X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=f46d69e69d70492635a2e00d01b57ba2bf9a17a5;hb=fa1f4d3c38b332fc5faf6d84911df2618ce9af09;hp=a419a941039c4046e3ba0679714ecc672a05f88e;hpb=4fcab959c02ef360373e055f8a739f16286e8112;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index a419a94103..f46d69e69d 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2005 The OpenLDAP Foundation. + * Copyright 1998-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -58,24 +58,33 @@ LDAP_BEGIN_DECL - #ifdef LDAP_DEVEL +#define SLAP_LIGHTWEIGHT_DISPATCHER /* experimental slapd architecture */ +#define SLAP_MULTI_CONN_ARRAY +#ifdef LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL +#define SLAP_SEM_LOAD_CONTROL +#endif /* LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL */ + #define SLAP_ACL_HONOR_DISCLOSE /* partially implemented */ #define SLAP_ACL_HONOR_MANAGE /* not yet implemented */ -#define SLAP_DYNACL +#define SLAP_OVERLAY_ACCESS #define LDAP_COMP_MATCH #define LDAP_DYNAMIC_OBJECTS #define LDAP_SYNC_TIMESTAMP #define LDAP_COLLECTIVE_ATTRIBUTES #define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE -#define SLAP_USE_CONFDIR /* partially implemented */ +#define SLAP_ORDERED_PRETTYNORM +#define SLAP_AUTHZ_SYNTAX #ifdef ENABLE_REWRITE #define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */ #endif #endif +#if defined(LDAP_SLAPI) && !defined(SLAP_OVERLAY_ACCESS) +#define SLAP_OVERLAY_ACCESS +#endif /* * SLAPD Memory allocation macros @@ -100,7 +109,7 @@ LDAP_BEGIN_DECL #endif #define SERVICE_NAME OPENLDAP_PACKAGE "-slapd" -#define SLAPD_ANONYMOUS "cn=anonymous" +#define SLAPD_ANONYMOUS "" /* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h! * This is a value used internally by the backends. It is needed to allow @@ -189,13 +198,6 @@ LDAP_BEGIN_DECL #define SLAPD_ROLE_ATTR "roleOccupant" #define SLAPD_ROLE_CLASS "organizationalRole" -#ifdef SLAPD_ACI_ENABLED -#define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" -#endif - -/* change this to "OpenLDAPset" */ -#define SLAPD_ACI_SET_ATTR "template" - #define SLAPD_TOP_OID "2.5.6.0" LDAP_SLAPD_V (int) slap_debug; @@ -279,31 +281,36 @@ typedef struct slap_ssf_set { /* * represents schema information for a database */ -#define SLAP_SCHERR_OUTOFMEM 1 -#define SLAP_SCHERR_CLASS_NOT_FOUND 2 -#define SLAP_SCHERR_CLASS_BAD_USAGE 3 -#define SLAP_SCHERR_CLASS_BAD_SUP 4 -#define SLAP_SCHERR_CLASS_DUP 5 -#define SLAP_SCHERR_ATTR_NOT_FOUND 6 -#define SLAP_SCHERR_ATTR_BAD_MR 7 -#define SLAP_SCHERR_ATTR_BAD_USAGE 8 -#define SLAP_SCHERR_ATTR_BAD_SUP 9 -#define SLAP_SCHERR_ATTR_INCOMPLETE 10 -#define SLAP_SCHERR_ATTR_DUP 11 -#define SLAP_SCHERR_MR_NOT_FOUND 12 -#define SLAP_SCHERR_MR_INCOMPLETE 13 -#define SLAP_SCHERR_MR_DUP 14 -#define SLAP_SCHERR_SYN_NOT_FOUND 15 -#define SLAP_SCHERR_SYN_DUP 16 -#define SLAP_SCHERR_NO_NAME 17 -#define SLAP_SCHERR_NOT_SUPPORTED 18 -#define SLAP_SCHERR_BAD_DESCR 19 -#define SLAP_SCHERR_OIDM 20 -#define SLAP_SCHERR_CR_DUP 21 -#define SLAP_SCHERR_CR_BAD_STRUCT 22 -#define SLAP_SCHERR_CR_BAD_AUX 23 -#define SLAP_SCHERR_CR_BAD_AT 24 -#define SLAP_SCHERR_LAST SLAP_SCHERR_CR_BAD_AT +enum { + SLAP_SCHERR_OUTOFMEM = 1, + SLAP_SCHERR_CLASS_NOT_FOUND, + SLAP_SCHERR_CLASS_BAD_USAGE, + SLAP_SCHERR_CLASS_BAD_SUP, + SLAP_SCHERR_CLASS_DUP, + SLAP_SCHERR_CLASS_INCONSISTENT, + SLAP_SCHERR_ATTR_NOT_FOUND, + SLAP_SCHERR_ATTR_BAD_MR, + SLAP_SCHERR_ATTR_BAD_USAGE, + SLAP_SCHERR_ATTR_BAD_SUP, + SLAP_SCHERR_ATTR_INCOMPLETE, + SLAP_SCHERR_ATTR_DUP, + SLAP_SCHERR_ATTR_INCONSISTENT, + SLAP_SCHERR_MR_NOT_FOUND, + SLAP_SCHERR_MR_INCOMPLETE, + SLAP_SCHERR_MR_DUP, + SLAP_SCHERR_SYN_NOT_FOUND, + SLAP_SCHERR_SYN_DUP, + SLAP_SCHERR_NO_NAME, + SLAP_SCHERR_NOT_SUPPORTED, + SLAP_SCHERR_BAD_DESCR, + SLAP_SCHERR_OIDM, + SLAP_SCHERR_CR_DUP, + SLAP_SCHERR_CR_BAD_STRUCT, + SLAP_SCHERR_CR_BAD_AUX, + SLAP_SCHERR_CR_BAD_AT, + + SLAP_SCHERR_LAST +}; typedef union slap_sockaddr { struct sockaddr sa_addr; @@ -483,6 +490,8 @@ typedef struct slap_matching_rule { #define SLAP_MR_HIDE 0x8000U #endif +#define SLAP_MR_MUTATION_NORMALIZER 0x4000U + #define SLAP_MR_TYPE_MASK 0x0F00U #define SLAP_MR_SUBTYPE_MASK 0x00F0U #define SLAP_MR_USAGE 0x000FU @@ -641,19 +650,25 @@ typedef struct slap_attribute_type { Syntax *sat_syntax; AttributeTypeSchemaCheckFN *sat_check; + char *sat_oidmacro; -#define SLAP_AT_NONE 0x0000U -#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */ -#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */ +#define SLAP_AT_NONE 0x0000U +#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */ +#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */ #ifdef LDAP_DEVEL -#define SLAP_AT_HIDE 0x0000U /* publish everything */ +#define SLAP_AT_HIDE 0x0000U /* publish everything */ #else -#define SLAP_AT_HIDE 0x8000U /* hide attribute */ +#define SLAP_AT_HIDE 0x8000U /* hide attribute */ #endif -#define SLAP_AT_DYNAMIC 0x0400U /* dynamically generated */ +#define SLAP_AT_DYNAMIC 0x0400U /* dynamically generated */ -#define SLAP_AT_ORDERED 0x0001U /* values are ordered */ -#define SLAP_AT_HARDCODE 0x10000U /* This is hardcoded schema */ +#define SLAP_AT_MANAGEABLE 0x0800U /* no-user-mod can be by-passed */ + +#define SLAP_AT_ORDERED_VAL 0x0001U /* values are ordered */ +#define SLAP_AT_ORDERED_SIB 0x0002U /* siblings are ordered */ +#define SLAP_AT_ORDERED 0x0003U /* value has order index */ + +#define SLAP_AT_HARDCODE 0x10000U /* hardcoded schema */ slap_mask_t sat_flags; @@ -700,6 +715,7 @@ typedef struct slap_object_class { AttributeType **soc_required; AttributeType **soc_allowed; ObjectClassSchemaCheckFN *soc_check; + char *soc_oidmacro; slap_mask_t soc_flags; #define soc_oid soc_oclass.oc_oid #define soc_names soc_oclass.oc_names @@ -714,6 +730,10 @@ typedef struct slap_object_class { LDAP_STAILQ_ENTRY(slap_object_class) soc_next; } ObjectClass; +#define SLAP_OCF_SET_FLAGS 0x1 +#define SLAP_OCF_CHECK_SUP 0x2 +#define SLAP_OCF_MASK (SLAP_OCF_SET_FLAGS|SLAP_OCF_CHECK_SUP) + #define SLAP_OC_ALIAS 0x0001 #define SLAP_OC_REFERRAL 0x0002 #define SLAP_OC_SUBENTRY 0x0004 @@ -751,6 +771,7 @@ typedef struct slap_content_rule { #define scr_at_oids_may scr_crule.cr_at_oids_may #define scr_at_oids_not scr_crule.cr_at_oids_not + char *scr_oidmacro; #define SLAP_CR_HARDCODE 0x10000U int scr_flags; @@ -769,6 +790,13 @@ typedef struct slap_attr_desc { #define SLAP_DESC_TAG_RANGE 0x80U } AttributeDescription; +/* flags to slap_*2undef_ad to register undefined (0, the default) + * or proxied (SLAP_AD_PROXIED) AttributeDescriptions; the additional + * SLAP_AD_NOINSERT is to lookup without insert */ +#define SLAP_AD_UNDEF 0x00U +#define SLAP_AD_PROXIED 0x01U +#define SLAP_AD_NOINSERT 0x02U + typedef struct slap_attr_name { struct berval an_name; AttributeDescription *an_desc; @@ -860,9 +888,6 @@ struct slap_internal_schema { AttributeDescription *si_ad_children; AttributeDescription *si_ad_saslAuthzTo; AttributeDescription *si_ad_saslAuthzFrom; -#ifdef SLAPD_ACI_ENABLED - AttributeDescription *si_ad_aci; -#endif /* dynamic entries */ AttributeDescription *si_ad_entryTtl; @@ -873,18 +898,26 @@ struct slap_internal_schema { AttributeDescription *si_ad_name; AttributeDescription *si_ad_cn; AttributeDescription *si_ad_uid; + AttributeDescription *si_ad_uidNumber; + AttributeDescription *si_ad_gidNumber; AttributeDescription *si_ad_userPassword; AttributeDescription *si_ad_labeledURI; #ifdef SLAPD_AUTHPASSWD AttributeDescription *si_ad_authPassword; + AttributeDescription *si_ad_authPasswordSchemes; #endif #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND AttributeDescription *si_ad_krbName; #endif - + AttributeDescription *si_ad_description; + AttributeDescription *si_ad_seeAlso; + /* Undefined Attribute Type */ AttributeType *si_at_undefined; + /* "Proxied" Attribute Type */ + AttributeType *si_at_proxied; + /* Matching Rules */ MatchingRule *si_mr_distinguishedNameMatch; MatchingRule *si_mr_dnSubtreeMatch; @@ -953,9 +986,7 @@ typedef struct slap_filter { #define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1) #define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2) #define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3) -#ifdef LDAP_SCOPE_SUBORDINATE #define SLAPD_FILTER_DN_CHILDREN ((ber_tag_t) -4) -#endif union f_un_u { /* precomputed result */ @@ -1119,7 +1150,14 @@ typedef struct slap_entry { * A list of LDAPMods */ typedef struct slap_mod { - int sm_op; + short sm_op; + short sm_flags; +/* Set for internal mods, will bypass ACL checks. Only needed when + * running as non-root user, for user modifiable attributes. + */ +#define SLAP_MOD_INTERNAL 0x01 +#define SLAP_MOD_MANAGING 0x02 + AttributeDescription *sm_desc; struct berval sm_type; BerVarray sm_values; @@ -1129,6 +1167,7 @@ typedef struct slap_mod { typedef struct slap_mod_list { Modification sml_mod; #define sml_op sml_mod.sm_op +#define sml_flags sml_mod.sm_flags #define sml_desc sml_mod.sm_desc #define sml_type sml_mod.sm_type #define sml_values sml_mod.sm_values @@ -1155,8 +1194,25 @@ typedef enum slap_access_e { ACL_COMPARE, ACL_SEARCH, ACL_READ, - ACL_WRITE, - ACL_MANAGE + ACL_WRITE_, + ACL_MANAGE, + + /* always leave at end of levels but not greater than ACL_LEVEL_MASK */ + ACL_LAST, + + /* ACL level mask and modifiers */ + ACL_LEVEL_MASK = 0x000f, + ACL_QUALIFIER1 = 0x0100, + ACL_QUALIFIER2 = 0x0200, + ACL_QUALIFIER3 = 0x0400, + ACL_QUALIFIER4 = 0x0800, + ACL_QUALIFIER_MASK = 0x0f00, + + /* write granularity */ + ACL_WADD = ACL_WRITE_|ACL_QUALIFIER1, + ACL_WDEL = ACL_WRITE_|ACL_QUALIFIER2, + + ACL_WRITE = ACL_WADD|ACL_WDEL } slap_access_t; typedef enum slap_control_e { @@ -1173,6 +1229,7 @@ typedef enum slap_style_e { ACL_STYLE_ONE, ACL_STYLE_SUBTREE, ACL_STYLE_CHILDREN, + ACL_STYLE_LEVEL, ACL_STYLE_ATTROF, ACL_STYLE_ANONYMOUS, ACL_STYLE_USERS, @@ -1201,9 +1258,10 @@ struct slap_op; /* * "dynamic" ACL infrastructure (for ACIs and more) */ -typedef int (slap_dynacl_parse)( const char *fname, int lineno, slap_style_t, const char *, void **privp ); -typedef int (slap_dynacl_unparse)( void *priv, struct berval *bv ); -typedef int (slap_dynacl_mask)( +typedef int (slap_dynacl_parse) LDAP_P(( const char *fname, int lineno, + const char *opts, slap_style_t, const char *, void **privp )); +typedef int (slap_dynacl_unparse) LDAP_P(( void *priv, struct berval *bv )); +typedef int (slap_dynacl_mask) LDAP_P(( void *priv, struct slap_op *op, Entry *e, @@ -1212,8 +1270,8 @@ typedef int (slap_dynacl_mask)( int nmatch, regmatch_t *matches, slap_access_t *grant, - slap_access_t *deny ); -typedef int (slap_dynacl_destroy)( void *priv ); + slap_access_t *deny )); +typedef int (slap_dynacl_destroy) LDAP_P(( void *priv )); typedef struct slap_dynacl_t { char *da_name; @@ -1227,11 +1285,29 @@ typedef struct slap_dynacl_t { } slap_dynacl_t; #endif /* SLAP_DYNACL */ +/* the DN portion of the "by" part */ +typedef struct slap_dn_access { + /* DN pattern */ + AuthorizationInformation a_dnauthz; +#define a_pat a_dnauthz.sai_dn + + slap_style_t a_style; + int a_level; + int a_self_level; + AttributeDescription *a_at; + int a_self; + int a_expand; +} slap_dn_access; + /* the "by" part */ typedef struct slap_access { slap_control_t a_type; -#define ACL_ACCESS2PRIV(access) (0x01U << (access)) +/* strip qualifiers */ +#define ACL_LEVEL(p) ((p) & ACL_LEVEL_MASK) +#define ACL_QUALIFIERS(p) ((p) & ~ACL_LEVEL_MASK) + +#define ACL_ACCESS2PRIV(access) ((0x01U << ACL_LEVEL((access))) | ACL_QUALIFIERS((access))) #define ACL_PRIV_NONE ACL_ACCESS2PRIV( ACL_NONE ) #define ACL_PRIV_DISCLOSE ACL_ACCESS2PRIV( ACL_DISCLOSE ) @@ -1239,25 +1315,28 @@ typedef struct slap_access { #define ACL_PRIV_COMPARE ACL_ACCESS2PRIV( ACL_COMPARE ) #define ACL_PRIV_SEARCH ACL_ACCESS2PRIV( ACL_SEARCH ) #define ACL_PRIV_READ ACL_ACCESS2PRIV( ACL_READ ) -#define ACL_PRIV_WRITE ACL_ACCESS2PRIV( ACL_WRITE ) +#define ACL_PRIV_WADD ACL_ACCESS2PRIV( ACL_WADD ) +#define ACL_PRIV_WDEL ACL_ACCESS2PRIV( ACL_WDEL ) +#define ACL_PRIV_WRITE ( ACL_PRIV_WADD | ACL_PRIV_WDEL ) #define ACL_PRIV_MANAGE ACL_ACCESS2PRIV( ACL_MANAGE ) -#define ACL_PRIV_MASK 0x00ffUL +/* NOTE: always use the highest level; current: 0x00ffUL */ +#define ACL_PRIV_MASK ((ACL_ACCESS2PRIV(ACL_LAST) - 1) | ACL_QUALIFIER_MASK) /* priv flags */ #define ACL_PRIV_LEVEL 0x1000UL #define ACL_PRIV_ADDITIVE 0x2000UL -#define ACL_PRIV_SUBSTRACTIVE 0x4000UL +#define ACL_PRIV_SUBSTRACTIVE 0x4000UL /* invalid privs */ #define ACL_PRIV_INVALID 0x0UL #define ACL_PRIV_ISSET(m,p) (((m) & (p)) == (p)) -#define ACL_PRIV_ASSIGN(m,p) do { (m) = (p); } while(0) +#define ACL_PRIV_ASSIGN(m,p) do { (m) = (p); } while(0) #define ACL_PRIV_SET(m,p) do { (m) |= (p); } while(0) #define ACL_PRIV_CLR(m,p) do { (m) &= ~(p); } while(0) -#define ACL_INIT(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_NONE) +#define ACL_INIT(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_NONE) #define ACL_INVALIDATE(m) ACL_PRIV_ASSIGN(m, ACL_PRIV_INVALID) #define ACL_GRANT(m,a) ACL_PRIV_ISSET((m),ACL_ACCESS2PRIV(a)) @@ -1266,7 +1345,7 @@ typedef struct slap_access { #define ACL_IS_LEVEL(m) ACL_PRIV_ISSET((m),ACL_PRIV_LEVEL) #define ACL_IS_ADDITIVE(m) ACL_PRIV_ISSET((m),ACL_PRIV_ADDITIVE) -#define ACL_IS_SUBTRACTIVE(m) ACL_PRIV_ISSET((m),ACL_PRIV_SUBSTRACTIVE) +#define ACL_IS_SUBTRACTIVE(m) ACL_PRIV_ISSET((m),ACL_PRIV_SUBSTRACTIVE) #define ACL_LVL_NONE (ACL_PRIV_NONE|ACL_PRIV_LEVEL) #define ACL_LVL_DISCLOSE (ACL_PRIV_DISCLOSE|ACL_LVL_NONE) @@ -1274,18 +1353,22 @@ typedef struct slap_access { #define ACL_LVL_COMPARE (ACL_PRIV_COMPARE|ACL_LVL_AUTH) #define ACL_LVL_SEARCH (ACL_PRIV_SEARCH|ACL_LVL_COMPARE) #define ACL_LVL_READ (ACL_PRIV_READ|ACL_LVL_SEARCH) +#define ACL_LVL_WADD (ACL_PRIV_WADD|ACL_LVL_READ) +#define ACL_LVL_WDEL (ACL_PRIV_WDEL|ACL_LVL_READ) #define ACL_LVL_WRITE (ACL_PRIV_WRITE|ACL_LVL_READ) #define ACL_LVL_MANAGE (ACL_PRIV_MANAGE|ACL_LVL_WRITE) #define ACL_LVL(m,l) (((m)&ACL_PRIV_MASK) == ((l)&ACL_PRIV_MASK)) #define ACL_LVL_IS_NONE(m) ACL_LVL((m),ACL_LVL_NONE) -#define ACL_LVL_IS_DISCLOSE(m) ACL_LVL((m),ACL_LVL_DISCLOSE) +#define ACL_LVL_IS_DISCLOSE(m) ACL_LVL((m),ACL_LVL_DISCLOSE) #define ACL_LVL_IS_AUTH(m) ACL_LVL((m),ACL_LVL_AUTH) -#define ACL_LVL_IS_COMPARE(m) ACL_LVL((m),ACL_LVL_COMPARE) -#define ACL_LVL_IS_SEARCH(m) ACL_LVL((m),ACL_LVL_SEARCH) +#define ACL_LVL_IS_COMPARE(m) ACL_LVL((m),ACL_LVL_COMPARE) +#define ACL_LVL_IS_SEARCH(m) ACL_LVL((m),ACL_LVL_SEARCH) #define ACL_LVL_IS_READ(m) ACL_LVL((m),ACL_LVL_READ) +#define ACL_LVL_IS_WADD(m) ACL_LVL((m),ACL_LVL_WADD) +#define ACL_LVL_IS_WDEL(m) ACL_LVL((m),ACL_LVL_WDEL) #define ACL_LVL_IS_WRITE(m) ACL_LVL((m),ACL_LVL_WRITE) -#define ACL_LVL_IS_MANAGE(m) ACL_LVL((m),ACL_LVL_MANAGE) +#define ACL_LVL_IS_MANAGE(m) ACL_LVL((m),ACL_LVL_MANAGE) #define ACL_LVL_ASSIGN_NONE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_NONE) #define ACL_LVL_ASSIGN_DISCLOSE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_DISCLOSE) @@ -1293,19 +1376,30 @@ typedef struct slap_access { #define ACL_LVL_ASSIGN_COMPARE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_COMPARE) #define ACL_LVL_ASSIGN_SEARCH(m) ACL_PRIV_ASSIGN((m),ACL_LVL_SEARCH) #define ACL_LVL_ASSIGN_READ(m) ACL_PRIV_ASSIGN((m),ACL_LVL_READ) +#define ACL_LVL_ASSIGN_WADD(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WADD) +#define ACL_LVL_ASSIGN_WDEL(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WDEL) #define ACL_LVL_ASSIGN_WRITE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WRITE) #define ACL_LVL_ASSIGN_MANAGE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_MANAGE) slap_mask_t a_access_mask; - AuthorizationInformation a_authz; -#define a_dn_pat a_authz.sai_dn + /* DN pattern */ + slap_dn_access a_dn; +#define a_dn_pat a_dn.a_dnauthz.sai_dn +#define a_dn_at a_dn.a_at +#define a_dn_self a_dn.a_self - slap_style_t a_dn_style; - AttributeDescription *a_dn_at; - int a_dn_self; - int a_dn_expand; + /* real DN pattern */ + slap_dn_access a_realdn; +#define a_realdn_pat a_realdn.a_dnauthz.sai_dn +#define a_realdn_at a_realdn.a_at +#define a_realdn_self a_realdn.a_self + /* used for ssf stuff + * NOTE: the ssf stuff in a_realdn is ignored */ +#define a_authz a_dn.a_dnauthz + + /* connection related stuff */ slap_style_t a_peername_style; struct berval a_peername_pat; unsigned long a_peername_addr, @@ -1326,10 +1420,6 @@ typedef struct slap_access { #ifdef SLAP_DYNACL slap_dynacl_t *a_dynacl; -#else /* ! SLAP_DYNACL */ -#ifdef SLAPD_ACI_ENABLED - AttributeDescription *a_aci_at; -#endif #endif /* SLAP_DYNACL */ /* ACL Groups */ @@ -1349,6 +1439,7 @@ typedef struct slap_acl { regex_t acl_dn_re; struct berval acl_dn_pat; AttributeName *acl_attrs; + MatchingRule *acl_attrval_mr; slap_style_t acl_attrval_style; regex_t acl_attrval_re; struct berval acl_attrval; @@ -1359,12 +1450,15 @@ typedef struct slap_acl { struct slap_acl *acl_next; } AccessControl; +typedef enum { + ACL_STATE_NOT_RECORDED = 0x0, + ACL_STATE_RECORDED_VD = 0x1, + ACL_STATE_RECORDED_NV = 0x2, + ACL_STATE_RECORDED = ( ACL_STATE_RECORDED_VD | ACL_STATE_RECORDED_NV ) +} slap_acl_state_t; + typedef struct slap_acl_state { - unsigned as_recorded; -#define ACL_STATE_NOT_RECORDED 0x0 -#define ACL_STATE_RECORDED_VD 0x1 -#define ACL_STATE_RECORDED_NV 0x2 -#define ACL_STATE_RECORDED 0x3 + slap_acl_state_t as_recorded; /* Access state */ AccessControl *as_vd_acl; @@ -1389,11 +1483,13 @@ typedef struct slap_acl_state { typedef struct slap_backend_info BackendInfo; /* per backend type */ typedef struct slap_backend_db BackendDB; /* per backend database */ +typedef LDAP_STAILQ_HEAD(BeI, slap_backend_info) slap_bi_head; +typedef LDAP_STAILQ_HEAD(BeDB, slap_backend_db) slap_be_head; LDAP_SLAPD_V (int) nBackendInfo; LDAP_SLAPD_V (int) nBackendDB; -LDAP_SLAPD_V (BackendInfo *) backendInfo; -LDAP_SLAPD_V (BackendDB *) backendDB; +LDAP_SLAPD_V (slap_bi_head) backendInfo; +LDAP_SLAPD_V (slap_be_head) backendDB; LDAP_SLAPD_V (BackendDB *) frontendDB; LDAP_SLAPD_V (int) slapMode; @@ -1406,25 +1502,27 @@ LDAP_SLAPD_V (int) slapMode; #define SLAP_TOOL_READMAIN 0x0200 #define SLAP_TOOL_READONLY 0x0400 #define SLAP_TOOL_QUICK 0x0800 +#define SLAP_TOOL_NO_SCHEMA_CHECK 0x1000 +#define SB_TLS_DEFAULT (-1) #define SB_TLS_OFF 0 #define SB_TLS_ON 1 -#define SB_TLS_CRITICAL 2 +#define SB_TLS_CRITICAL 2 typedef struct slap_bindconf { + struct berval sb_uri; int sb_tls; int sb_method; - char *sb_binddn; - char *sb_cred; - char *sb_saslmech; + struct berval sb_binddn; + struct berval sb_cred; + struct berval sb_saslmech; char *sb_secprops; - char *sb_realm; - char *sb_authcId; - char *sb_authzId; + struct berval sb_realm; + struct berval sb_authcId; + struct berval sb_authzId; } slap_bindconf; struct slap_replica_info { - const char *ri_uri; /* supersedes be_replica */ const char *ri_host; /* points to host part of uri */ BerVarray ri_nsuffix; /* array of suffixes this replica accepts */ AttributeName *ri_attrs; /* attrs to replicate, NULL=all */ @@ -1434,9 +1532,17 @@ struct slap_replica_info { typedef struct slap_verbmasks { struct berval word; - const int mask; + const slap_mask_t mask; } slap_verbmasks; +typedef struct slap_cf_aux_table { + struct berval key; + int off; + char type; + char quote; + slap_verbmasks *aux; +} slap_cf_aux_table; + #define SLAP_LIMIT_TIME 1 #define SLAP_LIMIT_SIZE 2 @@ -1503,16 +1609,12 @@ typedef BackendDB Backend; * syncinfo structure for syncrepl */ +struct syncinfo_s; + #define SLAP_SYNC_RID_SIZE 3 #define SLAP_SYNCUUID_SET_SIZE 256 -#define SLAP_SYNC_UPDATE_MSGID 2 - -struct nonpresent_entry { - struct berval *npe_name; - struct berval *npe_nname; - LDAP_LIST_ENTRY(nonpresent_entry) npe_link; -}; +#define SLAP_SYNC_UPDATE_MSGID 1 struct sync_cookie { struct berval ctxcsn; @@ -1523,46 +1625,14 @@ struct sync_cookie { LDAP_STAILQ_HEAD( slap_sync_cookie_s, sync_cookie ); -typedef struct syncinfo_s { - struct slap_backend_db *si_be; - long si_rid; - struct berval si_provideruri; - slap_bindconf si_bindconf; - struct berval si_filterstr; - struct berval si_base; - int si_scope; - int si_attrsonly; - char *si_anfile; - AttributeName *si_anlist; - AttributeName *si_exanlist; - char **si_attrs; - char **si_exattrs; - int si_allattrs; - int si_allopattrs; - int si_schemachecking; - int si_type; - time_t si_interval; - time_t *si_retryinterval; - int *si_retrynum_init; - int *si_retrynum; - struct sync_cookie si_syncCookie; - int si_manageDSAit; - int si_slimit; - int si_tlimit; - int si_refreshDelete; - int si_refreshPresent; - Avlnode *si_presentlist; - LDAP *si_ld; - LDAP_LIST_HEAD(np, nonpresent_entry) si_nonpresentlist; - ldap_pvt_thread_mutex_t si_mutex; -} syncinfo_t; - LDAP_TAILQ_HEAD( be_pcl, slap_csn_entry ); #ifndef SLAP_MAX_CIDS #define SLAP_MAX_CIDS 32 /* Maximum number of supported controls */ #endif +struct ConfigOCs; /* config.h */ + struct slap_backend_db { BackendInfo *bd_info; /* pointer to shared backend info */ @@ -1632,7 +1702,9 @@ struct slap_backend_db { #define SLAP_DBFLAG_GLUE_ADVERTISE 0x0080U /* advertise in rootDSE */ #define SLAP_DBFLAG_OVERLAY 0x0100U /* this db struct is an overlay */ #define SLAP_DBFLAG_GLOBAL_OVERLAY 0x0200U /* this db struct is a global overlay */ +#define SLAP_DBFLAG_DYNAMIC 0x0400U /* this db allows dynamicObjects */ #define SLAP_DBFLAG_SHADOW 0x8000U /* a shadow */ +#define SLAP_DBFLAG_SINGLE_SHADOW 0x4000U /* a single-master shadow */ #define SLAP_DBFLAG_SYNC_SHADOW 0x1000U /* a sync shadow */ #define SLAP_DBFLAG_SLURP_SHADOW 0x2000U /* a slurp shadow */ slap_mask_t be_flags; @@ -1640,6 +1712,7 @@ struct slap_backend_db { #define SLAP_NOLASTMOD(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD) #define SLAP_LASTMOD(be) (!SLAP_NOLASTMOD(be)) #define SLAP_ISOVERLAY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_OVERLAY) +#define SLAP_ISGLOBALOVERLAY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLOBAL_OVERLAY) #define SLAP_NO_SCHEMA_CHECK(be) \ (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NO_SCHEMA_CHECK) #define SLAP_GLUE_INSTANCE(be) \ @@ -1653,6 +1726,8 @@ struct slap_backend_db { #define SLAP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SHADOW) #define SLAP_SYNC_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SYNC_SHADOW) #define SLAP_SLURP_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SLURP_SHADOW) +#define SLAP_SINGLE_SHADOW(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SINGLE_SHADOW) +#define SLAP_MULTIMASTER(be) (!SLAP_SINGLE_SHADOW(be)) slap_mask_t be_restrictops; /* restriction operations */ #define SLAP_RESTRICT_OP_ADD 0x0001U @@ -1681,12 +1756,18 @@ struct slap_backend_db { | SLAP_RESTRICT_OP_DELETE \ | SLAP_RESTRICT_OP_MODIFY \ | SLAP_RESTRICT_OP_RENAME ) +#define SLAP_RESTRICT_OP_ALL \ + ( SLAP_RESTRICT_OP_READS \ + | SLAP_RESTRICT_OP_WRITES \ + | SLAP_RESTRICT_OP_BIND \ + | SLAP_RESTRICT_OP_EXTENDED ) -#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */ +#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */ #define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */ #define SLAP_ALLOW_BIND_ANON_DN 0x0004U /* dn should be empty */ #define SLAP_ALLOW_UPDATE_ANON 0x0008U /* allow anonymous updates */ +#define SLAP_ALLOW_PROXY_AUTHZ_ANON 0x0010U /* allow anonymous proxyAuthz */ #define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */ #define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */ @@ -1725,38 +1806,44 @@ struct slap_backend_db { /* Replica Information */ struct slap_replica_info **be_replica; /* replicas of this backend (in master) */ char *be_replogfile; /* replication log file (in master) */ + char *be_replica_argsfile; /* per-replog replica args file */ + char *be_replica_pidfile; /* per-replog replica pid file */ + int be_replicationinterval; /* per-replog replicationinterval */ struct berval be_update_ndn; /* allowed to make changes (in replicas) */ BerVarray be_update_refs; /* where to refer modifying clients to */ struct be_pcl *be_pending_csn_list; ldap_pvt_thread_mutex_t be_pcl_mutex; ldap_pvt_thread_mutex_t *be_pcl_mutexp; - syncinfo_t *be_syncinfo; /* For syncrepl */ + struct syncinfo_s *be_syncinfo; /* For syncrepl */ void *be_pb; /* Netscape plugin */ - struct ConfigTable *be_cf_table; + struct ConfigOCs *be_cf_ocs; void *be_private; /* anything the backend database needs */ + LDAP_STAILQ_ENTRY(slap_backend_db) be_next; }; struct slap_conn; struct slap_op; /* Backend function typedefs */ -typedef int (BI_init) LDAP_P((BackendInfo *bi)); +typedef int (BI_bi_func) LDAP_P((BackendInfo *bi)); +typedef BI_bi_func BI_init; +typedef BI_bi_func BI_open; +typedef BI_bi_func BI_close; +typedef BI_bi_func BI_destroy; typedef int (BI_config) LDAP_P((BackendInfo *bi, const char *fname, int lineno, int argc, char **argv)); -typedef int (BI_open) LDAP_P((BackendInfo *bi)); -typedef int (BI_close) LDAP_P((BackendInfo *bi)); -typedef int (BI_destroy) LDAP_P((BackendInfo *bi)); -typedef int (BI_db_init) LDAP_P((Backend *bd)); +typedef int (BI_db_func) LDAP_P((Backend *bd)); +typedef BI_db_func BI_db_init; +typedef BI_db_func BI_db_open; +typedef BI_db_func BI_db_close; +typedef BI_db_func BI_db_destroy; typedef int (BI_db_config) LDAP_P((Backend *bd, const char *fname, int lineno, int argc, char **argv)); -typedef int (BI_db_open) LDAP_P((Backend *bd)); -typedef int (BI_db_close) LDAP_P((Backend *bd)); -typedef int (BI_db_destroy) LDAP_P((Backend *bd)); typedef struct req_bind_s { int rb_method; @@ -1794,6 +1881,7 @@ typedef struct req_modrdn_s { struct berval *rs_newSup; struct berval *rs_nnewSup; int rs_deleteoldrdn; + Modifications *rs_modlist; } req_modrdn_s; typedef struct req_add_s { @@ -1819,8 +1907,7 @@ typedef struct req_extended_s { } req_extended_s; typedef struct req_pwdexop_s { - struct berval rs_reqoid; - int rs_flags; + struct req_extended_s rs_extended; struct berval rs_old; struct berval rs_new; Modifications *rs_mods; @@ -1882,6 +1969,7 @@ typedef struct slap_rep { slap_mask_t sr_flags; #define REP_ENTRY_MODIFIABLE 0x0001U #define REP_ENTRY_MUSTBEFREED 0x0002U +#define REP_ENTRY_MUSTRELEASE 0x0004U #define REP_MATCHED_MUSTBEFREED 0x0010U #define REP_REF_MUSTBEFREED 0x0020U } SlapReply; @@ -1897,22 +1985,20 @@ typedef struct slap_rep { #define sr_rspdata sr_un.sru_extended.r_rspdata #define sr_sasldata sr_un.sru_sasl.r_sasldata -typedef int (BI_op_bind) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_unbind) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_search) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_compare) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_modify) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_modrdn) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_add) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_delete) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_abandon) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_cancel) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_op_extended) LDAP_P(( - struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_chk_referrals) LDAP_P(( - struct slap_op *op, struct slap_rep *rs )); -typedef int (BI_chk_controls) LDAP_P(( - struct slap_op *op, struct slap_rep *rs )); +typedef int (BI_op_func) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); +typedef BI_op_func BI_op_bind; +typedef BI_op_func BI_op_unbind; +typedef BI_op_func BI_op_search; +typedef BI_op_func BI_op_compare; +typedef BI_op_func BI_op_modify; +typedef BI_op_func BI_op_modrdn; +typedef BI_op_func BI_op_add; +typedef BI_op_func BI_op_delete; +typedef BI_op_func BI_op_abandon; +typedef BI_op_func BI_op_cancel; +typedef BI_op_func BI_op_extended; +typedef BI_op_func BI_chk_referrals; +typedef BI_op_func BI_chk_controls; typedef int (BI_entry_release_rw) LDAP_P(( struct slap_op *op, Entry *e, int rw )); typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn, @@ -1920,11 +2006,21 @@ typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn, typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, Entry *e, int *hasSubs )); - -typedef int (BI_connection_init) LDAP_P(( BackendDB *bd, - struct slap_conn *c )); -typedef int (BI_connection_destroy) LDAP_P(( BackendDB *bd, - struct slap_conn *c )); +#ifdef SLAP_OVERLAY_ACCESS +typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e, + AttributeDescription *desc, struct berval *val, slap_access_t access, + AccessControlState *state, slap_mask_t *maskp )); +typedef int (BI_acl_group) LDAP_P(( struct slap_op *op, Entry *target, + struct berval *gr_ndn, struct berval *op_ndn, + ObjectClass *group_oc, AttributeDescription *group_at )); +typedef int (BI_acl_attribute) LDAP_P(( struct slap_op *op, Entry *target, + struct berval *entry_ndn, AttributeDescription *entry_at, + BerVarray *vals, slap_access_t access )); +#endif /* SLAP_OVERLAY_ACCESS */ + +typedef int (BI_conn_func) LDAP_P(( BackendDB *bd, struct slap_conn *c )); +typedef BI_conn_func BI_connection_init; +typedef BI_conn_func BI_connection_destroy; typedef int (BI_tool_entry_open) LDAP_P(( BackendDB *be, int mode )); typedef int (BI_tool_entry_close) LDAP_P(( BackendDB *be )); @@ -1940,8 +2036,6 @@ typedef int (BI_tool_id2entry_get) LDAP_P(( BackendDB *be, ID id, Entry **e )); typedef ID (BI_tool_entry_modify) LDAP_P(( BackendDB *be, Entry *e, struct berval *text )); -struct ConfigTable; /* config.h */ - struct slap_backend_info { char *bi_type; /* type of backend */ @@ -2021,6 +2115,11 @@ struct slap_backend_info { BI_entry_release_rw *bi_entry_release_rw; BI_has_subordinates *bi_has_subordinates; +#ifdef SLAP_OVERLAY_ACCESS + BI_access_allowed *bi_access_allowed; + BI_acl_group *bi_acl_group; + BI_acl_attribute *bi_acl_attribute; +#endif /* SLAP_OVERLAY_ACCESS */ BI_connection_init *bi_connection_init; BI_connection_destroy *bi_connection_destroy; @@ -2044,6 +2143,7 @@ struct slap_backend_info { slap_mask_t bi_flags; /* backend flags */ #define SLAP_BFLAG_MONITOR 0x0001U /* a monitor backend */ #define SLAP_BFLAG_CONFIG 0x0002U /* a config backend */ +#define SLAP_BFLAG_FRONTEND 0x0004U /* the frontendDB */ #define SLAP_BFLAG_NOLASTMODCMD 0x0010U #define SLAP_BFLAG_INCREMENT 0x0100U #define SLAP_BFLAG_ALIASES 0x1000U @@ -2051,23 +2151,37 @@ struct slap_backend_info { #define SLAP_BFLAG_SUBENTRIES 0x4000U #define SLAP_BFLAG_DYNAMIC 0x8000U +/* overlay specific */ +#define SLAPO_BFLAG_SINGLE 0x01000000U +#define SLAPO_BFLAG_DBONLY 0x02000000U +#define SLAPO_BFLAG_GLOBONLY 0x04000000U +#define SLAPO_BFLAG_MASK 0xFF000000U + #define SLAP_BFLAGS(be) ((be)->bd_info->bi_flags) #define SLAP_MONITOR(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR) #define SLAP_CONFIG(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_CONFIG) +#define SLAP_FRONTEND(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_FRONTEND) #define SLAP_INCREMENT(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_INCREMENT) #define SLAP_ALIASES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES) #define SLAP_REFERRALS(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS) #define SLAP_SUBENTRIES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_SUBENTRIES) -#define SLAP_DYNAMIC(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC) +#define SLAP_DYNAMIC(be) ((SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC) || (SLAP_DBFLAGS(be) & SLAP_DBFLAG_DYNAMIC)) #define SLAP_NOLASTMODCMD(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_NOLASTMODCMD) #define SLAP_LASTMODCMD(be) (!SLAP_NOLASTMODCMD(be)) +/* overlay specific */ +#define SLAPO_SINGLE(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_SINGLE) +#define SLAPO_DBONLY(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_DBONLY) +#define SLAPO_GLOBONLY(be) (SLAP_BFLAGS(be) & SLAPO_BFLAG_GLOBONLY) + char **bi_controls; /* supported controls */ char bi_ctrls[SLAP_MAX_CIDS + 1]; unsigned int bi_nDB; /* number of databases of this type */ - struct ConfigTable *bi_cf_table; + struct ConfigOCs *bi_cf_ocs; + char **bi_obsolete_names; void *bi_private; /* anything the backend type needs */ + LDAP_STAILQ_ENTRY(slap_backend_info) bi_next ; }; #define c_authtype c_authz.sai_method @@ -2099,6 +2213,24 @@ typedef struct slap_callback { struct slap_overinfo; +typedef enum slap_operation_e { + op_bind = 0, + op_unbind, + op_search, + op_compare, + op_modify, + op_modrdn, + op_add, + op_delete, + op_abandon, + op_cancel, + op_extended, + op_aux_operational, + op_aux_chk_referrals, + op_aux_chk_controls, + op_last +} slap_operation_t; + typedef struct slap_overinst { BackendInfo on_bi; slap_response *on_response; @@ -2109,12 +2241,13 @@ typedef struct slap_overinst { typedef struct slap_overinfo { BackendInfo oi_bi; BackendInfo *oi_orig; + BackendDB *oi_origdb; struct slap_overinst *oi_list; } slap_overinfo; /* Should successive callbacks in a chain be processed? */ -#define SLAP_CB_FREEME 0x4000 -#define SLAP_CB_CONTINUE 0x8000 +#define SLAP_CB_FREEME 0x04000 +#define SLAP_CB_CONTINUE 0x08000 /* * Paged Results state @@ -2151,21 +2284,26 @@ typedef struct slap_gacl { } GroupAssertion; struct slap_control_ids { + int sc_LDAPsync; int sc_assert; - int sc_preRead; - int sc_postRead; - int sc_proxyAuthz; + int sc_domainScope; + int sc_dontUseCopy; + int sc_manageDIT; int sc_manageDSAit; int sc_modifyIncrement; int sc_noOp; int sc_pagedResults; - int sc_valuesReturnFilter; int sc_permissiveModify; - int sc_domainScope; - int sc_treeDelete; + int sc_postRead; + int sc_preRead; + int sc_proxyAuthz; int sc_searchOptions; +#ifdef LDAP_DEVEL + int sc_sortedResults; +#endif int sc_subentries; - int sc_LDAPsync; + int sc_treeDelete; + int sc_valuesReturnFilter; }; /* @@ -2188,7 +2326,6 @@ typedef struct slap_op_header { char oh_log_prefix[sizeof("conn=18446744073709551615 op=18446744073709551615")]; #ifdef LDAP_SLAPI - void *oh_pb; /* NS-SLAPI plugin */ void *oh_extensions; /* NS-SLAPI plugin */ #endif } Opheader; @@ -2213,13 +2350,9 @@ typedef struct slap_op { #define o_log_prefix o_hdr->oh_log_prefix -#ifdef LDAP_SLAPI -#define o_pb o_hdr->oh_pb -#define o_extensions o_hdr->oh_extensions -#endif - ber_tag_t o_tag; /* tag of the request */ time_t o_time; /* time op was initiated */ + int o_tincr; /* counter for multiple ops with same o_time */ BackendDB *o_bd; /* backend DB processing this op */ struct berval o_req_dn; /* DN of target of request */ @@ -2272,6 +2405,7 @@ typedef struct slap_op { #define orr_newSup oq_modrdn.rs_newSup #define orr_nnewSup oq_modrdn.rs_nnewSup #define orr_deleteoldrdn oq_modrdn.rs_deleteoldrdn +#define orr_modlist oq_modrdn.rs_modlist #define orc_ava oq_compare.rs_ava #define ora_e oq_add.rs_e @@ -2294,6 +2428,11 @@ typedef struct slap_op { char o_do_not_cache; /* don't cache groups from this op */ char o_is_auth_check; /* authorization in progress */ + char o_nocaching; + char o_delete_glue_parent; + char o_no_schema_check; +#define get_no_schema_check(op) ((op)->o_no_schema_check) + #define SLAP_CONTROL_NONE 0 #define SLAP_CONTROL_IGNORED 1 #define SLAP_CONTROL_NONCRITICAL 2 @@ -2313,6 +2452,12 @@ typedef struct slap_op { char o_ctrlflag[SLAP_MAX_CIDS]; /* per-control flags */ void **o_controls; /* per-control state */ +#define o_dontUseCopy o_ctrlflag[slap_cids.sc_dontUseCopy] +#define get_dontUseCopy(op) _SCM((op)->o_dontUseCopy) + +#define o_managedit o_ctrlflag[slap_cids.sc_manageDIT] +#define get_manageDIT(op) _SCM((op)->o_managedit) + #define o_managedsait o_ctrlflag[slap_cids.sc_manageDSAit] #define get_manageDSAit(op) _SCM((op)->o_managedsait) @@ -2334,26 +2479,14 @@ typedef struct slap_op { #define o_valuesreturnfilter o_ctrlflag[slap_cids.sc_valuesReturnFilter] #define o_vrFilter o_controls[slap_cids.sc_valuesReturnFilter] -#ifdef LDAP_CONTROL_X_PERMISSIVE_MODIFY #define o_permissive_modify o_ctrlflag[slap_cids.sc_permissiveModify] #define get_permissiveModify(op) ((int)(op)->o_permissive_modify) -#else -#define get_permissiveModify(op) (0) -#endif -#ifdef LDAP_CONTROL_X_DOMAIN_SCOPE #define o_domain_scope o_ctrlflag[slap_cids.sc_domainScope] #define get_domainScope(op) ((int)(op)->o_domain_scope) -#else -#define get_domainScope(op) (0) -#endif -#ifdef LDAP_CONTROL_X_TREE_DELETE #define o_tree_delete o_ctrlflag[slap_cids.sc_treeDelete] #define get_treeDelete(op) ((int)(op)->o_tree_delete) -#else -#define get_treeDelete(op) (0) -#endif #define o_preread o_ctrlflag[slap_cids.sc_preRead] #define o_postread o_ctrlflag[slap_cids.sc_postRead] @@ -2363,10 +2496,13 @@ typedef struct slap_op { #define o_pagedresults o_ctrlflag[slap_cids.sc_pagedResults] #define o_pagedresults_state o_controls[slap_cids.sc_pagedResults] +#define get_pagedresults(op) ((int)(op)->o_pagedresults) -#define o_sync o_ctrlflag[slap_cids.sc_LDAPsync] +#ifdef LDAP_DEVEL +#define o_sortedresults o_ctrlflag[slap_cids.sc_sortedResults] +#endif -#define get_pagedresults(op) ((int)(op)->o_pagedresults) +#define o_sync o_ctrlflag[slap_cids.sc_LDAPsync] AuthorizationInformation o_authz; @@ -2374,16 +2510,18 @@ typedef struct slap_op { BerElement *o_res_ber; /* ber of the CLDAP reply or readback control */ slap_callback *o_callback; /* callback pointers */ LDAPControl **o_ctrls; /* controls */ + struct berval o_csn; void *o_private; /* anything the backend needs */ LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */ - int o_nocaching; - int o_delete_glue_parent; - } Operation; -#define OPERATION_BUFFER_SIZE (sizeof(Operation)+sizeof(Opheader)+SLAP_MAX_CIDS*sizeof(void *)) +#define OPERATION_BUFFER_SIZE ( sizeof(Operation) + sizeof(Opheader) + \ + SLAP_MAX_CIDS*sizeof(void *) ) + +typedef LBER_ALIGNED_BUFFER(operation_buffer_u,OPERATION_BUFFER_SIZE) + OperationBuffer; #define send_ldap_error( op, rs, err, text ) do { \ (rs)->sr_err = err; (rs)->sr_text = text; \ @@ -2425,6 +2563,7 @@ typedef struct slap_conn { int c_struct_state; /* structure management state */ int c_conn_state; /* connection state */ int c_conn_idx; /* slot in connections array */ + const char *c_close_reason; /* why connection is closing */ ldap_pvt_thread_mutex_t c_mutex; /* protect the connection */ Sockbuf *c_sb; /* ber connection stuff */ @@ -2444,9 +2583,18 @@ typedef struct slap_conn { int c_sasl_bind_in_progress; /* multi-op bind in progress */ struct berval c_sasl_bind_mech; /* mech in progress */ struct berval c_sasl_dn; /* temporary storage */ + struct berval c_sasl_authz_dn; /* SASL proxy authz */ /* authorization backend */ Backend *c_authz_backend; + void *c_authz_cookie; +#define SLAP_IS_AUTHZ_BACKEND( op ) \ + ( (op)->o_bd != NULL \ + && (op)->o_bd->be_private != NULL \ + && (op)->o_conn != NULL \ + && (op)->o_conn->c_authz_backend != NULL \ + && ( (op)->o_bd->be_private == (op)->o_conn->c_authz_backend->be_private \ + || (op)->o_bd->be_private == (op)->o_conn->c_authz_cookie ) ) AuthorizationInformation c_authz; @@ -2490,7 +2638,6 @@ typedef struct slap_conn { long c_n_read; /* num of read calls */ long c_n_write; /* num of write calls */ - void *c_pb; /* Netscape plugin */ void *c_extensions; /* Netscape plugin */ /* @@ -2508,21 +2655,12 @@ typedef struct slap_conn { SEND_SEARCH_ENTRY *c_send_search_entry; SEND_SEARCH_REFERENCE *c_send_search_reference; SEND_LDAP_EXTENDED *c_send_ldap_extended; -#ifdef LDAP_RES_INTERMEDIATE SEND_LDAP_INTERMEDIATE *c_send_ldap_intermediate; -#endif - } Connection; #if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG) #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ - do { \ - if ( ldap_debug & (level) ) \ - fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ - if ( ldap_syslog & (level) ) \ - syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \ - (arg2), (arg3) ); \ - } while (0) + Log5( (level), ldap_syslog_level, (fmt), (connid), (opid), (arg1), (arg2), (arg3) ) #define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level)) #elif defined(LDAP_DEBUG) #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ @@ -2532,7 +2670,6 @@ typedef struct slap_conn { } while (0) #define StatslogTest( level ) (ldap_debug & (level)) #else -#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) #define StatslogTest( level ) (0) #endif @@ -2549,13 +2686,15 @@ struct slap_listener { #ifdef LDAP_CONNECTIONLESS int sl_is_udp; /* UDP listener is also data port */ #endif - int sl_is_mute; /* Listening is temporarily disabled */ + int sl_mute; /* Listener is temporarily disabled due to emfile */ +#ifdef SLAP_LIGHTWEIGHT_DISPATCHER + int sl_busy; /* Listener is busy (accept thread activated) */ +#endif ber_socket_t sl_sd; Sockaddr sl_sa; #define sl_addr sl_sa.sa_in_addr }; -#ifdef SLAPD_MONITOR /* * Operation indices */ @@ -2572,7 +2711,6 @@ enum { SLAP_OP_EXTENDED, SLAP_OP_LAST }; -#endif /* SLAPD_MONITOR */ typedef struct slap_counters_t { ldap_pvt_thread_mutex_t sc_sent_mutex; @@ -2605,6 +2743,8 @@ typedef struct slap_counters_t { #define SLAP_CTRL_HIDE 0x80000000U #endif +#define SLAP_CTRL_REQUIRES_ROOT 0x40000000U /* for ManageDIT */ + #define SLAP_CTRL_GLOBAL 0x00800000U #define SLAP_CTRL_GLOBAL_SEARCH 0x00010000U /* for NOOP */ @@ -2629,6 +2769,8 @@ typedef int (SLAP_CTRL_PARSE_FN) LDAP_P(( SlapReply *rs, LDAPControl *ctrl )); +typedef int (*SLAP_ENTRY_INFO_FN) LDAP_P(( void *arg, Entry *e )); + #define SLAP_SLAB_SIZE (1024*1024) #define SLAP_SLAB_STACK 1 #define SLAP_SLAB_SOBLOCK 64 @@ -2921,17 +3063,22 @@ struct zone_heap { #endif #define SLAP_BACKEND_INIT_MODULE(b) \ + static BackendInfo bi; \ int \ init_module( int argc, char *argv[] ) \ { \ - BackendInfo bi; \ - memset( &bi, '\0', sizeof( bi ) ); \ bi.bi_type = #b ; \ bi.bi_init = b ## _back_initialize; \ backend_add( &bi ); \ return 0; \ } +typedef int (OV_init)(void); +typedef struct slap_oinit_t { + const char *ov_type; + OV_init *ov_init; +} OverlayInit; + LDAP_END_DECL #include "proto-slap.h"