X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=bb41efc677427e85eaa3e763dc0e1084c30afa32;hb=9c550e7235830af9d031d8d7ba86b87f36dcc99f;hp=e925e47b0edb164975b914434ea9da3399623816;hpb=0c58aa3ab96a701c7c29398a6aa1dd964766ad23;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index e925e47b0e..bb41efc677 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -52,10 +52,12 @@ #include #include "lber_pvt.h" +#include "ldap_pvt.h" #include "ldap_pvt_thread.h" #include "ldap_queue.h" LDAP_BEGIN_DECL + /* * SLAPD Memory allocation macros * @@ -133,7 +135,10 @@ LDAP_BEGIN_DECL || (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) ) #define DN_ESCAPE(c) ((c) == SLAP_ESCAPE_CHAR) -#define DN_SEPARATOR(c) ((c) == ',' || (c) == ';') +/* NOTE: for consistency, this macro must only operate + * on normalized/pretty DN, such that ';' is never used + * as RDN separator, and all occurrences of ';' must be escaped */ +#define DN_SEPARATOR(c) ((c) == ',') #define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */ #define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c)) #define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"') @@ -145,9 +150,9 @@ LDAP_BEGIN_DECL #define OID_CHAR(c) ( OID_LEADCHAR(c) || OID_SEPARATOR(c) ) #define ATTR_LEADCHAR(c) ( DESC_LEADCHAR(c) || OID_LEADCHAR(c) ) -#define ATTR_CHAR(c) ( DESC_CHAR((c)) || (c) == '.' ) +#define ATTR_CHAR(c) ( DESC_CHAR((c)) || OID_SEPARATOR(c) ) -#define AD_LEADCHAR(c) ( ATTR_CHAR(c) ) +#define AD_LEADCHAR(c) ( ATTR_LEADCHAR(c) ) #define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' ) #define SLAP_NUMERIC(c) ( ASCII_DIGIT(c) || ASCII_SPACE(c) ) @@ -225,9 +230,13 @@ typedef struct slap_ssf_set { | SLAP_INDEX_SUBSTR_ANY \ | SLAP_INDEX_SUBSTR_FINAL ) -#define SLAP_INDEX_SUBSTR_MINLEN 2 -#define SLAP_INDEX_SUBSTR_MAXLEN 4 -#define SLAP_INDEX_SUBSTR_STEP 2 +/* defaults for initial/final substring indices */ +#define SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT 2 +#define SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT 4 + +/* defaults for any substring indices */ +#define SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT 4 +#define SLAP_INDEX_SUBSTR_ANY_STEP_DEFAULT 2 #define SLAP_INDEX_FLAGS 0xF000UL #define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */ @@ -315,6 +324,16 @@ typedef int slap_syntax_transform_func LDAP_P(( struct berval * out, void *memctx)); +#ifdef LDAP_DEVEL +#define LDAP_COMP_MATCH +#endif + +#ifdef LDAP_COMP_MATCH +typedef void* slap_component_transform_func LDAP_P(( + struct berval * in )); +struct ComponentDesc; +#endif + typedef struct slap_syntax { LDAPSyntax ssyn_syn; #define ssyn_oid ssyn_syn.syn_oid @@ -351,6 +370,10 @@ typedef struct slap_syntax { slap_syntax_transform_func *ssyn_ber2str; slap_syntax_transform_func *ssyn_str2ber; #endif +#ifdef LDAP_COMP_MATCH + slap_component_transform_func *ssyn_attr2comp; + struct ComponentDesc* ssync_comp_syntax; +#endif LDAP_SLIST_ENTRY(slap_syntax) ssyn_next; } Syntax; @@ -453,6 +476,10 @@ typedef struct slap_matching_rule { #define SLAP_MR_ORDERING 0x0200U #define SLAP_MR_SUBSTR 0x0400U #define SLAP_MR_EXT 0x0800U /* implicitly extensible */ +#define SLAP_MR_ORDERED_INDEX 0x1000U +#ifdef LDAP_COMP_MATCH +#define SLAP_MR_COMPONENT 0x2000U +#endif #define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U ) @@ -530,8 +557,8 @@ typedef struct slap_matching_rule { */ struct slap_matching_rule *smr_associated; -#define SLAP_MR_ASSOCIATED(mr,amr) (((mr) == (amr)) || \ - ((mr)->smr_associated == (amr))) +#define SLAP_MR_ASSOCIATED(mr,amr) \ + (((mr) == (amr)) || ((mr)->smr_associated == (amr))) LDAP_SLIST_ENTRY(slap_matching_rule)smr_next; @@ -607,6 +634,8 @@ typedef struct slap_attribute_type { #else #define SLAP_AT_HIDE 0x8000U /* hide attribute */ #endif +#define SLAP_AT_DYNAMIC 0x0400U /* dynamically generated */ + slap_mask_t sat_flags; LDAP_SLIST_ENTRY(slap_attribute_type) sat_next; @@ -762,10 +791,10 @@ struct slap_internal_schema { AttributeDescription *si_ad_subschemaSubentry; AttributeDescription *si_ad_collectiveSubentries; AttributeDescription *si_ad_collectiveExclusions; + AttributeDescription *si_ad_entryDN; AttributeDescription *si_ad_entryUUID; AttributeDescription *si_ad_entryCSN; AttributeDescription *si_ad_namingCSN; - AttributeDescription *si_ad_superiorUUID; AttributeDescription *si_ad_dseType; AttributeDescription *si_ad_syncreplCookie; @@ -789,14 +818,14 @@ struct slap_internal_schema { AttributeDescription *si_ad_subtreeSpecification; /* subschema subentry attribute descriptions */ - AttributeDescription *si_ad_ditStructureRules; - AttributeDescription *si_ad_ditContentRules; - AttributeDescription *si_ad_nameForms; - AttributeDescription *si_ad_objectClasses; AttributeDescription *si_ad_attributeTypes; + AttributeDescription *si_ad_ditContentRules; + AttributeDescription *si_ad_ditStructureRules; AttributeDescription *si_ad_ldapSyntaxes; AttributeDescription *si_ad_matchingRules; AttributeDescription *si_ad_matchingRuleUse; + AttributeDescription *si_ad_nameForms; + AttributeDescription *si_ad_objectClasses; /* Aliases & Referrals */ AttributeDescription *si_ad_aliasedObjectName; @@ -833,6 +862,10 @@ struct slap_internal_schema { /* Matching Rules */ MatchingRule *si_mr_distinguishedNameMatch; + MatchingRule *si_mr_dnSubtreeMatch; + MatchingRule *si_mr_dnOneLevelMatch; + MatchingRule *si_mr_dnSubordinateMatch; + MatchingRule *si_mr_dnSuperiorMatch; MatchingRule *si_mr_caseExactMatch; MatchingRule *si_mr_caseExactSubstringsMatch; MatchingRule *si_mr_caseExactIA5Match; @@ -845,6 +878,16 @@ struct slap_internal_schema { Syntax *si_syn_distinguishedName; Syntax *si_syn_integer; Syntax *si_syn_octetString; + + /* Schema Syntaxes */ + Syntax *si_syn_attributeTypeDesc; + Syntax *si_syn_ditContentRuleDesc; + Syntax *si_syn_ditStructureRuleDesc; + Syntax *si_syn_ldapSyntaxDesc; + Syntax *si_syn_matchingRuleDesc; + Syntax *si_syn_matchingRuleUseDesc; + Syntax *si_syn_nameFormDesc; + Syntax *si_syn_objectClassDesc; }; typedef struct slap_attr_assertion { @@ -859,12 +902,19 @@ typedef struct slap_ss_assertion { struct berval sa_final; } SubstringsAssertion; +#ifdef LDAP_COMP_MATCH +struct slap_component_filter; +#endif + typedef struct slap_mr_assertion { MatchingRule *ma_rule; /* optional */ struct berval ma_rule_text; /* optional */ AttributeDescription *ma_desc; /* optional */ int ma_dnattrs; /* boolean */ struct berval ma_value; /* required */ +#ifdef LDAP_COMP_MATCH + struct slap_component_filter* ma_cf; /* component filter */ +#endif } MatchingRuleAssertion; /* @@ -875,7 +925,9 @@ typedef struct slap_filter { #define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1) #define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2) #define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3) +#ifdef LDAP_SCOPE_SUBORDINATE #define SLAPD_FILTER_DN_CHILDREN ((ber_tag_t) -4) +#endif union f_un_u { /* precomputed result */ @@ -987,6 +1039,9 @@ typedef struct slap_attr { unsigned a_flags; #define SLAP_ATTR_IXADD 0x1U #define SLAP_ATTR_IXDEL 0x2U +#ifdef LDAP_COMP_MATCH + void* a_component_values; /* component values */ +#endif } Attribute; @@ -1032,7 +1087,6 @@ typedef struct slap_mod { AttributeDescription *sm_desc; struct berval sm_type; BerVarray sm_values; -#define sm_bvalues sm_values BerVarray sm_nvalues; } Modification; @@ -1041,7 +1095,6 @@ typedef struct slap_mod_list { #define sml_op sml_mod.sm_op #define sml_desc sml_mod.sm_desc #define sml_type sml_mod.sm_type -#define sml_bvalues sml_mod.sm_values #define sml_values sml_mod.sm_values #define sml_nvalues sml_mod.sm_nvalues struct slap_mod_list *sml_next; @@ -1053,7 +1106,6 @@ typedef struct slap_ldap_modlist { #define ml_op ml_mod.mod_op #define ml_type ml_mod.mod_type #define ml_values ml_mod.mod_values -#define ml_bvalues ml_mod.mod_values } LDAPModList; /* @@ -1078,11 +1130,14 @@ typedef enum slap_control_e { typedef enum slap_style_e { ACL_STYLE_REGEX = 0, + ACL_STYLE_EXPAND, ACL_STYLE_BASE, ACL_STYLE_ONE, ACL_STYLE_SUBTREE, ACL_STYLE_CHILDREN, - ACL_STYLE_ATTROF + ACL_STYLE_ATTROF, + ACL_STYLE_IP, + ACL_STYLE_PATH } slap_style_t; typedef struct slap_authz_info { @@ -1171,6 +1226,10 @@ typedef struct slap_access { slap_style_t a_peername_style; struct berval a_peername_pat; + unsigned long a_peername_addr, + a_peername_mask; + int a_peername_port; + slap_style_t a_sockname_style; struct berval a_sockname_pat; @@ -1249,6 +1308,7 @@ LDAP_SLAPD_V (int) nBackendInfo; LDAP_SLAPD_V (int) nBackendDB; LDAP_SLAPD_V (BackendInfo *) backendInfo; LDAP_SLAPD_V (BackendDB *) backendDB; +LDAP_SLAPD_V (BackendDB *) frontendDB; LDAP_SLAPD_V (int) slapMode; #define SLAP_UNDEFINED_MODE 0x0000 @@ -1278,8 +1338,13 @@ struct slap_limits_set { int lms_s_unchecked; int lms_s_pr; int lms_s_pr_hide; + int lms_s_pr_total; }; +/* Note: this is different from LDAP_NO_LIMIT (0); slapd internal use only */ +#define SLAP_NO_LIMIT -1 +#define SLAP_MAX_LIMIT 2147483647 + struct slap_limits { unsigned lm_flags; /* type of pattern */ #define SLAP_LIMITS_UNDEFINED 0x0000U @@ -1364,28 +1429,42 @@ typedef struct syncinfo_s { char *si_authcId; char *si_authzId; int si_schemachecking; - Filter *si_filter; struct berval si_filterstr; struct berval si_base; int si_scope; int si_attrsonly; - char **si_attrs; + AttributeName *si_anlist; + AttributeName *si_exanlist; + char **si_attrs; + int si_allattrs; + int si_allopattrs; + char **si_exattrs; int si_type; time_t si_interval; + time_t *si_retryinterval; + int *si_retrynum_init; + int *si_retrynum; struct sync_cookie si_syncCookie; int si_manageDSAit; int si_slimit; int si_tlimit; struct berval si_syncUUID_ndn; + int si_refreshDelete; + int si_refreshPresent; Avlnode *si_presentlist; LDAP *si_ld; LDAP_LIST_HEAD(np, nonpresent_entry) si_nonpresentlist; LDAP_STAILQ_ENTRY( syncinfo_s ) si_next; } syncinfo_t; +LDAP_TAILQ_HEAD( be_pcl, slap_csn_entry ); + struct slap_backend_db { BackendInfo *bd_info; /* pointer to shared backend info */ + /* fields in this structure (and routines acting on this structure) + should be renamed from be_ to bd_ */ + /* BackendInfo accessors */ #define be_config bd_info->bi_db_config #define be_type bd_info->bi_type @@ -1403,9 +1482,9 @@ struct slap_backend_db { #define be_extended bd_info->bi_extended +#define be_chk_referrals bd_info->bi_chk_referrals #define be_fetch bd_info->bi_entry_get_rw #define be_release bd_info->bi_entry_release_rw -#define be_chk_referrals bd_info->bi_chk_referrals #define be_group bd_info->bi_acl_group #define be_attribute bd_info->bi_acl_attribute #define be_operational bd_info->bi_operational @@ -1436,33 +1515,30 @@ struct slap_backend_db { #define be_entry_modify bd_info->bi_tool_entry_modify #endif -#define SLAP_BFLAG_NOLASTMOD 0x0001U -#define SLAP_BFLAG_NO_SCHEMA_CHECK 0x0002U -#define SLAP_BFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */ -#define SLAP_BFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */ -#define SLAP_BFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */ -#define SLAP_BFLAG_MONITOR 0x0080U /* a monitor backend */ -#define SLAP_BFLAG_INCREMENT 0x0100U -#define SLAP_BFLAG_ALIASES 0x1000U -#define SLAP_BFLAG_REFERRALS 0x2000U -#define SLAP_BFLAG_SUBENTRIES 0x4000U -#define SLAP_BFLAG_DYNAMIC 0x8000U +/* Database flags */ +#define SLAP_DBFLAG_NOLASTMOD 0x0001U +#define SLAP_DBFLAG_NO_SCHEMA_CHECK 0x0002U +#define SLAP_DBFLAG_GLUE_INSTANCE 0x0010U /* a glue backend */ +#define SLAP_DBFLAG_GLUE_SUBORDINATE 0x0020U /* child of a glue hierarchy */ +#define SLAP_DBFLAG_GLUE_LINKED 0x0040U /* child is connected to parent */ +#define SLAP_DBFLAG_SHADOW 0x8000U /* a shadow */ +#define SLAP_DBFLAG_SYNC_SHADOW 0x1000U /* a sync shadow */ +#define SLAP_DBFLAG_SLURP_SHADOW 0x2000U /* a slurp shadow */ slap_mask_t be_flags; -#define SLAP_LASTMOD(be) (!((be)->be_flags & SLAP_BFLAG_NOLASTMOD)) -#define SLAP_NO_SCHEMA_CHECK(be) (((be)->be_flags & SLAP_BFLAG_NO_SCHEMA_CHECK)) -#define SLAP_GLUE_INSTANCE(be) ((be)->be_flags & SLAP_BFLAG_GLUE_INSTANCE) -#define SLAP_GLUE_SUBORDINATE(be) \ - ((be)->be_flags & SLAP_BFLAG_GLUE_SUBORDINATE) -#define SLAP_GLUE_LINKED(be) ((be)->be_flags & SLAP_BFLAG_GLUE_LINKED) - -#define SLAP_MONITOR(be) ((be)->be_flags & SLAP_BFLAG_MONITOR) -#define SLAP_INCREMENT(be) ((be)->be_flags & SLAP_BFLAG_INCREMENT) - -#define SLAP_ALIASES(be) ((be)->be_flags & SLAP_BFLAG_ALIASES) -#define SLAP_REFERRALS(be) ((be)->be_flags & SLAP_BFLAG_REFERRALS) -#define SLAP_SUBENTRIES(be) ((be)->be_flags & SLAP_BFLAG_SUBENTRIES) -#define SLAP_DYNAMIC(be) ((be)->be_flags & SLAP_BFLAG_DYNAMIC) - +#define SLAP_DBFLAGS(be) ((be)->be_flags) +#define SLAP_NOLASTMOD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD) +#define SLAP_LASTMOD(be) (!SLAP_NOLASTMOD(be)) +#define SLAP_NO_SCHEMA_CHECK(be) \ + (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NO_SCHEMA_CHECK) +#define SLAP_GLUE_INSTANCE(be) \ + (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_INSTANCE) +#define SLAP_GLUE_SUBORDINATE(be) \ + (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_SUBORDINATE) +#define SLAP_GLUE_LINKED(be) \ + (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_LINKED) +#define SLAP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SHADOW) +#define SLAP_SYNC_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SYNC_SHADOW) +#define SLAP_SLURP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SLURP_SHADOW) slap_mask_t be_restrictops; /* restriction operations */ #define SLAP_RESTRICT_OP_ADD 0x0001U @@ -1473,6 +1549,15 @@ struct slap_backend_db { #define SLAP_RESTRICT_OP_MODIFY 0x0020U #define SLAP_RESTRICT_OP_RENAME 0x0040U #define SLAP_RESTRICT_OP_SEARCH 0x0080U +#define SLAP_RESTRICT_OP_MASK 0x00FFU + +#define SLAP_RESTRICT_READONLY 0x80000000U + +#define SLAP_RESTRICT_EXOP_START_TLS 0x0100U +#define SLAP_RESTRICT_EXOP_MODIFY_PASSWD 0x0200U +#define SLAP_RESTRICT_EXOP_WHOAMI 0x0400U +#define SLAP_RESTRICT_EXOP_CANCEL 0x0800U +#define SLAP_RESTRICT_EXOP_MASK 0xFF00U #define SLAP_RESTRICT_OP_READS \ ( SLAP_RESTRICT_OP_COMPARE \ @@ -1508,7 +1593,6 @@ struct slap_backend_db { /* Required Security Strength Factor */ slap_ssf_set_t be_ssf_set; - /* these should be renamed from be_ to bd_ */ BerVarray be_suffix; /* the DN suffixes of data in this backend */ BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */ struct berval be_schemadn; /* per-backend subschema subentry DN */ @@ -1523,19 +1607,22 @@ struct slap_backend_db { struct slap_limits **be_limits; /* regex-based size and time limits */ AccessControl *be_acl; /* access control list for this backend */ slap_access_t be_dfltaccess; /* access given if no acl matches */ + + /* Replica Information */ struct slap_replica_info **be_replica; /* replicas of this backend (in master) */ char *be_replogfile; /* replication log file (in master) */ struct berval be_update_ndn; /* allowed to make changes (in replicas) */ BerVarray be_update_refs; /* where to refer modifying clients to */ - char *be_realm; - void *be_private; /* anything the backend database needs */ - - void *be_pb; /* Netscape plugin */ - LDAP_TAILQ_HEAD( pcl, slap_csn_entry ) be_pending_csn_list; + struct be_pcl *be_pending_csn_list; ldap_pvt_thread_mutex_t be_pcl_mutex; + ldap_pvt_thread_mutex_t *be_pcl_mutexp; struct berval be_context_csn; - ldap_pvt_thread_mutex_t be_context_csn_mutex; LDAP_STAILQ_HEAD( be_si, syncinfo_s ) be_syncinfo; /* For syncrepl */ + + char *be_realm; + void *be_pb; /* Netscape plugin */ + + void *be_private; /* anything the backend database needs */ }; struct slap_conn; @@ -1563,6 +1650,7 @@ typedef struct req_bind_s { struct berval rb_cred; struct berval rb_edn; slap_ssf_t rb_ssf; + struct berval rb_tmp_mech; /* FIXME: temporary */ } req_bind_s; typedef struct req_search_s { @@ -1570,10 +1658,13 @@ typedef struct req_search_s { int rs_deref; int rs_slimit; int rs_tlimit; + /* NULL means be_isroot evaluated to TRUE */ + struct slap_limits_set *rs_limit; int rs_attrsonly; AttributeName *rs_attrs; Filter *rs_filter; struct berval rs_filterstr; + int rs_post_search_id; } req_search_s; typedef struct req_compare_s { @@ -1582,6 +1673,7 @@ typedef struct req_compare_s { typedef struct req_modify_s { Modifications *rs_modlist; + int rs_increment; /* FIXME: temporary */ } req_modify_s; typedef struct req_modrdn_s { @@ -1594,6 +1686,7 @@ typedef struct req_modrdn_s { typedef struct req_add_s { Entry *rs_e; + Modifications *rs_modlist; /* FIXME: temporary */ } req_add_s; typedef struct req_abandon_s { @@ -1605,6 +1698,14 @@ typedef struct req_extended_s { struct berval *rs_reqdata; } req_extended_s; +typedef struct req_pwdexop_s { + struct berval rs_reqoid; + struct berval rs_old; + struct berval rs_new; + Modifications *rs_mods; + Modifications **rs_modtail; +} req_pwdexop_s; + typedef enum slap_reply_e { REP_RESULT, REP_SASL, @@ -1625,6 +1726,19 @@ typedef struct rep_extended_s { typedef struct rep_search_s { Entry *r_entry; + slap_mask_t r_attr_flags; +#define SLAP_ATTRS_UNDEFINED (0x00U) +#define SLAP_OPATTRS_NO (0x01U) +#define SLAP_OPATTRS_YES (0x02U) +#define SLAP_USERATTRS_NO (0x10U) +#define SLAP_USERATTRS_YES (0x20U) +#define SLAP_OPATTRS_MASK(f) ((f) & (SLAP_OPATTRS_NO|SLAP_OPATTRS_YES)) +#define SLAP_OPATTRS(f) (((f) & SLAP_OPATTRS_YES) == SLAP_OPATTRS_YES) +#define SLAP_USERATTRS_MASK(f) ((f) & (SLAP_USERATTRS_NO|SLAP_USERATTRS_YES)) +#define SLAP_USERATTRS(f) \ + (((f) & SLAP_USERATTRS_YES) == SLAP_USERATTRS_YES) + + Attribute *r_operational_attrs; AttributeName *r_attrs; int r_nentries; BerVarray r_v2ref; @@ -1645,14 +1759,17 @@ typedef struct slap_rep { rep_search_s sru_search; } sr_un; slap_mask_t sr_flags; -#define REP_ENTRY_MODIFIABLE 0x00000001 -#define REP_ENTRY_MUSTBEFREED 0x00000002 -#define REP_MATCHED_MUSTBEFREED 0x00000010 +#define REP_ENTRY_MODIFIABLE 0x0001U +#define REP_ENTRY_MUSTBEFREED 0x0002U +#define REP_MATCHED_MUSTBEFREED 0x0010U +#define REP_REF_MUSTBEFREED 0x0020U } SlapReply; /* short hands for response members */ #define sr_attrs sr_un.sru_search.r_attrs #define sr_entry sr_un.sru_search.r_entry +#define sr_operational_attrs sr_un.sru_search.r_operational_attrs +#define sr_attr_flags sr_un.sru_search.r_attr_flags #define sr_v2ref sr_un.sru_search.r_v2ref #define sr_nentries sr_un.sru_search.r_nentries #define sr_rspoid sr_un.sru_extended.r_rspoid @@ -1669,18 +1786,22 @@ typedef int (BI_op_add) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); typedef int (BI_op_delete) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); typedef int (BI_op_abandon) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); typedef int (BI_op_cancel) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_extended) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_entry_release_rw) LDAP_P(( struct slap_op *op, Entry *e, int rw )); +typedef int (BI_op_extended) LDAP_P(( + struct slap_op *op, struct slap_rep *rs )); +typedef int (BI_chk_referrals) LDAP_P(( + struct slap_op *op, struct slap_rep *rs )); +typedef int (BI_entry_release_rw) + LDAP_P(( struct slap_op *op, Entry *e, int rw )); typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn, ObjectClass *oc, AttributeDescription *at, int rw, Entry **e )); -typedef int (BI_chk_referrals) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs, int opattrs, Attribute **ap )); -typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, Entry *e, int *hasSubs )); +typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); +typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, + Entry *e, int *hasSubs )); -typedef int (BI_connection_init) LDAP_P((BackendDB *bd, - struct slap_conn *c)); -typedef int (BI_connection_destroy) LDAP_P((BackendDB *bd, - struct slap_conn *c)); +typedef int (BI_connection_init) LDAP_P(( BackendDB *bd, + struct slap_conn *c )); +typedef int (BI_connection_destroy) LDAP_P(( BackendDB *bd, + struct slap_conn *c )); typedef int (BI_tool_entry_open) LDAP_P(( BackendDB *be, int mode )); typedef int (BI_tool_entry_close) LDAP_P(( BackendDB *be )); @@ -1688,13 +1809,13 @@ typedef ID (BI_tool_entry_first) LDAP_P(( BackendDB *be )); typedef ID (BI_tool_entry_next) LDAP_P(( BackendDB *be )); typedef Entry* (BI_tool_entry_get) LDAP_P(( BackendDB *be, ID id )); typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e, - struct berval *text )); + struct berval *text )); typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id )); typedef int (BI_tool_sync) LDAP_P(( BackendDB *be )); typedef ID (BI_tool_dn2id_get) LDAP_P(( BackendDB *be, struct berval *dn )); typedef int (BI_tool_id2entry_get) LDAP_P(( BackendDB *be, ID id, Entry **e )); typedef ID (BI_tool_entry_modify) LDAP_P(( BackendDB *be, Entry *e, - struct berval *text )); + struct berval *text )); struct slap_backend_info { char *bi_type; /* type of backend */ @@ -1768,32 +1889,51 @@ struct slap_backend_info { BI_op_extended *bi_extended; /* Auxilary Functions */ + BI_operational *bi_operational; + BI_chk_referrals *bi_chk_referrals; BI_entry_get_rw *bi_entry_get_rw; BI_entry_release_rw *bi_entry_release_rw; - BI_chk_referrals *bi_chk_referrals; - BI_operational *bi_operational; BI_has_subordinates *bi_has_subordinates; BI_connection_init *bi_connection_init; BI_connection_destroy *bi_connection_destroy; /* hooks for slap tools */ - BI_tool_entry_open *bi_tool_entry_open; - BI_tool_entry_close *bi_tool_entry_close; - BI_tool_entry_first *bi_tool_entry_first; - BI_tool_entry_next *bi_tool_entry_next; - BI_tool_entry_get *bi_tool_entry_get; - BI_tool_entry_put *bi_tool_entry_put; + BI_tool_entry_open *bi_tool_entry_open; + BI_tool_entry_close *bi_tool_entry_close; + BI_tool_entry_first *bi_tool_entry_first; + BI_tool_entry_next *bi_tool_entry_next; + BI_tool_entry_get *bi_tool_entry_get; + BI_tool_entry_put *bi_tool_entry_put; BI_tool_entry_reindex *bi_tool_entry_reindex; - BI_tool_sync *bi_tool_sync; - BI_tool_dn2id_get *bi_tool_dn2id_get; + BI_tool_sync *bi_tool_sync; + BI_tool_dn2id_get *bi_tool_dn2id_get; BI_tool_id2entry_get *bi_tool_id2entry_get; BI_tool_entry_modify *bi_tool_entry_modify; #define SLAP_INDEX_ADD_OP 0x0001 #define SLAP_INDEX_DELETE_OP 0x0002 + slap_mask_t bi_flags; /* backend flags */ +#define SLAP_BFLAG_MONITOR 0x0001U /* a monitor backend */ +#define SLAP_BFLAG_NOLASTMODCMD 0x0010U +#define SLAP_BFLAG_INCREMENT 0x0100U +#define SLAP_BFLAG_ALIASES 0x1000U +#define SLAP_BFLAG_REFERRALS 0x2000U +#define SLAP_BFLAG_SUBENTRIES 0x4000U +#define SLAP_BFLAG_DYNAMIC 0x8000U + +#define SLAP_BFLAGS(be) ((be)->bd_info->bi_flags) +#define SLAP_MONITOR(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR) +#define SLAP_INCREMENT(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_INCREMENT) +#define SLAP_ALIASES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES) +#define SLAP_REFERRALS(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS) +#define SLAP_SUBENTRIES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_SUBENTRIES) +#define SLAP_DYNAMIC(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC) +#define SLAP_NOLASTMODCMD(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_NOLASTMODCMD) +#define SLAP_LASTMODCMD(be) (!SLAP_NOLASTMODCMD(be)) + char **bi_controls; /* supported controls */ unsigned int bi_nDB; /* number of databases of this type */ @@ -1838,11 +1978,12 @@ typedef struct slap_overinst { typedef struct slap_overinfo { BackendInfo oi_bi; - BackendDB oi_bd; - slap_overinst *oi_list; + BackendInfo *oi_orig; + struct slap_overinst *oi_list; } slap_overinfo; /* Should successive callbacks in a chain be processed? */ +#define SLAP_CB_FREEME 0x4000 #define SLAP_CB_CONTINUE 0x8000 /* @@ -1852,15 +1993,15 @@ typedef unsigned long PagedResultsCookie; typedef struct slap_paged_state { Backend *ps_be; PagedResultsCookie ps_cookie; - ID ps_id; + int ps_count; } PagedResultsState; - #define LDAP_PSEARCH_BY_ADD 0x01 #define LDAP_PSEARCH_BY_DELETE 0x02 #define LDAP_PSEARCH_BY_PREMODIFY 0x03 #define LDAP_PSEARCH_BY_MODIFY 0x04 #define LDAP_PSEARCH_BY_SCOPEOUT 0x05 +#define LDAP_PSEARCH_BY_PREDELETE 0x06 struct psid_entry { struct slap_op *ps_op; @@ -1883,13 +2024,23 @@ struct slap_session_entry { }; struct slap_csn_entry { - struct berval *csn; - unsigned long opid; - unsigned long connid; + struct berval *ce_csn; + unsigned long ce_opid; + unsigned long ce_connid; #define SLAP_CSN_PENDING 1 #define SLAP_CSN_COMMIT 2 - long state; - LDAP_TAILQ_ENTRY (slap_csn_entry) csn_link; + long ce_state; + LDAP_TAILQ_ENTRY (slap_csn_entry) ce_csn_link; +}; + +struct pc_entry { + ID pc_id; + int pc_sent; + struct berval pc_csn; + struct berval pc_entryUUID; + struct berval pc_ename; + struct berval pc_enname; + LDAP_TAILQ_ENTRY( pc_entry ) pc_link; }; /* @@ -1911,6 +2062,7 @@ typedef struct slap_gacl { typedef struct slap_op { unsigned long o_opid; /* id of this operation */ unsigned long o_connid; /* id of conn initiating this op */ + char o_log_prefix[sizeof("conn=18446744073709551615 op=18446744073709551615")]; struct slap_conn *o_conn; /* connection spawning this op */ BackendDB *o_bd; /* backend DB processing this op */ @@ -1932,6 +2084,7 @@ typedef struct slap_op { req_abandon_s oq_abandon; req_abandon_s oq_cancel; req_extended_s oq_extended; + req_pwdexop_s oq_pwdexop; } o_request; /* short hands for union members */ @@ -1944,21 +2097,25 @@ typedef struct slap_op { #define oq_abandon o_request.oq_abandon #define oq_cancel o_request.oq_cancel #define oq_extended o_request.oq_extended +#define oq_pwdexop o_request.oq_pwdexop /* short hands for inner request members */ #define orb_method oq_bind.rb_method #define orb_cred oq_bind.rb_cred #define orb_edn oq_bind.rb_edn #define orb_ssf oq_bind.rb_ssf +#define orb_tmp_mech oq_bind.rb_tmp_mech #define ors_scope oq_search.rs_scope #define ors_deref oq_search.rs_deref #define ors_slimit oq_search.rs_slimit #define ors_tlimit oq_search.rs_tlimit +#define ors_limit oq_search.rs_limit #define ors_attrsonly oq_search.rs_attrsonly #define ors_attrs oq_search.rs_attrs #define ors_filter oq_search.rs_filter #define ors_filterstr oq_search.rs_filterstr +#define ors_post_search_id oq_search.rs_post_search_id #define orr_newrdn oq_modrdn.rs_newrdn #define orr_nnewrdn oq_modrdn.rs_nnewrdn @@ -1968,8 +2125,10 @@ typedef struct slap_op { #define orc_ava oq_compare.rs_ava #define ora_e oq_add.rs_e +#define ora_modlist oq_add.rs_modlist #define orn_msgid oq_abandon.rs_msgid #define orm_modlist oq_modify.rs_modlist +#define orm_increment oq_modify.rs_increment #define ore_reqoid oq_extended.rs_reqoid #define ore_reqdata oq_extended.rs_reqdata @@ -1987,6 +2146,7 @@ typedef struct slap_op { char o_do_not_cache; /* don't cache groups from this op */ char o_is_auth_check; /* authorization in progress */ +#define SLAP_IGNORED_CONTROL -1 #define SLAP_NO_CONTROL 0 #define SLAP_NONCRITICAL_CONTROL 1 #define SLAP_CRITICAL_CONTROL 2 @@ -2018,6 +2178,13 @@ typedef struct slap_op { #define get_domainScope(op) ((int)(op)->o_domain_scope) #else #define get_domainScope(op) (0) +#endif + +#ifdef LDAP_CONTROL_X_TREE_DELETE + char o_tree_delete; +#define get_treeDelete(op) ((int)(op)->o_tree_delete) +#else +#define get_treeDelete(op) (0) #endif char o_preread; @@ -2050,6 +2217,13 @@ typedef struct slap_op { LDAP_LIST_ENTRY(slap_op) o_ps_link; LDAP_LIST_HEAD(pe, psid_entry) o_pm_list; + int o_refresh_in_progress; + LDAP_TAILQ_HEAD(pc_pre, pc_entry) o_ps_pre_candidates; + LDAP_TAILQ_HEAD(pc_post, pc_entry) o_ps_post_candidates; + Avlnode *o_psearch_finished; + struct pc_entry *o_ps_send_wait; + ldap_pvt_thread_mutex_t o_pcmutex; + AuthorizationInformation o_authz; BerElement *o_ber; /* ber of the request */ @@ -2121,6 +2295,7 @@ typedef struct slap_listener Listener; typedef struct slap_conn { int c_struct_state; /* structure management state */ int c_conn_state; /* connection state */ + int c_conn_idx; /* slot in connections array */ ldap_pvt_thread_mutex_t c_mutex; /* protect the connection */ Sockbuf *c_sb; /* ber connection stuff */ @@ -2270,6 +2445,22 @@ enum { }; #endif /* SLAPD_MONITOR */ +typedef struct slap_counters_t { + ldap_pvt_thread_mutex_t sc_sent_mutex; + ldap_pvt_mp_t sc_bytes; + ldap_pvt_mp_t sc_pdu; + ldap_pvt_mp_t sc_entries; + ldap_pvt_mp_t sc_refs; + + ldap_pvt_thread_mutex_t sc_ops_mutex; + ldap_pvt_mp_t sc_ops_completed; + ldap_pvt_mp_t sc_ops_initiated; +#ifdef SLAPD_MONITOR + ldap_pvt_mp_t sc_ops_completed_[SLAP_OP_LAST]; + ldap_pvt_mp_t sc_ops_initiated_[SLAP_OP_LAST]; +#endif /* SLAPD_MONITOR */ +} slap_counters_t; + /* * Better know these all around slapd */ @@ -2309,8 +2500,186 @@ typedef int (SLAP_CTRL_PARSE_FN) LDAP_P(( SlapReply *rs, LDAPControl *ctrl )); -#define SLMALLOC_SLAB_SIZE (1024*1024) +#define SLAP_SLAB_SIZE (1024*1024) + +#if defined(LDAP_DEVEL) && defined(ENABLE_REWRITE) +/* use librewrite for sasl-regexp */ +#define SLAP_AUTH_REWRITE 1 +#endif /* LDAP_DEVEL && ENABLE_REWRITE */ +#ifdef LDAP_COMP_MATCH +/* + * Extensible Filter Definition + * + * MatchingRuleAssertion := SEQUENCE { + * matchingRule [1] MatchingRuleId OPTIONAL, + * type [2] AttributeDescription OPTIONAL, + * matchValue [3] AssertionValue, + * dnAttributes [4] BOOLEAN DEFAULT FALSE } + * + * Following ComponentFilter is contained in matchValue + * + * ComponentAssertion ::= SEQUENCE { + * component ComponentReference (SIZE(1..MAX)) OPTIONAL + * useDefaultValues BOOLEAN DEFAULT TRUE, + * rule MATCHING-RULE.&id, + * value MATCHING-RULE.&AssertionType } + * + * ComponentFilter ::= CHOICE { + * item [0] ComponentAssertion, + * and [1] SEQUENCE OF ComponentFilter, + * or [2] SEQUENCE OF ComponentFilter, + * not [3] ComponentFilter } + */ + +#define LDAP_COMPREF_IDENTIFIER ((ber_tag_t) 0x80U) +#define LDAP_COMPREF_FROM_BEGINNING ((ber_tag_t) 0x81U) +#define LDAP_COMPREF_COUNT ((ber_tag_t) 0x82U) +#define LDAP_COMPREF_FROM_END ((ber_tag_t) 0x83U) +#define LDAP_COMPREF_CONTENT ((ber_tag_t) 0x84U) +#define LDAP_COMPREF_SELECT ((ber_tag_t) 0x85U) +#define LDAP_COMPREF_ALL ((ber_tag_t) 0x86U) +#define LDAP_COMPREF_DEFINED ((ber_tag_t) 0x87U) +#define LDAP_COMPREF_UNDEFINED ((ber_tag_t) 0x88U) + +#define LDAP_COMP_FILTER_AND ((ber_tag_t) 0xa0U) +#define LDAP_COMP_FILTER_OR ((ber_tag_t) 0xa1U) +#define LDAP_COMP_FILTER_NOT ((ber_tag_t) 0xa2U) +#define LDAP_COMP_FILTER_ITEM ((ber_tag_t) 0xa3U) +#define LDAP_COMP_FILTER_UNDEFINED ((ber_tag_t) 0xa4U) + +typedef struct slap_component_id{ + int ci_type; + struct slap_component_id *ci_next; + + union comp_id_value{ + BerValue ci_identifier; + ber_int_t ci_from_beginning; + ber_int_t ci_count; + ber_int_t ci_from_end; + BerValue ci_select_value; + char ci_all; + } ci_val; +} ComponentId; + +typedef struct slap_component_reference { + ComponentId *cr_list; + ComponentId *cr_curr; + struct berval cr_string; + int cr_len; +} ComponentReference; + +typedef struct slap_component_assertion { + ComponentReference *ca_comp_ref; + ber_int_t ca_use_def; + MatchingRule *ca_ma_rule; + struct berval ca_ma_value; + void* ca_component_values; + struct slap_component_filter *ca_cf; + MatchingRuleAssertion *ca_mra; +} ComponentAssertion; + +typedef struct slap_component_filter { + ber_tag_t cf_choice; + union cf_un_u { + ber_int_t cf_un_result; + ComponentAssertion *cf_un_ca; + struct slap_component_filter *cf_un_complex; + } cf_un; + +#define cf_ca cf_un.cf_un_ca +#define cf_result cf_un.cf_un_result +#define cf_and cf_un.cf_un_complex +#define cf_or cf_un.cf_un_complex +#define cf_not cf_un.cf_un_complex +#define cf_any cf_un.cf_un_complex + + struct slap_component_filter *cf_next; +} ComponentFilter; + +typedef struct slap_component_assertion_value { + char* cav_buf; + char* cav_ptr; + char* cav_end; +} ComponentAssertionValue; +/* +typedef int encoder_func LDAP_P(( + void* b, + void* comp));*/ + +struct slap_component_syntax_info; + +typedef int gser_decoder_func LDAP_P(( + void* b, + struct slap_component_syntax_info* comp_syn_info, + int* len, + int mode)); + +typedef int comp_free_func LDAP_P(( + void* b)); + +typedef int ber_decoder_func LDAP_P(( + void* b, + int tag, + int elmtLen, + struct slap_component_syntax_info* comp_syn_info, + int* len, + int mode)); + +typedef int ber_tag_decoder_func LDAP_P(( + void* b, + struct slap_component_syntax_info* comp_syn_info, + int* len, + int mode)); + +typedef void* extract_component_from_id_func LDAP_P(( + ComponentReference* cr, + void* comp )); + +typedef void* convert_attr_to_comp_func LDAP_P (( + Attribute* a, + Syntax* syn, + struct berval* bv )); + +struct slap_component_syntax_info; +typedef int convert_assert_to_comp_func LDAP_P (( + struct slap_component_syntax_info* csi_attr, + struct berval* bv, + struct slap_component_syntax_info** csi, + int* len, + int mode )); + +typedef int convert_asn_to_ldap_func LDAP_P (( + struct slap_component_syntax_info* csi, + struct berval *bv )); + +typedef void free_component_func LDAP_P (( + struct slap_component_syntax_info* csi )); + +typedef int allcomponent_matching_func LDAP_P(( + char* oid, + struct slap_component_syntax_info* comp1, + struct slap_component_syntax_info* comp)); + +typedef struct slap_component_desc{ + int cd_tag; + int cd_type; + int cd_type_id; + gser_decoder_func *cd_gser_decoder; + ber_decoder_func *cd_ber_decoder; + comp_free_func *cd_free; + extract_component_from_id_func* cd_extract_i; + slap_syntax_validate_func *cd_validate; + slap_syntax_transform_func *cd_pretty; + allcomponent_matching_func *cd_all_match; +} ComponentDesc; + +typedef struct slap_component_syntax_info { + Syntax* csi_syntax; + ComponentDesc* csi_comp_desc; +} ComponentSyntaxInfo; + +#endif LDAP_END_DECL #include "proto-slap.h"