op->o_conn->c_send_ldap_intermediate)( op, rs )
+
+typedef struct slap_listener Listener;
/*
* represents a connection from an ldap client
@@ -1532,21 +2116,21 @@ typedef struct slap_conn {
time_t c_activitytime; /* when the connection was last used */
unsigned long c_connid; /* id of this connection for stats*/
- struct berval c_listener_url; /* listener URL */
struct berval c_peer_domain; /* DNS name of client */
struct berval c_peer_name; /* peer name (trans=addr:port) */
- struct berval c_sock_name; /* sock name (trans=addr:port) */
+ Listener *c_listener;
+#define c_listener_url c_listener->sl_url /* listener URL */
+#define c_sock_name c_listener->sl_name /* sock name (trans=addr:port) */
/* only can be changed by binding thread */
int c_sasl_bind_in_progress; /* multi-op bind in progress */
struct berval c_sasl_bind_mech; /* mech in progress */
- struct berval c_cdn;
+ struct berval c_sasl_dn; /* temporary storage */
/* authorization backend */
Backend *c_authz_backend;
AuthorizationInformation c_authz;
- GroupAssertion *c_groups;
ber_int_t c_protocol; /* version of the LDAP protocol used by client */
@@ -1559,6 +2143,10 @@ typedef struct slap_conn {
BerElement *c_currentber; /* ber we're attempting to read */
int c_writewaiter; /* true if writer is waiting */
+#define CONN_IS_TLS 1
+#define CONN_IS_UDP 2
+#define CONN_IS_CLIENT 3
+
#ifdef LDAP_CONNECTIONLESS
int c_is_udp; /* true if this is (C)LDAP over UDP */
#endif
@@ -1567,8 +2155,11 @@ typedef struct slap_conn {
int c_needs_tls_accept; /* true if SSL_accept should be called */
#endif
int c_sasl_layers; /* true if we need to install SASL i/o handlers */
- void *c_sasl_context; /* SASL session context */
+ int c_sasl_done; /* SASL completed once */
+ void *c_sasl_authctx; /* SASL authentication context */
+ void *c_sasl_sockctx; /* SASL security layer context */
void *c_sasl_extra; /* SASL session extra stuff */
+ struct slap_op *c_sasl_bindop; /* set to current op if it's a bind */
PagedResultsState c_pagedresults_state; /* paged result state */
@@ -1580,6 +2171,29 @@ typedef struct slap_conn {
long c_n_get; /* num of get calls */
long c_n_read; /* num of read calls */
long c_n_write; /* num of write calls */
+
+ void *c_pb; /* Netscape plugin */
+ void *c_extensions; /* Netscape plugin */
+
+ /*
+ * Client connection handling
+ */
+ ldap_pvt_thread_start_t *c_clientfunc;
+ void *c_clientarg;
+
+ /*
+ * These are the "callbacks" that are available for back-ends to
+ * supply data back to connected clients that are connected
+ * through the "front-end".
+ */
+ SEND_LDAP_RESULT *c_send_ldap_result;
+ SEND_SEARCH_ENTRY *c_send_search_entry;
+ SEND_SEARCH_REFERENCE *c_send_search_reference;
+ SEND_LDAP_EXTENDED *c_send_ldap_extended;
+#ifdef LDAP_RES_INTERMEDIATE
+ SEND_LDAP_INTERMEDIATE *c_send_ldap_intermediate;
+#endif
+
} Connection;
#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG)
@@ -1589,41 +2203,39 @@ typedef struct slap_conn {
fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
if ( ldap_syslog & (level) ) \
syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
- (arg2), (arg3) ); \
+ (arg2), (arg3) ); \
} while (0)
+#define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level))
+#elif defined(LDAP_DEBUG)
+#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
+ do { \
+ if ( ldap_debug & (level) ) \
+ fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
+ } while (0)
+#define StatslogTest( level ) (ldap_debug & (level))
#else
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )
+#define StatslogTest( level ) (0)
#endif
-
-#define SASLREGEX_REPLACE 10
-#define SASL_AUTHZ_SOURCE_ATTR "saslAuthzTo"
-#define SASL_AUTHZ_DEST_ATTR "saslAuthzFrom"
-
-typedef struct sasl_regexp {
- char *sr_match; /* regexp match pattern */
- char *sr_replace; /* regexp replace pattern */
- regex_t sr_workspace; /* workspace for regexp engine */
- regmatch_t sr_strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */
- int sr_offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */
-} SaslRegexp_t;
-
/*
* listener; need to access it from monitor backend
*/
-typedef struct slap_listener {
- char* sl_url;
- char* sl_name;
+struct slap_listener {
+ struct berval sl_url;
+ struct berval sl_name;
+ mode_t sl_perms;
#ifdef HAVE_TLS
int sl_is_tls;
#endif
#ifdef LDAP_CONNECTIONLESS
int sl_is_udp; /* UDP listener is also data port */
#endif
+ int sl_is_mute; /* Listening is temporarily disabled */
ber_socket_t sl_sd;
Sockaddr sl_sa;
#define sl_addr sl_sa.sa_in_addr
-} Listener;
+};
#ifdef SLAPD_MONITOR
/*
@@ -1644,6 +2256,47 @@ enum {
};
#endif /* SLAPD_MONITOR */
+/*
+ * Better know these all around slapd
+ */
+#define SLAP_LDAPDN_PRETTY 0x1
+#define SLAP_LDAPDN_MAXLEN 8192
+
+/* number of response controls supported */
+#define SLAP_MAX_RESPONSE_CONTROLS 6
+
+#ifdef LDAP_DEVEL
+#define SLAP_CTRL_HIDE 0x00000000U
+#else
+#define SLAP_CTRL_HIDE 0x80000000U
+#endif
+
+#define SLAP_CTRL_FRONTEND 0x00800000U
+#define SLAP_CTRL_FRONTEND_SEARCH 0x00010000U /* for NOOP */
+
+#define SLAP_CTRL_OPFLAGS 0x0000FFFFU
+#define SLAP_CTRL_ABANDON 0x00000001U
+#define SLAP_CTRL_ADD 0x00002002U
+#define SLAP_CTRL_BIND 0x00000004U
+#define SLAP_CTRL_COMPARE 0x00001008U
+#define SLAP_CTRL_DELETE 0x00002010U
+#define SLAP_CTRL_MODIFY 0x00002020U
+#define SLAP_CTRL_RENAME 0x00002040U
+#define SLAP_CTRL_SEARCH 0x00001080U
+#define SLAP_CTRL_UNBIND 0x00000100U
+
+#define SLAP_CTRL_INTROGATE (SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH)
+#define SLAP_CTRL_UPDATE \
+ (SLAP_CTRL_ADD|SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME)
+#define SLAP_CTRL_ACCESS (SLAP_CTRL_INTROGATE|SLAP_CTRL_UPDATE)
+
+typedef int (SLAP_CTRL_PARSE_FN) LDAP_P((
+ Operation *op,
+ SlapReply *rs,
+ LDAPControl *ctrl ));
+
+#define SLMALLOC_SLAB_SIZE (1024*1024)
+
LDAP_END_DECL
#include "proto-slap.h"