#define LDAP_NEEDS_PROTOTYPES 1
#endif
-#ifdef HAVE_STDDEF_H
-# include <stddef.h>
-#endif
-
#ifndef LDAP_REL_ENG
#if (LDAP_VENDOR_VERSION == 000000) && !defined(LDAP_DEVEL)
#define LDAP_DEVEL
#endif
#endif
+#ifdef HAVE_STDDEF_H
+# include <stddef.h>
+#endif
+
#ifdef HAVE_EBCDIC
/* ASCII/EBCDIC converting replacements for stdio funcs
* vsnprintf and snprintf are used too, but they are already
const char options[] = "r"
- "cCd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
const char options[] = "aFrS:"
- "cCd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
const char options[] = "rs:"
- "cCd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
+ "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
const char options[] = "a:As:St:T:"
- "Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
+ "d:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
const char options[] = ""
- "Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
+ "d:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z";
int
handle_private_option( int i )
#! /bin/sh
# $OpenLDAP$
-# from OpenLDAP: pkg/ldap/configure.in,v 1.478.2.9 2003/12/01 00:58:21 kurt Exp
+# from OpenLDAP: pkg/ldap/configure.in,v 1.478.2.10 2003/12/15 22:05:18 kurt Exp
# This work is part of OpenLDAP Software <http://www.openldap.org/>.
#
.fi
.LP
with the advantage of saving one rewrite pass ...)
-.SH PROXY CACHE EXTENSION
-The proxy cache extension to
-.B meta
-backend allows caching of LDAP search requests (queries). For an incoming query, the
+.SH PROXY CACHE OVERLAY
+The proxy cache overlay
+allows caching of LDAP search requests (queries) in a local database.
+For an incoming query, the
proxy cache determines its corresponding \fBtemplate\fP. If the template was
-specified as cacheable using the \fBaddtemplate\fP directive and the request is
+specified as cacheable using the \fBproxytemplate\fP directive and the request is
contained in a cached request, it is answered from the proxy cache. Otherwise,
-the proxy cache obtains and caches results from target(s) specified by the
-\fBuri\fP directive.
+the search is performed as usual and cacheable search results are saved in the
+cache for use in future queries.
.LP
A template is defined by a filter string and an index identifying a set of
The following cache specific directives can be used to configure the proxy
cache:
.TP
-.B cacheparams <lo_thresh> <hi_thresh> <numattrsets> <max_entries> <cc_period>
-The directive enables proxy caching in the \fBmeta\fP backend and sets general
-cache parameters. Cache replacement is invoked when the cache size crosses the
-<hi_thresh> bytes and continues till the cache size is greater than <lo_thresh>
-bytes. <numattrsets> should be equal to the number of following \fBattrset\fP
+.B overlay proxycache
+This directive adds the proxycache overlay to the current backend. The
+proxycache overlay may be used with any backend but is intended for use
+with the
+.B ldap
+and
+.B meta
+backends.
+.TP
+.B proxycache <database> <max_entries> <numattrsets> <entry_limit> <cc_period>
+The directive enables proxy caching in the current backend and sets general
+cache parameters. A <database> backend will be used internally to maintain
+the cached entries. The chosen database will need to be configured as well,
+as shown below. Cache replacement is invoked when the cache size grows to
+<max_entries> entries and continues till the cache size drops below this size.
+<numattrsets> should be equal to the number of following \fBproxyattrset\fP
directives. Queries are cached only if they correspond to a cacheable template
-(specified by the \fBaddtemplate\fP directive) and the number of entries
-returned is less than <max_entries>. Consistency check is performed every
+(specified by the \fBproxytemplate\fP directive) and the number of entries
+returned is less than <entry_limit>. Consistency check is performed every
<cc_period> duration (specified in secs). In each cycle queries with expired
"time to live(\fBTTL\fP)" are removed. A sample cache configuration is:
.LP
.RS
-cacheparams \fB10000 150000 1 50 100\fP
+proxycache \fBbdb 10000 1 50 100\fP
.RE
.TP
-.B attrset <index> <attrs...>
+.B proxyattrset <index> <attrs...>
Used to associate a set of attributes <attrs..> with an <index>. Each attribute
set is associated with an integer from 0 to <numattrsets>-1. These indices are
-used by the \fBaddtemplate\fP directive to define cacheable templates.
+used by the \fBproxytemplate\fP directive to define cacheable templates.
.TP
-.B addtemplate <template_string> <attrset_index> <ttl>
+.B proxytemplate <template_string> <attrset_index> <ttl>
Specifies a cacheable template and "time to live" (in sec) <ttl> of queries
belonging to the template.
.LP
.RS
.nf
-attrset \fB0 mail postaladdress telephonenumber\fP
-addtemplate \fB(&(sn=)(givenName=)) 0 3600\fP
+proxyattrset \fB0 mail postaladdress telephonenumber\fP
+proxytemplate \fB(&(sn=)(givenName=)) 0 3600\fP
+.fi
+.RE
+.LP
+Directives for configuring the underlying database must also be given, as
+shown here:
+.LP
+.RS
+.nf
+directory /var/tmp/cache
+cachesize 100
.fi
.RE
+.LP
+Any valid directives for the chosen database type may be used.
.SH FILES
.TP
ETCDIR/slapd.conf
#define LDAP_ROOT_DSE ""
#define LDAP_NO_ATTRS "1.1"
#define LDAP_ALL_USER_ATTRIBUTES "*"
-#define LDAP_ALL_OPERATIONAL_ATTRIBUTES "+" /* OpenLDAP extension */
+#define LDAP_ALL_OPERATIONAL_ATTRIBUTES "+" /* RFC 3673 */
/*
- * LDAP_OPTions defined by draft-ldapext-ldap-c-api-02
- * 0x0000 - 0x0fff reserved for api options
- * 0x1000 - 0x3fff reserved for api extended options
- * 0x4000 - 0x7fff reserved for private and experimental options
+ * LDAP_OPTions
+ * 0x0000 - 0x0fff reserved for api options
+ * 0x1000 - 0x3fff reserved for api extended options
+ * 0x4000 - 0x7fff reserved for private and experimental options
*/
+
#define LDAP_OPT_API_INFO 0x0000
-#define LDAP_OPT_DESC 0x0001 /* deprecated */
+#define LDAP_OPT_DESC 0x0001 /* historic */
#define LDAP_OPT_DEREF 0x0002
#define LDAP_OPT_SIZELIMIT 0x0003
#define LDAP_OPT_TIMELIMIT 0x0004
-/* 0x05 - 0x07 not defined by current draft */
+/* 0x05 - 0x07 not defined */
#define LDAP_OPT_REFERRALS 0x0008
#define LDAP_OPT_RESTART 0x0009
-/* 0x0a - 0x10 not defined by current draft */
+/* 0x0a - 0x10 not defined */
#define LDAP_OPT_PROTOCOL_VERSION 0x0011
#define LDAP_OPT_SERVER_CONTROLS 0x0012
#define LDAP_OPT_CLIENT_CONTROLS 0x0013
-/* 0x14 not defined by current draft */
+/* 0x14 not defined */
#define LDAP_OPT_API_FEATURE_INFO 0x0015
-
-/* 0x16 - 0x2f not defined by current draft */
+/* 0x16 - 0x2f not defined */
#define LDAP_OPT_HOST_NAME 0x0030
#define LDAP_OPT_RESULT_CODE 0x0031
#define LDAP_OPT_ERROR_NUMBER LDAP_OPT_RESULT_CODE
#define LDAP_OPT_ERROR_STRING 0x0032
#define LDAP_OPT_MATCHED_DN 0x0033
+/* 0x0034 - 0x3fff not defined */
-/* 0x34 - 0x0fff not defined by current draft */
-
-#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x4000 /* to 0x7FFF inclusive */
+/* API Extensions */
+#define LDAP_OPT_API_EXTENSION_BASE 0x4000 /* API extensions */
/* private and experimental options */
/* OpenLDAP specific options */
#define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009
#define LDAP_OPT_X_TLS_SSL_CTX 0x600a
-#define LDAP_OPT_X_TLS_NEVER 0
+#define LDAP_OPT_X_TLS_NEVER 0
#define LDAP_OPT_X_TLS_HARD 1
-#define LDAP_OPT_X_TLS_DEMAND 2
-#define LDAP_OPT_X_TLS_ALLOW 3
+#define LDAP_OPT_X_TLS_DEMAND 2
+#define LDAP_OPT_X_TLS_ALLOW 3
#define LDAP_OPT_X_TLS_TRY 4
/* OpenLDAP SASL options */
#define LDAP_OPT_X_SASL_SSF_MAX 0x6108
#define LDAP_OPT_X_SASL_MAXBUFSIZE 0x6109
-/* on/off values */
-#define LDAP_OPT_ON ((void *) &ber_pvt_opt_on)
-#define LDAP_OPT_OFF ((void *) 0)
+/* Private API Extensions -- reserved for application use */
+#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x7000 /* Private API inclusive */
/*
* ldap_get_option() and ldap_set_option() return values.
#define LDAP_OPT_SUCCESS 0
#define LDAP_OPT_ERROR (-1)
-#define LDAP_API_INFO_VERSION (1)
+/* option on/off values */
+#define LDAP_OPT_ON ((void *) &ber_pvt_opt_on)
+#define LDAP_OPT_OFF ((void *) 0)
+
typedef struct ldapapiinfo {
- int ldapai_info_version; /* version of LDAPAPIInfo (1) */
+ int ldapai_info_version; /* version of LDAPAPIInfo */
+#define LDAP_API_INFO_VERSION (1)
int ldapai_api_version; /* revision of API supported */
int ldapai_protocol_version; /* highest LDAP version supported */
char **ldapai_extensions; /* names of API extensions */
int ldapai_vendor_version; /* supplier-specific version * 100 */
} LDAPAPIInfo;
-#define LDAP_FEATURE_INFO_VERSION (1) /* version of api feature structure */
typedef struct ldap_apifeature_info {
- int ldapaif_info_version; /* version of this struct (1) */
- char* ldapaif_name; /* matches LDAP_API_FEATURE_... less the prefix */
- int ldapaif_version; /* matches the value LDAP_API_FEATURE_... */
+ int ldapaif_info_version; /* version of LDAPAPIFeatureInfo */
+#define LDAP_FEATURE_INFO_VERSION (1) /* apifeature_info struct version */
+ char* ldapaif_name; /* LDAP_API_FEATURE_* (less prefix) */
+ int ldapaif_version; /* value of LDAP_API_FEATURE_... */
} LDAPAPIFeatureInfo;
+/*
+ * LDAP Control structure
+ */
typedef struct ldapcontrol {
- char * ldctl_oid;
- struct berval ldctl_value;
- char ldctl_iscritical;
+ char * ldctl_oid; /* numericoid of control */
+ struct berval ldctl_value; /* encoded value of control */
+ char ldctl_iscritical; /* criticality */
} LDAPControl;
/* LDAP Controls */
+/* standard track controls */
+#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" /* RFC 3296 */
+#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1" /* RFC 3672 */
+#define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" /* RFC 2696 */
+
#define LDAP_CONTROL_ASSERT "1.3.6.1.4.1.4203.666.5.9"
+#define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.1.10.2"
#define LDAP_CONTROL_PRE_READ "1.3.6.1.4.1.4203.666.5.10.1"
#define LDAP_CONTROL_POST_READ "1.3.6.1.4.1.4203.666.5.10.2"
-#define LDAP_CONTROL_MODIFY_INCREMENT "1.3.6.1.4.1.4203.666.5.11"
-
-#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.334810.2.3"
-#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1"
-#define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.1.10.2"
-#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2"
#define LDAP_CONTROL_PROXY_AUTHZ "2.16.840.1.113730.3.4.18"
-
-#if 0
-#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"
-#define LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2"
-#define LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3"
-#define LDAP_CONTROL_DUPENT LDAP_CONTROL_DUPENT_REQUEST
-#endif
-
-#define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319"
+#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.334810.2.3"
#define LDAP_CONTROL_SYNC "1.3.6.1.4.1.4203.666.5.6"
#define LDAP_CONTROL_SYNC_STATE "1.3.6.1.4.1.4203.666.5.7"
#define LDAP_SYNC_MODIFY 2
#define LDAP_SYNC_DELETE 3
-#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473"
-#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474"
-#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
-#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
+#if 0
+#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1"
+#define LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2"
+#define LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3"
+#define LDAP_CONTROL_DUPENT LDAP_CONTROL_DUPENT_REQUEST
+#endif
/* controls for MSAD compatibility */
-#define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339"
-#define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413"
+#define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339"
+#define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413"
+
+/* not implemented in slapd(8) */
+#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473" /* RFC 2891 */
+#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474" /* RFC 2891 */
+
+/* not implemented in slapd(8) */
+#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9"
+#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10"
/* LDAP Unsolicited Notifications */
-#define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036"
+#define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036" /* RFC 2251 */
#define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION
/* LDAP Extended Operations */
-#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037"
+#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037" /* RFC 2830 */
-#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
+#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1" /* RFC 3062 */
#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)
#define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U)
#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
#define LDAP_EXOP_X_CANCEL "1.3.6.1.4.1.4203.666.6.3"
/* LDAP Features */
-#define LDAP_FEATURE_ALL_OPERATIONAL_ATTRS "1.3.6.1.4.1.4203.1.5.1" /* + */
-#define LDAP_FEATURE_OBJECTCLASS_ATTRS "1.3.6.1.4.1.4203.1.5.2"
+#define LDAP_FEATURE_ALL_OP_ATTRS "1.3.6.1.4.1.4203.1.5.1" /* RFC 3673 */
+#define LDAP_FEATURE_OBJECTCLASS_ATTRS \
+ "1.3.6.1.4.1.4203.1.5.2" /* @objectClass - new number to be assigned */
#define LDAP_FEATURE_ABSOLUTE_FILTERS "1.3.6.1.4.1.4203.1.5.3" /* (&) (|) */
#define LDAP_FEATURE_LANGUAGE_TAG_OPTIONS "1.3.6.1.4.1.4203.1.5.4"
#define LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS "1.3.6.1.4.1.4203.1.5.5"
-#define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.4.1.4203.666.5.6"
+
+#define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.4.1.4203.666.8.2"
/*
* specific LDAP instantiations of BER types we know about
/* authentication methods available */
-#define LDAP_AUTH_NONE ((ber_tag_t) 0x00U) /* no authentication */
-#define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */
-#define LDAP_AUTH_SASL ((ber_tag_t) 0xa3U) /* context specific + constructed */
-#define LDAP_AUTH_KRBV4 ((ber_tag_t) 0xffU) /* means do both of the following */
-#define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */
-#define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */
+#define LDAP_AUTH_NONE ((ber_tag_t) 0x00U) /* no authentication */
+#define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */
+#define LDAP_AUTH_SASL ((ber_tag_t) 0xa3U) /* context specific + constructed */
+#define LDAP_AUTH_KRBV4 ((ber_tag_t) 0xffU) /* means do both of the following */
+#define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */
+#define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */
/* filter types */
#define LDAP_FILTER_AND ((ber_tag_t) 0xa0U) /* context specific + constructed */
#define LDAP_FILTER_OR ((ber_tag_t) 0xa1U) /* context specific + constructed */
#define LDAP_FILTER_NOT ((ber_tag_t) 0xa2U) /* context specific + constructed */
-#define LDAP_FILTER_EQUALITY ((ber_tag_t) 0xa3U) /* context specific + constructed */
-#define LDAP_FILTER_SUBSTRINGS ((ber_tag_t) 0xa4U) /* context specific + constructed */
-#define LDAP_FILTER_GE ((ber_tag_t) 0xa5U) /* context specific + constructed */
-#define LDAP_FILTER_LE ((ber_tag_t) 0xa6U) /* context specific + constructed */
-#define LDAP_FILTER_PRESENT ((ber_tag_t) 0x87U) /* context specific + primitive */
-#define LDAP_FILTER_APPROX ((ber_tag_t) 0xa8U) /* context specific + constructed */
+#define LDAP_FILTER_EQUALITY ((ber_tag_t) 0xa3U) /* context specific + constructed */
+#define LDAP_FILTER_SUBSTRINGS ((ber_tag_t) 0xa4U) /* context specific + constructed */
+#define LDAP_FILTER_GE ((ber_tag_t) 0xa5U) /* context specific + constructed */
+#define LDAP_FILTER_LE ((ber_tag_t) 0xa6U) /* context specific + constructed */
+#define LDAP_FILTER_PRESENT ((ber_tag_t) 0x87U) /* context specific + primitive */
+#define LDAP_FILTER_APPROX ((ber_tag_t) 0xa8U) /* context specific + constructed */
#define LDAP_FILTER_EXT ((ber_tag_t) 0xa9U) /* context specific + constructed */
/* extended filter component types */
#define LDAP_SUBSTRING_FINAL ((ber_tag_t) 0x82U) /* context specific */
/* search scopes */
-#define LDAP_SCOPE_DEFAULT ((ber_int_t) -1)
-#define LDAP_SCOPE_BASE ((ber_int_t) 0x0000)
-#define LDAP_SCOPE_ONELEVEL ((ber_int_t) 0x0001)
-#define LDAP_SCOPE_SUBTREE ((ber_int_t) 0x0002)
+#define LDAP_SCOPE_DEFAULT ((ber_int_t) -1) /* OpenLDAP extension */
+#define LDAP_SCOPE_BASE ((ber_int_t) 0x0000)
+#define LDAP_SCOPE_BASEOBJECT LDAP_SCOPE_BASE
+#define LDAP_SCOPE_ONELEVEL ((ber_int_t) 0x0001)
+#define LDAP_SCOPE_ONE LDAP_SCOPE_ONELEVEL
+#define LDAP_SCOPE_SUBTREE ((ber_int_t) 0x0002)
+#define LDAP_SCOPE_SUB LDAP_SCOPE_SUBTREE
/* substring filter component types */
#define LDAP_SUBSTRING_INITIAL ((ber_tag_t) 0x80U) /* context specific */
#define LDAP_OTHER 0x50
-/* Expermental result codes */
+/* Experimental result codes */
#define LDAP_X_ERROR(n) LDAP_RANGE((n),0x1000,0x3FFF) /* experimental */
#define LDAP_PVT_ERROR(n) LDAP_RANGE((n),0x4000,0xFFFF) /* private use */
-#define LDAP_SYNC_RESOURCES_EXHAUSTED 0x4100
-#define LDAP_SYNC_SECURITY_VIOLATION 0x4101
-#define LDAP_SYNC_INVALID_COOKIE 0x4102
-#define LDAP_SYNC_UNSUPPORTED_SCHEME 0x4103
-#define LDAP_SYNC_CLIENT_DISCONNECT 0x4104
-#define LDAP_SYNC_RELOAD_REQUIRED 0x4105
+/* for the LDAP Sync operation */
+#define LDAP_SYNC_REFRESH_REQUIRED 0x4100
+/* for the Assertion control */
#define LDAP_ASSERTION_FAILED 0x410f
-/* resultCode for Cancel Response */
+/* for the Cancel operation */
#define LDAP_CANCELLED 0x4110
#define LDAP_NO_SUCH_OPERATION 0x4111
#define LDAP_TOO_LATE 0x4112
/* API Error Codes
*
* Based on draft-ietf-ldap-c-api-xx
- * but with new (negative) codes
+ * but with new negative code values
*/
#define LDAP_API_ERROR(n) ((n)<0)
#define LDAP_API_RESULT(n) ((n)<=0)
#define LDAP_MOD_ADD (0x0000)
#define LDAP_MOD_DELETE (0x0001)
#define LDAP_MOD_REPLACE (0x0002)
-#define LDAP_MOD_INCREMENT (0x0003)
+#define LDAP_MOD_INCREMENT (0x0003) /* OpenLDAP extension */
#define LDAP_MOD_BVALUES (0x0080)
/* IMPORTANT: do not use code 0x1000 (or above),
* it is used internally by the backends!
#endif
-/*
- * LDAP Cancel Extended Operation <draft-zeilenga-ldap-cancel-xx.txt>
- */
-
-LDAP_F( int )
-ldap_cancel LDAP_P(( LDAP *ld,
- int cancelid,
- LDAPControl **sctrls,
- LDAPControl **cctrls,
- int *msgidp ));
-
-LDAP_F( int )
-ldap_cancel_s LDAP_P((
- LDAP *ld,
- int cancelid,
- LDAPControl **sctrl,
- LDAPControl **cctrl ));
-
/*
* in compare.c:
*/
#define LDAP_AVA_STRING 0x0001U
#define LDAP_AVA_BINARY 0x0002U
#define LDAP_AVA_NONPRINTABLE 0x0004U
-#define LDAP_AVA_FREE_ATTR 0x0010U
-#define LDAP_AVA_FREE_VALUE 0x0020U
+#define LDAP_AVA_FREE_ATTR 0x0010U
+#define LDAP_AVA_FREE_VALUE 0x0020U
void *la_private;
} LDAPAVA;
LDAPURLDesc *ludp ));
+/*
+ * LDAP Cancel Extended Operation <draft-zeilenga-ldap-cancel-xx.txt>
+ * in cancel.c
+ */
+#define LDAP_API_FEATURE_CANCEL 1000
+
+LDAP_F( int )
+ldap_cancel LDAP_P(( LDAP *ld,
+ int cancelid,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+
+LDAP_F( int )
+ldap_cancel_s LDAP_P((
+ LDAP *ld,
+ int cancelid,
+ LDAPControl **sctrl,
+ LDAPControl **cctrl ));
+
/*
* LDAP Server Side Sort
* in sortctrl.c
* LDAP Who Am I?
* in whoami.c
*/
+#define LDAP_API_FEATURE_WHOAMI 1000
LDAP_F( int )
ldap_parse_whoami LDAP_P((
* LDAP Password Modify
* in passwd.c
*/
+#define LDAP_API_FEATURE_PASSWD_MODIFY 1000
LDAP_F( int )
ldap_parse_passwd LDAP_P((
{LDAP_CLIENT_LOOP, N_("Client Loop")},
{LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")},
+ {LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")},
{LDAP_ASSERTION_FAILED, N_("Assertion Failed")},
- {LDAP_SYNC_RESOURCES_EXHAUSTED, N_("Content Sync Resource Exhausted")},
- {LDAP_SYNC_SECURITY_VIOLATION, N_("Content Sync Security Violation")},
- {LDAP_SYNC_INVALID_COOKIE, N_("Content Sync Invalid Cookie")},
- {LDAP_SYNC_UNSUPPORTED_SCHEME, N_("Content Sync Unsupported Scheme")},
- {LDAP_SYNC_CLIENT_DISCONNECT, N_("Content Sync Client Disconnect")},
- {LDAP_SYNC_RELOAD_REQUIRED, N_("Content Sync Reload Required")},
-
#ifdef LDAP_EXOP_X_CANCEL
{LDAP_CANCELLED, N_("Cancelled")},
{LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")},
#ifdef LDAP_SLAPI
if ( op->o_pb &&
- !slapi_x_access_allowed( op, e, desc, val, access, state )) {
+ !slapi_int_access_allowed( op, e, desc, val, access, state )) {
/* ACL plugin denied access */
goto done;
}
#include "lber_pvt.h"
#include "lutil.h"
+static char *style_strings[] = { "regex",
+ "base", "one", "subtree", "children", NULL };
+
static void split(char *line, int splitchar, char **left, char **right);
static void access_append(Access **l, Access *a);
static void acl_usage(void) LDAP_GCCATTR((noreturn));
}
a->acl_attrval_style = ACL_STYLE_REGEX;
} else {
- a->acl_attrval_style = ACL_STYLE_BASE;
+ /* FIXME: if the attribute has DN syntax,
+ * we might allow one, subtree and children styles as well */
+ if ( !strcasecmp( style, "exact" ) ) {
+ a->acl_attrval_style = ACL_STYLE_BASE;
+
+ } else if ( a->acl_attrs[0].an_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) {
+ if ( !strcasecmp( style, "base" ) ) {
+ a->acl_attrval_style = ACL_STYLE_BASE;
+ } else if ( !strcasecmp( style, "onelevel" ) || !strcasecmp( style, "one" ) ) {
+ a->acl_attrval_style = ACL_STYLE_ONE;
+ } else if ( !strcasecmp( style, "subtree" ) || !strcasecmp( style, "sub" ) ) {
+ a->acl_attrval_style = ACL_STYLE_SUBTREE;
+ } else if ( !strcasecmp( style, "children" ) ) {
+ a->acl_attrval_style = ACL_STYLE_CHILDREN;
+ } else {
+ fprintf( stderr,
+ "%s: line %d: unknown val.<style> \"%s\" "
+ "for attributeType \"%s\" with DN syntax; using \"base\"\n",
+ fname, lineno, style,
+ a->acl_attrs[0].an_desc->ad_cname.bv_val );
+ a->acl_attrval_style = ACL_STYLE_BASE;
+ }
+
+ } else {
+ fprintf( stderr,
+ "%s: line %d: unknown val.<style> \"%s\" "
+ "for attributeType \"%s\"; using \"exact\"\n",
+ fname, lineno, style,
+ a->acl_attrs[0].an_desc->ad_cname.bv_val );
+ a->acl_attrval_style = ACL_STYLE_BASE;
+ }
}
} else {
#ifdef LDAP_DEBUG
-static char *style_strings[5] = { "regex",
- "base", "one", "subtree", "children" };
-
static void
print_access( Access *b )
{
if ( ! first ) {
fprintf( stderr, "," );
}
+ if (an->an_oc) {
+ fputc( '@', stderr);
+ }
fputs( an->an_name.bv_val, stderr );
first = 0;
}
}
/*
- * EXTENSION: see if requested description is +objectClass
+ * EXTENSION: see if requested description is @objectClass
* if so, return attributes which the class requires/allows
*/
oc = attrs->an_oc;
if( oc == NULL && attrs->an_name.bv_val ) {
switch( attrs->an_name.bv_val[0] ) {
- case '+': { /* new way */
+ case '@': /* @objectClass */
+ case '+': /* +objectClass (deprecated) */
+ {
struct berval ocname;
ocname.bv_len = attrs->an_name.bv_len - 1;
ocname.bv_val = &attrs->an_name.bv_val[1];
if( oc->soc_required ) {
/* allow return of required attributes */
int i;
+
for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
for (a = desc->ad_type; a; a=a->sat_sup) {
if ( a == oc->soc_required[i] ) {
}
/*
- * Convert a delimited string into a list of AttributeNames;
- * add on to an existing list if it was given. If the string
- * is not a valid attribute name, if a '-' is prepended it is
- * skipped and the remaining name is tried again; if a '+' is
+ * Convert a delimited string into a list of AttributeNames; add
+ * on to an existing list if it was given. If the string is not
+ * a valid attribute name, if a '-' is prepended it is skipped
+ * and the remaining name is tried again; if a '@' (or '+') is
* prepended, an objectclass name is searched instead.
*
- * NOTE: currently, if a valid attribute name is not found,
- * the same string is also checked as valid objectclass name;
- * however, this behavior is deprecated.
+ * NOTE: currently, if a valid attribute name is not found, the
+ * same string is also checked as valid objectclass name; however,
+ * this behavior is deprecated.
*/
AttributeName *
str2anlist( AttributeName *an, char *in, const char *brkstr )
}
} break;
- case '+': {
+ case '@':
+ case '+': /* (deprecated) */
+ {
struct berval ocname;
ocname.bv_len = anew->an_name.bv_len - 1;
ocname.bv_val = &anew->an_name.bv_val[1];
static void initAddPlugin( Operation *op,
struct berval *dn, Entry *e, int manageDSAit )
{
- slapi_x_pblock_set_operation( op->o_pb, op );
+ slapi_int_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_ADD_TARGET, (void *)dn->bv_val );
slapi_pblock_set( op->o_pb, SLAPI_ADD_ENTRY, (void *)e );
slapi_pblock_set( op->o_pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
int i, rc = LDAP_SUCCESS;
struct monitorinfo *mi = ( struct monitorinfo * )be->be_private;
- if ( slapi_x_pblock_get_first( be, &pCurrentPB ) != LDAP_SUCCESS ) {
+ if ( slapi_int_pblock_get_first( be, &pCurrentPB ) != LDAP_SUCCESS ) {
/*
* LDAP_OTHER is returned if no plugins are installed
*/
i++;
- } while ( ( slapi_x_pblock_get_next( &pCurrentPB ) == LDAP_SUCCESS )
+ } while ( ( slapi_int_pblock_get_next( &pCurrentPB ) == LDAP_SUCCESS )
&& ( pCurrentPB != NULL ) );
done:
#if defined( LDAP_SLAPI )
if ( op->o_pb ) {
int rc;
- if ( i == 0 ) slapi_x_pblock_set_operation( op->o_pb, op );
+ if ( i == 0 ) slapi_int_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_BACKEND, (void *)&backends[i] );
rc = doPluginFNs( &backends[i], SLAPI_PLUGIN_PRE_UNBIND_FN,
(Slapi_PBlock *)op->o_pb );
* SASL bind.
*/
if ( pb ) {
- slapi_x_pblock_set_operation( pb, op );
+ slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
#if defined( LDAP_SLAPI )
if ( pb ) {
int rc;
- slapi_x_pblock_set_operation( pb, op );
+ slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_BIND_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_BIND_METHOD, (void *)method );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, (void *)&op->orb_cred );
#if defined( LDAP_SLAPI )
#define pb op->o_pb
if ( pb ) {
- slapi_x_pblock_set_operation( pb, op );
+ slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_COMPARE_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
slapi_pblock_set( pb, SLAPI_COMPARE_TYPE, (void *)desc.bv_val );
ldap_pvt_thread_cond_destroy( &connections[i].c_write_cv );
#ifdef LDAP_SLAPI
if ( slapi_plugins_used ) {
- slapi_x_free_object_extensions( SLAPI_X_EXT_CONNECTION, &connections[i] );
+ slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION, &connections[i] );
}
#endif
}
#ifdef LDAP_SLAPI
if ( slapi_plugins_used ) {
- slapi_x_create_object_extensions( SLAPI_X_EXT_CONNECTION, c );
+ slapi_int_create_object_extensions( SLAPI_X_EXT_CONNECTION, c );
}
#endif
#ifdef LDAP_SLAPI
/* call destructors, then constructors; avoids unnecessary allocation */
if ( slapi_plugins_used ) {
- slapi_x_clear_object_extensions( SLAPI_X_EXT_CONNECTION, c );
+ slapi_int_clear_object_extensions( SLAPI_X_EXT_CONNECTION, c );
}
#endif
}
#if defined( LDAP_SLAPI )
#define pb op->o_pb
if ( pb ) {
- slapi_x_pblock_set_operation( pb, op );
+ slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_DELETE_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
goto done;
}
- rs->sr_err = slapi_x_pblock_set_operation( pb, op );
+ rs->sr_err = slapi_int_pblock_set_operation( pb, op );
if ( rs->sr_err != LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
goto done;
#if defined( LDAP_SLAPI )
#define pb op->o_pb
if ( pb ) {
- slapi_x_pblock_set_operation( pb, op );
+ slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_MODIFY_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, (void *)manageDSAit );
- modv = slapi_x_modifications2ldapmods( &modlist );
+ modv = slapi_int_modifications2ldapmods( &modlist );
slapi_pblock_set( pb, SLAPI_MODIFY_MODS, (void *)modv );
rs->sr_err = doPluginFNs( op->o_bd, SLAPI_PLUGIN_PRE_MODIFY_FN, pb );
rs->sr_err == LDAP_SUCCESS ) {
rs->sr_err = LDAP_OTHER;
}
- slapi_x_free_ldapmods( modv );
+ slapi_int_free_ldapmods( modv );
modv = NULL;
goto cleanup;
}
* modification array, so we need to convert it back to
* a Modification list.
*
- * Calling slapi_x_modifications2ldapmods() destroyed modlist so
+ * Calling slapi_int_modifications2ldapmods() destroyed modlist so
* we don't need to free it.
*/
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, (void **)&modv );
- modlist = slapi_x_ldapmods2modifications( modv );
+ modlist = slapi_int_ldapmods2modifications( modv );
}
/*
* (for example, a plugin might store some attributes elsewhere
* and remove them from the modification list; if only those
* attribute types were included in the modification request,
- * then slapi_x_ldapmods2modifications() above will return
+ * then slapi_int_ldapmods2modifications() above will return
* NULL).
*
* However, the post-operation plugin should still be
op->o_tmpfree( op->o_req_ndn.bv_val, op->o_tmpmemctx );
if ( modlist != NULL ) slap_mods_free( modlist );
#if defined( LDAP_SLAPI )
- if ( modv != NULL ) slapi_x_free_ldapmods( modv );
+ if ( modv != NULL ) slapi_int_free_ldapmods( modv );
#endif
return rs->sr_err;
}
#if defined( LDAP_SLAPI )
#define pb op->o_pb
if ( pb ) {
- slapi_x_pblock_set_operation( pb, op );
+ slapi_int_pblock_set_operation( pb, op );
slapi_pblock_set( pb, SLAPI_MODRDN_TARGET, (void *)dn.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_NEWRDN, (void *)newrdn.bv_val );
slapi_pblock_set( pb, SLAPI_MODRDN_NEWSUPERIOR,
#if defined( LDAP_SLAPI )
if ( op->o_pb != NULL ) {
slapi_pblock_destroy( (Slapi_PBlock *)op->o_pb );
- slapi_x_free_object_extensions( SLAPI_X_EXT_OPERATION, op );
+ slapi_int_free_object_extensions( SLAPI_X_EXT_OPERATION, op );
}
#endif /* defined( LDAP_SLAPI ) */
#if defined( LDAP_SLAPI )
if ( slapi_plugins_used ) {
op->o_pb = slapi_pblock_new();
- slapi_x_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
+ slapi_int_create_object_extensions( SLAPI_X_EXT_OPERATION, op );
}
#endif /* defined( LDAP_SLAPI ) */
for ( an = ri->ri_attrs; an->an_name.bv_val; an++ ) {
if ( an->an_oc ) {
int i;
+
for ( i=0; a->a_vals[i].bv_val; i++ ) {
if ( a->a_vals[i].bv_len == an->an_name.bv_len
&& !strcasecmp(a->a_vals[i].bv_val,
}
static int
-send_ldap_controls( BerElement *ber, LDAPControl **c )
+send_ldap_control( BerElement *ber, LDAPControl *c )
{
int rc;
+
+ assert( c != NULL );
+
+ rc = ber_printf( ber, "{s" /*}*/, c->ldctl_oid );
+
+ if( c->ldctl_iscritical ) {
+ rc = ber_printf( ber, "b",
+ (ber_int_t) c->ldctl_iscritical ) ;
+ if( rc == -1 ) return rc;
+ }
+
+ if( c->ldctl_value.bv_val != NULL ) {
+ rc = ber_printf( ber, "O", &c->ldctl_value );
+ if( rc == -1 ) return rc;
+ }
+
+ rc = ber_printf( ber, /*{*/"N}" );
+ if( rc == -1 ) return rc;
+
+ return 0;
+}
+
+static int
+send_ldap_controls( Operation *o, BerElement *ber, LDAPControl **c )
+{
+ int rc;
+#ifdef LDAP_SLAPI
+ LDAPControl **sctrls = NULL;
+
+ /*
+ * Retrieve any additional controls that may be set by the
+ * plugin.
+ */
+
+ if ( slapi_pblock_get( o->o_pb, SLAPI_RESCONTROLS, &sctrls ) != 0 ) {
+ sctrls = NULL;
+ }
+
+ if ( c == NULL && sctrls == NULL ) return 0;
+#else
if( c == NULL ) return 0;
+#endif /* LDAP_SLAPI */
rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_CONTROLS );
if( rc == -1 ) return rc;
+#ifdef LDAP_SLAPI
+ if ( c != NULL )
+#endif /* LDAP_SLAPI */
for( ; *c != NULL; c++) {
- rc = ber_printf( ber, "{s" /*}*/, (*c)->ldctl_oid );
-
- if( (*c)->ldctl_iscritical ) {
- rc = ber_printf( ber, "b",
- (ber_int_t) (*c)->ldctl_iscritical ) ;
- if( rc == -1 ) return rc;
- }
+ rc = send_ldap_control( ber, *c );
+ if( rc == -1 ) return rc;
+ }
- if( (*c)->ldctl_value.bv_val != NULL ) {
- rc = ber_printf( ber, "O", &((*c)->ldctl_value));
+#ifdef LDAP_SLAPI
+ if ( sctrls != NULL ) {
+ for ( c = sctrls; *c != NULL; c++ ) {
+ rc = send_ldap_control( ber, *c );
if( rc == -1 ) return rc;
}
-
- rc = ber_printf( ber, /*{*/"N}" );
- if( rc == -1 ) return rc;
}
+#endif /* LDAP_SLAPI */
rc = ber_printf( ber, /*{*/"N}" );
rc = ber_printf( ber, /*"{"*/ "N}" );
}
- if( rc != -1 && rs->sr_ctrls != NULL ) {
- rc = send_ldap_controls( ber, rs->sr_ctrls );
+ if( rc != -1 ) {
+ rc = send_ldap_controls( op, ber, rs->sr_ctrls );
}
if( rc != -1 ) {
* result if they wish to change the result.
*/
if ( op->o_pb ) {
- slapi_x_pblock_set_operation( op->o_pb, op );
+ slapi_int_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_CODE, (void *)rs->sr_err );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_TEXT, (void *)rs->sr_text );
slapi_pblock_set( op->o_pb, SLAPI_RESULT_MATCHED, (void *)rs->sr_matched );
if ( rs->sr_attrs != NULL ) {
for ( anp = rs->sr_attrs; anp->an_name.bv_val != NULL; anp++ ) {
rc = compute_evaluator( &ctx, anp->an_name.bv_val,
- rs->sr_entry, slapi_x_compute_output_ber );
+ rs->sr_entry, slapi_int_compute_output_ber );
if ( rc == 1 ) {
break;
}
* plugin decide whether to be naughty or not.
*/
rc = compute_evaluator( &ctx, "*",
- rs->sr_entry, slapi_x_compute_output_ber );
+ rs->sr_entry, slapi_int_compute_output_ber );
}
if ( rc == 1 ) {
if ( op->o_res_ber == NULL ) ber_free_buf( ber );
attrs_free( aa );
rc = ber_printf( ber, /*{{*/ "}N}" );
- if( rc != -1 && rs->sr_ctrls != NULL ) {
- rc = send_ldap_controls( ber, rs->sr_ctrls );
+ if( rc != -1 ) {
+ rc = send_ldap_controls( op, ber, rs->sr_ctrls );
}
if( rc != -1 ) {
rc = ber_printf( ber, "{it{W}" /*"}"*/ , op->o_msgid,
LDAP_RES_SEARCH_REFERENCE, rs->sr_ref );
- if( rc != -1 && rs->sr_ctrls != NULL ) {
- rc = send_ldap_controls( ber, rs->sr_ctrls );
+ if( rc != -1 ) {
+ rc = send_ldap_controls( op, ber, rs->sr_ctrls );
}
if( rc != -1 ) {
* auxiliary property, so that we can refer to it in sasl_authorize
* without interfering with anything else. Also, the SASL username
* buffer is constrained to 256 characters, and our DNs could be
- * much longer (totally arbitrary length)...
+ * much longer (SLAP_LDAPDN_MAXLEN, currently set to 8192)
*/
static int
slap_sasl_canonicalize(
/* username may have embedded realm name */
/* FIXME:
* userids can legally have embedded '@' chars;
- * the relm should be set by those mechanisms
+ * the realm should be set by those mechanisms
* that support it by means of the user_realm
* variable
*/
static void initSearchPlugin( Operation *op,
char **attrs, int managedsait )
{
- slapi_x_pblock_set_operation( op->o_pb, op );
+ slapi_int_pblock_set_operation( op->o_pb, op );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_TARGET, (void *)op->o_req_dn.bv_val );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_SCOPE, (void *)op->ors_scope );
slapi_pblock_set( op->o_pb, SLAPI_SEARCH_DEREF, (void *)op->ors_deref );
return -1;
}
- if ( slapi_x_init_object_extensions() != 0 ) {
+ if ( slapi_int_init_object_extensions() != 0 ) {
return -1;
}
extern int slapi_audit_send_record( Slapi_PBlock *pb, Connection *conn,
Operation *op, int rc);
-extern int slapi_x_pblock_set_operation( Slapi_PBlock *pb, Operation *op );
+extern int slapi_int_pblock_set_operation( Slapi_PBlock *pb, Operation *op );
-extern LDAPMod **slapi_x_modifications2ldapmods(Modifications **);
-extern Modifications *slapi_x_ldapmods2modifications(LDAPMod **);
-extern void slapi_x_free_ldapmods(LDAPMod **);
+extern LDAPMod **slapi_int_modifications2ldapmods(Modifications **);
+extern Modifications *slapi_int_ldapmods2modifications(LDAPMod **);
+extern void slapi_int_free_ldapmods(LDAPMod **);
extern int slapi_compute_add_evaluator(slapi_compute_callback_t function);
extern int slapi_compute_add_search_rewriter(slapi_search_rewrite_callback_t function);
extern int compute_rewrite_search_filter(Slapi_PBlock *pb);
extern int compute_evaluator(computed_attr_context *c, char *type, Slapi_Entry *e, slapi_compute_output_t outputfn);
-extern int slapi_x_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e);
+extern int slapi_int_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e);
extern int slapi_x_compute_get_pblock(computed_attr_context *c, Slapi_PBlock **pb);
-extern int slapi_x_access_allowed(Operation *op, Entry *entry, AttributeDescription *desc, struct berval *val, slap_access_t access, AccessControlState *state);
+extern int slapi_int_access_allowed(Operation *op, Entry *entry, AttributeDescription *desc, struct berval *val, slap_access_t access, AccessControlState *state);
extern ldap_pvt_thread_mutex_t slapi_hn_mutex;
extern ldap_pvt_thread_mutex_t slapi_time_mutex;
/*
* OpenLDAP extensions
*/
-extern int slapi_x_pblock_get_first( Backend *be, Slapi_PBlock **pb );
-extern int slapi_x_pblock_get_next( Slapi_PBlock **pb );
+extern int slapi_int_pblock_get_first( Backend *be, Slapi_PBlock **pb );
+extern int slapi_int_pblock_get_next( Slapi_PBlock **pb );
/*
char *suffix, char *chNum, Operation* op);
extern Backend * slapi_cl_get_be(char *dn);
-int slapi_x_init_object_extensions(void);
-int slapi_x_free_object_extensions(int objecttype, void *object);
-int slapi_x_create_object_extensions(int objecttype, void *object);
-int slapi_x_clear_object_extensions(int objecttype, void *object);
+int slapi_int_init_object_extensions(void);
+int slapi_int_free_object_extensions(int objecttype, void *object);
+int slapi_int_create_object_extensions(int objecttype, void *object);
+int slapi_int_clear_object_extensions(int objecttype, void *object);
LDAP_END_DECL
#endif /* LDAP_SLAPI */
}
-int slapi_x_create_object_extensions(int objecttype, void *object)
+int slapi_int_create_object_extensions(int objecttype, void *object)
{
#ifdef LDAP_SLAPI
int i, rc;
#endif
}
-int slapi_x_free_object_extensions(int objecttype, void *object)
+int slapi_int_free_object_extensions(int objecttype, void *object)
{
#ifdef LDAP_SLAPI
int i, rc;
}
/* for reusable object types */
-int slapi_x_clear_object_extensions(int objecttype, void *object)
+int slapi_int_clear_object_extensions(int objecttype, void *object)
{
#ifdef LDAP_SLAPI
int i, rc;
#endif
}
-int slapi_x_init_object_extensions(void)
+int slapi_int_init_object_extensions(void)
{
#ifdef LDAP_SLAPI
memset( ®istered_extensions, 0, sizeof( registered_extensions ) );
{
#if defined(LDAP_SLAPI)
char *str = NULL;
+ LDAPControl **rescontrols = NULL;
get( pb, SLAPI_CONN_DN,(void **)&str );
if ( str != NULL ) {
str = NULL;
}
+ get( pb, SLAPI_RESCONTROLS, (void **)&rescontrols );
+ if ( rescontrols != NULL ) {
+ ldap_controls_free( rescontrols );
+ rescontrols = NULL;
+ }
+
ldap_pvt_thread_mutex_destroy( &pb->pblockMutex );
ch_free( pb );
* OpenLDAP extension
*/
int
-slapi_x_pblock_get_first( Backend *be, Slapi_PBlock **pb )
+slapi_int_pblock_get_first( Backend *be, Slapi_PBlock **pb )
{
#if defined(LDAP_SLAPI)
assert( pb );
* OpenLDAP extension
*/
int
-slapi_x_pblock_get_next( Slapi_PBlock **pb )
+slapi_int_pblock_get_next( Slapi_PBlock **pb )
{
#if defined(LDAP_SLAPI)
assert( pb );
/*
* Internal API to prime a Slapi_PBlock with an Operation.
*/
-int slapi_x_pblock_set_operation( Slapi_PBlock *pb, Operation *op )
+int slapi_int_pblock_set_operation( Slapi_PBlock *pb, Operation *op )
{
#ifdef LDAP_SLAPI
int isRoot = 0;
return LDAP_PARAM_ERROR;
}
- ml = slapi_x_ldapmods2modifications( mods );
+ ml = slapi_int_ldapmods2modifications( mods );
if ( ml == NULL ) {
return LDAP_OTHER;
}
*
* This function must also be called before slap_mods_check().
*/
-LDAPMod **slapi_x_modifications2ldapmods(Modifications **pmodlist)
+LDAPMod **slapi_int_modifications2ldapmods(Modifications **pmodlist)
{
#ifdef LDAP_SLAPI
Modifications *ml, *modlist;
*
* The returned Modification list contains pointers into the
* LDAPMods array; the latter MUST be freed with
- * slapi_x_free_ldapmods() (see below).
+ * slapi_int_free_ldapmods() (see below).
*/
-Modifications *slapi_x_ldapmods2modifications (LDAPMod **mods)
+Modifications *slapi_int_ldapmods2modifications (LDAPMod **mods)
{
#ifdef LDAP_SLAPI
Modifications *modlist = NULL, **modtail;
/*
* This function only frees the parts of the mods array that
* are not shared with the Modification list that was created
- * by slapi_x_ldapmods2modifications().
+ * by slapi_int_ldapmods2modifications().
*
*/
-void slapi_x_free_ldapmods (LDAPMod **mods)
+void slapi_int_free_ldapmods (LDAPMod **mods)
{
#ifdef LDAP_SLAPI
int i, j;
* op->o_callback->sc_sendentry, if you wish to make computed
* attributes available to it.
*/
-int slapi_x_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
+int slapi_int_compute_output_ber(computed_attr_context *c, Slapi_Attr *a, Slapi_Entry *e)
{
#ifdef LDAP_SLAPI
Operation *op = NULL;
}
if ( !access_allowed( op, e, desc, NULL, ACL_READ, &c->cac_acl_state) ) {
- slapi_log_error( SLAPI_LOG_ACL, "slapi_x_compute_output_ber",
+ slapi_log_error( SLAPI_LOG_ACL, "slapi_int_compute_output_ber",
"acl: access to attribute %s not allowed\n",
desc->ad_cname.bv_val );
return 0;
rc = ber_printf( ber, "{O[" /*]}*/ , &desc->ad_cname );
if (rc == -1 ) {
- slapi_log_error( SLAPI_LOG_BER, "slapi_x_compute_output_ber",
+ slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
"ber_printf failed\n");
return 1;
}
for ( i = 0; a->a_vals[i].bv_val != NULL; i++ ) {
if ( !access_allowed( op, e,
desc, &a->a_vals[i], ACL_READ, &c->cac_acl_state)) {
- slapi_log_error( SLAPI_LOG_ACL, "slapi_x_compute_output_ber",
+ slapi_log_error( SLAPI_LOG_ACL, "slapi_int_compute_output_ber",
"conn %lu "
"acl: access to %s, value %d not allowed\n",
op->o_connid, desc->ad_cname.bv_val, i );
}
if (( rc = ber_printf( ber, "O", &a->a_vals[i] )) == -1 ) {
- slapi_log_error( SLAPI_LOG_BER, "slapi_x_compute_output_ber",
+ slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
"ber_printf failed\n");
return 1;
}
}
if (( rc = ber_printf( ber, /*{[*/ "]N}" )) == -1 ) {
- slapi_log_error( SLAPI_LOG_BER, "slapi_x_compute_output_ber",
+ slapi_log_error( SLAPI_LOG_BER, "slapi_int_compute_output_ber",
"ber_printf failed\n" );
return 1;
}
#endif
}
-int slapi_x_access_allowed( Operation *op,
+int slapi_int_access_allowed( Operation *op,
Entry *entry,
AttributeDescription *desc,
struct berval *val,
return 1;
}
- slapi_x_pblock_set_operation( op->o_pb, op );
+ slapi_int_pblock_set_operation( op->o_pb, op );
rc = 1; /* default allow policy */