X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=a47d1bb54bc1adc1c14eca00a3cc4937c9f652c6;hb=e3e7a22b5d7c6410ab54c31038fc153dadc8ca66;hp=13b1224673b8e4f8809e7f539a7b4fa04c20746e;hpb=68ebee4726e0080a4dc3c07add3012b65a105a31;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 13b1224673..a47d1bb54b 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2007 The OpenLDAP Foundation. + * Copyright 1998-2009 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -58,14 +58,14 @@ LDAP_BEGIN_DECL -#define SLAP_LIGHTWEIGHT_DISPATCHER /* experimental slapd architecture */ - #ifdef LDAP_DEVEL #define LDAP_COLLECTIVE_ATTRIBUTES #define LDAP_COMP_MATCH #define LDAP_SYNC_TIMESTAMP #define SLAP_CONTROL_X_SORTEDRESULTS #define SLAP_CONTROL_X_SESSION_TRACKING +#define SLAP_CONTROL_X_WHATFAILED +#define SLAP_CONFIG_DELETE #endif #define LDAP_DYNAMIC_OBJECTS @@ -254,6 +254,9 @@ typedef struct slap_ssf_set { #define SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT 4 #define SLAP_INDEX_SUBSTR_ANY_STEP_DEFAULT 2 +/* default for ordered integer index keys */ +#define SLAP_INDEX_INTLEN_DEFAULT 4 + #define SLAP_INDEX_FLAGS 0xF000UL #define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */ #define SLAP_INDEX_NOTAGS 0x2000UL /* don't use index w/ tags */ @@ -298,6 +301,8 @@ enum { SLAP_SCHERR_SYN_NOT_FOUND, SLAP_SCHERR_SYN_DUP, SLAP_SCHERR_SYN_SUP_NOT_FOUND, + SLAP_SCHERR_SYN_SUBST_NOT_SPECIFIED, + SLAP_SCHERR_SYN_SUBST_NOT_FOUND, SLAP_SCHERR_NO_NAME, SLAP_SCHERR_NOT_SUPPORTED, SLAP_SCHERR_BAD_DESCR, @@ -413,6 +418,7 @@ struct Syntax { #else #define SLAP_SYNTAX_HIDE 0x8000U /* hide (do not publish) */ #endif +#define SLAP_SYNTAX_HARDCODE 0x10000U /* This is hardcoded schema */ Syntax **ssyn_sups; @@ -429,7 +435,7 @@ struct Syntax { struct ComponentDesc* ssync_comp_syntax; #endif - LDAP_SLIST_ENTRY(Syntax) ssyn_next; + LDAP_STAILQ_ENTRY(Syntax) ssyn_next; }; #define slap_syntax_is_flag(s,flag) ((int)((s)->ssyn_flags & (flag)) ? 1 : 0) @@ -679,7 +685,8 @@ struct AttributeType { Syntax *sat_syntax; AttributeTypeSchemaCheckFN *sat_check; - char *sat_oidmacro; + char *sat_oidmacro; /* attribute OID */ + char *sat_soidmacro; /* syntax OID */ #define SLAP_AT_NONE 0x0000U #define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */ @@ -966,6 +973,8 @@ struct slap_internal_schema { MatchingRule *si_mr_integerMatch; MatchingRule *si_mr_integerFirstComponentMatch; MatchingRule *si_mr_objectIdentifierFirstComponentMatch; + MatchingRule *si_mr_caseIgnoreMatch; + MatchingRule *si_mr_caseIgnoreListMatch; /* Syntaxes */ Syntax *si_syn_directoryString; @@ -1005,11 +1014,11 @@ struct SubstringsAssertion { }; struct MatchingRuleAssertion { + AttributeDescription *ma_desc; /* optional */ + struct berval ma_value; /* required */ MatchingRule *ma_rule; /* optional */ struct berval ma_rule_text; /* optional */ - AttributeDescription *ma_desc; /* optional */ int ma_dnattrs; /* boolean */ - struct berval ma_value; /* required */ #ifdef LDAP_COMP_MATCH ComponentFilter *ma_cf; /* component filter */ #endif @@ -1370,8 +1379,8 @@ typedef struct Access { #define ACL_PRIV_SET(m,p) do { (m) |= (p); } while(0) #define ACL_PRIV_CLR(m,p) do { (m) &= ~(p); } while(0) -#define ACL_INIT(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_NONE) -#define ACL_INVALIDATE(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_INVALID) +#define ACL_INIT(m) ACL_PRIV_ASSIGN((m), ACL_PRIV_NONE) +#define ACL_INVALIDATE(m) ACL_PRIV_ASSIGN((m), ACL_PRIV_INVALID) #define ACL_GRANT(m,a) ACL_PRIV_ISSET((m),ACL_ACCESS2PRIV(a)) @@ -1533,9 +1542,17 @@ typedef struct AccessControlState { slap_acl_state_t as_recorded; int as_vd_acl_count; int as_result; + int as_fe_done; } AccessControlState; #define ACL_STATE_INIT { NULL, NULL, NULL, \ - ACL_STATE_NOT_RECORDED, 0, 0 } + ACL_STATE_NOT_RECORDED, 0, 0, 0 } + +typedef struct AclRegexMatches { + int dn_count; + regmatch_t dn_data[MAXREMATCHES]; + int val_count; + regmatch_t val_data[MAXREMATCHES]; +} AclRegexMatches; /* * Backend-info @@ -1590,6 +1607,7 @@ typedef struct slap_bindconf { char *sb_tls_cacertdir; char *sb_tls_reqcert; char *sb_tls_cipher_suite; + char *sb_tls_protocol_min; #ifdef HAVE_OPENSSL_CRL char *sb_tls_crlcheck; #endif @@ -1633,6 +1651,7 @@ struct slap_limits_set { struct slap_limits { unsigned lm_flags; /* type of pattern */ + /* Values must match lmpats[] in limits.c */ #define SLAP_LIMITS_UNDEFINED 0x0000U #define SLAP_LIMITS_EXACT 0x0001U #define SLAP_LIMITS_BASE SLAP_LIMITS_EXACT @@ -1645,8 +1664,10 @@ struct slap_limits { #define SLAP_LIMITS_ANY 0x0008U #define SLAP_LIMITS_MASK 0x000FU -#define SLAP_LIMITS_TYPE_DN 0x0000U +#define SLAP_LIMITS_TYPE_SELF 0x0000U +#define SLAP_LIMITS_TYPE_DN SLAP_LIMITS_TYPE_SELF #define SLAP_LIMITS_TYPE_GROUP 0x0010U +#define SLAP_LIMITS_TYPE_THIS 0x0020U #define SLAP_LIMITS_TYPE_MASK 0x00F0U regex_t lm_regex; /* regex data for REGEX */ @@ -1682,8 +1703,6 @@ struct syncinfo_s; #define SLAP_SYNC_SID_MAX 4095 /* based on liblutil/csn.c field width */ #define SLAP_SYNCUUID_SET_SIZE 256 -#define SLAP_SYNC_UPDATE_MSGID 1 - struct sync_cookie { struct berval *ctxcsn; struct berval octet_str; @@ -1706,6 +1725,7 @@ struct ConfigOCs; /* config.h */ struct BackendDB { BackendInfo *bd_info; /* pointer to shared backend info */ + BackendDB *bd_self; /* pointer to this struct */ /* fields in this structure (and routines acting on this structure) should be renamed from be_ to bd_ */ @@ -1766,6 +1786,7 @@ struct BackendDB { #define SLAP_DBFLAG_NOLASTMOD 0x0001U #define SLAP_DBFLAG_NO_SCHEMA_CHECK 0x0002U #define SLAP_DBFLAG_HIDDEN 0x0004U +#define SLAP_DBFLAG_ONE_SUFFIX 0x0008U #define SLAP_DBFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */ #define SLAP_DBFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */ #define SLAP_DBFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */ @@ -1778,11 +1799,15 @@ struct BackendDB { #define SLAP_DBFLAG_SINGLE_SHADOW 0x4000U /* a single-master shadow */ #define SLAP_DBFLAG_SYNC_SHADOW 0x1000U /* a sync shadow */ #define SLAP_DBFLAG_SLURP_SHADOW 0x2000U /* a slurp shadow */ +#define SLAP_DBFLAG_SHADOW_MASK (SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SINGLE_SHADOW|SLAP_DBFLAG_SYNC_SHADOW|SLAP_DBFLAG_SLURP_SHADOW) +#define SLAP_DBFLAG_CLEAN 0x10000U /* was cleanly shutdown */ +#define SLAP_DBFLAG_ACL_ADD 0x20000U /* check attr ACLs on adds */ slap_mask_t be_flags; #define SLAP_DBFLAGS(be) ((be)->be_flags) #define SLAP_NOLASTMOD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD) #define SLAP_LASTMOD(be) (!SLAP_NOLASTMOD(be)) #define SLAP_DBHIDDEN(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_HIDDEN) +#define SLAP_DB_ONE_SUFFIX(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_ONE_SUFFIX) #define SLAP_ISOVERLAY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_OVERLAY) #define SLAP_ISGLOBALOVERLAY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLOBAL_OVERLAY) #define SLAP_DBMONITORING(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_MONITORING) @@ -1801,6 +1826,8 @@ struct BackendDB { #define SLAP_SLURP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SLURP_SHADOW) #define SLAP_SINGLE_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SINGLE_SHADOW) #define SLAP_MULTIMASTER(be) (!SLAP_SINGLE_SHADOW(be)) +#define SLAP_DBCLEAN(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_CLEAN) +#define SLAP_DBACL_ADD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_ACL_ADD) slap_mask_t be_restrictops; /* restriction operations */ #define SLAP_RESTRICT_OP_ADD 0x0001U @@ -1848,6 +1875,9 @@ struct BackendDB { #define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */ #define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */ +#define SLAP_DISALLOW_PROXY_AUTHZ_N_CRIT 0x0100U +#define SLAP_DISALLOW_DONTUSECOPY_N_CRIT 0x0200U + #define SLAP_DISALLOW_AUX_WO_CR 0x4000U slap_mask_t be_requires; /* pre-operation requirements */ @@ -1880,7 +1910,6 @@ struct BackendDB { BerVarray be_update_refs; /* where to refer modifying clients to */ struct be_pcl *be_pending_csn_list; ldap_pvt_thread_mutex_t be_pcl_mutex; - ldap_pvt_thread_mutex_t *be_pcl_mutexp; struct syncinfo_s *be_syncinfo; /* For syncrepl */ void *be_pb; /* Netscape plugin */ @@ -1900,8 +1929,8 @@ typedef int (BI_config) LDAP_P((BackendInfo *bi, const char *fname, int lineno, int argc, char **argv)); -struct config_reply_s ; /* config.h */ -typedef int (BI_db_func) LDAP_P((Backend *bd, struct config_reply_s *c)); +typedef struct config_reply_s ConfigReply; /* config.h */ +typedef int (BI_db_func) LDAP_P((Backend *bd, ConfigReply *cr)); typedef BI_db_func BI_db_init; typedef BI_db_func BI_db_open; typedef BI_db_func BI_db_close; @@ -2049,6 +2078,9 @@ struct SlapReply { #define REP_REF_MUSTBEFREED 0x0020U #define REP_REF_MASK (REP_REF_MUSTBEFREED) +#define REP_CTRLS_MUSTBEFREED 0x0040U +#define REP_CTRLS_MASK (REP_CTRLS_MUSTBEFREED) + #define REP_NO_ENTRYDN 0x1000U #define REP_NO_SUBSCHEMA 0x2000U #define REP_NO_OPERATIONALS (REP_NO_ENTRYDN|REP_NO_SUBSCHEMA) @@ -2332,12 +2364,14 @@ typedef unsigned long PagedResultsCookie; typedef struct PagedResultsState { Backend *ps_be; ber_int_t ps_size; - PagedResultsCookie ps_cookie; int ps_count; + PagedResultsCookie ps_cookie; + struct berval ps_cookieval; } PagedResultsState; struct slap_csn_entry { struct berval ce_csn; + int ce_sid; unsigned long ce_opid; unsigned long ce_connid; #define SLAP_CSN_PENDING 1 @@ -2388,8 +2422,44 @@ struct slap_control_ids { int sc_sessionTracking; #endif int sc_valuesReturnFilter; +#ifdef SLAP_CONTROL_X_WHATFAILED + int sc_whatFailed; +#endif }; +/* + * Operation indices + */ +typedef enum { + SLAP_OP_BIND = 0, + SLAP_OP_UNBIND, + SLAP_OP_SEARCH, + SLAP_OP_COMPARE, + SLAP_OP_MODIFY, + SLAP_OP_MODRDN, + SLAP_OP_ADD, + SLAP_OP_DELETE, + SLAP_OP_ABANDON, + SLAP_OP_EXTENDED, + SLAP_OP_LAST +} slap_op_t; + +typedef struct slap_counters_t { + struct slap_counters_t *sc_next; + ldap_pvt_thread_mutex_t sc_mutex; + ldap_pvt_mp_t sc_bytes; + ldap_pvt_mp_t sc_pdu; + ldap_pvt_mp_t sc_entries; + ldap_pvt_mp_t sc_refs; + + ldap_pvt_mp_t sc_ops_completed; + ldap_pvt_mp_t sc_ops_initiated; +#ifdef SLAPD_MONITOR + ldap_pvt_mp_t sc_ops_completed_[SLAP_OP_LAST]; + ldap_pvt_mp_t sc_ops_initiated_[SLAP_OP_LAST]; +#endif /* SLAPD_MONITOR */ +} slap_counters_t; + /* * represents an operation pending from an ldap client */ @@ -2407,7 +2477,9 @@ typedef struct Opheader { void *oh_tmpmemctx; /* slab malloc context */ BerMemoryFunctions *oh_tmpmfuncs; - char oh_log_prefix[ /* sizeof("conn=18446744073709551615 op=18446744073709551615") */ SLAP_TEXT_BUFLEN ]; + slap_counters_t *oh_counters; + + char oh_log_prefix[ /* sizeof("conn= op=") + 2*LDAP_PVT_INTTYPE_CHARS(unsigned long) */ SLAP_TEXT_BUFLEN ]; #ifdef LDAP_SLAPI void *oh_extensions; /* NS-SLAPI plugin */ @@ -2427,6 +2499,20 @@ typedef union OpRequest { req_pwdexop_s oq_pwdexop; } OpRequest; +/* This is only a header. Actual users should define their own + * structs with the oe_next / oe_key fields at the top and + * whatever else they need following. + */ +typedef struct OpExtra { + LDAP_SLIST_ENTRY(OpExtra) oe_next; + void *oe_key; +} OpExtra; + +typedef struct OpExtraDB { + OpExtra oe; + BackendDB *oe_db; +} OpExtraDB; + struct Operation { Opheader *o_hdr; @@ -2439,6 +2525,7 @@ struct Operation { #define o_threadctx o_hdr->oh_threadctx #define o_tmpmemctx o_hdr->oh_tmpmemctx #define o_tmpmfuncs o_hdr->oh_tmpmfuncs +#define o_counters o_hdr->oh_counters #define o_tmpalloc o_tmpmfuncs->bmf_malloc #define o_tmpcalloc o_tmpmfuncs->bmf_calloc @@ -2518,6 +2605,7 @@ struct Operation { GroupAssertion *o_groups; char o_do_not_cache; /* don't cache groups from this op */ char o_is_auth_check; /* authorization in progress */ + char o_dont_replicate; slap_access_t o_acl_priv; char o_nocaching; @@ -2607,6 +2695,11 @@ struct Operation { #define get_sessionTracking(op) ((int)(op)->o_session_tracking) #endif +#ifdef SLAP_CONTROL_X_WHATFAILED +#define o_whatFailed o_ctrlflag[slap_cids.sc_whatFailed] +#define get_whatFailed(op) _SCM((op)->o_whatFailed) +#endif + #define o_sync o_ctrlflag[slap_cids.sc_LDAPsync] AuthorizationInformation o_authz; @@ -2617,7 +2710,9 @@ struct Operation { LDAPControl **o_ctrls; /* controls */ struct berval o_csn; + /* DEPRECATE o_private - use o_extra instead */ void *o_private; /* anything the backend needs */ + LDAP_SLIST_HEAD(o_e, OpExtra) o_extra; /* anything the backend needs */ LDAP_STAILQ_ENTRY(Operation) o_next; /* next operation in list */ }; @@ -2630,7 +2725,7 @@ typedef struct OperationBuffer { #define send_ldap_error( op, rs, err, text ) do { \ (rs)->sr_err = err; (rs)->sr_text = text; \ - (op->o_conn->c_send_ldap_result)( op, rs ); \ + ((op)->o_conn->c_send_ldap_result)( op, rs ); \ } while (0) #define send_ldap_discon( op, rs, err, text ) do { \ (rs)->sr_err = err; (rs)->sr_text = text; \ @@ -2668,11 +2763,11 @@ struct Connection { int c_struct_state; /* structure management state */ int c_conn_state; /* connection state */ int c_conn_idx; /* slot in connections array */ + ber_socket_t c_sd; const char *c_close_reason; /* why connection is closing */ ldap_pvt_thread_mutex_t c_mutex; /* protect the connection */ Sockbuf *c_sb; /* ber connection stuff */ - ber_socket_t c_sd; /* only can be changed by connect_init */ time_t c_starttime; /* when the connection was opened */ @@ -2686,7 +2781,6 @@ struct Connection { #define c_sock_name c_listener->sl_name /* sock name (trans=addr:port) */ /* only can be changed by binding thread */ - int c_sasl_bind_in_progress; /* multi-op bind in progress */ struct berval c_sasl_bind_mech; /* mech in progress */ struct berval c_sasl_dn; /* temporary storage */ struct berval c_sasl_authz_dn; /* SASL proxy authz */ @@ -2709,11 +2803,17 @@ struct Connection { LDAP_STAILQ_HEAD(c_o, Operation) c_ops; /* list of operations being processed */ LDAP_STAILQ_HEAD(c_po, Operation) c_pending_ops; /* list of pending operations */ - ldap_pvt_thread_mutex_t c_write_mutex; /* only one pdu written at a time */ - ldap_pvt_thread_cond_t c_write_cv; /* used to wait for sd write-ready*/ + ldap_pvt_thread_mutex_t c_write1_mutex; /* only one pdu written at a time */ + ldap_pvt_thread_cond_t c_write1_cv; /* only one pdu written at a time */ + ldap_pvt_thread_mutex_t c_write2_mutex; /* used to wait for sd write-ready */ + ldap_pvt_thread_cond_t c_write2_cv; /* used to wait for sd write-ready*/ BerElement *c_currentber; /* ber we're attempting to read */ - int c_writewaiter; /* true if writer is waiting */ + int c_writers; /* number of writers waiting */ + + char c_sasl_bind_in_progress; /* multi-op bind in progress */ + char c_writewaiter; /* true if blocked on write */ + #define CONN_IS_TLS 1 #define CONN_IS_UDP 2 @@ -2721,14 +2821,14 @@ struct Connection { #define CONN_IS_IPC 8 #ifdef LDAP_CONNECTIONLESS - int c_is_udp; /* true if this is (C)LDAP over UDP */ + char c_is_udp; /* true if this is (C)LDAP over UDP */ #endif #ifdef HAVE_TLS - int c_is_tls; /* true if this LDAP over raw TLS */ - int c_needs_tls_accept; /* true if SSL_accept should be called */ + char c_is_tls; /* true if this LDAP over raw TLS */ + char c_needs_tls_accept; /* true if SSL_accept should be called */ #endif - int c_sasl_layers; /* true if we need to install SASL i/o handlers */ - int c_sasl_done; /* SASL completed once */ + char c_sasl_layers; /* true if we need to install SASL i/o handlers */ + char c_sasl_done; /* SASL completed once */ void *c_sasl_authctx; /* SASL authentication context */ void *c_sasl_sockctx; /* SASL security layer context */ void *c_sasl_extra; /* SASL session extra stuff */ @@ -2788,7 +2888,7 @@ struct Connection { #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ do { \ if ( ldap_debug & (level) ) \ - fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ + lutil_debug( ldap_debug, (level), (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ } while (0) #define StatslogTest( level ) (ldap_debug & (level)) #endif /* !LDAP_SYSLOG */ @@ -2811,47 +2911,12 @@ struct slap_listener { int sl_is_udp; /* UDP listener is also data port */ #endif int sl_mute; /* Listener is temporarily disabled due to emfile */ -#ifdef SLAP_LIGHTWEIGHT_DISPATCHER int sl_busy; /* Listener is busy (accept thread activated) */ -#endif ber_socket_t sl_sd; Sockaddr sl_sa; #define sl_addr sl_sa.sa_in_addr }; -/* - * Operation indices - */ -typedef enum { - SLAP_OP_BIND = 0, - SLAP_OP_UNBIND, - SLAP_OP_SEARCH, - SLAP_OP_COMPARE, - SLAP_OP_MODIFY, - SLAP_OP_MODRDN, - SLAP_OP_ADD, - SLAP_OP_DELETE, - SLAP_OP_ABANDON, - SLAP_OP_EXTENDED, - SLAP_OP_LAST -} slap_op_t; - -typedef struct slap_counters_t { - ldap_pvt_thread_mutex_t sc_sent_mutex; - ldap_pvt_mp_t sc_bytes; - ldap_pvt_mp_t sc_pdu; - ldap_pvt_mp_t sc_entries; - ldap_pvt_mp_t sc_refs; - - ldap_pvt_thread_mutex_t sc_ops_mutex; - ldap_pvt_mp_t sc_ops_completed; - ldap_pvt_mp_t sc_ops_initiated; -#ifdef SLAPD_MONITOR - ldap_pvt_mp_t sc_ops_completed_[SLAP_OP_LAST]; - ldap_pvt_mp_t sc_ops_initiated_[SLAP_OP_LAST]; -#endif /* SLAPD_MONITOR */ -} slap_counters_t; - /* * Better know these all around slapd */