X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=95eac5c9a657f6adf87e4e18b7d9f145ddd5319b;hb=d1824b14ae78b128fb9ff6cf73d2ec4a0e756a90;hp=f2a37db1c0a8612801df571285b1cfa908f25599;hpb=779e26df2d6b1ac07acbd589fecfbf94ce6475bf;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index f2a37db1c0..95eac5c9a6 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -58,45 +58,23 @@ LDAP_BEGIN_DECL -#ifdef LDAP_DEVEL #define SLAP_LIGHTWEIGHT_DISPATCHER /* experimental slapd architecture */ -#define SLAP_MULTI_CONN_ARRAY #ifdef LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL #define SLAP_SEM_LOAD_CONTROL -#endif /* LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL */ +#endif -#define SLAP_ACL_HONOR_DISCLOSE /* partially implemented */ -#define SLAP_ACL_HONOR_MANAGE /* not yet implemented */ -#define SLAP_OVERLAY_ACCESS +#ifdef LDAP_DEVEL +#define LDAP_COLLECTIVE_ATTRIBUTES #define LDAP_COMP_MATCH -#define LDAP_DYNAMIC_OBJECTS #define LDAP_SYNC_TIMESTAMP -#define LDAP_COLLECTIVE_ATTRIBUTES -#define SLAPD_CONF_UNKNOWN_BAILOUT -#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE +#endif -#define SLAP_ORDERED_PRETTYNORM -#define SLAP_AUTHZ_SYNTAX +#define LDAP_DYNAMIC_OBJECTS +#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE #ifdef ENABLE_REWRITE #define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */ #endif -#endif - -#if defined(LDAP_SLAPI) && !defined(SLAP_OVERLAY_ACCESS) -#define SLAP_OVERLAY_ACCESS -#endif - -/* - * ITS#3705: bail out if unknown config directives appear in slapd.conf - */ -#ifdef SLAPD_CONF_UNKNOWN_BAILOUT -#define SLAPD_CONF_UNKNOWN_IGNORED "" -#define SLAPD_DEBUG_CONFIG_ERROR LDAP_DEBUG_ANY -#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ -#define SLAPD_CONF_UNKNOWN_IGNORED " (ignored)" -#define SLAPD_DEBUG_CONFIG_ERROR LDAP_DEBUG_CONFIG -#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */ /* * SLAPD Memory allocation macros @@ -1532,6 +1510,19 @@ typedef struct slap_bindconf { struct berval sb_realm; struct berval sb_authcId; struct berval sb_authzId; +#ifdef HAVE_TLS + void *sb_tls_ctx; + char *sb_tls_cert; + char *sb_tls_key; + char *sb_tls_cacert; + char *sb_tls_cacertdir; + char *sb_tls_reqcert; + char *sb_tls_cipher_suite; +#ifdef HAVE_OPENSSL_CRL + char *sb_tls_crlcheck; +#endif + int sb_tls_do_init; +#endif } slap_bindconf; struct slap_replica_info { @@ -1678,8 +1669,7 @@ struct slap_backend_db { /* * define to honor hasSubordinates operational attribute in search filters - * (in previous use there was a flaw with back-bdb and back-ldbm; now it - * is fixed). + * (in previous use there was a flaw with back-bdb; now it is fixed). */ #define be_has_subordinates bd_info->bi_has_subordinates @@ -1716,6 +1706,7 @@ struct slap_backend_db { #define SLAP_DBFLAG_GLOBAL_OVERLAY 0x0200U /* this db struct is a global overlay */ #define SLAP_DBFLAG_DYNAMIC 0x0400U /* this db allows dynamicObjects */ #define SLAP_DBFLAG_SHADOW 0x8000U /* a shadow */ +#define SLAP_DBFLAG_SINGLE_SHADOW 0x4000U /* a single-master shadow */ #define SLAP_DBFLAG_SYNC_SHADOW 0x1000U /* a sync shadow */ #define SLAP_DBFLAG_SLURP_SHADOW 0x2000U /* a slurp shadow */ slap_mask_t be_flags; @@ -1737,6 +1728,8 @@ struct slap_backend_db { #define SLAP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SHADOW) #define SLAP_SYNC_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SYNC_SHADOW) #define SLAP_SLURP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SLURP_SHADOW) +#define SLAP_SINGLE_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SINGLE_SHADOW) +#define SLAP_MULTIMASTER(be) (!SLAP_SINGLE_SHADOW(be)) slap_mask_t be_restrictops; /* restriction operations */ #define SLAP_RESTRICT_OP_ADD 0x0001U @@ -1771,11 +1764,12 @@ struct slap_backend_db { | SLAP_RESTRICT_OP_BIND \ | SLAP_RESTRICT_OP_EXTENDED ) -#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */ +#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */ #define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */ #define SLAP_ALLOW_BIND_ANON_DN 0x0004U /* dn should be empty */ #define SLAP_ALLOW_UPDATE_ANON 0x0008U /* allow anonymous updates */ +#define SLAP_ALLOW_PROXY_AUTHZ_ANON 0x0010U /* allow anonymous proxyAuthz */ #define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */ #define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */ @@ -1978,8 +1972,17 @@ typedef struct slap_rep { #define REP_ENTRY_MODIFIABLE 0x0001U #define REP_ENTRY_MUSTBEFREED 0x0002U #define REP_ENTRY_MUSTRELEASE 0x0004U +#define REP_ENTRY_MASK (REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED|REP_ENTRY_MUSTRELEASE) + #define REP_MATCHED_MUSTBEFREED 0x0010U -#define REP_REF_MUSTBEFREED 0x0020U +#define REP_MATCHED_MASK (REP_MATCHED_MUSTBEFREED) + +#define REP_REF_MUSTBEFREED 0x0020U +#define REP_REF_MASK (REP_REF_MUSTBEFREED) + +#define REP_NO_ENTRYDN 0x1000U +#define REP_NO_SUBSCHEMA 0x2000U +#define REP_NO_OPERATIONALS (REP_NO_ENTRYDN|REP_NO_SUBSCHEMA) } SlapReply; /* short hands for response members */ @@ -2014,7 +2017,6 @@ typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn, typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, Entry *e, int *hasSubs )); -#ifdef SLAP_OVERLAY_ACCESS typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e, AttributeDescription *desc, struct berval *val, slap_access_t access, AccessControlState *state, slap_mask_t *maskp )); @@ -2024,7 +2026,6 @@ typedef int (BI_acl_group) LDAP_P(( struct slap_op *op, Entry *target, typedef int (BI_acl_attribute) LDAP_P(( struct slap_op *op, Entry *target, struct berval *entry_ndn, AttributeDescription *entry_at, BerVarray *vals, slap_access_t access )); -#endif /* SLAP_OVERLAY_ACCESS */ typedef int (BI_conn_func) LDAP_P(( BackendDB *bd, struct slap_conn *c )); typedef BI_conn_func BI_connection_init; @@ -2123,11 +2124,9 @@ struct slap_backend_info { BI_entry_release_rw *bi_entry_release_rw; BI_has_subordinates *bi_has_subordinates; -#ifdef SLAP_OVERLAY_ACCESS BI_access_allowed *bi_access_allowed; BI_acl_group *bi_acl_group; BI_acl_attribute *bi_acl_attribute; -#endif /* SLAP_OVERLAY_ACCESS */ BI_connection_init *bi_connection_init; BI_connection_destroy *bi_connection_destroy; @@ -2159,6 +2158,12 @@ struct slap_backend_info { #define SLAP_BFLAG_SUBENTRIES 0x4000U #define SLAP_BFLAG_DYNAMIC 0x8000U +/* overlay specific */ +#define SLAPO_BFLAG_SINGLE 0x01000000U +#define SLAPO_BFLAG_DBONLY 0x02000000U +#define SLAPO_BFLAG_GLOBONLY 0x04000000U +#define SLAPO_BFLAG_MASK 0xFF000000U + #define SLAP_BFLAGS(be) ((be)->bd_info->bi_flags) #define SLAP_MONITOR(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR) #define SLAP_CONFIG(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_CONFIG) @@ -2171,6 +2176,11 @@ struct slap_backend_info { #define SLAP_NOLASTMODCMD(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_NOLASTMODCMD) #define SLAP_LASTMODCMD(be) (!SLAP_NOLASTMODCMD(be)) +/* overlay specific */ +#define SLAPO_SINGLE(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_SINGLE) +#define SLAPO_DBONLY(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_DBONLY) +#define SLAPO_GLOBONLY(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_GLOBONLY) + char **bi_controls; /* supported controls */ char bi_ctrls[SLAP_MAX_CIDS + 1]; @@ -2300,6 +2310,9 @@ struct slap_control_ids { #endif int sc_subentries; int sc_treeDelete; +#ifdef LDAP_X_TXN + int sc_txnSpec; +#endif int sc_valuesReturnFilter; }; @@ -2443,7 +2456,6 @@ typedef struct slap_op { #define SLAP_CONTROL_DATA2 0x40 #define SLAP_CONTROL_DATA3 0x80 - #define _SCM(x) ((x) & SLAP_CONTROL_MASK) char o_ctrlflag[SLAP_MAX_CIDS]; /* per-control flags */ @@ -2499,6 +2511,10 @@ typedef struct slap_op { #define o_sortedresults o_ctrlflag[slap_cids.sc_sortedResults] #endif +#ifdef LDAP_X_TXN +#define o_txnSpec o_ctrlflag[slap_cids.sc_txnSpec] +#endif + #define o_sync o_ctrlflag[slap_cids.sc_LDAPsync] AuthorizationInformation o_authz; @@ -2511,9 +2527,9 @@ typedef struct slap_op { void *o_private; /* anything the backend needs */ - LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */ - + LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */ } Operation; + #define OPERATION_BUFFER_SIZE ( sizeof(Operation) + sizeof(Opheader) + \ SLAP_MAX_CIDS*sizeof(void *) ) @@ -2624,6 +2640,16 @@ typedef struct slap_conn { void *c_sasl_extra; /* SASL session extra stuff */ struct slap_op *c_sasl_bindop; /* set to current op if it's a bind */ +#ifdef LDAP_X_TXN +#define CONN_TXN_INACTIVE 0 +#define CONN_TXN_SPECIFY 1 +#define CONN_TXN_SETTLE -1 + int c_txn; + + Backend *c_txn_backend; + LDAP_STAILQ_HEAD(c_to, slap_op) c_txn_ops; /* list of operations in txn */ +#endif + PagedResultsState c_pagedresults_state; /* paged result state */ long c_n_ops_received; /* num of ops received (next op_id) */ @@ -2635,7 +2661,6 @@ typedef struct slap_conn { long c_n_read; /* num of read calls */ long c_n_write; /* num of write calls */ - void *c_pb; /* Netscape plugin */ void *c_extensions; /* Netscape plugin */ /* @@ -2656,20 +2681,27 @@ typedef struct slap_conn { SEND_LDAP_INTERMEDIATE *c_send_ldap_intermediate; } Connection; -#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG) +#ifdef LDAP_DEBUG +#ifdef LDAP_SYSLOG +#ifdef LOG_LOCAL4 +#define SLAP_DEFAULT_SYSLOG_USER LOG_LOCAL4 +#endif /* LOG_LOCAL4 */ + #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ Log5( (level), ldap_syslog_level, (fmt), (connid), (opid), (arg1), (arg2), (arg3) ) #define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level)) -#elif defined(LDAP_DEBUG) +#else /* !LDAP_SYSLOG */ #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ do { \ if ( ldap_debug & (level) ) \ fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ } while (0) #define StatslogTest( level ) (ldap_debug & (level)) -#else +#endif /* !LDAP_SYSLOG */ +#else /* !LDAP_DEBUG */ +#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) ((void) 0) #define StatslogTest( level ) (0) -#endif +#endif /* !LDAP_DEBUG */ /* * listener; need to access it from monitor backend