X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=95eac5c9a657f6adf87e4e18b7d9f145ddd5319b;hb=d1824b14ae78b128fb9ff6cf73d2ec4a0e756a90;hp=c79ef4c1c7a72649cbe5b685839d3b1a04dab81a;hpb=e42e8d713000bc61cc0ef1b6871b1c1f61da8f2e;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index c79ef4c1c7..95eac5c9a6 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2005 The OpenLDAP Foundation. + * Copyright 1998-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -58,34 +58,23 @@ LDAP_BEGIN_DECL +#define SLAP_LIGHTWEIGHT_DISPATCHER /* experimental slapd architecture */ +#ifdef LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL +#define SLAP_SEM_LOAD_CONTROL +#endif #ifdef LDAP_DEVEL -#define SLAP_ACL_HONOR_DISCLOSE /* partially implemented */ -#define SLAP_ACL_HONOR_MANAGE /* not yet implemented */ -#define SLAP_DYNACL -#define SLAP_OVERLAY_ACCESS +#define LDAP_COLLECTIVE_ATTRIBUTES #define LDAP_COMP_MATCH -#define LDAP_DYNAMIC_OBJECTS #define LDAP_SYNC_TIMESTAMP -#define LDAP_COLLECTIVE_ATTRIBUTES +#endif + +#define LDAP_DYNAMIC_OBJECTS #define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE -#define SLAPD_CONF_UNKNOWN_BAILOUT #ifdef ENABLE_REWRITE #define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */ #endif -#endif - -/* - * ITS#3705: bail out if unknown config directives appear in slapd.conf - */ -#ifdef SLAPD_CONF_UNKNOWN_BAILOUT -#define SLAPD_CONF_UNKNOWN_IGNORED "" -#define SLAPD_DEBUG_CONFIG_ERROR LDAP_DEBUG_ANY -#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ -#define SLAPD_CONF_UNKNOWN_IGNORED " (ignored)" -#define SLAPD_DEBUG_CONFIG_ERROR LDAP_DEBUG_CONFIG -#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ /* * SLAPD Memory allocation macros @@ -199,13 +188,6 @@ LDAP_BEGIN_DECL #define SLAPD_ROLE_ATTR "roleOccupant" #define SLAPD_ROLE_CLASS "organizationalRole" -#ifdef SLAPD_ACI_ENABLED -#define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" -#endif /* SLAPD_ACI_ENABLED */ - -/* change this to "OpenLDAPset" */ -#define SLAPD_ACI_SET_ATTR "template" - #define SLAPD_TOP_OID "2.5.6.0" LDAP_SLAPD_V (int) slap_debug; @@ -498,6 +480,8 @@ typedef struct slap_matching_rule { #define SLAP_MR_HIDE 0x8000U #endif +#define SLAP_MR_MUTATION_NORMALIZER 0x4000U + #define SLAP_MR_TYPE_MASK 0x0F00U #define SLAP_MR_SUBTYPE_MASK 0x00F0U #define SLAP_MR_USAGE 0x000FU @@ -736,6 +720,10 @@ typedef struct slap_object_class { LDAP_STAILQ_ENTRY(slap_object_class) soc_next; } ObjectClass; +#define SLAP_OCF_SET_FLAGS 0x1 +#define SLAP_OCF_CHECK_SUP 0x2 +#define SLAP_OCF_MASK (SLAP_OCF_SET_FLAGS|SLAP_OCF_CHECK_SUP) + #define SLAP_OC_ALIAS 0x0001 #define SLAP_OC_REFERRAL 0x0002 #define SLAP_OC_SUBENTRY 0x0004 @@ -792,6 +780,13 @@ typedef struct slap_attr_desc { #define SLAP_DESC_TAG_RANGE 0x80U } AttributeDescription; +/* flags to slap_*2undef_ad to register undefined (0, the default) + * or proxied (SLAP_AD_PROXIED) AttributeDescriptions; the additional + * SLAP_AD_NOINSERT is to lookup without insert */ +#define SLAP_AD_UNDEF 0x00U +#define SLAP_AD_PROXIED 0x01U +#define SLAP_AD_NOINSERT 0x02U + typedef struct slap_attr_name { struct berval an_name; AttributeDescription *an_desc; @@ -883,9 +878,6 @@ struct slap_internal_schema { AttributeDescription *si_ad_children; AttributeDescription *si_ad_saslAuthzTo; AttributeDescription *si_ad_saslAuthzFrom; -#ifdef SLAPD_ACI_ENABLED - AttributeDescription *si_ad_aci; -#endif /* SLAPD_ACI_ENABLED */ /* dynamic entries */ AttributeDescription *si_ad_entryTtl; @@ -896,6 +888,8 @@ struct slap_internal_schema { AttributeDescription *si_ad_name; AttributeDescription *si_ad_cn; AttributeDescription *si_ad_uid; + AttributeDescription *si_ad_uidNumber; + AttributeDescription *si_ad_gidNumber; AttributeDescription *si_ad_userPassword; AttributeDescription *si_ad_labeledURI; #ifdef SLAPD_AUTHPASSWD @@ -907,10 +901,13 @@ struct slap_internal_schema { #endif AttributeDescription *si_ad_description; AttributeDescription *si_ad_seeAlso; - + /* Undefined Attribute Type */ AttributeType *si_at_undefined; + /* "Proxied" Attribute Type */ + AttributeType *si_at_proxied; + /* Matching Rules */ MatchingRule *si_mr_distinguishedNameMatch; MatchingRule *si_mr_dnSubtreeMatch; @@ -979,9 +976,7 @@ typedef struct slap_filter { #define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1) #define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2) #define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3) -#ifdef LDAP_SCOPE_SUBORDINATE #define SLAPD_FILTER_DN_CHILDREN ((ber_tag_t) -4) -#endif union f_un_u { /* precomputed result */ @@ -1151,6 +1146,7 @@ typedef struct slap_mod { * running as non-root user, for user modifiable attributes. */ #define SLAP_MOD_INTERNAL 0x01 +#define SLAP_MOD_MANAGING 0x02 AttributeDescription *sm_desc; struct berval sm_type; @@ -1188,7 +1184,7 @@ typedef enum slap_access_e { ACL_COMPARE, ACL_SEARCH, ACL_READ, - ACL_WRITE, + ACL_WRITE_, ACL_MANAGE, /* always leave at end of levels but not greater than ACL_LEVEL_MASK */ @@ -1203,8 +1199,10 @@ typedef enum slap_access_e { ACL_QUALIFIER_MASK = 0x0f00, /* write granularity */ - ACL_WADD = ACL_WRITE|ACL_QUALIFIER1, - ACL_WDEL = ACL_WRITE|ACL_QUALIFIER2 + ACL_WADD = ACL_WRITE_|ACL_QUALIFIER1, + ACL_WDEL = ACL_WRITE_|ACL_QUALIFIER2, + + ACL_WRITE = ACL_WADD|ACL_WDEL } slap_access_t; typedef enum slap_control_e { @@ -1250,9 +1248,10 @@ struct slap_op; /* * "dynamic" ACL infrastructure (for ACIs and more) */ -typedef int (slap_dynacl_parse)( const char *fname, int lineno, slap_style_t, const char *, void **privp ); -typedef int (slap_dynacl_unparse)( void *priv, struct berval *bv ); -typedef int (slap_dynacl_mask)( +typedef int (slap_dynacl_parse) LDAP_P(( const char *fname, int lineno, + const char *opts, slap_style_t, const char *, void **privp )); +typedef int (slap_dynacl_unparse) LDAP_P(( void *priv, struct berval *bv )); +typedef int (slap_dynacl_mask) LDAP_P(( void *priv, struct slap_op *op, Entry *e, @@ -1261,8 +1260,8 @@ typedef int (slap_dynacl_mask)( int nmatch, regmatch_t *matches, slap_access_t *grant, - slap_access_t *deny ); -typedef int (slap_dynacl_destroy)( void *priv ); + slap_access_t *deny )); +typedef int (slap_dynacl_destroy) LDAP_P(( void *priv )); typedef struct slap_dynacl_t { char *da_name; @@ -1411,16 +1410,6 @@ typedef struct slap_access { #ifdef SLAP_DYNACL slap_dynacl_t *a_dynacl; -#else /* ! SLAP_DYNACL */ -#ifdef SLAPD_ACI_ENABLED - /* NOTE: ACIs have been moved under the "dynacl" interface, - * which is currently built only when LDAP_DEVEL is defined. - * - * In any case, SLAPD_ACI_ENABLED, set by --enable-aci, - * is required to enable ACI support. - */ - AttributeDescription *a_aci_at; -#endif /* SLAPD_ACI_ENABLED */ #endif /* SLAP_DYNACL */ /* ACL Groups */ @@ -1440,6 +1429,7 @@ typedef struct slap_acl { regex_t acl_dn_re; struct berval acl_dn_pat; AttributeName *acl_attrs; + MatchingRule *acl_attrval_mr; slap_style_t acl_attrval_style; regex_t acl_attrval_re; struct berval acl_attrval; @@ -1450,12 +1440,15 @@ typedef struct slap_acl { struct slap_acl *acl_next; } AccessControl; +typedef enum { + ACL_STATE_NOT_RECORDED = 0x0, + ACL_STATE_RECORDED_VD = 0x1, + ACL_STATE_RECORDED_NV = 0x2, + ACL_STATE_RECORDED = ( ACL_STATE_RECORDED_VD | ACL_STATE_RECORDED_NV ) +} slap_acl_state_t; + typedef struct slap_acl_state { - unsigned as_recorded; -#define ACL_STATE_NOT_RECORDED 0x0 -#define ACL_STATE_RECORDED_VD 0x1 -#define ACL_STATE_RECORDED_NV 0x2 -#define ACL_STATE_RECORDED 0x3 + slap_acl_state_t as_recorded; /* Access state */ AccessControl *as_vd_acl; @@ -1499,6 +1492,7 @@ LDAP_SLAPD_V (int) slapMode; #define SLAP_TOOL_READMAIN 0x0200 #define SLAP_TOOL_READONLY 0x0400 #define SLAP_TOOL_QUICK 0x0800 +#define SLAP_TOOL_NO_SCHEMA_CHECK 0x1000 #define SB_TLS_DEFAULT (-1) #define SB_TLS_OFF 0 @@ -1506,6 +1500,7 @@ LDAP_SLAPD_V (int) slapMode; #define SB_TLS_CRITICAL 2 typedef struct slap_bindconf { + struct berval sb_uri; int sb_tls; int sb_method; struct berval sb_binddn; @@ -1515,10 +1510,22 @@ typedef struct slap_bindconf { struct berval sb_realm; struct berval sb_authcId; struct berval sb_authzId; +#ifdef HAVE_TLS + void *sb_tls_ctx; + char *sb_tls_cert; + char *sb_tls_key; + char *sb_tls_cacert; + char *sb_tls_cacertdir; + char *sb_tls_reqcert; + char *sb_tls_cipher_suite; +#ifdef HAVE_OPENSSL_CRL + char *sb_tls_crlcheck; +#endif + int sb_tls_do_init; +#endif } slap_bindconf; struct slap_replica_info { - const char *ri_uri; /* supersedes be_replica */ const char *ri_host; /* points to host part of uri */ BerVarray ri_nsuffix; /* array of suffixes this replica accepts */ AttributeName *ri_attrs; /* attrs to replicate, NULL=all */ @@ -1531,6 +1538,14 @@ typedef struct slap_verbmasks { const slap_mask_t mask; } slap_verbmasks; +typedef struct slap_cf_aux_table { + struct berval key; + int off; + char type; + char quote; + slap_verbmasks *aux; +} slap_cf_aux_table; + #define SLAP_LIMIT_TIME 1 #define SLAP_LIMIT_SIZE 2 @@ -1602,7 +1617,7 @@ struct syncinfo_s; #define SLAP_SYNC_RID_SIZE 3 #define SLAP_SYNCUUID_SET_SIZE 256 -#define SLAP_SYNC_UPDATE_MSGID 2 +#define SLAP_SYNC_UPDATE_MSGID 1 struct sync_cookie { struct berval ctxcsn; @@ -1654,8 +1669,7 @@ struct slap_backend_db { /* * define to honor hasSubordinates operational attribute in search filters - * (in previous use there was a flaw with back-bdb and back-ldbm; now it - * is fixed). + * (in previous use there was a flaw with back-bdb; now it is fixed). */ #define be_has_subordinates bd_info->bi_has_subordinates @@ -1690,7 +1704,9 @@ struct slap_backend_db { #define SLAP_DBFLAG_GLUE_ADVERTISE 0x0080U /* advertise in rootDSE */ #define SLAP_DBFLAG_OVERLAY 0x0100U /* this db struct is an overlay */ #define SLAP_DBFLAG_GLOBAL_OVERLAY 0x0200U /* this db struct is a global overlay */ +#define SLAP_DBFLAG_DYNAMIC 0x0400U /* this db allows dynamicObjects */ #define SLAP_DBFLAG_SHADOW 0x8000U /* a shadow */ +#define SLAP_DBFLAG_SINGLE_SHADOW 0x4000U /* a single-master shadow */ #define SLAP_DBFLAG_SYNC_SHADOW 0x1000U /* a sync shadow */ #define SLAP_DBFLAG_SLURP_SHADOW 0x2000U /* a slurp shadow */ slap_mask_t be_flags; @@ -1698,6 +1714,7 @@ struct slap_backend_db { #define SLAP_NOLASTMOD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD) #define SLAP_LASTMOD(be) (!SLAP_NOLASTMOD(be)) #define SLAP_ISOVERLAY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_OVERLAY) +#define SLAP_ISGLOBALOVERLAY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLOBAL_OVERLAY) #define SLAP_NO_SCHEMA_CHECK(be) \ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NO_SCHEMA_CHECK) #define SLAP_GLUE_INSTANCE(be) \ @@ -1711,6 +1728,8 @@ struct slap_backend_db { #define SLAP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SHADOW) #define SLAP_SYNC_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SYNC_SHADOW) #define SLAP_SLURP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SLURP_SHADOW) +#define SLAP_SINGLE_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SINGLE_SHADOW) +#define SLAP_MULTIMASTER(be) (!SLAP_SINGLE_SHADOW(be)) slap_mask_t be_restrictops; /* restriction operations */ #define SLAP_RESTRICT_OP_ADD 0x0001U @@ -1739,12 +1758,18 @@ struct slap_backend_db { | SLAP_RESTRICT_OP_DELETE \ | SLAP_RESTRICT_OP_MODIFY \ | SLAP_RESTRICT_OP_RENAME ) +#define SLAP_RESTRICT_OP_ALL \ + ( SLAP_RESTRICT_OP_READS \ + | SLAP_RESTRICT_OP_WRITES \ + | SLAP_RESTRICT_OP_BIND \ + | SLAP_RESTRICT_OP_EXTENDED ) -#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */ +#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */ #define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */ #define SLAP_ALLOW_BIND_ANON_DN 0x0004U /* dn should be empty */ #define SLAP_ALLOW_UPDATE_ANON 0x0008U /* allow anonymous updates */ +#define SLAP_ALLOW_PROXY_AUTHZ_ANON 0x0010U /* allow anonymous proxyAuthz */ #define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */ #define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */ @@ -1783,6 +1808,9 @@ struct slap_backend_db { /* Replica Information */ struct slap_replica_info **be_replica; /* replicas of this backend (in master) */ char *be_replogfile; /* replication log file (in master) */ + char *be_replica_argsfile; /* per-replog replica args file */ + char *be_replica_pidfile; /* per-replog replica pid file */ + int be_replicationinterval; /* per-replog replicationinterval */ struct berval be_update_ndn; /* allowed to make changes (in replicas) */ BerVarray be_update_refs; /* where to refer modifying clients to */ struct be_pcl *be_pending_csn_list; @@ -1801,21 +1829,23 @@ struct slap_conn; struct slap_op; /* Backend function typedefs */ -typedef int (BI_init) LDAP_P((BackendInfo *bi)); +typedef int (BI_bi_func) LDAP_P((BackendInfo *bi)); +typedef BI_bi_func BI_init; +typedef BI_bi_func BI_open; +typedef BI_bi_func BI_close; +typedef BI_bi_func BI_destroy; typedef int (BI_config) LDAP_P((BackendInfo *bi, const char *fname, int lineno, int argc, char **argv)); -typedef int (BI_open) LDAP_P((BackendInfo *bi)); -typedef int (BI_close) LDAP_P((BackendInfo *bi)); -typedef int (BI_destroy) LDAP_P((BackendInfo *bi)); -typedef int (BI_db_init) LDAP_P((Backend *bd)); +typedef int (BI_db_func) LDAP_P((Backend *bd)); +typedef BI_db_func BI_db_init; +typedef BI_db_func BI_db_open; +typedef BI_db_func BI_db_close; +typedef BI_db_func BI_db_destroy; typedef int (BI_db_config) LDAP_P((Backend *bd, const char *fname, int lineno, int argc, char **argv)); -typedef int (BI_db_open) LDAP_P((Backend *bd)); -typedef int (BI_db_close) LDAP_P((Backend *bd)); -typedef int (BI_db_destroy) LDAP_P((Backend *bd)); typedef struct req_bind_s { int rb_method; @@ -1853,6 +1883,7 @@ typedef struct req_modrdn_s { struct berval *rs_newSup; struct berval *rs_nnewSup; int rs_deleteoldrdn; + Modifications *rs_modlist; } req_modrdn_s; typedef struct req_add_s { @@ -1878,8 +1909,7 @@ typedef struct req_extended_s { } req_extended_s; typedef struct req_pwdexop_s { - struct berval rs_reqoid; - int rs_flags; + struct req_extended_s rs_extended; struct berval rs_old; struct berval rs_new; Modifications *rs_mods; @@ -1942,8 +1972,17 @@ typedef struct slap_rep { #define REP_ENTRY_MODIFIABLE 0x0001U #define REP_ENTRY_MUSTBEFREED 0x0002U #define REP_ENTRY_MUSTRELEASE 0x0004U +#define REP_ENTRY_MASK (REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED|REP_ENTRY_MUSTRELEASE) + #define REP_MATCHED_MUSTBEFREED 0x0010U -#define REP_REF_MUSTBEFREED 0x0020U +#define REP_MATCHED_MASK (REP_MATCHED_MUSTBEFREED) + +#define REP_REF_MUSTBEFREED 0x0020U +#define REP_REF_MASK (REP_REF_MUSTBEFREED) + +#define REP_NO_ENTRYDN 0x1000U +#define REP_NO_SUBSCHEMA 0x2000U +#define REP_NO_OPERATIONALS (REP_NO_ENTRYDN|REP_NO_SUBSCHEMA) } SlapReply; /* short hands for response members */ @@ -1957,22 +1996,20 @@ typedef struct slap_rep { #define sr_rspdata sr_un.sru_extended.r_rspdata #define sr_sasldata sr_un.sru_sasl.r_sasldata -typedef int (BI_op_bind) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_unbind) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_search) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_compare) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_modify) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_modrdn) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_add) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_delete) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_abandon) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_cancel) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_extended) LDAP_P(( - struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_chk_referrals) LDAP_P(( - struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_chk_controls) LDAP_P(( - struct slap_op *op, struct slap_rep *rs )); +typedef int (BI_op_func) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); +typedef BI_op_func BI_op_bind; +typedef BI_op_func BI_op_unbind; +typedef BI_op_func BI_op_search; +typedef BI_op_func BI_op_compare; +typedef BI_op_func BI_op_modify; +typedef BI_op_func BI_op_modrdn; +typedef BI_op_func BI_op_add; +typedef BI_op_func BI_op_delete; +typedef BI_op_func BI_op_abandon; +typedef BI_op_func BI_op_cancel; +typedef BI_op_func BI_op_extended; +typedef BI_op_func BI_chk_referrals; +typedef BI_op_func BI_chk_controls; typedef int (BI_entry_release_rw) LDAP_P(( struct slap_op *op, Entry *e, int rw )); typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn, @@ -1980,16 +2017,19 @@ typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn, typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, Entry *e, int *hasSubs )); -#ifdef SLAP_OVERLAY_ACCESS typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e, AttributeDescription *desc, struct berval *val, slap_access_t access, AccessControlState *state, slap_mask_t *maskp )); -#endif /* SLAP_OVERLAY_ACCESS */ +typedef int (BI_acl_group) LDAP_P(( struct slap_op *op, Entry *target, + struct berval *gr_ndn, struct berval *op_ndn, + ObjectClass *group_oc, AttributeDescription *group_at )); +typedef int (BI_acl_attribute) LDAP_P(( struct slap_op *op, Entry *target, + struct berval *entry_ndn, AttributeDescription *entry_at, + BerVarray *vals, slap_access_t access )); -typedef int (BI_connection_init) LDAP_P(( BackendDB *bd, - struct slap_conn *c )); -typedef int (BI_connection_destroy) LDAP_P(( BackendDB *bd, - struct slap_conn *c )); +typedef int (BI_conn_func) LDAP_P(( BackendDB *bd, struct slap_conn *c )); +typedef BI_conn_func BI_connection_init; +typedef BI_conn_func BI_connection_destroy; typedef int (BI_tool_entry_open) LDAP_P(( BackendDB *be, int mode )); typedef int (BI_tool_entry_close) LDAP_P(( BackendDB *be )); @@ -2084,9 +2124,9 @@ struct slap_backend_info { BI_entry_release_rw *bi_entry_release_rw; BI_has_subordinates *bi_has_subordinates; -#ifdef SLAP_OVERLAY_ACCESS BI_access_allowed *bi_access_allowed; -#endif /* SLAP_OVERLAY_ACCESS */ + BI_acl_group *bi_acl_group; + BI_acl_attribute *bi_acl_attribute; BI_connection_init *bi_connection_init; BI_connection_destroy *bi_connection_destroy; @@ -2110,6 +2150,7 @@ struct slap_backend_info { slap_mask_t bi_flags; /* backend flags */ #define SLAP_BFLAG_MONITOR 0x0001U /* a monitor backend */ #define SLAP_BFLAG_CONFIG 0x0002U /* a config backend */ +#define SLAP_BFLAG_FRONTEND 0x0004U /* the frontendDB */ #define SLAP_BFLAG_NOLASTMODCMD 0x0010U #define SLAP_BFLAG_INCREMENT 0x0100U #define SLAP_BFLAG_ALIASES 0x1000U @@ -2117,22 +2158,35 @@ struct slap_backend_info { #define SLAP_BFLAG_SUBENTRIES 0x4000U #define SLAP_BFLAG_DYNAMIC 0x8000U +/* overlay specific */ +#define SLAPO_BFLAG_SINGLE 0x01000000U +#define SLAPO_BFLAG_DBONLY 0x02000000U +#define SLAPO_BFLAG_GLOBONLY 0x04000000U +#define SLAPO_BFLAG_MASK 0xFF000000U + #define SLAP_BFLAGS(be) ((be)->bd_info->bi_flags) #define SLAP_MONITOR(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR) #define SLAP_CONFIG(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_CONFIG) +#define SLAP_FRONTEND(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_FRONTEND) #define SLAP_INCREMENT(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_INCREMENT) #define SLAP_ALIASES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES) #define SLAP_REFERRALS(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS) #define SLAP_SUBENTRIES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_SUBENTRIES) -#define SLAP_DYNAMIC(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC) +#define SLAP_DYNAMIC(be) ((SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC) || (SLAP_DBFLAGS(be) & SLAP_DBFLAG_DYNAMIC)) #define SLAP_NOLASTMODCMD(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_NOLASTMODCMD) #define SLAP_LASTMODCMD(be) (!SLAP_NOLASTMODCMD(be)) +/* overlay specific */ +#define SLAPO_SINGLE(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_SINGLE) +#define SLAPO_DBONLY(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_DBONLY) +#define SLAPO_GLOBONLY(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_GLOBONLY) + char **bi_controls; /* supported controls */ char bi_ctrls[SLAP_MAX_CIDS + 1]; unsigned int bi_nDB; /* number of databases of this type */ struct ConfigOCs *bi_cf_ocs; + char **bi_obsolete_names; void *bi_private; /* anything the backend type needs */ LDAP_STAILQ_ENTRY(slap_backend_info) bi_next ; }; @@ -2166,6 +2220,24 @@ typedef struct slap_callback { struct slap_overinfo; +typedef enum slap_operation_e { + op_bind = 0, + op_unbind, + op_search, + op_compare, + op_modify, + op_modrdn, + op_add, + op_delete, + op_abandon, + op_cancel, + op_extended, + op_aux_operational, + op_aux_chk_referrals, + op_aux_chk_controls, + op_last +} slap_operation_t; + typedef struct slap_overinst { BackendInfo on_bi; slap_response *on_response; @@ -2176,12 +2248,13 @@ typedef struct slap_overinst { typedef struct slap_overinfo { BackendInfo oi_bi; BackendInfo *oi_orig; + BackendDB *oi_origdb; struct slap_overinst *oi_list; } slap_overinfo; /* Should successive callbacks in a chain be processed? */ -#define SLAP_CB_FREEME 0x4000 -#define SLAP_CB_CONTINUE 0x8000 +#define SLAP_CB_FREEME 0x04000 +#define SLAP_CB_CONTINUE 0x08000 /* * Paged Results state @@ -2218,25 +2291,29 @@ typedef struct slap_gacl { } GroupAssertion; struct slap_control_ids { + int sc_LDAPsync; int sc_assert; - int sc_preRead; - int sc_postRead; - int sc_proxyAuthz; + int sc_domainScope; + int sc_dontUseCopy; int sc_manageDIT; int sc_manageDSAit; int sc_modifyIncrement; int sc_noOp; int sc_pagedResults; + int sc_permissiveModify; + int sc_postRead; + int sc_preRead; + int sc_proxyAuthz; + int sc_searchOptions; #ifdef LDAP_DEVEL int sc_sortedResults; #endif - int sc_valuesReturnFilter; - int sc_permissiveModify; - int sc_domainScope; - int sc_treeDelete; - int sc_searchOptions; int sc_subentries; - int sc_LDAPsync; + int sc_treeDelete; +#ifdef LDAP_X_TXN + int sc_txnSpec; +#endif + int sc_valuesReturnFilter; }; /* @@ -2259,7 +2336,6 @@ typedef struct slap_op_header { char oh_log_prefix[sizeof("conn=18446744073709551615 op=18446744073709551615")]; #ifdef LDAP_SLAPI - void *oh_pb; /* NS-SLAPI plugin */ void *oh_extensions; /* NS-SLAPI plugin */ #endif } Opheader; @@ -2284,11 +2360,6 @@ typedef struct slap_op { #define o_log_prefix o_hdr->oh_log_prefix -#ifdef LDAP_SLAPI -#define o_pb o_hdr->oh_pb -#define o_extensions o_hdr->oh_extensions -#endif - ber_tag_t o_tag; /* tag of the request */ time_t o_time; /* time op was initiated */ int o_tincr; /* counter for multiple ops with same o_time */ @@ -2344,6 +2415,7 @@ typedef struct slap_op { #define orr_newSup oq_modrdn.rs_newSup #define orr_nnewSup oq_modrdn.rs_nnewSup #define orr_deleteoldrdn oq_modrdn.rs_deleteoldrdn +#define orr_modlist oq_modrdn.rs_modlist #define orc_ava oq_compare.rs_ava #define ora_e oq_add.rs_e @@ -2368,6 +2440,8 @@ typedef struct slap_op { char o_nocaching; char o_delete_glue_parent; + char o_no_schema_check; +#define get_no_schema_check(op) ((op)->o_no_schema_check) #define SLAP_CONTROL_NONE 0 #define SLAP_CONTROL_IGNORED 1 @@ -2382,12 +2456,14 @@ typedef struct slap_op { #define SLAP_CONTROL_DATA2 0x40 #define SLAP_CONTROL_DATA3 0x80 - #define _SCM(x) ((x) & SLAP_CONTROL_MASK) char o_ctrlflag[SLAP_MAX_CIDS]; /* per-control flags */ void **o_controls; /* per-control state */ +#define o_dontUseCopy o_ctrlflag[slap_cids.sc_dontUseCopy] +#define get_dontUseCopy(op) _SCM((op)->o_dontUseCopy) + #define o_managedit o_ctrlflag[slap_cids.sc_manageDIT] #define get_manageDIT(op) _SCM((op)->o_managedit) @@ -2412,26 +2488,14 @@ typedef struct slap_op { #define o_valuesreturnfilter o_ctrlflag[slap_cids.sc_valuesReturnFilter] #define o_vrFilter o_controls[slap_cids.sc_valuesReturnFilter] -#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY #define o_permissive_modify o_ctrlflag[slap_cids.sc_permissiveModify] #define get_permissiveModify(op) ((int)(op)->o_permissive_modify) -#else -#define get_permissiveModify(op) (0) -#endif -#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE #define o_domain_scope o_ctrlflag[slap_cids.sc_domainScope] #define get_domainScope(op) ((int)(op)->o_domain_scope) -#else -#define get_domainScope(op) (0) -#endif -#ifdef LDAP_CONTROL_X_TREE_DELETE #define o_tree_delete o_ctrlflag[slap_cids.sc_treeDelete] #define get_treeDelete(op) ((int)(op)->o_tree_delete) -#else -#define get_treeDelete(op) (0) -#endif #define o_preread o_ctrlflag[slap_cids.sc_preRead] #define o_postread o_ctrlflag[slap_cids.sc_postRead] @@ -2447,6 +2511,10 @@ typedef struct slap_op { #define o_sortedresults o_ctrlflag[slap_cids.sc_sortedResults] #endif +#ifdef LDAP_X_TXN +#define o_txnSpec o_ctrlflag[slap_cids.sc_txnSpec] +#endif + #define o_sync o_ctrlflag[slap_cids.sc_LDAPsync] AuthorizationInformation o_authz; @@ -2455,13 +2523,18 @@ typedef struct slap_op { BerElement *o_res_ber; /* ber of the CLDAP reply or readback control */ slap_callback *o_callback; /* callback pointers */ LDAPControl **o_ctrls; /* controls */ + struct berval o_csn; void *o_private; /* anything the backend needs */ - LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */ - + LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */ } Operation; -#define OPERATION_BUFFER_SIZE (sizeof(Operation)+sizeof(Opheader)+SLAP_MAX_CIDS*sizeof(void *)) + +#define OPERATION_BUFFER_SIZE ( sizeof(Operation) + sizeof(Opheader) + \ + SLAP_MAX_CIDS*sizeof(void *) ) + +typedef LBER_ALIGNED_BUFFER(operation_buffer_u,OPERATION_BUFFER_SIZE) + OperationBuffer; #define send_ldap_error( op, rs, err, text ) do { \ (rs)->sr_err = err; (rs)->sr_text = text; \ @@ -2503,6 +2576,7 @@ typedef struct slap_conn { int c_struct_state; /* structure management state */ int c_conn_state; /* connection state */ int c_conn_idx; /* slot in connections array */ + const char *c_close_reason; /* why connection is closing */ ldap_pvt_thread_mutex_t c_mutex; /* protect the connection */ Sockbuf *c_sb; /* ber connection stuff */ @@ -2526,6 +2600,14 @@ typedef struct slap_conn { /* authorization backend */ Backend *c_authz_backend; + void *c_authz_cookie; +#define SLAP_IS_AUTHZ_BACKEND( op ) \ + ( (op)->o_bd != NULL \ + && (op)->o_bd->be_private != NULL \ + && (op)->o_conn != NULL \ + && (op)->o_conn->c_authz_backend != NULL \ + && ( (op)->o_bd->be_private == (op)->o_conn->c_authz_backend->be_private \ + || (op)->o_bd->be_private == (op)->o_conn->c_authz_cookie ) ) AuthorizationInformation c_authz; @@ -2558,6 +2640,16 @@ typedef struct slap_conn { void *c_sasl_extra; /* SASL session extra stuff */ struct slap_op *c_sasl_bindop; /* set to current op if it's a bind */ +#ifdef LDAP_X_TXN +#define CONN_TXN_INACTIVE 0 +#define CONN_TXN_SPECIFY 1 +#define CONN_TXN_SETTLE -1 + int c_txn; + + Backend *c_txn_backend; + LDAP_STAILQ_HEAD(c_to, slap_op) c_txn_ops; /* list of operations in txn */ +#endif + PagedResultsState c_pagedresults_state; /* paged result state */ long c_n_ops_received; /* num of ops received (next op_id) */ @@ -2569,7 +2661,6 @@ typedef struct slap_conn { long c_n_read; /* num of read calls */ long c_n_write; /* num of write calls */ - void *c_pb; /* Netscape plugin */ void *c_extensions; /* Netscape plugin */ /* @@ -2587,33 +2678,30 @@ typedef struct slap_conn { SEND_SEARCH_ENTRY *c_send_search_entry; SEND_SEARCH_REFERENCE *c_send_search_reference; SEND_LDAP_EXTENDED *c_send_ldap_extended; -#ifdef LDAP_RES_INTERMEDIATE SEND_LDAP_INTERMEDIATE *c_send_ldap_intermediate; -#endif - } Connection; -#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG) +#ifdef LDAP_DEBUG +#ifdef LDAP_SYSLOG +#ifdef LOG_LOCAL4 +#define SLAP_DEFAULT_SYSLOG_USER LOG_LOCAL4 +#endif /* LOG_LOCAL4 */ + #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ - do { \ - if ( ldap_debug & (level) ) \ - fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ - if ( ldap_syslog & (level) ) \ - syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \ - (arg2), (arg3) ); \ - } while (0) + Log5( (level), ldap_syslog_level, (fmt), (connid), (opid), (arg1), (arg2), (arg3) ) #define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level)) -#elif defined(LDAP_DEBUG) +#else /* !LDAP_SYSLOG */ #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ do { \ if ( ldap_debug & (level) ) \ fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ } while (0) #define StatslogTest( level ) (ldap_debug & (level)) -#else -#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) +#endif /* !LDAP_SYSLOG */ +#else /* !LDAP_DEBUG */ +#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) ((void) 0) #define StatslogTest( level ) (0) -#endif +#endif /* !LDAP_DEBUG */ /* * listener; need to access it from monitor backend @@ -2628,13 +2716,15 @@ struct slap_listener { #ifdef LDAP_CONNECTIONLESS int sl_is_udp; /* UDP listener is also data port */ #endif - int sl_is_mute; /* Listening is temporarily disabled */ + int sl_mute; /* Listener is temporarily disabled due to emfile */ +#ifdef SLAP_LIGHTWEIGHT_DISPATCHER + int sl_busy; /* Listener is busy (accept thread activated) */ +#endif ber_socket_t sl_sd; Sockaddr sl_sa; #define sl_addr sl_sa.sa_in_addr }; -#ifdef SLAPD_MONITOR /* * Operation indices */ @@ -2651,7 +2741,6 @@ enum { SLAP_OP_EXTENDED, SLAP_OP_LAST }; -#endif /* SLAPD_MONITOR */ typedef struct slap_counters_t { ldap_pvt_thread_mutex_t sc_sent_mutex; @@ -2710,6 +2799,8 @@ typedef int (SLAP_CTRL_PARSE_FN) LDAP_P(( SlapReply *rs, LDAPControl *ctrl )); +typedef int (*SLAP_ENTRY_INFO_FN) LDAP_P(( void *arg, Entry *e )); + #define SLAP_SLAB_SIZE (1024*1024) #define SLAP_SLAB_STACK 1 #define SLAP_SLAB_SOBLOCK 64 @@ -3012,6 +3103,12 @@ struct zone_heap { return 0; \ } +typedef int (OV_init)(void); +typedef struct slap_oinit_t { + const char *ov_type; + OV_init *ov_init; +} OverlayInit; + LDAP_END_DECL #include "proto-slap.h"