X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=a47d1bb54bc1adc1c14eca00a3cc4937c9f652c6;hb=e3e7a22b5d7c6410ab54c31038fc153dadc8ca66;hp=3109b20efa4f4f68b98b0f05fd498d802cafb368;hpb=096ce6f74192c04615e8a1954d3a97687dc272eb;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 3109b20efa..a47d1bb54b 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2007 The OpenLDAP Foundation. + * Copyright 1998-2009 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -64,6 +64,8 @@ LDAP_BEGIN_DECL #define LDAP_SYNC_TIMESTAMP #define SLAP_CONTROL_X_SORTEDRESULTS #define SLAP_CONTROL_X_SESSION_TRACKING +#define SLAP_CONTROL_X_WHATFAILED +#define SLAP_CONFIG_DELETE #endif #define LDAP_DYNAMIC_OBJECTS @@ -299,6 +301,8 @@ enum { SLAP_SCHERR_SYN_NOT_FOUND, SLAP_SCHERR_SYN_DUP, SLAP_SCHERR_SYN_SUP_NOT_FOUND, + SLAP_SCHERR_SYN_SUBST_NOT_SPECIFIED, + SLAP_SCHERR_SYN_SUBST_NOT_FOUND, SLAP_SCHERR_NO_NAME, SLAP_SCHERR_NOT_SUPPORTED, SLAP_SCHERR_BAD_DESCR, @@ -414,6 +418,7 @@ struct Syntax { #else #define SLAP_SYNTAX_HIDE 0x8000U /* hide (do not publish) */ #endif +#define SLAP_SYNTAX_HARDCODE 0x10000U /* This is hardcoded schema */ Syntax **ssyn_sups; @@ -430,7 +435,7 @@ struct Syntax { struct ComponentDesc* ssync_comp_syntax; #endif - LDAP_SLIST_ENTRY(Syntax) ssyn_next; + LDAP_STAILQ_ENTRY(Syntax) ssyn_next; }; #define slap_syntax_is_flag(s,flag) ((int)((s)->ssyn_flags & (flag)) ? 1 : 0) @@ -680,7 +685,8 @@ struct AttributeType { Syntax *sat_syntax; AttributeTypeSchemaCheckFN *sat_check; - char *sat_oidmacro; + char *sat_oidmacro; /* attribute OID */ + char *sat_soidmacro; /* syntax OID */ #define SLAP_AT_NONE 0x0000U #define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */ @@ -967,6 +973,8 @@ struct slap_internal_schema { MatchingRule *si_mr_integerMatch; MatchingRule *si_mr_integerFirstComponentMatch; MatchingRule *si_mr_objectIdentifierFirstComponentMatch; + MatchingRule *si_mr_caseIgnoreMatch; + MatchingRule *si_mr_caseIgnoreListMatch; /* Syntaxes */ Syntax *si_syn_directoryString; @@ -1371,8 +1379,8 @@ typedef struct Access { #define ACL_PRIV_SET(m,p) do { (m) |= (p); } while(0) #define ACL_PRIV_CLR(m,p) do { (m) &= ~(p); } while(0) -#define ACL_INIT(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_NONE) -#define ACL_INVALIDATE(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_INVALID) +#define ACL_INIT(m) ACL_PRIV_ASSIGN((m), ACL_PRIV_NONE) +#define ACL_INVALIDATE(m) ACL_PRIV_ASSIGN((m), ACL_PRIV_INVALID) #define ACL_GRANT(m,a) ACL_PRIV_ISSET((m),ACL_ACCESS2PRIV(a)) @@ -1534,9 +1542,17 @@ typedef struct AccessControlState { slap_acl_state_t as_recorded; int as_vd_acl_count; int as_result; + int as_fe_done; } AccessControlState; #define ACL_STATE_INIT { NULL, NULL, NULL, \ - ACL_STATE_NOT_RECORDED, 0, 0 } + ACL_STATE_NOT_RECORDED, 0, 0, 0 } + +typedef struct AclRegexMatches { + int dn_count; + regmatch_t dn_data[MAXREMATCHES]; + int val_count; + regmatch_t val_data[MAXREMATCHES]; +} AclRegexMatches; /* * Backend-info @@ -1591,6 +1607,7 @@ typedef struct slap_bindconf { char *sb_tls_cacertdir; char *sb_tls_reqcert; char *sb_tls_cipher_suite; + char *sb_tls_protocol_min; #ifdef HAVE_OPENSSL_CRL char *sb_tls_crlcheck; #endif @@ -1634,6 +1651,7 @@ struct slap_limits_set { struct slap_limits { unsigned lm_flags; /* type of pattern */ + /* Values must match lmpats[] in limits.c */ #define SLAP_LIMITS_UNDEFINED 0x0000U #define SLAP_LIMITS_EXACT 0x0001U #define SLAP_LIMITS_BASE SLAP_LIMITS_EXACT @@ -1646,8 +1664,10 @@ struct slap_limits { #define SLAP_LIMITS_ANY 0x0008U #define SLAP_LIMITS_MASK 0x000FU -#define SLAP_LIMITS_TYPE_DN 0x0000U +#define SLAP_LIMITS_TYPE_SELF 0x0000U +#define SLAP_LIMITS_TYPE_DN SLAP_LIMITS_TYPE_SELF #define SLAP_LIMITS_TYPE_GROUP 0x0010U +#define SLAP_LIMITS_TYPE_THIS 0x0020U #define SLAP_LIMITS_TYPE_MASK 0x00F0U regex_t lm_regex; /* regex data for REGEX */ @@ -1683,8 +1703,6 @@ struct syncinfo_s; #define SLAP_SYNC_SID_MAX 4095 /* based on liblutil/csn.c field width */ #define SLAP_SYNCUUID_SET_SIZE 256 -#define SLAP_SYNC_UPDATE_MSGID 1 - struct sync_cookie { struct berval *ctxcsn; struct berval octet_str; @@ -1707,6 +1725,7 @@ struct ConfigOCs; /* config.h */ struct BackendDB { BackendInfo *bd_info; /* pointer to shared backend info */ + BackendDB *bd_self; /* pointer to this struct */ /* fields in this structure (and routines acting on this structure) should be renamed from be_ to bd_ */ @@ -1780,6 +1799,9 @@ struct BackendDB { #define SLAP_DBFLAG_SINGLE_SHADOW 0x4000U /* a single-master shadow */ #define SLAP_DBFLAG_SYNC_SHADOW 0x1000U /* a sync shadow */ #define SLAP_DBFLAG_SLURP_SHADOW 0x2000U /* a slurp shadow */ +#define SLAP_DBFLAG_SHADOW_MASK (SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SINGLE_SHADOW|SLAP_DBFLAG_SYNC_SHADOW|SLAP_DBFLAG_SLURP_SHADOW) +#define SLAP_DBFLAG_CLEAN 0x10000U /* was cleanly shutdown */ +#define SLAP_DBFLAG_ACL_ADD 0x20000U /* check attr ACLs on adds */ slap_mask_t be_flags; #define SLAP_DBFLAGS(be) ((be)->be_flags) #define SLAP_NOLASTMOD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD) @@ -1804,6 +1826,8 @@ struct BackendDB { #define SLAP_SLURP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SLURP_SHADOW) #define SLAP_SINGLE_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SINGLE_SHADOW) #define SLAP_MULTIMASTER(be) (!SLAP_SINGLE_SHADOW(be)) +#define SLAP_DBCLEAN(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_CLEAN) +#define SLAP_DBACL_ADD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_ACL_ADD) slap_mask_t be_restrictops; /* restriction operations */ #define SLAP_RESTRICT_OP_ADD 0x0001U @@ -1851,6 +1875,9 @@ struct BackendDB { #define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */ #define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */ +#define SLAP_DISALLOW_PROXY_AUTHZ_N_CRIT 0x0100U +#define SLAP_DISALLOW_DONTUSECOPY_N_CRIT 0x0200U + #define SLAP_DISALLOW_AUX_WO_CR 0x4000U slap_mask_t be_requires; /* pre-operation requirements */ @@ -1883,7 +1910,6 @@ struct BackendDB { BerVarray be_update_refs; /* where to refer modifying clients to */ struct be_pcl *be_pending_csn_list; ldap_pvt_thread_mutex_t be_pcl_mutex; - ldap_pvt_thread_mutex_t *be_pcl_mutexp; struct syncinfo_s *be_syncinfo; /* For syncrepl */ void *be_pb; /* Netscape plugin */ @@ -2052,6 +2078,9 @@ struct SlapReply { #define REP_REF_MUSTBEFREED 0x0020U #define REP_REF_MASK (REP_REF_MUSTBEFREED) +#define REP_CTRLS_MUSTBEFREED 0x0040U +#define REP_CTRLS_MASK (REP_CTRLS_MUSTBEFREED) + #define REP_NO_ENTRYDN 0x1000U #define REP_NO_SUBSCHEMA 0x2000U #define REP_NO_OPERATIONALS (REP_NO_ENTRYDN|REP_NO_SUBSCHEMA) @@ -2342,6 +2371,7 @@ typedef struct PagedResultsState { struct slap_csn_entry { struct berval ce_csn; + int ce_sid; unsigned long ce_opid; unsigned long ce_connid; #define SLAP_CSN_PENDING 1 @@ -2392,6 +2422,9 @@ struct slap_control_ids { int sc_sessionTracking; #endif int sc_valuesReturnFilter; +#ifdef SLAP_CONTROL_X_WHATFAILED + int sc_whatFailed; +#endif }; /* @@ -2466,6 +2499,20 @@ typedef union OpRequest { req_pwdexop_s oq_pwdexop; } OpRequest; +/* This is only a header. Actual users should define their own + * structs with the oe_next / oe_key fields at the top and + * whatever else they need following. + */ +typedef struct OpExtra { + LDAP_SLIST_ENTRY(OpExtra) oe_next; + void *oe_key; +} OpExtra; + +typedef struct OpExtraDB { + OpExtra oe; + BackendDB *oe_db; +} OpExtraDB; + struct Operation { Opheader *o_hdr; @@ -2558,6 +2605,7 @@ struct Operation { GroupAssertion *o_groups; char o_do_not_cache; /* don't cache groups from this op */ char o_is_auth_check; /* authorization in progress */ + char o_dont_replicate; slap_access_t o_acl_priv; char o_nocaching; @@ -2647,6 +2695,11 @@ struct Operation { #define get_sessionTracking(op) ((int)(op)->o_session_tracking) #endif +#ifdef SLAP_CONTROL_X_WHATFAILED +#define o_whatFailed o_ctrlflag[slap_cids.sc_whatFailed] +#define get_whatFailed(op) _SCM((op)->o_whatFailed) +#endif + #define o_sync o_ctrlflag[slap_cids.sc_LDAPsync] AuthorizationInformation o_authz; @@ -2657,7 +2710,9 @@ struct Operation { LDAPControl **o_ctrls; /* controls */ struct berval o_csn; + /* DEPRECATE o_private - use o_extra instead */ void *o_private; /* anything the backend needs */ + LDAP_SLIST_HEAD(o_e, OpExtra) o_extra; /* anything the backend needs */ LDAP_STAILQ_ENTRY(Operation) o_next; /* next operation in list */ }; @@ -2670,7 +2725,7 @@ typedef struct OperationBuffer { #define send_ldap_error( op, rs, err, text ) do { \ (rs)->sr_err = err; (rs)->sr_text = text; \ - (op->o_conn->c_send_ldap_result)( op, rs ); \ + ((op)->o_conn->c_send_ldap_result)( op, rs ); \ } while (0) #define send_ldap_discon( op, rs, err, text ) do { \ (rs)->sr_err = err; (rs)->sr_text = text; \ @@ -2748,14 +2803,17 @@ struct Connection { LDAP_STAILQ_HEAD(c_o, Operation) c_ops; /* list of operations being processed */ LDAP_STAILQ_HEAD(c_po, Operation) c_pending_ops; /* list of pending operations */ - ldap_pvt_thread_mutex_t c_write_mutex; /* only one pdu written at a time */ - ldap_pvt_thread_cond_t c_write_cv; /* used to wait for sd write-ready*/ + ldap_pvt_thread_mutex_t c_write1_mutex; /* only one pdu written at a time */ + ldap_pvt_thread_cond_t c_write1_cv; /* only one pdu written at a time */ + ldap_pvt_thread_mutex_t c_write2_mutex; /* used to wait for sd write-ready */ + ldap_pvt_thread_cond_t c_write2_cv; /* used to wait for sd write-ready*/ BerElement *c_currentber; /* ber we're attempting to read */ + int c_writers; /* number of writers waiting */ char c_sasl_bind_in_progress; /* multi-op bind in progress */ + char c_writewaiter; /* true if blocked on write */ - char c_writewaiter; /* true if writer is waiting */ #define CONN_IS_TLS 1 #define CONN_IS_UDP 2 @@ -2830,7 +2888,7 @@ struct Connection { #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ do { \ if ( ldap_debug & (level) ) \ - fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ + lutil_debug( ldap_debug, (level), (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ } while (0) #define StatslogTest( level ) (ldap_debug & (level)) #endif /* !LDAP_SYSLOG */