Back to index

openldap  2.4.31
slap.h
Go to the documentation of this file.
00001 /* slap.h - stand alone ldap server include file */
00002 /* $OpenLDAP$ */
00003 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00004  *
00005  * Copyright 1998-2012 The OpenLDAP Foundation.
00006  * All rights reserved.
00007  *
00008  * Redistribution and use in source and binary forms, with or without
00009  * modification, are permitted only as authorized by the OpenLDAP
00010  * Public License.
00011  *
00012  * A copy of this license is available in the file LICENSE in the
00013  * top-level directory of the distribution or, alternatively, at
00014  * <http://www.OpenLDAP.org/license.html>.
00015  */
00016 /* Portions Copyright (c) 1995 Regents of the University of Michigan.
00017  * All rights reserved.
00018  *
00019  * Redistribution and use in source and binary forms are permitted
00020  * provided that this notice is preserved and that due credit is given
00021  * to the University of Michigan at Ann Arbor. The name of the University
00022  * may not be used to endorse or promote products derived from this
00023  * software without specific prior written permission. This software
00024  * is provided ``as is'' without express or implied warranty.
00025  */
00026 
00027 #ifndef _SLAP_H_
00028 #define _SLAP_H_
00029 
00030 #include "ldap_defaults.h"
00031 
00032 #include <stdio.h>
00033 #include <ac/stdlib.h>
00034 
00035 #include <sys/types.h>
00036 #include <ac/syslog.h>
00037 #include <ac/regex.h>
00038 #include <ac/signal.h>
00039 #include <ac/socket.h>
00040 #include <ac/time.h>
00041 #include <ac/param.h>
00042 
00043 #include "avl.h"
00044 
00045 #ifndef ldap_debug
00046 #define ldap_debug slap_debug
00047 #endif
00048 
00049 #include "ldap_log.h"
00050 
00051 #include <ldap.h>
00052 #include <ldap_schema.h>
00053 
00054 #include "lber_pvt.h"
00055 #include "ldap_pvt.h"
00056 #include "ldap_pvt_thread.h"
00057 #include "ldap_queue.h"
00058 
00059 LDAP_BEGIN_DECL
00060 
00061 #ifdef LDAP_DEVEL
00062 #define LDAP_COLLECTIVE_ATTRIBUTES
00063 #define LDAP_COMP_MATCH
00064 #define LDAP_SYNC_TIMESTAMP
00065 #define SLAP_CONTROL_X_WHATFAILED
00066 #define SLAP_CONFIG_DELETE
00067 #ifndef SLAP_SCHEMA_EXPOSE
00068 #define SLAP_SCHEMA_EXPOSE
00069 #endif
00070 #endif
00071 
00072 #define LDAP_DYNAMIC_OBJECTS
00073 #define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE
00074 #define SLAP_CONTROL_X_SESSION_TRACKING
00075 #define SLAP_DISTPROC
00076 
00077 #ifdef ENABLE_REWRITE
00078 #define SLAP_AUTH_REWRITE   1 /* use librewrite for sasl-regexp */
00079 #endif
00080 
00081 /*
00082  * SLAPD Memory allocation macros
00083  *
00084  * Unlike ch_*() routines, these routines do not assert() upon
00085  * allocation error.  They are intended to be used instead of
00086  * ch_*() routines where the caller has implemented proper
00087  * checking for and handling of allocation errors.
00088  *
00089  * Patches to convert ch_*() calls to SLAP_*() calls welcomed.
00090  */
00091 #define SLAP_MALLOC(s)      ber_memalloc((s))
00092 #define SLAP_CALLOC(n,s)    ber_memcalloc((n),(s))
00093 #define SLAP_REALLOC(p,s)   ber_memrealloc((p),(s))
00094 #define SLAP_FREE(p)        ber_memfree((p))
00095 #define SLAP_VFREE(v)       ber_memvfree((void**)(v))
00096 #define SLAP_STRDUP(s)      ber_strdup((s))
00097 #define SLAP_STRNDUP(s,l)   ber_strndup((s),(l))
00098 
00099 #ifdef f_next
00100 #undef f_next /* name conflict between sys/file.h on SCO and struct filter */
00101 #endif
00102 
00103 #define SERVICE_NAME  OPENLDAP_PACKAGE "-slapd"
00104 #define SLAPD_ANONYMOUS ""
00105 
00106 #ifdef HAVE_TCPD
00107 # include <tcpd.h>
00108 # define SLAP_STRING_UNKNOWN       STRING_UNKNOWN
00109 #else /* ! TCP Wrappers */
00110 # define SLAP_STRING_UNKNOWN       "unknown"
00111 #endif /* ! TCP Wrappers */
00112 
00113 /* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h! */
00114 /* These values are used internally by the backends. */
00115 /* SLAP_MOD_SOFTADD allows adding values that already exist without getting
00116  * an error as required by modrdn when the new rdn was already an attribute
00117  * value itself.
00118  */
00119 #define SLAP_MOD_SOFTADD           0x1000
00120 /* SLAP_MOD_SOFTDEL allows deleting values if they exist without getting
00121  * an error otherwise.
00122  */
00123 #define SLAP_MOD_SOFTDEL           0x1001
00124 /* SLAP_MOD_ADD_IF_NOT_PRESENT allows adding values unless the attribute
00125  * is already present without getting an error.
00126  */
00127 #define SLAP_MOD_ADD_IF_NOT_PRESENT       0x1002
00128 /* SLAP_MOD_DEL_IF_PRESENT allows deleting values if the attribute
00129  * is present, without getting an error otherwise.
00130  * The semantics can be obtained using SLAP_MOD_SOFTDEL with NULL values.
00131  */
00132 
00133 #define MAXREMATCHES (100)
00134 
00135 #define SLAP_MAX_WORKER_THREADS           (16)
00136 
00137 #define SLAP_SB_MAX_INCOMING_DEFAULT ((1<<18) - 1)
00138 #define SLAP_SB_MAX_INCOMING_AUTH ((1<<24) - 1)
00139 
00140 #define SLAP_CONN_MAX_PENDING_DEFAULT     100
00141 #define SLAP_CONN_MAX_PENDING_AUTH 1000
00142 
00143 #define SLAP_TEXT_BUFLEN (256)
00144 
00145 /* pseudo error code indicating abandoned operation */
00146 #define SLAPD_ABANDON (-1024)
00147 
00148 /* pseudo error code indicating disconnect */
00149 #define SLAPD_DISCONNECT (-1025)
00150 
00151 /* unknown config file directive */
00152 #define SLAP_CONF_UNKNOWN (-1026)
00153 
00154 /* We assume "C" locale, that is US-ASCII */
00155 #define ASCII_SPACE(c)      ( (c) == ' ' )
00156 #define ASCII_LOWER(c)      ( (c) >= 'a' && (c) <= 'z' )
00157 #define ASCII_UPPER(c)      ( (c) >= 'A' && (c) <= 'Z' )
00158 #define ASCII_ALPHA(c)      ( ASCII_LOWER(c) || ASCII_UPPER(c) )
00159 #define ASCII_DIGIT(c)      ( (c) >= '0' && (c) <= '9' )
00160 #define ASCII_HEXLOWER(c)   ( (c) >= 'a' && (c) <= 'f' )
00161 #define ASCII_HEXUPPER(c)   ( (c) >= 'A' && (c) <= 'F' )
00162 #define ASCII_HEX(c) ( ASCII_DIGIT(c) || \
00163        ASCII_HEXLOWER(c) || ASCII_HEXUPPER(c) )
00164 #define ASCII_ALNUM(c)      ( ASCII_ALPHA(c) || ASCII_DIGIT(c) )
00165 #define ASCII_PRINTABLE(c) ( (c) >= ' ' && (c) <= '~' )
00166 
00167 #define SLAP_NIBBLE(c) ((c)&0x0f)
00168 #define SLAP_ESCAPE_CHAR ('\\')
00169 #define SLAP_ESCAPE_LO(c) ( "0123456789ABCDEF"[SLAP_NIBBLE(c)] )
00170 #define SLAP_ESCAPE_HI(c) ( SLAP_ESCAPE_LO((c)>>4) )
00171 
00172 #define FILTER_ESCAPE(c) ( (c) == '*' || (c) == '\\' \
00173        || (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) )
00174 
00175 #define DN_ESCAPE(c) ((c) == SLAP_ESCAPE_CHAR)
00176 /* NOTE: for consistency, this macro must only operate
00177  * on normalized/pretty DN, such that ';' is never used
00178  * as RDN separator, and all occurrences of ';' must be escaped */
00179 #define DN_SEPARATOR(c)     ((c) == ',')
00180 #define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 4514 */
00181 #define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c))
00182 #define RDN_NEEDSESCAPE(c)  ((c) == '\\' || (c) == '"')
00183 
00184 #define DESC_LEADCHAR(c)    ( ASCII_ALPHA(c) )
00185 #define DESC_CHAR(c) ( ASCII_ALNUM(c) || (c) == '-' )
00186 #define OID_LEADCHAR(c)     ( ASCII_DIGIT(c) )
00187 #define OID_SEPARATOR(c)    ( (c) == '.' )
00188 #define OID_CHAR(c)  ( OID_LEADCHAR(c) || OID_SEPARATOR(c) )
00189 
00190 #define ATTR_LEADCHAR(c)    ( DESC_LEADCHAR(c) || OID_LEADCHAR(c) )
00191 #define ATTR_CHAR(c) ( DESC_CHAR((c)) || OID_SEPARATOR(c) )
00192 
00193 #define AD_LEADCHAR(c)      ( ATTR_LEADCHAR(c) )
00194 #define AD_CHAR(c)          ( ATTR_CHAR(c) || (c) == ';' )
00195 
00196 #define SLAP_NUMERIC(c) ( ASCII_DIGIT(c) || ASCII_SPACE(c) )
00197 
00198 #define SLAP_PRINTABLE(c)   ( ASCII_ALNUM(c) || (c) == '\'' || \
00199        (c) == '(' || (c) == ')' || (c) == '+' || (c) == ',' || \
00200        (c) == '-' || (c) == '.' || (c) == '/' || (c) == ':' || \
00201        (c) == '?' || (c) == ' ' || (c) == '=' )
00202 #define SLAP_PRINTABLES(c)  ( SLAP_PRINTABLE(c) || (c) == '$' )
00203 
00204 /* must match in schema_init.c */
00205 #define SLAPD_DN_SYNTAX                   "1.3.6.1.4.1.1466.115.121.1.12"
00206 #define SLAPD_NAMEUID_SYNTAX       "1.3.6.1.4.1.1466.115.121.1.34"
00207 #define SLAPD_INTEGER_SYNTAX       "1.3.6.1.4.1.1466.115.121.1.27"
00208 #define SLAPD_GROUP_ATTR           "member"
00209 #define SLAPD_GROUP_CLASS          "groupOfNames"
00210 #define SLAPD_ROLE_ATTR                   "roleOccupant"
00211 #define SLAPD_ROLE_CLASS           "organizationalRole"
00212 
00213 #define SLAPD_TOP_OID                     "2.5.6.0"
00214 
00215 LDAP_SLAPD_V (int) slap_debug;
00216 
00217 typedef unsigned long slap_mask_t;
00218 
00219 /* Security Strength Factor */
00220 typedef unsigned slap_ssf_t;
00221 
00222 typedef struct slap_ssf_set {
00223        slap_ssf_t sss_ssf;
00224        slap_ssf_t sss_transport;
00225        slap_ssf_t sss_tls;
00226        slap_ssf_t sss_sasl;
00227        slap_ssf_t sss_update_ssf;
00228        slap_ssf_t sss_update_transport;
00229        slap_ssf_t sss_update_tls;
00230        slap_ssf_t sss_update_sasl;
00231        slap_ssf_t sss_simple_bind;
00232 } slap_ssf_set_t;
00233 
00234 /* Flags for telling slap_sasl_getdn() what type of identity is being passed */
00235 #define SLAP_GETDN_AUTHCID 2
00236 #define SLAP_GETDN_AUTHZID 4
00237 
00238 /*
00239  * Index types
00240  */
00241 #define SLAP_INDEX_TYPE           0x00FFUL
00242 #define SLAP_INDEX_UNDEFINED      0x0001UL
00243 #define SLAP_INDEX_PRESENT        0x0002UL
00244 #define SLAP_INDEX_EQUALITY       0x0004UL
00245 #define SLAP_INDEX_APPROX         0x0008UL
00246 #define SLAP_INDEX_SUBSTR         0x0010UL
00247 #define SLAP_INDEX_EXTENDED          0x0020UL
00248 
00249 #define SLAP_INDEX_DEFAULT        SLAP_INDEX_EQUALITY
00250 
00251 #define IS_SLAP_INDEX(mask, type)  (((mask) & (type)) == (type))
00252 
00253 #define SLAP_INDEX_SUBSTR_TYPE    0x0F00UL
00254 
00255 #define SLAP_INDEX_SUBSTR_INITIAL ( SLAP_INDEX_SUBSTR | 0x0100UL ) 
00256 #define SLAP_INDEX_SUBSTR_ANY     ( SLAP_INDEX_SUBSTR | 0x0200UL )
00257 #define SLAP_INDEX_SUBSTR_FINAL   ( SLAP_INDEX_SUBSTR | 0x0400UL )
00258 #define SLAP_INDEX_SUBSTR_DEFAULT \
00259        ( SLAP_INDEX_SUBSTR \
00260        | SLAP_INDEX_SUBSTR_INITIAL \
00261        | SLAP_INDEX_SUBSTR_ANY \
00262        | SLAP_INDEX_SUBSTR_FINAL )
00263 
00264 /* defaults for initial/final substring indices */
00265 #define SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT      2
00266 #define SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT      4
00267 
00268 /* defaults for any substring indices */
00269 #define SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT        4
00270 #define SLAP_INDEX_SUBSTR_ANY_STEP_DEFAULT              2
00271 
00272 /* default for ordered integer index keys */
00273 #define SLAP_INDEX_INTLEN_DEFAULT  4
00274 
00275 #define SLAP_INDEX_FLAGS         0xF000UL
00276 #define SLAP_INDEX_NOSUBTYPES    0x1000UL /* don't use index w/ subtypes */
00277 #define SLAP_INDEX_NOTAGS        0x2000UL /* don't use index w/ tags */
00278 
00279 /*
00280  * there is a single index for each attribute.  these prefixes ensure
00281  * that there is no collision among keys.
00282  */
00283 #define SLAP_INDEX_EQUALITY_PREFIX '='    /* prefix for equality keys     */
00284 #define SLAP_INDEX_APPROX_PREFIX   '~'           /* prefix for approx keys       */
00285 #define SLAP_INDEX_SUBSTR_PREFIX   '*'           /* prefix for substring keys    */
00286 #define SLAP_INDEX_SUBSTR_INITIAL_PREFIX '^'
00287 #define SLAP_INDEX_SUBSTR_FINAL_PREFIX '$'
00288 #define SLAP_INDEX_CONT_PREFIX            '.'           /* prefix for continuation keys */
00289 
00290 #define SLAP_SYNTAX_MATCHINGRULES_OID      "1.3.6.1.4.1.1466.115.121.1.30"
00291 #define SLAP_SYNTAX_ATTRIBUTETYPES_OID     "1.3.6.1.4.1.1466.115.121.1.3"
00292 #define SLAP_SYNTAX_OBJECTCLASSES_OID      "1.3.6.1.4.1.1466.115.121.1.37"
00293 #define SLAP_SYNTAX_MATCHINGRULEUSES_OID "1.3.6.1.4.1.1466.115.121.1.31"
00294 #define SLAP_SYNTAX_CONTENTRULE_OID        "1.3.6.1.4.1.1466.115.121.1.16"
00295 
00296 /*
00297  * represents schema information for a database
00298  */
00299 enum {
00300        SLAP_SCHERR_OUTOFMEM = 1,
00301        SLAP_SCHERR_CLASS_NOT_FOUND,
00302        SLAP_SCHERR_CLASS_BAD_USAGE,
00303        SLAP_SCHERR_CLASS_BAD_SUP,
00304        SLAP_SCHERR_CLASS_DUP,
00305        SLAP_SCHERR_CLASS_INCONSISTENT,
00306        SLAP_SCHERR_ATTR_NOT_FOUND,
00307        SLAP_SCHERR_ATTR_BAD_MR,
00308        SLAP_SCHERR_ATTR_BAD_USAGE,
00309        SLAP_SCHERR_ATTR_BAD_SUP,
00310        SLAP_SCHERR_ATTR_INCOMPLETE,
00311        SLAP_SCHERR_ATTR_DUP,
00312        SLAP_SCHERR_ATTR_INCONSISTENT,
00313        SLAP_SCHERR_MR_NOT_FOUND,
00314        SLAP_SCHERR_MR_INCOMPLETE,
00315        SLAP_SCHERR_MR_DUP,
00316        SLAP_SCHERR_SYN_NOT_FOUND,
00317        SLAP_SCHERR_SYN_DUP,
00318        SLAP_SCHERR_SYN_SUP_NOT_FOUND,
00319        SLAP_SCHERR_SYN_SUBST_NOT_SPECIFIED,
00320        SLAP_SCHERR_SYN_SUBST_NOT_FOUND,
00321        SLAP_SCHERR_NO_NAME,
00322        SLAP_SCHERR_NOT_SUPPORTED,
00323        SLAP_SCHERR_BAD_DESCR,
00324        SLAP_SCHERR_OIDM,
00325        SLAP_SCHERR_CR_DUP,
00326        SLAP_SCHERR_CR_BAD_STRUCT,
00327        SLAP_SCHERR_CR_BAD_AUX,
00328        SLAP_SCHERR_CR_BAD_AT,
00329 
00330        SLAP_SCHERR_LAST
00331 };
00332 
00333 /* forward declarations */
00334 typedef struct Syntax Syntax;
00335 typedef struct MatchingRule MatchingRule;
00336 typedef struct MatchingRuleUse MatchingRuleUse;
00337 typedef struct MatchingRuleAssertion MatchingRuleAssertion;
00338 typedef struct OidMacro OidMacro;
00339 typedef struct ObjectClass ObjectClass;
00340 typedef struct AttributeType AttributeType;
00341 typedef struct AttributeDescription AttributeDescription;
00342 typedef struct AttributeName AttributeName;
00343 typedef struct ContentRule ContentRule;
00344 
00345 typedef struct AttributeAssertion AttributeAssertion;
00346 typedef struct SubstringsAssertion SubstringsAssertion;
00347 typedef struct Filter Filter;
00348 typedef struct ValuesReturnFilter ValuesReturnFilter;
00349 typedef struct Attribute Attribute;
00350 #ifdef LDAP_COMP_MATCH
00351 typedef struct ComponentData ComponentData;
00352 typedef struct ComponentFilter ComponentFilter;
00353 #endif
00354 
00355 typedef struct Entry Entry;
00356 typedef struct Modification Modification;
00357 typedef struct Modifications Modifications;
00358 typedef struct LDAPModList LDAPModList;
00359 
00360 typedef struct BackendInfo BackendInfo;          /* per backend type */
00361 typedef struct BackendDB BackendDB;              /* per backend database */
00362 
00363 typedef struct Connection Connection;
00364 typedef struct Operation Operation;
00365 typedef struct SlapReply SlapReply;
00366 /* end of forward declarations */
00367 
00368 typedef union Sockaddr {
00369        struct sockaddr sa_addr;
00370        struct sockaddr_in sa_in_addr;
00371 #ifdef LDAP_PF_INET6
00372        struct sockaddr_storage sa_storage;
00373        struct sockaddr_in6 sa_in6_addr;
00374 #endif
00375 #ifdef LDAP_PF_LOCAL
00376        struct sockaddr_un sa_un_addr;
00377 #endif
00378 } Sockaddr;
00379 
00380 #ifdef LDAP_PF_INET6
00381 extern int slap_inet4or6;
00382 #endif
00383 
00384 struct OidMacro {
00385        struct berval som_oid;
00386        BerVarray som_names;
00387        BerVarray som_subs;
00388 #define       SLAP_OM_HARDCODE     0x10000U      /* This is hardcoded schema */
00389        int som_flags;
00390        LDAP_STAILQ_ENTRY(OidMacro) som_next;
00391 };
00392 
00393 typedef int slap_syntax_validate_func LDAP_P((
00394        Syntax *syntax,
00395        struct berval * in));
00396 
00397 typedef int slap_syntax_transform_func LDAP_P((
00398        Syntax *syntax,
00399        struct berval * in,
00400        struct berval * out,
00401        void *memctx));
00402 
00403 #ifdef LDAP_COMP_MATCH
00404 typedef void* slap_component_transform_func LDAP_P((
00405        struct berval * in ));
00406 struct ComponentDesc;
00407 #endif
00408 
00409 struct Syntax {
00410        LDAPSyntax                  ssyn_syn;
00411 #define ssyn_oid            ssyn_syn.syn_oid
00412 #define ssyn_desc           ssyn_syn.syn_desc
00413 #define ssyn_extensions     ssyn_syn.syn_extensions
00414        /*
00415         * Note: the former
00416        ber_len_t     ssyn_oidlen;
00417         * has been replaced by a struct berval that uses the value
00418         * provided by ssyn_syn.syn_oid; a macro that expands to
00419         * the bv_len field of the berval is provided for backward
00420         * compatibility.  CAUTION: NEVER FREE THE BERVAL
00421         */
00422        struct berval ssyn_bvoid;
00423 #define       ssyn_oidlen   ssyn_bvoid.bv_len
00424 
00425        unsigned int ssyn_flags;
00426 
00427 #define SLAP_SYNTAX_NONE    0x0000U
00428 #define SLAP_SYNTAX_BLOB    0x0001U /* syntax treated as blob (audio) */
00429 #define SLAP_SYNTAX_BINARY  0x0002U /* binary transfer required (certificate) */
00430 #define SLAP_SYNTAX_BER            0x0004U /* stored in BER encoding (certificate) */
00431 #ifdef SLAP_SCHEMA_EXPOSE
00432 #define SLAP_SYNTAX_HIDE    0x0000U /* publish everything */
00433 #else
00434 #define SLAP_SYNTAX_HIDE    0x8000U /* hide (do not publish) */
00435 #endif
00436 #define       SLAP_SYNTAX_HARDCODE 0x10000U      /* This is hardcoded schema */
00437 #define       SLAP_SYNTAX_DN              0x20000U      /* Treat like a DN */
00438 
00439        Syntax                      **ssyn_sups;
00440 
00441        slap_syntax_validate_func   *ssyn_validate;
00442        slap_syntax_transform_func  *ssyn_pretty;
00443 
00444 #ifdef SLAPD_BINARY_CONVERSION
00445        /* convert to and from binary */
00446        slap_syntax_transform_func  *ssyn_ber2str;
00447        slap_syntax_transform_func  *ssyn_str2ber;
00448 #endif
00449 #ifdef LDAP_COMP_MATCH
00450        slap_component_transform_func *ssyn_attr2comp;
00451        struct ComponentDesc* ssync_comp_syntax;
00452 #endif
00453 
00454        LDAP_STAILQ_ENTRY(Syntax)   ssyn_next;
00455 };
00456 
00457 #define slap_syntax_is_flag(s,flag) ((int)((s)->ssyn_flags & (flag)) ? 1 : 0)
00458 #define slap_syntax_is_blob(s)            slap_syntax_is_flag((s),SLAP_SYNTAX_BLOB)
00459 #define slap_syntax_is_binary(s)   slap_syntax_is_flag((s),SLAP_SYNTAX_BINARY)
00460 #define slap_syntax_is_ber(s)             slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
00461 #define slap_syntax_is_hidden(s)   slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
00462 
00463 typedef struct slap_syntax_defs_rec {
00464        char *sd_desc;
00465        int sd_flags;
00466        char **sd_sups;
00467        slap_syntax_validate_func *sd_validate;
00468        slap_syntax_transform_func *sd_pretty;
00469 #ifdef SLAPD_BINARY_CONVERSION
00470        slap_syntax_transform_func *sd_ber2str;
00471        slap_syntax_transform_func *sd_str2ber;
00472 #endif
00473 } slap_syntax_defs_rec;
00474 
00475 /* X -> Y Converter */
00476 typedef int slap_mr_convert_func LDAP_P((
00477        struct berval * in,
00478        struct berval * out,
00479        void *memctx ));
00480 
00481 /* Normalizer */
00482 typedef int slap_mr_normalize_func LDAP_P((
00483        slap_mask_t use,
00484        Syntax *syntax, /* NULL if in is asserted value */
00485        MatchingRule *mr,
00486        struct berval *in,
00487        struct berval *out,
00488        void *memctx ));
00489 
00490 /* Match (compare) function */
00491 typedef int slap_mr_match_func LDAP_P((
00492        int *match,
00493        slap_mask_t use,
00494        Syntax *syntax,      /* syntax of stored value */
00495        MatchingRule *mr,
00496        struct berval *value,
00497        void *assertValue ));
00498 
00499 /* Index generation function */
00500 typedef int slap_mr_indexer_func LDAP_P((
00501        slap_mask_t use,
00502        slap_mask_t mask,
00503        Syntax *syntax,      /* syntax of stored value */
00504        MatchingRule *mr,
00505        struct berval *prefix,
00506        BerVarray values,
00507        BerVarray *keys,
00508        void *memctx ));
00509 
00510 /* Filter index function */
00511 typedef int slap_mr_filter_func LDAP_P((
00512        slap_mask_t use,
00513        slap_mask_t mask,
00514        Syntax *syntax,      /* syntax of stored value */
00515        MatchingRule *mr,
00516        struct berval *prefix,
00517        void *assertValue,
00518        BerVarray *keys,
00519        void *memctx ));
00520 
00521 struct MatchingRule {
00522        LDAPMatchingRule            smr_mrule;
00523        MatchingRuleUse                    *smr_mru;
00524        /* RFC 4512 string representation */
00525        struct berval               smr_str;
00526        /*
00527         * Note: the former
00528         *                   ber_len_t     smr_oidlen;
00529         * has been replaced by a struct berval that uses the value
00530         * provided by smr_mrule.mr_oid; a macro that expands to
00531         * the bv_len field of the berval is provided for backward
00532         * compatibility.  CAUTION: NEVER FREE THE BERVAL
00533         */
00534        struct berval               smr_bvoid;
00535 #define       smr_oidlen                  smr_bvoid.bv_len
00536 
00537        slap_mask_t                 smr_usage;
00538 
00539 #ifdef SLAP_SCHEMA_EXPOSE
00540 #define SLAP_MR_HIDE               0x0000U
00541 #else
00542 #define SLAP_MR_HIDE               0x8000U
00543 #endif
00544 
00545 #define SLAP_MR_MUTATION_NORMALIZER       0x4000U
00546 
00547 #define SLAP_MR_TYPE_MASK          0x0F00U
00548 #define SLAP_MR_SUBTYPE_MASK              0x00F0U
00549 #define SLAP_MR_USAGE                     0x000FU
00550 
00551 #define SLAP_MR_NONE               0x0000U
00552 #define SLAP_MR_EQUALITY           0x0100U
00553 #define SLAP_MR_ORDERING           0x0200U
00554 #define SLAP_MR_SUBSTR                    0x0400U
00555 #define SLAP_MR_EXT                0x0800U /* implicitly extensible */
00556 #define       SLAP_MR_ORDERED_INDEX              0x1000U
00557 #ifdef LDAP_COMP_MATCH
00558 #define SLAP_MR_COMPONENT          0x2000U
00559 #endif
00560 
00561 #define SLAP_MR_EQUALITY_APPROX    ( SLAP_MR_EQUALITY | 0x0010U )
00562 
00563 #define SLAP_MR_SUBSTR_INITIAL     ( SLAP_MR_SUBSTR | 0x0010U )
00564 #define SLAP_MR_SUBSTR_ANY  ( SLAP_MR_SUBSTR | 0x0020U )
00565 #define SLAP_MR_SUBSTR_FINAL       ( SLAP_MR_SUBSTR | 0x0040U )
00566 
00567 
00568 /*
00569  * The asserted value, depending on the particular usage,
00570  * is expected to conform to either the assertion syntax
00571  * or the attribute syntax.   In some cases, the syntax of
00572  * the value is known.  If so, these flags indicate which
00573  * syntax the value is expected to conform to.  If not,
00574  * neither of these flags is set (until the syntax of the
00575  * provided value is determined).  If the value is of the
00576  * attribute syntax, the flag is changed once a value of
00577  * the assertion syntax is derived from the provided value.
00578  */
00579 #define SLAP_MR_VALUE_OF_ASSERTION_SYNTAX 0x0001U
00580 #define SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX 0x0002U
00581 #define SLAP_MR_VALUE_OF_SYNTAX                  (SLAP_MR_VALUE_OF_ASSERTION_SYNTAX|SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX)
00582 #define SLAP_MR_DENORMALIZE               (SLAP_MR_MUTATION_NORMALIZER)
00583 
00584 #define SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX( usage ) \
00585        ((usage) & SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX )
00586 #define SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX( usage ) \
00587        ((usage) & SLAP_MR_VALUE_OF_ASSERTION_SYNTAX )
00588 #ifdef LDAP_DEBUG
00589 #define SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) \
00590        ((usage) & SLAP_MR_VALUE_OF_SYNTAX)
00591 #else
00592 #define SLAP_MR_IS_VALUE_OF_SYNTAX( usage )      (1)
00593 #endif
00594 #define SLAP_MR_IS_DENORMALIZE( usage ) \
00595        ((usage) & SLAP_MR_DENORMALIZE )
00596 
00597 /* either or both the asserted value or attribute value
00598  * may be provided in normalized form
00599  */
00600 #define SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH         0x0004U
00601 #define SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH 0x0008U
00602 
00603 #define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \
00604        (!((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_MATCH))
00605 #define SLAP_IS_MR_ATTRIBUTE_SYNTAX_MATCH( usage ) \
00606        ((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_MATCH)
00607 
00608 #define SLAP_IS_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH( usage ) \
00609        (((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH) \
00610               == SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH)
00611 #define SLAP_IS_MR_ATTRIBUTE_SYNTAX_NONCONVERTED_MATCH( usage ) \
00612        (((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH) \
00613               == SLAP_MR_ATTRIBUTE_SYNTAX_MATCH)
00614 
00615 #define SLAP_IS_MR_ASSERTED_VALUE_NORMALIZED_MATCH( usage ) \
00616        ((usage) & SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH )
00617 #define SLAP_IS_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH( usage ) \
00618        ((usage) & SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH )
00619 
00620        Syntax               *smr_syntax;
00621        slap_mr_convert_func *smr_convert;
00622        slap_mr_normalize_func      *smr_normalize;
00623        slap_mr_match_func   *smr_match;
00624        slap_mr_indexer_func *smr_indexer;
00625        slap_mr_filter_func  *smr_filter;
00626 
00627        /*
00628         * null terminated array of syntaxes compatible with this syntax
00629         * note: when MS_EXT is set, this MUST NOT contain the assertion
00630         * syntax of the rule.  When MS_EXT is not set, it MAY.
00631         */
00632        Syntax               **smr_compat_syntaxes;
00633 
00634        /*
00635         * For equality rules, refers to an associated approximate rule.
00636         * For non-equality rules, refers to an associated equality rule.
00637         */
00638        MatchingRule  *smr_associated;
00639 
00640 #define SLAP_MR_ASSOCIATED(mr,amr) \
00641        (((mr) == (amr)) || ((mr)->smr_associated == (amr)))
00642 
00643        LDAP_SLIST_ENTRY(MatchingRule)     smr_next;
00644 
00645 #define smr_oid                           smr_mrule.mr_oid
00646 #define smr_names                  smr_mrule.mr_names
00647 #define smr_desc                   smr_mrule.mr_desc
00648 #define smr_obsolete        smr_mrule.mr_obsolete
00649 #define smr_syntax_oid             smr_mrule.mr_syntax_oid
00650 #define smr_extensions             smr_mrule.mr_extensions
00651 };
00652 
00653 struct MatchingRuleUse {
00654        LDAPMatchingRuleUse         smru_mruleuse;
00655        MatchingRule                *smru_mr;
00656        /* RFC 4512 string representation */
00657        struct berval               smru_str;
00658 
00659        LDAP_SLIST_ENTRY(MatchingRuleUse) smru_next;
00660 
00661 #define smru_oid                   smru_mruleuse.mru_oid
00662 #define smru_names                 smru_mruleuse.mru_names
00663 #define smru_desc                  smru_mruleuse.mru_desc
00664 #define smru_obsolete                     smru_mruleuse.mru_obsolete
00665 #define smru_applies_oids          smru_mruleuse.mru_applies_oids
00666 
00667 #define smru_usage                 smru_mr->smr_usage
00668 } /* MatchingRuleUse */ ;
00669 
00670 typedef struct slap_mrule_defs_rec {
00671        char *                                    mrd_desc;
00672        slap_mask_t                               mrd_usage;
00673        char **                                          mrd_compat_syntaxes;
00674        slap_mr_convert_func *             mrd_convert;
00675        slap_mr_normalize_func *    mrd_normalize;
00676        slap_mr_match_func *        mrd_match;
00677        slap_mr_indexer_func *             mrd_indexer;
00678        slap_mr_filter_func *              mrd_filter;
00679 
00680        /* For equality rule, this may refer to an associated approximate rule */
00681        /* For non-equality rule, this may refer to an associated equality rule */
00682        char *                                    mrd_associated;
00683 } slap_mrule_defs_rec;
00684 
00685 typedef int (AttributeTypeSchemaCheckFN)(
00686        BackendDB *be,
00687        Entry *e,
00688        Attribute *attr,
00689        const char** text,
00690        char *textbuf, size_t textlen );
00691 
00692 struct AttributeType {
00693        LDAPAttributeType           sat_atype;
00694        struct berval               sat_cname;
00695        AttributeType               *sat_sup;
00696        AttributeType               **sat_subtypes;
00697        MatchingRule                *sat_equality;
00698        MatchingRule                *sat_approx;
00699        MatchingRule                *sat_ordering;
00700        MatchingRule                *sat_substr;
00701        Syntax                      *sat_syntax;
00702 
00703        AttributeTypeSchemaCheckFN  *sat_check;
00704        char                        *sat_oidmacro;       /* attribute OID */
00705        char                        *sat_soidmacro;      /* syntax OID */
00706 
00707 #define SLAP_AT_NONE               0x0000U
00708 #define SLAP_AT_ABSTRACT           0x0100U /* cannot be instantiated */
00709 #define SLAP_AT_FINAL                     0x0200U /* cannot be subtyped */
00710 #ifdef SLAP_SCHEMA_EXPOSE
00711 #define SLAP_AT_HIDE               0x0000U /* publish everything */
00712 #else
00713 #define SLAP_AT_HIDE               0x8000U /* hide attribute */
00714 #endif
00715 #define       SLAP_AT_DYNAMIC                    0x0400U       /* dynamically generated */
00716 
00717 #define SLAP_AT_MANAGEABLE         0x0800U       /* no-user-mod can be by-passed */
00718 
00719 /* Note: ORDERED values have an ordering specifically set by the
00720  * user, denoted by the {x} ordering prefix on the values.
00721  *
00722  * SORTED values are simply sorted by memcmp. SORTED values can
00723  * be efficiently located by binary search. ORDERED values have no
00724  * such advantage. An attribute cannot have both properties.
00725  */
00726 #define       SLAP_AT_ORDERED_VAL         0x0001U /* values are ordered */
00727 #define       SLAP_AT_ORDERED_SIB         0x0002U /* siblings are ordered */
00728 #define       SLAP_AT_ORDERED                    0x0003U /* value has order index */
00729 
00730 #define       SLAP_AT_SORTED_VAL          0x0010U       /* values should be sorted */
00731 
00732 #define       SLAP_AT_HARDCODE            0x10000U      /* hardcoded schema */
00733 #define       SLAP_AT_DELETED                    0x20000U
00734 
00735        slap_mask_t                 sat_flags;
00736 
00737        LDAP_STAILQ_ENTRY(AttributeType) sat_next;
00738 
00739 #define sat_oid                           sat_atype.at_oid
00740 #define sat_names                  sat_atype.at_names
00741 #define sat_desc                   sat_atype.at_desc
00742 #define sat_obsolete               sat_atype.at_obsolete
00743 #define sat_sup_oid                sat_atype.at_sup_oid
00744 #define sat_equality_oid           sat_atype.at_equality_oid
00745 #define sat_ordering_oid           sat_atype.at_ordering_oid
00746 #define sat_substr_oid                    sat_atype.at_substr_oid
00747 #define sat_syntax_oid                    sat_atype.at_syntax_oid
00748 #define sat_single_value           sat_atype.at_single_value
00749 #define sat_collective                    sat_atype.at_collective
00750 #define sat_no_user_mod                   sat_atype.at_no_user_mod
00751 #define sat_usage                  sat_atype.at_usage
00752 #define sat_extensions                    sat_atype.at_extensions
00753 
00754        AttributeDescription        *sat_ad;
00755        ldap_pvt_thread_mutex_t            sat_ad_mutex;
00756 };
00757 
00758 #define is_at_operational(at)      ((at)->sat_usage)
00759 #define is_at_single_value(at)     ((at)->sat_single_value)
00760 #define is_at_collective(at)       ((at)->sat_collective)
00761 #define is_at_obsolete(at)         ((at)->sat_obsolete)
00762 #define is_at_no_user_mod(at)      ((at)->sat_no_user_mod)
00763 
00764 typedef int (ObjectClassSchemaCheckFN)(
00765        BackendDB *be,
00766        Entry *e,
00767        ObjectClass *oc,
00768        const char** text,
00769        char *textbuf, size_t textlen );
00770 
00771 struct ObjectClass {
00772        LDAPObjectClass                    soc_oclass;
00773        struct berval               soc_cname;
00774        ObjectClass                 **soc_sups;
00775        AttributeType               **soc_required;
00776        AttributeType               **soc_allowed;
00777        ObjectClassSchemaCheckFN    *soc_check;
00778        char                        *soc_oidmacro;
00779        slap_mask_t                 soc_flags;
00780 #define soc_oid                           soc_oclass.oc_oid
00781 #define soc_names                  soc_oclass.oc_names
00782 #define soc_desc                   soc_oclass.oc_desc
00783 #define soc_obsolete               soc_oclass.oc_obsolete
00784 #define soc_sup_oids               soc_oclass.oc_sup_oids
00785 #define soc_kind                   soc_oclass.oc_kind
00786 #define soc_at_oids_must           soc_oclass.oc_at_oids_must
00787 #define soc_at_oids_may                   soc_oclass.oc_at_oids_may
00788 #define soc_extensions                    soc_oclass.oc_extensions
00789 
00790        LDAP_STAILQ_ENTRY(ObjectClass)     soc_next;
00791 };
00792 
00793 #define       SLAP_OCF_SET_FLAGS   0x1
00794 #define       SLAP_OCF_CHECK_SUP   0x2
00795 #define       SLAP_OCF_MASK        (SLAP_OCF_SET_FLAGS|SLAP_OCF_CHECK_SUP)
00796 
00797 #define       SLAP_OC_ALIAS        0x0001
00798 #define       SLAP_OC_REFERRAL     0x0002
00799 #define       SLAP_OC_SUBENTRY     0x0004
00800 #define       SLAP_OC_DYNAMICOBJECT       0x0008
00801 #define       SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY       0x0010
00802 #define SLAP_OC_GLUE        0x0020
00803 #define SLAP_OC_SYNCPROVIDERSUBENTRY             0x0040
00804 #define SLAP_OC_SYNCCONSUMERSUBENTRY             0x0080
00805 #define       SLAP_OC__MASK        0x00FF
00806 #define       SLAP_OC__END         0x0100
00807 #define SLAP_OC_OPERATIONAL 0x4000
00808 #ifdef SLAP_SCHEMA_EXPOSE
00809 #define SLAP_OC_HIDE        0x0000
00810 #else
00811 #define SLAP_OC_HIDE        0x8000
00812 #endif
00813 #define       SLAP_OC_HARDCODE     0x10000U      /* This is hardcoded schema */
00814 #define       SLAP_OC_DELETED             0x20000U
00815 
00816 /*
00817  * DIT content rule
00818  */
00819 struct ContentRule {
00820        LDAPContentRule             scr_crule;
00821        ObjectClass          *scr_sclass;
00822        ObjectClass          **scr_auxiliaries;   /* optional */
00823        AttributeType        **scr_required;             /* optional */
00824        AttributeType        **scr_allowed;              /* optional */
00825        AttributeType        **scr_precluded;     /* optional */
00826 #define scr_oid                    scr_crule.cr_oid
00827 #define scr_names           scr_crule.cr_names
00828 #define scr_desc            scr_crule.cr_desc
00829 #define scr_obsolete        scr_crule.cr_obsolete
00830 #define scr_oc_oids_aux            scr_crule.cr_oc_oids_aux
00831 #define scr_at_oids_must    scr_crule.cr_at_oids_must
00832 #define scr_at_oids_may            scr_crule.cr_at_oids_may
00833 #define scr_at_oids_not            scr_crule.cr_at_oids_not
00834 
00835        char                 *scr_oidmacro;
00836 #define       SLAP_CR_HARDCODE     0x10000U
00837        int                  scr_flags;
00838 
00839        LDAP_STAILQ_ENTRY( ContentRule ) scr_next;
00840 };
00841 
00842 /* Represents a recognized attribute description ( type + options ). */
00843 struct AttributeDescription {
00844        AttributeDescription *ad_next;
00845        AttributeType        *ad_type;     /* attribute type, must be specified */
00846        struct berval        ad_cname;     /* canonical name, must be specified */
00847        struct berval        ad_tags;      /* empty if no tagging options */
00848        unsigned ad_flags;
00849 #define SLAP_DESC_NONE             0x00U
00850 #define SLAP_DESC_BINARY    0x01U
00851 #define SLAP_DESC_TAG_RANGE 0x80U
00852 #define SLAP_DESC_TEMPORARY 0x1000U
00853        unsigned ad_index;
00854 };
00855 
00856 /* flags to slap_*2undef_ad to register undefined (0, the default)
00857  * or proxied (SLAP_AD_PROXIED) AttributeDescriptions; the additional
00858  * SLAP_AD_NOINSERT is to lookup without insert */
00859 #define SLAP_AD_UNDEF              0x00U
00860 #define SLAP_AD_PROXIED            0x01U
00861 #define       SLAP_AD_NOINSERT     0x02U
00862 
00863 #define       SLAP_AN_OCEXCLUDE    0x01
00864 #define       SLAP_AN_OCINITED     0x02
00865 
00866 struct AttributeName {
00867        struct berval        an_name;
00868        AttributeDescription *an_desc;
00869        int                  an_flags;
00870        ObjectClass          *an_oc;
00871 };
00872 
00873 #define slap_ad_is_tagged(ad)                    ( (ad)->ad_tags.bv_len != 0 )
00874 #define slap_ad_is_tag_range(ad)   \
00875        ( ((ad)->ad_flags & SLAP_DESC_TAG_RANGE) ? 1 : 0 )
00876 #define slap_ad_is_binary(ad)             \
00877        ( ((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
00878 
00879 /*
00880  * pointers to schema elements used internally
00881  */
00882 struct slap_internal_schema {
00883        /* objectClass */
00884        ObjectClass *si_oc_top;
00885        ObjectClass *si_oc_extensibleObject;
00886        ObjectClass *si_oc_alias;
00887        ObjectClass *si_oc_referral;
00888        ObjectClass *si_oc_rootdse;
00889        ObjectClass *si_oc_subentry;
00890        ObjectClass *si_oc_subschema;
00891        ObjectClass *si_oc_collectiveAttributeSubentry;
00892        ObjectClass *si_oc_dynamicObject;
00893 
00894        ObjectClass *si_oc_glue;
00895        ObjectClass *si_oc_syncConsumerSubentry;
00896        ObjectClass *si_oc_syncProviderSubentry;
00897 
00898        /* objectClass attribute descriptions */
00899        AttributeDescription *si_ad_objectClass;
00900 
00901        /* operational attribute descriptions */
00902        AttributeDescription *si_ad_structuralObjectClass;
00903        AttributeDescription *si_ad_creatorsName;
00904        AttributeDescription *si_ad_createTimestamp;
00905        AttributeDescription *si_ad_modifiersName;
00906        AttributeDescription *si_ad_modifyTimestamp;
00907        AttributeDescription *si_ad_hasSubordinates;
00908        AttributeDescription *si_ad_subschemaSubentry;
00909        AttributeDescription *si_ad_collectiveSubentries;
00910        AttributeDescription *si_ad_collectiveExclusions;
00911        AttributeDescription *si_ad_entryDN;
00912        AttributeDescription *si_ad_entryUUID;
00913        AttributeDescription *si_ad_entryCSN;
00914        AttributeDescription *si_ad_namingCSN;
00915 
00916        AttributeDescription *si_ad_dseType;
00917        AttributeDescription *si_ad_syncreplCookie;
00918        AttributeDescription *si_ad_syncTimestamp;
00919        AttributeDescription *si_ad_contextCSN;
00920 
00921        /* root DSE attribute descriptions */
00922        AttributeDescription *si_ad_altServer;
00923        AttributeDescription *si_ad_namingContexts;
00924        AttributeDescription *si_ad_supportedControl;
00925        AttributeDescription *si_ad_supportedExtension;
00926        AttributeDescription *si_ad_supportedLDAPVersion;
00927        AttributeDescription *si_ad_supportedSASLMechanisms;
00928        AttributeDescription *si_ad_supportedFeatures;
00929        AttributeDescription *si_ad_monitorContext;
00930        AttributeDescription *si_ad_vendorName;
00931        AttributeDescription *si_ad_vendorVersion;
00932        AttributeDescription *si_ad_configContext;
00933 
00934        /* subentry attribute descriptions */
00935        AttributeDescription *si_ad_administrativeRole;
00936        AttributeDescription *si_ad_subtreeSpecification;
00937 
00938        /* subschema subentry attribute descriptions */
00939        AttributeDescription *si_ad_attributeTypes;
00940        AttributeDescription *si_ad_ditContentRules;
00941        AttributeDescription *si_ad_ditStructureRules;
00942        AttributeDescription *si_ad_ldapSyntaxes;
00943        AttributeDescription *si_ad_matchingRules;
00944        AttributeDescription *si_ad_matchingRuleUse;
00945        AttributeDescription *si_ad_nameForms;
00946        AttributeDescription *si_ad_objectClasses;
00947 
00948        /* Aliases & Referrals */
00949        AttributeDescription *si_ad_aliasedObjectName;
00950        AttributeDescription *si_ad_ref;
00951 
00952        /* Access Control Internals */
00953        AttributeDescription *si_ad_entry;
00954        AttributeDescription *si_ad_children;
00955        AttributeDescription *si_ad_saslAuthzTo;
00956        AttributeDescription *si_ad_saslAuthzFrom;
00957 
00958        /* dynamic entries */
00959        AttributeDescription *si_ad_entryTtl;
00960        AttributeDescription *si_ad_dynamicSubtrees;
00961 
00962        /* Other attributes descriptions */
00963        AttributeDescription *si_ad_distinguishedName;
00964        AttributeDescription *si_ad_name;
00965        AttributeDescription *si_ad_cn;
00966        AttributeDescription *si_ad_uid;
00967        AttributeDescription *si_ad_uidNumber;
00968        AttributeDescription *si_ad_gidNumber;
00969        AttributeDescription *si_ad_userPassword;
00970        AttributeDescription *si_ad_labeledURI;
00971 #ifdef SLAPD_AUTHPASSWD
00972        AttributeDescription *si_ad_authPassword;
00973        AttributeDescription *si_ad_authPasswordSchemes;
00974 #endif
00975        AttributeDescription *si_ad_description;
00976        AttributeDescription *si_ad_seeAlso;
00977 
00978        /* Undefined Attribute Type */
00979        AttributeType *si_at_undefined;
00980 
00981        /* "Proxied" Attribute Type */
00982        AttributeType *si_at_proxied;
00983 
00984        /* Matching Rules */
00985        MatchingRule  *si_mr_distinguishedNameMatch;
00986        MatchingRule  *si_mr_dnSubtreeMatch;
00987        MatchingRule  *si_mr_dnOneLevelMatch;
00988        MatchingRule  *si_mr_dnSubordinateMatch;
00989        MatchingRule  *si_mr_dnSuperiorMatch;
00990        MatchingRule    *si_mr_caseExactMatch;
00991        MatchingRule    *si_mr_caseExactSubstringsMatch;
00992        MatchingRule    *si_mr_caseExactIA5Match;
00993        MatchingRule  *si_mr_integerMatch;
00994        MatchingRule    *si_mr_integerFirstComponentMatch;
00995        MatchingRule    *si_mr_objectIdentifierFirstComponentMatch;
00996        MatchingRule    *si_mr_caseIgnoreMatch;
00997        MatchingRule    *si_mr_caseIgnoreListMatch;
00998 
00999        /* Syntaxes */
01000        Syntax        *si_syn_directoryString;
01001        Syntax        *si_syn_distinguishedName;
01002        Syntax        *si_syn_integer;
01003        Syntax        *si_syn_octetString;
01004 
01005        /* Schema Syntaxes */
01006        Syntax        *si_syn_attributeTypeDesc;
01007        Syntax        *si_syn_ditContentRuleDesc;
01008        Syntax        *si_syn_ditStructureRuleDesc;
01009        Syntax        *si_syn_ldapSyntaxDesc;
01010        Syntax        *si_syn_matchingRuleDesc;
01011        Syntax        *si_syn_matchingRuleUseDesc;
01012        Syntax        *si_syn_nameFormDesc;
01013        Syntax        *si_syn_objectClassDesc;
01014 };
01015 
01016 struct AttributeAssertion {
01017        AttributeDescription *aa_desc;
01018        struct berval        aa_value;
01019 #ifdef LDAP_COMP_MATCH
01020        ComponentFilter             *aa_cf;              /* for attribute aliasing */
01021 #endif
01022 };
01023 #ifdef LDAP_COMP_MATCH
01024 #define ATTRIBUTEASSERTION_INIT { NULL, BER_BVNULL, NULL }
01025 #else
01026 #define ATTRIBUTEASSERTION_INIT { NULL, BER_BVNULL }
01027 #endif
01028 
01029 struct SubstringsAssertion {
01030        AttributeDescription *sa_desc;
01031        struct berval        sa_initial;
01032        struct berval        *sa_any;
01033        struct berval        sa_final;
01034 };
01035 
01036 struct MatchingRuleAssertion {
01037        AttributeDescription *ma_desc;     /* optional */
01038        struct berval        ma_value;     /* required */
01039        MatchingRule         *ma_rule;     /* optional */
01040        struct berval        ma_rule_text; /* optional */
01041        int                  ma_dnattrs;   /* boolean */
01042 #ifdef LDAP_COMP_MATCH
01043        ComponentFilter             *ma_cf;       /* component filter */
01044 #endif
01045 };
01046 
01047 /*
01048  * represents a search filter
01049  */
01050 struct Filter {
01051        ber_tag_t     f_choice;     /* values taken from ldap.h, plus: */
01052 #define SLAPD_FILTER_COMPUTED             0
01053 #define SLAPD_FILTER_MASK                 0x7fff
01054 #define SLAPD_FILTER_UNDEFINED            0x8000
01055 
01056        union f_un_u {
01057               /* precomputed result */
01058               ber_int_t            f_un_result;
01059 
01060               /* present */
01061               AttributeDescription *f_un_desc;
01062 
01063               /* simple value assertion */
01064               AttributeAssertion   *f_un_ava;
01065 
01066               /* substring assertion */
01067               SubstringsAssertion  *f_un_ssa;
01068 
01069               /* matching rule assertion */
01070               MatchingRuleAssertion       *f_un_mra;
01071 
01072 #define f_desc                     f_un.f_un_desc
01073 #define f_ava               f_un.f_un_ava
01074 #define f_av_desc           f_un.f_un_ava->aa_desc
01075 #define f_av_value          f_un.f_un_ava->aa_value
01076 #define f_sub               f_un.f_un_ssa
01077 #define f_sub_desc          f_un.f_un_ssa->sa_desc
01078 #define f_sub_initial              f_un.f_un_ssa->sa_initial
01079 #define f_sub_any           f_un.f_un_ssa->sa_any
01080 #define f_sub_final         f_un.f_un_ssa->sa_final
01081 #define f_mra               f_un.f_un_mra
01082 #define f_mr_rule           f_un.f_un_mra->ma_rule
01083 #define f_mr_rule_text             f_un.f_un_mra->ma_rule_text
01084 #define f_mr_desc           f_un.f_un_mra->ma_desc
01085 #define f_mr_value          f_un.f_un_mra->ma_value
01086 #define       f_mr_dnattrs         f_un.f_un_mra->ma_dnattrs
01087 
01088               /* and, or, not */
01089               Filter               *f_un_complex;
01090        } f_un;
01091 
01092 #define f_result     f_un.f_un_result
01093 #define f_and        f_un.f_un_complex
01094 #define f_or         f_un.f_un_complex
01095 #define f_not        f_un.f_un_complex
01096 #define f_list              f_un.f_un_complex
01097 
01098        Filter        *f_next;
01099 };
01100 
01101 /* compare routines can return undefined */
01102 #define SLAPD_COMPARE_UNDEFINED    ((ber_int_t) -1)
01103 
01104 struct ValuesReturnFilter {
01105        ber_tag_t     vrf_choice;
01106 
01107        union vrf_un_u {
01108               /* precomputed result */
01109               ber_int_t vrf_un_result;
01110 
01111               /* DN */
01112               char *vrf_un_dn;
01113 
01114               /* present */
01115               AttributeDescription *vrf_un_desc;
01116 
01117               /* simple value assertion */
01118               AttributeAssertion *vrf_un_ava;
01119 
01120               /* substring assertion */
01121               SubstringsAssertion *vrf_un_ssa;
01122 
01123               /* matching rule assertion */
01124               MatchingRuleAssertion *vrf_un_mra;
01125 
01126 #define vrf_result          vrf_un.vrf_un_result
01127 #define vrf_dn                     vrf_un.vrf_un_dn
01128 #define vrf_desc            vrf_un.vrf_un_desc
01129 #define vrf_ava                    vrf_un.vrf_un_ava
01130 #define vrf_av_desc         vrf_un.vrf_un_ava->aa_desc
01131 #define vrf_av_value vrf_un.vrf_un_ava->aa_value
01132 #define vrf_ssa                    vrf_un.vrf_un_ssa
01133 #define vrf_sub                    vrf_un.vrf_un_ssa
01134 #define vrf_sub_desc vrf_un.vrf_un_ssa->sa_desc
01135 #define vrf_sub_initial     vrf_un.vrf_un_ssa->sa_initial
01136 #define vrf_sub_any         vrf_un.vrf_un_ssa->sa_any
01137 #define vrf_sub_final       vrf_un.vrf_un_ssa->sa_final
01138 #define vrf_mra                    vrf_un.vrf_un_mra
01139 #define vrf_mr_rule         vrf_un.vrf_un_mra->ma_rule
01140 #define vrf_mr_rule_text    vrf_un.vrf_un_mra->ma_rule_text
01141 #define vrf_mr_desc         vrf_un.vrf_un_mra->ma_desc
01142 #define vrf_mr_value        vrf_un.vrf_un_mra->ma_value
01143 #define       vrf_mr_dnattrs       vrf_un.vrf_un_mra->ma_dnattrs
01144 
01145 
01146        } vrf_un;
01147 
01148        ValuesReturnFilter   *vrf_next;
01149 };
01150 
01151 /*
01152  * represents an attribute (description + values)
01153  * desc, vals, nvals, numvals fields must align with Modification
01154  */
01155 struct Attribute {
01156        AttributeDescription *a_desc;
01157        BerVarray            a_vals;              /* preserved values */
01158        BerVarray            a_nvals;      /* normalized values */
01159        unsigned             a_numvals;    /* number of vals */
01160        unsigned             a_flags;
01161 #define SLAP_ATTR_IXADD                   0x1U
01162 #define SLAP_ATTR_IXDEL                   0x2U
01163 #define SLAP_ATTR_DONT_FREE_DATA   0x4U
01164 #define SLAP_ATTR_DONT_FREE_VALS   0x8U
01165 #define       SLAP_ATTR_SORTED_VALS              0x10U  /* values are sorted */
01166 
01167 /* These flags persist across an attr_dup() */
01168 #define       SLAP_ATTR_PERSISTENT_FLAGS \
01169        SLAP_ATTR_SORTED_VALS
01170 
01171        Attribute            *a_next;
01172 #ifdef LDAP_COMP_MATCH
01173        ComponentData        *a_comp_data; /* component values */
01174 #endif
01175 };
01176 
01177 
01178 /*
01179  * the id used in the indexes to refer to an entry
01180  */
01181 typedef unsigned long       ID;
01182 #define NOID  ((ID)~0)
01183 
01184 typedef struct EntryHeader {
01185        struct berval bv;
01186        char *data;
01187        int nattrs;
01188        int nvals;
01189 } EntryHeader;
01190 
01191 /*
01192  * represents an entry in core
01193  */
01194 struct Entry {
01195        /*
01196         * The ID field should only be changed before entry is
01197         * inserted into a cache.  The ID value is backend
01198         * specific.
01199         */
01200        ID            e_id;
01201 
01202        struct berval e_name;       /* name (DN) of this entry */
01203        struct berval e_nname;      /* normalized name (DN) of this entry */
01204 
01205        /* for migration purposes */
01206 #define e_dn e_name.bv_val
01207 #define e_ndn e_nname.bv_val
01208 
01209        Attribute     *e_attrs;     /* list of attributes + values */
01210 
01211        slap_mask_t   e_ocflags;
01212 
01213        struct berval e_bv;         /* For entry_encode/entry_decode */
01214 
01215        /* for use by the backend for any purpose */
01216        void*  e_private;
01217 };
01218 
01219 /*
01220  * A list of LDAPMods
01221  * desc, values, nvalues, numvals must align with Attribute
01222  */
01223 struct Modification {
01224        AttributeDescription *sm_desc;
01225        BerVarray sm_values;
01226        BerVarray sm_nvalues;
01227        unsigned sm_numvals;
01228        short sm_op;
01229        short sm_flags;
01230 /* Set for internal mods, will bypass ACL checks. Only needed when
01231  * running as non-root user, for user modifiable attributes.
01232  */
01233 #define       SLAP_MOD_INTERNAL    0x01
01234 #define       SLAP_MOD_MANAGING    0x02
01235        struct berval sm_type;
01236 };
01237 
01238 struct Modifications {
01239        Modification  sml_mod;
01240 #define sml_op              sml_mod.sm_op
01241 #define sml_flags    sml_mod.sm_flags
01242 #define sml_desc     sml_mod.sm_desc
01243 #define       sml_type      sml_mod.sm_type
01244 #define sml_values   sml_mod.sm_values
01245 #define sml_nvalues  sml_mod.sm_nvalues
01246 #define sml_numvals  sml_mod.sm_numvals
01247        Modifications *sml_next;
01248 };
01249 
01250 /*
01251  * represents an access control list
01252  */
01253 typedef enum slap_access_t {
01254        ACL_INVALID_ACCESS = -1,
01255        ACL_NONE = 0,
01256        ACL_DISCLOSE,
01257        ACL_AUTH,
01258        ACL_COMPARE,
01259        ACL_SEARCH,
01260        ACL_READ,
01261        ACL_WRITE_,
01262        ACL_MANAGE,
01263 
01264        /* always leave at end of levels but not greater than ACL_LEVEL_MASK */
01265        ACL_LAST,
01266 
01267        /* ACL level mask and modifiers */
01268        ACL_LEVEL_MASK = 0x000f,
01269        ACL_QUALIFIER1 = 0x0100,
01270        ACL_QUALIFIER2 = 0x0200,
01271        ACL_QUALIFIER3 = 0x0400,
01272        ACL_QUALIFIER4 = 0x0800,
01273        ACL_QUALIFIER_MASK = 0x0f00,
01274 
01275        /* write granularity */
01276        ACL_WADD = ACL_WRITE_|ACL_QUALIFIER1,
01277        ACL_WDEL = ACL_WRITE_|ACL_QUALIFIER2,
01278 
01279        ACL_WRITE = ACL_WADD|ACL_WDEL
01280 } slap_access_t;
01281 
01282 typedef enum slap_control_e {
01283        ACL_INVALID_CONTROL  = 0,
01284        ACL_STOP,
01285        ACL_CONTINUE,
01286        ACL_BREAK
01287 } slap_control_t;
01288 
01289 typedef enum slap_style_e {
01290        ACL_STYLE_REGEX = 0,
01291        ACL_STYLE_EXPAND,
01292        ACL_STYLE_BASE,
01293        ACL_STYLE_ONE,
01294        ACL_STYLE_SUBTREE,
01295        ACL_STYLE_CHILDREN,
01296        ACL_STYLE_LEVEL,
01297        ACL_STYLE_ATTROF,
01298        ACL_STYLE_ANONYMOUS,
01299        ACL_STYLE_USERS,
01300        ACL_STYLE_SELF,
01301        ACL_STYLE_IP,
01302        ACL_STYLE_IPV6,
01303        ACL_STYLE_PATH,
01304 
01305        ACL_STYLE_NONE
01306 } slap_style_t;
01307 
01308 typedef struct AuthorizationInformation {
01309        ber_tag_t     sai_method;                 /* LDAP_AUTH_* from <ldap.h> */
01310        struct berval sai_mech;            /* SASL Mechanism */
01311        struct berval sai_dn;                     /* DN for reporting purposes */
01312        struct berval sai_ndn;             /* Normalized DN */
01313 
01314        /* Security Strength Factors */
01315        slap_ssf_t    sai_ssf;                    /* Overall SSF */
01316        slap_ssf_t    sai_transport_ssf;   /* Transport SSF */
01317        slap_ssf_t    sai_tls_ssf;         /* TLS SSF */
01318        slap_ssf_t    sai_sasl_ssf;        /* SASL SSF */
01319 } AuthorizationInformation;
01320 
01321 #ifdef SLAP_DYNACL
01322 
01323 /*
01324  * "dynamic" ACL infrastructure (for ACIs and more)
01325  */
01326 typedef int (slap_dynacl_parse) LDAP_P(( const char *fname, int lineno,
01327        const char *opts, slap_style_t, const char *, void **privp ));
01328 typedef int (slap_dynacl_unparse) LDAP_P(( void *priv, struct berval *bv ));
01329 typedef int (slap_dynacl_mask) LDAP_P((
01330               void                 *priv,
01331               Operation            *op,
01332               Entry                *e,
01333               AttributeDescription *desc,
01334               struct berval        *val,
01335               int                  nmatch,
01336               regmatch_t           *matches,
01337               slap_access_t        *grant,
01338               slap_access_t        *deny ));
01339 typedef int (slap_dynacl_destroy) LDAP_P(( void *priv ));
01340 
01341 typedef struct slap_dynacl_t {
01342        char                 *da_name;
01343        slap_dynacl_parse    *da_parse;
01344        slap_dynacl_unparse  *da_unparse;
01345        slap_dynacl_mask     *da_mask;
01346        slap_dynacl_destroy  *da_destroy;
01347        
01348        void                 *da_private;
01349        struct slap_dynacl_t *da_next;
01350 } slap_dynacl_t;
01351 #endif /* SLAP_DYNACL */
01352 
01353 /* the DN portion of the "by" part */
01354 typedef struct slap_dn_access {
01355        /* DN pattern */
01356        AuthorizationInformation    a_dnauthz;
01357 #define       a_pat                a_dnauthz.sai_dn
01358 
01359        slap_style_t         a_style;
01360        int                  a_level;
01361        int                  a_self_level;
01362        AttributeDescription *a_at;
01363        int                  a_self;
01364        int                  a_expand;
01365 } slap_dn_access;
01366 
01367 /* the "by" part */
01368 typedef struct Access {
01369        slap_control_t a_type;
01370 
01371 /* strip qualifiers */
01372 #define ACL_LEVEL(p)               ((p) & ACL_LEVEL_MASK)
01373 #define ACL_QUALIFIERS(p)          ((p) & ~ACL_LEVEL_MASK)
01374 
01375 #define ACL_ACCESS2PRIV(access)           ((0x01U << ACL_LEVEL((access))) | ACL_QUALIFIERS((access)))
01376 
01377 #define ACL_PRIV_NONE                     ACL_ACCESS2PRIV( ACL_NONE )
01378 #define ACL_PRIV_DISCLOSE          ACL_ACCESS2PRIV( ACL_DISCLOSE )
01379 #define ACL_PRIV_AUTH                     ACL_ACCESS2PRIV( ACL_AUTH )
01380 #define ACL_PRIV_COMPARE           ACL_ACCESS2PRIV( ACL_COMPARE )
01381 #define ACL_PRIV_SEARCH                   ACL_ACCESS2PRIV( ACL_SEARCH )
01382 #define ACL_PRIV_READ                     ACL_ACCESS2PRIV( ACL_READ )
01383 #define ACL_PRIV_WADD                     ACL_ACCESS2PRIV( ACL_WADD )
01384 #define ACL_PRIV_WDEL                     ACL_ACCESS2PRIV( ACL_WDEL )
01385 #define ACL_PRIV_WRITE                    ( ACL_PRIV_WADD | ACL_PRIV_WDEL )
01386 #define ACL_PRIV_MANAGE                   ACL_ACCESS2PRIV( ACL_MANAGE )
01387 
01388 /* NOTE: always use the highest level; current: 0x00ffUL */
01389 #define ACL_PRIV_MASK                     ((ACL_ACCESS2PRIV(ACL_LAST) - 1) | ACL_QUALIFIER_MASK)
01390 
01391 /* priv flags */
01392 #define ACL_PRIV_LEVEL                    0x1000UL
01393 #define ACL_PRIV_ADDITIVE          0x2000UL
01394 #define ACL_PRIV_SUBSTRACTIVE             0x4000UL
01395 
01396 /* invalid privs */
01397 #define ACL_PRIV_INVALID           0x0UL
01398 
01399 #define ACL_PRIV_ISSET(m,p)        (((m) & (p)) == (p))
01400 #define ACL_PRIV_ASSIGN(m,p)              do { (m)  =  (p); } while(0)
01401 #define ACL_PRIV_SET(m,p)          do { (m) |=  (p); } while(0)
01402 #define ACL_PRIV_CLR(m,p)          do { (m) &= ~(p); } while(0)
01403 
01404 #define ACL_INIT(m)                ACL_PRIV_ASSIGN((m), ACL_PRIV_NONE)
01405 #define ACL_INVALIDATE(m)          ACL_PRIV_ASSIGN((m), ACL_PRIV_INVALID)
01406 
01407 #define ACL_GRANT(m,a)                    ACL_PRIV_ISSET((m),ACL_ACCESS2PRIV(a))
01408 
01409 #define ACL_IS_INVALID(m)          ((m) == ACL_PRIV_INVALID)
01410 
01411 #define ACL_IS_LEVEL(m)                   ACL_PRIV_ISSET((m),ACL_PRIV_LEVEL)
01412 #define ACL_IS_ADDITIVE(m)         ACL_PRIV_ISSET((m),ACL_PRIV_ADDITIVE)
01413 #define ACL_IS_SUBTRACTIVE(m)             ACL_PRIV_ISSET((m),ACL_PRIV_SUBSTRACTIVE)
01414 
01415 #define ACL_LVL_NONE               (ACL_PRIV_NONE|ACL_PRIV_LEVEL)
01416 #define ACL_LVL_DISCLOSE           (ACL_PRIV_DISCLOSE|ACL_LVL_NONE)
01417 #define ACL_LVL_AUTH               (ACL_PRIV_AUTH|ACL_LVL_DISCLOSE)
01418 #define ACL_LVL_COMPARE                   (ACL_PRIV_COMPARE|ACL_LVL_AUTH)
01419 #define ACL_LVL_SEARCH                    (ACL_PRIV_SEARCH|ACL_LVL_COMPARE)
01420 #define ACL_LVL_READ               (ACL_PRIV_READ|ACL_LVL_SEARCH)
01421 #define ACL_LVL_WADD               (ACL_PRIV_WADD|ACL_LVL_READ)
01422 #define ACL_LVL_WDEL               (ACL_PRIV_WDEL|ACL_LVL_READ)
01423 #define ACL_LVL_WRITE                     (ACL_PRIV_WRITE|ACL_LVL_READ)
01424 #define ACL_LVL_MANAGE                    (ACL_PRIV_MANAGE|ACL_LVL_WRITE)
01425 
01426 #define ACL_LVL(m,l)               (((m)&ACL_PRIV_MASK) == ((l)&ACL_PRIV_MASK))
01427 #define ACL_LVL_IS_NONE(m)         ACL_LVL((m),ACL_LVL_NONE)
01428 #define ACL_LVL_IS_DISCLOSE(m)            ACL_LVL((m),ACL_LVL_DISCLOSE)
01429 #define ACL_LVL_IS_AUTH(m)         ACL_LVL((m),ACL_LVL_AUTH)
01430 #define ACL_LVL_IS_COMPARE(m)             ACL_LVL((m),ACL_LVL_COMPARE)
01431 #define ACL_LVL_IS_SEARCH(m)              ACL_LVL((m),ACL_LVL_SEARCH)
01432 #define ACL_LVL_IS_READ(m)         ACL_LVL((m),ACL_LVL_READ)
01433 #define ACL_LVL_IS_WADD(m)         ACL_LVL((m),ACL_LVL_WADD)
01434 #define ACL_LVL_IS_WDEL(m)         ACL_LVL((m),ACL_LVL_WDEL)
01435 #define ACL_LVL_IS_WRITE(m)        ACL_LVL((m),ACL_LVL_WRITE)
01436 #define ACL_LVL_IS_MANAGE(m)              ACL_LVL((m),ACL_LVL_MANAGE)
01437 
01438 #define ACL_LVL_ASSIGN_NONE(m)            ACL_PRIV_ASSIGN((m),ACL_LVL_NONE)
01439 #define ACL_LVL_ASSIGN_DISCLOSE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_DISCLOSE)
01440 #define ACL_LVL_ASSIGN_AUTH(m)            ACL_PRIV_ASSIGN((m),ACL_LVL_AUTH)
01441 #define ACL_LVL_ASSIGN_COMPARE(m)  ACL_PRIV_ASSIGN((m),ACL_LVL_COMPARE)
01442 #define ACL_LVL_ASSIGN_SEARCH(m)   ACL_PRIV_ASSIGN((m),ACL_LVL_SEARCH)
01443 #define ACL_LVL_ASSIGN_READ(m)            ACL_PRIV_ASSIGN((m),ACL_LVL_READ)
01444 #define ACL_LVL_ASSIGN_WADD(m)            ACL_PRIV_ASSIGN((m),ACL_LVL_WADD)
01445 #define ACL_LVL_ASSIGN_WDEL(m)            ACL_PRIV_ASSIGN((m),ACL_LVL_WDEL)
01446 #define ACL_LVL_ASSIGN_WRITE(m)           ACL_PRIV_ASSIGN((m),ACL_LVL_WRITE)
01447 #define ACL_LVL_ASSIGN_MANAGE(m)   ACL_PRIV_ASSIGN((m),ACL_LVL_MANAGE)
01448 
01449        slap_mask_t   a_access_mask;
01450 
01451        /* DN pattern */
01452        slap_dn_access              a_dn;
01453 #define a_dn_pat            a_dn.a_dnauthz.sai_dn
01454 #define       a_dn_at                     a_dn.a_at
01455 #define       a_dn_self            a_dn.a_self
01456 
01457        /* real DN pattern */
01458        slap_dn_access              a_realdn;
01459 #define a_realdn_pat        a_realdn.a_dnauthz.sai_dn
01460 #define       a_realdn_at          a_realdn.a_at
01461 #define       a_realdn_self        a_realdn.a_self
01462 
01463        /* used for ssf stuff
01464         * NOTE: the ssf stuff in a_realdn is ignored */
01465 #define       a_authz                     a_dn.a_dnauthz
01466 
01467        /* connection related stuff */
01468        slap_style_t a_peername_style;
01469        struct berval a_peername_pat;
01470 #ifdef LDAP_PF_INET6
01471        union {
01472               struct in6_addr      ax6;
01473               unsigned long ax;
01474        }      ax_peername_addr,
01475               ax_peername_mask;
01476 #define       a_peername_addr6     ax_peername_addr.ax6
01477 #define       a_peername_addr             ax_peername_addr.ax
01478 #define       a_peername_mask6     ax_peername_mask.ax6
01479 #define       a_peername_mask             ax_peername_mask.ax
01480 /* apparently, only s6_addr is portable;
01481  * define a portable address mask comparison */
01482 #define       slap_addr6_mask(val, msk, asr) ( \
01483        (((val)->s6_addr[0] & (msk)->s6_addr[0]) == (asr)->s6_addr[0]) \
01484        && (((val)->s6_addr[1] & (msk)->s6_addr[1]) == (asr)->s6_addr[1]) \
01485        && (((val)->s6_addr[2] & (msk)->s6_addr[2]) == (asr)->s6_addr[2]) \
01486        && (((val)->s6_addr[3] & (msk)->s6_addr[3]) == (asr)->s6_addr[3]) \
01487        && (((val)->s6_addr[4] & (msk)->s6_addr[4]) == (asr)->s6_addr[4]) \
01488        && (((val)->s6_addr[5] & (msk)->s6_addr[5]) == (asr)->s6_addr[5]) \
01489        && (((val)->s6_addr[6] & (msk)->s6_addr[6]) == (asr)->s6_addr[6]) \
01490        && (((val)->s6_addr[7] & (msk)->s6_addr[7]) == (asr)->s6_addr[7]) \
01491        && (((val)->s6_addr[8] & (msk)->s6_addr[8]) == (asr)->s6_addr[8]) \
01492        && (((val)->s6_addr[9] & (msk)->s6_addr[9]) == (asr)->s6_addr[9]) \
01493        && (((val)->s6_addr[10] & (msk)->s6_addr[10]) == (asr)->s6_addr[10]) \
01494        && (((val)->s6_addr[11] & (msk)->s6_addr[11]) == (asr)->s6_addr[11]) \
01495        && (((val)->s6_addr[12] & (msk)->s6_addr[12]) == (asr)->s6_addr[12]) \
01496        && (((val)->s6_addr[13] & (msk)->s6_addr[13]) == (asr)->s6_addr[13]) \
01497        && (((val)->s6_addr[14] & (msk)->s6_addr[14]) == (asr)->s6_addr[14]) \
01498        && (((val)->s6_addr[15] & (msk)->s6_addr[15]) == (asr)->s6_addr[15]) \
01499        )
01500 #else /* ! LDAP_PF_INET6 */
01501        unsigned long a_peername_addr,
01502                      a_peername_mask;
01503 #endif /* ! LDAP_PF_INET6 */
01504        int           a_peername_port;
01505 
01506        slap_style_t a_sockname_style;
01507        struct berval a_sockname_pat;
01508 
01509        slap_style_t a_domain_style;
01510        struct berval a_domain_pat;
01511        int           a_domain_expand;
01512 
01513        slap_style_t a_sockurl_style;
01514        struct berval a_sockurl_pat;
01515        slap_style_t a_set_style;
01516        struct berval a_set_pat;
01517 
01518 #ifdef SLAP_DYNACL
01519        slap_dynacl_t        *a_dynacl;
01520 #endif /* SLAP_DYNACL */
01521 
01522        /* ACL Groups */
01523        slap_style_t a_group_style;
01524        struct berval a_group_pat;
01525        ObjectClass          *a_group_oc;
01526        AttributeDescription *a_group_at;
01527 
01528        struct Access        *a_next;
01529 } Access;
01530 
01531 /* the "to" part */
01532 typedef struct AccessControl {
01533        /* "to" part: the entries this acl applies to */
01534        Filter        *acl_filter;
01535        slap_style_t acl_dn_style;
01536        regex_t              acl_dn_re;
01537        struct berval acl_dn_pat;
01538        AttributeName *acl_attrs;
01539        MatchingRule  *acl_attrval_mr;
01540        slap_style_t  acl_attrval_style;
01541        regex_t              acl_attrval_re;
01542        struct berval acl_attrval;
01543 
01544        /* "by" part: list of who has what access to the entries */
01545        Access *acl_access;
01546 
01547        struct AccessControl *acl_next;
01548 } AccessControl;
01549 
01550 typedef struct AccessControlState {
01551        /* Access state */
01552 
01553        /* The stored state is valid when requesting as_access access
01554         * to the as_desc attributes.       */
01555        AttributeDescription *as_desc;
01556        slap_access_t as_access;
01557 
01558        /* Value dependent acl where processing can restart */
01559        AccessControl  *as_vd_acl;
01560        int as_vd_acl_present;
01561        int as_vd_acl_count;
01562        slap_mask_t          as_vd_mask;
01563 
01564        /* The cached result after evaluating a value independent attr.
01565         * Only valid when != -1 and as_vd_acl == NULL */
01566        int as_result;
01567 
01568        /* True if started to process frontend ACLs */
01569        int as_fe_done;
01570 } AccessControlState;
01571 #define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, 0, ACL_PRIV_NONE, -1, 0 }
01572 
01573 typedef struct AclRegexMatches {        
01574        int dn_count;
01575         regmatch_t dn_data[MAXREMATCHES];
01576        int val_count;
01577         regmatch_t val_data[MAXREMATCHES];
01578 } AclRegexMatches;
01579 
01580 /*
01581  * Backend-info
01582  * represents a backend 
01583  */
01584 
01585 typedef LDAP_STAILQ_HEAD(BeI, BackendInfo) slap_bi_head;
01586 typedef LDAP_STAILQ_HEAD(BeDB, BackendDB) slap_be_head;
01587 
01588 LDAP_SLAPD_V (int) nBackendInfo;
01589 LDAP_SLAPD_V (int) nBackendDB;
01590 LDAP_SLAPD_V (slap_bi_head) backendInfo;
01591 LDAP_SLAPD_V (slap_be_head) backendDB;
01592 LDAP_SLAPD_V (BackendDB *) frontendDB;
01593 
01594 LDAP_SLAPD_V (int) slapMode;       
01595 #define SLAP_UNDEFINED_MODE 0x0000
01596 #define SLAP_SERVER_MODE    0x0001
01597 #define SLAP_TOOL_MODE             0x0002
01598 #define SLAP_MODE                  0x0003
01599 
01600 #define SLAP_TRUNCATE_MODE  0x0100
01601 #define       SLAP_TOOL_READMAIN   0x0200
01602 #define       SLAP_TOOL_READONLY   0x0400
01603 #define       SLAP_TOOL_QUICK             0x0800
01604 #define SLAP_TOOL_NO_SCHEMA_CHECK  0x1000
01605 #define SLAP_TOOL_VALUE_CHECK      0x2000
01606 
01607 #define SB_TLS_DEFAULT             (-1)
01608 #define SB_TLS_OFF          0
01609 #define SB_TLS_ON           1
01610 #define SB_TLS_CRITICAL            2
01611 
01612 typedef struct slap_keepalive {
01613        int sk_idle;
01614        int sk_probes;
01615        int sk_interval;
01616 } slap_keepalive;
01617 
01618 typedef struct slap_bindconf {
01619        struct berval sb_uri;
01620        int sb_version;
01621        int sb_tls;
01622        int sb_method;
01623        int sb_timeout_api;
01624        int sb_timeout_net;
01625        struct berval sb_binddn;
01626        struct berval sb_cred;
01627        struct berval sb_saslmech;
01628        char *sb_secprops;
01629        struct berval sb_realm;
01630        struct berval sb_authcId;
01631        struct berval sb_authzId;
01632        slap_keepalive sb_keepalive;
01633 #ifdef HAVE_TLS
01634        void *sb_tls_ctx;
01635        char *sb_tls_cert;
01636        char *sb_tls_key;
01637        char *sb_tls_cacert;
01638        char *sb_tls_cacertdir;
01639        char *sb_tls_reqcert;
01640        char *sb_tls_cipher_suite;
01641        char *sb_tls_protocol_min;
01642 #ifdef HAVE_OPENSSL_CRL
01643        char *sb_tls_crlcheck;
01644 #endif
01645        int sb_tls_do_init;
01646 #endif
01647 } slap_bindconf;
01648 
01649 typedef struct slap_verbmasks {
01650        struct berval word;
01651        const slap_mask_t mask;
01652 } slap_verbmasks;
01653 
01654 typedef struct slap_cf_aux_table {
01655        struct berval key;
01656        int off;
01657        char type;
01658        char quote;
01659        void *aux;
01660 } slap_cf_aux_table;
01661 
01662 typedef int 
01663 slap_cf_aux_table_parse_x LDAP_P((
01664        struct berval *val,
01665        void *bc,
01666        slap_cf_aux_table *tab0,
01667        const char *tabmsg,
01668        int unparse ));
01669 
01670 #define SLAP_LIMIT_TIME     1
01671 #define SLAP_LIMIT_SIZE     2
01672 
01673 struct slap_limits_set {
01674        /* time limits */
01675        int    lms_t_soft;
01676        int    lms_t_hard;
01677 
01678        /* size limits */
01679        int    lms_s_soft;
01680        int    lms_s_hard;
01681        int    lms_s_unchecked;
01682        int    lms_s_pr;
01683        int    lms_s_pr_hide;
01684        int    lms_s_pr_total;
01685 };
01686 
01687 /* Note: this is different from LDAP_NO_LIMIT (0); slapd internal use only */
01688 #define SLAP_NO_LIMIT                     -1
01689 #define SLAP_MAX_LIMIT                    2147483647
01690 
01691 struct slap_limits {
01692        unsigned             lm_flags;     /* type of pattern */
01693        /* Values must match lmpats[] in limits.c */
01694 #define SLAP_LIMITS_UNDEFINED             0x0000U
01695 #define SLAP_LIMITS_EXACT          0x0001U
01696 #define SLAP_LIMITS_BASE           SLAP_LIMITS_EXACT
01697 #define SLAP_LIMITS_ONE                   0x0002U
01698 #define SLAP_LIMITS_SUBTREE        0x0003U
01699 #define SLAP_LIMITS_CHILDREN              0x0004U
01700 #define SLAP_LIMITS_REGEX          0x0005U
01701 #define SLAP_LIMITS_ANONYMOUS             0x0006U
01702 #define SLAP_LIMITS_USERS          0x0007U
01703 #define SLAP_LIMITS_ANY                   0x0008U
01704 #define SLAP_LIMITS_MASK           0x000FU
01705 
01706 #define SLAP_LIMITS_TYPE_SELF             0x0000U
01707 #define SLAP_LIMITS_TYPE_DN        SLAP_LIMITS_TYPE_SELF
01708 #define SLAP_LIMITS_TYPE_GROUP            0x0010U
01709 #define SLAP_LIMITS_TYPE_THIS             0x0020U
01710 #define SLAP_LIMITS_TYPE_MASK             0x00F0U
01711 
01712        regex_t                     lm_regex;     /* regex data for REGEX */
01713 
01714        /*
01715         * normalized DN for EXACT, BASE, ONE, SUBTREE, CHILDREN;
01716         * pattern for REGEX; NULL for ANONYMOUS, USERS
01717         */
01718        struct berval        lm_pat;
01719 
01720        /* if lm_flags & SLAP_LIMITS_TYPE_MASK == SLAP_LIMITS_GROUP,
01721         * lm_group_oc is objectClass and lm_group_at is attributeType
01722         * of member in oc for match; then lm_flags & SLAP_LIMITS_MASK
01723         * can only be SLAP_LIMITS_EXACT */
01724        ObjectClass          *lm_group_oc;
01725        AttributeDescription *lm_group_ad;
01726 
01727        struct slap_limits_set      lm_limits;
01728 };
01729 
01730 /* temporary aliases */
01731 typedef BackendDB Backend;
01732 #define nbackends nBackendDB
01733 #define backends backendDB
01734 
01735 /*
01736  * syncinfo structure for syncrepl
01737  */
01738 
01739 struct syncinfo_s;
01740 
01741 #define SLAP_SYNC_RID_MAX   999
01742 #define SLAP_SYNC_SID_MAX   4095   /* based on liblutil/csn.c field width */
01743 
01744 /* fake conn connid constructed as rid; real connids start
01745  * at SLAPD_SYNC_CONN_OFFSET */
01746 #define SLAPD_SYNC_SYNCCONN_OFFSET (SLAP_SYNC_RID_MAX + 1)
01747 #define SLAPD_SYNC_IS_SYNCCONN(connid) ((connid) < SLAPD_SYNC_SYNCCONN_OFFSET)
01748 #define SLAPD_SYNC_RID2SYNCCONN(rid) (rid)
01749 
01750 #define SLAP_SYNCUUID_SET_SIZE 256
01751 
01752 struct sync_cookie {
01753        BerVarray ctxcsn;
01754        int *sids;
01755        int numcsns;
01756        int rid;
01757        struct berval octet_str;
01758        int sid;
01759        LDAP_STAILQ_ENTRY(sync_cookie) sc_next;
01760 };
01761 
01762 LDAP_STAILQ_HEAD( slap_sync_cookie_s, sync_cookie );
01763 
01764 LDAP_TAILQ_HEAD( be_pcl, slap_csn_entry );
01765 
01766 #ifndef SLAP_MAX_CIDS
01767 #define       SLAP_MAX_CIDS 32     /* Maximum number of supported controls */
01768 #endif
01769 
01770 struct ConfigOCs;    /* config.h */
01771 
01772 struct BackendDB {
01773        BackendInfo   *bd_info;     /* pointer to shared backend info */
01774        BackendDB     *bd_self;     /* pointer to this struct */
01775 
01776        /* fields in this structure (and routines acting on this structure)
01777           should be renamed from be_ to bd_ */
01778 
01779        /* BackendInfo accessors */
01780 #define              be_config     bd_info->bi_db_config
01781 #define              be_type              bd_info->bi_type
01782 
01783 #define              be_bind              bd_info->bi_op_bind
01784 #define              be_unbind     bd_info->bi_op_unbind
01785 #define              be_add        bd_info->bi_op_add
01786 #define              be_compare    bd_info->bi_op_compare
01787 #define              be_delete     bd_info->bi_op_delete
01788 #define              be_modify     bd_info->bi_op_modify
01789 #define              be_modrdn     bd_info->bi_op_modrdn
01790 #define              be_search     bd_info->bi_op_search
01791 #define              be_abandon    bd_info->bi_op_abandon
01792 
01793 #define              be_extended   bd_info->bi_extended
01794 #define              be_cancel     bd_info->bi_op_cancel
01795 
01796 #define              be_chk_referrals     bd_info->bi_chk_referrals
01797 #define              be_chk_controls             bd_info->bi_chk_controls
01798 #define              be_fetch      bd_info->bi_entry_get_rw
01799 #define              be_release    bd_info->bi_entry_release_rw
01800 #define              be_group      bd_info->bi_acl_group
01801 #define              be_attribute  bd_info->bi_acl_attribute
01802 #define              be_operational       bd_info->bi_operational
01803 
01804 /*
01805  * define to honor hasSubordinates operational attribute in search filters
01806  * (in previous use there was a flaw with back-bdb; now it is fixed).
01807  */
01808 #define              be_has_subordinates bd_info->bi_has_subordinates
01809 
01810 #define              be_connection_init   bd_info->bi_connection_init
01811 #define              be_connection_destroy       bd_info->bi_connection_destroy
01812 
01813 #ifdef SLAPD_TOOLS
01814 #define              be_entry_open bd_info->bi_tool_entry_open
01815 #define              be_entry_close bd_info->bi_tool_entry_close
01816 #define              be_entry_first bd_info->bi_tool_entry_first
01817 #define              be_entry_first_x bd_info->bi_tool_entry_first_x
01818 #define              be_entry_next bd_info->bi_tool_entry_next
01819 #define              be_entry_reindex bd_info->bi_tool_entry_reindex
01820 #define              be_entry_get bd_info->bi_tool_entry_get
01821 #define              be_entry_put bd_info->bi_tool_entry_put
01822 #define              be_sync bd_info->bi_tool_sync
01823 #define              be_dn2id_get bd_info->bi_tool_dn2id_get
01824 #define              be_entry_modify      bd_info->bi_tool_entry_modify
01825 #endif
01826 
01827        /* supported controls */
01828        /* note: set to 0 if the database does not support the control;
01829         * be_ctrls[SLAP_MAX_CIDS] is set to 1 if initialized */
01830        char          be_ctrls[SLAP_MAX_CIDS + 1];
01831 
01832 /* Database flags */
01833 #define SLAP_DBFLAG_NOLASTMOD             0x0001U
01834 #define SLAP_DBFLAG_NO_SCHEMA_CHECK       0x0002U
01835 #define       SLAP_DBFLAG_HIDDEN          0x0004U
01836 #define       SLAP_DBFLAG_ONE_SUFFIX             0x0008U
01837 #define       SLAP_DBFLAG_GLUE_INSTANCE   0x0010U       /* a glue backend */
01838 #define       SLAP_DBFLAG_GLUE_SUBORDINATE       0x0020U       /* child of a glue hierarchy */
01839 #define       SLAP_DBFLAG_GLUE_LINKED            0x0040U       /* child is connected to parent */
01840 #define SLAP_DBFLAG_GLUE_ADVERTISE 0x0080U /* advertise in rootDSE */
01841 #define SLAP_DBFLAG_OVERLAY        0x0100U       /* this db struct is an overlay */
01842 #define       SLAP_DBFLAG_GLOBAL_OVERLAY  0x0200U       /* this db struct is a global overlay */
01843 #define SLAP_DBFLAG_DYNAMIC        0x0400U /* this db allows dynamicObjects */
01844 #define       SLAP_DBFLAG_MONITORING             0x0800U       /* custom monitoring enabled */
01845 #define SLAP_DBFLAG_SHADOW         0x8000U /* a shadow */
01846 #define SLAP_DBFLAG_SINGLE_SHADOW  0x4000U       /* a single-master shadow */
01847 #define SLAP_DBFLAG_SYNC_SHADOW           0x1000U /* a sync shadow */
01848 #define SLAP_DBFLAG_SLURP_SHADOW   0x2000U /* a slurp shadow */
01849 #define SLAP_DBFLAG_SHADOW_MASK           (SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SINGLE_SHADOW|SLAP_DBFLAG_SYNC_SHADOW|SLAP_DBFLAG_SLURP_SHADOW)
01850 #define SLAP_DBFLAG_CLEAN          0x10000U /* was cleanly shutdown */
01851 #define SLAP_DBFLAG_ACL_ADD        0x20000U /* check attr ACLs on adds */
01852 #define SLAP_DBFLAG_SYNC_SUBENTRY  0x40000U /* use subentry for context */
01853 #define SLAP_DBFLAG_MULTI_SHADOW   0x80000U /* uses mirrorMode/multi-master */
01854        slap_mask_t   be_flags;
01855 #define SLAP_DBFLAGS(be)                  ((be)->be_flags)
01856 #define SLAP_NOLASTMOD(be)                (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD)
01857 #define SLAP_LASTMOD(be)                  (!SLAP_NOLASTMOD(be))
01858 #define SLAP_DBHIDDEN(be)                 (SLAP_DBFLAGS(be) & SLAP_DBFLAG_HIDDEN)
01859 #define SLAP_DB_ONE_SUFFIX(be)            (SLAP_DBFLAGS(be) & SLAP_DBFLAG_ONE_SUFFIX)
01860 #define SLAP_ISOVERLAY(be)                (SLAP_DBFLAGS(be) & SLAP_DBFLAG_OVERLAY)
01861 #define SLAP_ISGLOBALOVERLAY(be)          (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLOBAL_OVERLAY)
01862 #define SLAP_DBMONITORING(be)                    (SLAP_DBFLAGS(be) & SLAP_DBFLAG_MONITORING)
01863 #define SLAP_NO_SCHEMA_CHECK(be)   \
01864        (SLAP_DBFLAGS(be) & SLAP_DBFLAG_NO_SCHEMA_CHECK)
01865 #define       SLAP_GLUE_INSTANCE(be)             \
01866        (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_INSTANCE)
01867 #define       SLAP_GLUE_SUBORDINATE(be)   \
01868        (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_SUBORDINATE)
01869 #define       SLAP_GLUE_LINKED(be)        \
01870        (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_LINKED)
01871 #define       SLAP_GLUE_ADVERTISE(be)     \
01872        (SLAP_DBFLAGS(be) & SLAP_DBFLAG_GLUE_ADVERTISE)
01873 #define SLAP_SHADOW(be)                          (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SHADOW)
01874 #define SLAP_SYNC_SHADOW(be)                     (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SYNC_SHADOW)
01875 #define SLAP_SLURP_SHADOW(be)                    (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SLURP_SHADOW)
01876 #define SLAP_SINGLE_SHADOW(be)                   (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SINGLE_SHADOW)
01877 #define SLAP_MULTIMASTER(be)                     (SLAP_DBFLAGS(be) & SLAP_DBFLAG_MULTI_SHADOW)
01878 #define SLAP_DBCLEAN(be)                  (SLAP_DBFLAGS(be) & SLAP_DBFLAG_CLEAN)
01879 #define SLAP_DBACL_ADD(be)                (SLAP_DBFLAGS(be) & SLAP_DBFLAG_ACL_ADD)
01880 #define SLAP_SYNC_SUBENTRY(be)                   (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SYNC_SUBENTRY)
01881 
01882        slap_mask_t   be_restrictops;             /* restriction operations */
01883 #define SLAP_RESTRICT_OP_ADD              0x0001U
01884 #define       SLAP_RESTRICT_OP_BIND              0x0002U
01885 #define SLAP_RESTRICT_OP_COMPARE   0x0004U
01886 #define SLAP_RESTRICT_OP_DELETE           0x0008U
01887 #define       SLAP_RESTRICT_OP_EXTENDED   0x0010U
01888 #define SLAP_RESTRICT_OP_MODIFY           0x0020U
01889 #define SLAP_RESTRICT_OP_RENAME           0x0040U
01890 #define SLAP_RESTRICT_OP_SEARCH           0x0080U
01891 #define SLAP_RESTRICT_OP_MASK             0x00FFU
01892 
01893 #define       SLAP_RESTRICT_READONLY             0x80000000U
01894 
01895 #define SLAP_RESTRICT_EXOP_START_TLS             0x0100U
01896 #define       SLAP_RESTRICT_EXOP_MODIFY_PASSWD   0x0200U
01897 #define SLAP_RESTRICT_EXOP_WHOAMI         0x0400U
01898 #define SLAP_RESTRICT_EXOP_CANCEL         0x0800U
01899 #define SLAP_RESTRICT_EXOP_MASK                  0xFF00U
01900 
01901 #define SLAP_RESTRICT_OP_READS     \
01902        ( SLAP_RESTRICT_OP_COMPARE  \
01903        | SLAP_RESTRICT_OP_SEARCH )
01904 #define SLAP_RESTRICT_OP_WRITES    \
01905        ( SLAP_RESTRICT_OP_ADD    \
01906        | SLAP_RESTRICT_OP_DELETE \
01907        | SLAP_RESTRICT_OP_MODIFY \
01908        | SLAP_RESTRICT_OP_RENAME )
01909 #define SLAP_RESTRICT_OP_ALL \
01910        ( SLAP_RESTRICT_OP_READS \
01911        | SLAP_RESTRICT_OP_WRITES \
01912        | SLAP_RESTRICT_OP_BIND \
01913        | SLAP_RESTRICT_OP_EXTENDED )
01914 
01915 #define SLAP_ALLOW_BIND_V2         0x0001U       /* LDAPv2 bind */
01916 #define SLAP_ALLOW_BIND_ANON_CRED  0x0002U /* cred should be empty */
01917 #define SLAP_ALLOW_BIND_ANON_DN           0x0004U /* dn should be empty */
01918 
01919 #define SLAP_ALLOW_UPDATE_ANON            0x0008U /* allow anonymous updates */
01920 #define SLAP_ALLOW_PROXY_AUTHZ_ANON       0x0010U /* allow anonymous proxyAuthz */
01921 
01922 #define SLAP_DISALLOW_BIND_ANON           0x0001U /* no anonymous */
01923 #define SLAP_DISALLOW_BIND_SIMPLE  0x0002U       /* simple authentication */
01924 
01925 #define SLAP_DISALLOW_TLS_2_ANON   0x0010U /* StartTLS -> Anonymous */
01926 #define SLAP_DISALLOW_TLS_AUTHC           0x0020U       /* TLS while authenticated */
01927 
01928 #define SLAP_DISALLOW_PROXY_AUTHZ_N_CRIT  0x0100U
01929 #define SLAP_DISALLOW_DONTUSECOPY_N_CRIT  0x0200U
01930 
01931 #define SLAP_DISALLOW_AUX_WO_CR           0x4000U
01932 
01933        slap_mask_t   be_requires;  /* pre-operation requirements */
01934 #define SLAP_REQUIRE_BIND          0x0001U       /* bind before op */
01935 #define SLAP_REQUIRE_LDAP_V3       0x0002U       /* LDAPv3 before op */
01936 #define SLAP_REQUIRE_AUTHC         0x0004U       /* authentication before op */
01937 #define SLAP_REQUIRE_SASL          0x0008U       /* SASL before op  */
01938 #define SLAP_REQUIRE_STRONG        0x0010U       /* strong authentication before op */
01939 
01940        /* Required Security Strength Factor */
01941        slap_ssf_set_t be_ssf_set;
01942 
01943        BerVarray     be_suffix;    /* the DN suffixes of data in this backend */
01944        BerVarray     be_nsuffix;   /* the normalized DN suffixes in this backend */
01945        struct berval be_schemadn;  /* per-backend subschema subentry DN */
01946        struct berval be_schemandn; /* normalized subschema DN */
01947        struct berval be_rootdn;    /* the magic "root" name (DN) for this db */
01948        struct berval be_rootndn;   /* the magic "root" normalized name (DN) for this db */
01949        struct berval be_rootpw;    /* the magic "root" password for this db  */
01950        unsigned int be_max_deref_depth; /* limit for depth of an alias deref  */
01951 #define be_sizelimit be_def_limit.lms_s_soft
01952 #define be_timelimit be_def_limit.lms_t_soft
01953        struct slap_limits_set be_def_limit; /* default limits */
01954        struct slap_limits **be_limits; /* regex-based size and time limits */
01955        AccessControl *be_acl;      /* access control list for this backend      */
01956        slap_access_t be_dfltaccess;       /* access given if no acl matches     */
01957        AttributeName *be_extra_anlist;    /* attributes that need to be added to search requests (ITS#6513) */
01958 
01959        /* Replica Information */
01960        struct berval be_update_ndn;       /* allowed to make changes (in replicas) */
01961        BerVarray     be_update_refs;      /* where to refer modifying clients to */
01962        struct        be_pcl *be_pending_csn_list;
01963        ldap_pvt_thread_mutex_t                                 be_pcl_mutex;
01964        struct syncinfo_s                                       *be_syncinfo; /* For syncrepl */
01965 
01966        void    *be_pb;         /* Netscape plugin */
01967        struct ConfigOCs *be_cf_ocs;
01968 
01969        void   *be_private;  /* anything the backend database needs       */
01970        LDAP_STAILQ_ENTRY(BackendDB) be_next;
01971 };
01972 
01973 /* Backend function typedefs */
01974 typedef int (BI_bi_func) LDAP_P((BackendInfo *bi));
01975 typedef BI_bi_func BI_init;
01976 typedef BI_bi_func BI_open;
01977 typedef BI_bi_func BI_close;
01978 typedef BI_bi_func BI_destroy;
01979 typedef int (BI_config) LDAP_P((BackendInfo *bi,
01980        const char *fname, int lineno,
01981        int argc, char **argv));
01982 
01983 typedef struct config_reply_s ConfigReply; /* config.h */
01984 typedef int (BI_db_func) LDAP_P((Backend *bd, ConfigReply *cr));
01985 typedef BI_db_func BI_db_init;
01986 typedef BI_db_func BI_db_open;
01987 typedef BI_db_func BI_db_close;
01988 typedef BI_db_func BI_db_destroy;
01989 typedef int (BI_db_config) LDAP_P((Backend *bd,
01990        const char *fname, int lineno,
01991        int argc, char **argv));
01992 
01993 typedef struct req_bind_s {
01994        int rb_method;
01995        struct berval rb_cred;
01996        struct berval rb_edn;
01997        slap_ssf_t rb_ssf;
01998        struct berval rb_mech;
01999 } req_bind_s;
02000 
02001 typedef struct req_search_s {
02002        int rs_scope;
02003        int rs_deref;
02004        int rs_slimit;
02005        int rs_tlimit;
02006        /* NULL means be_isroot evaluated to TRUE */
02007        struct slap_limits_set *rs_limit;
02008        int rs_attrsonly;
02009        AttributeName *rs_attrs;
02010        Filter *rs_filter;
02011        struct berval rs_filterstr;
02012 } req_search_s;
02013 
02014 typedef struct req_compare_s {
02015        AttributeAssertion *rs_ava;
02016 } req_compare_s;
02017 
02018 typedef struct req_modifications_s {
02019        Modifications *rs_modlist;
02020        char rs_no_opattrs;         /* don't att modify operational attrs */
02021 } req_modifications_s;
02022 
02023 typedef struct req_modify_s {
02024        req_modifications_s rs_mods;       /* NOTE: must be first in req_modify_s & req_modrdn_s */
02025        int rs_increment;
02026 } req_modify_s;
02027 
02028 typedef struct req_modrdn_s {
02029        req_modifications_s rs_mods;       /* NOTE: must be first in req_modify_s & req_modrdn_s */
02030        int rs_deleteoldrdn;
02031        struct berval rs_newrdn;
02032        struct berval rs_nnewrdn;
02033        struct berval *rs_newSup;
02034        struct berval *rs_nnewSup;
02035 } req_modrdn_s;
02036 
02037 typedef struct req_add_s {
02038        Modifications *rs_modlist;
02039        Entry *rs_e;
02040 } req_add_s;
02041 
02042 typedef struct req_abandon_s {
02043        ber_int_t rs_msgid;
02044 } req_abandon_s;
02045 
02046 #ifdef SLAP_SCHEMA_EXPOSE
02047 #define SLAP_EXOP_HIDE 0x0000
02048 #else
02049 #define SLAP_EXOP_HIDE 0x8000
02050 #endif
02051 #define SLAP_EXOP_WRITES 0x0001           /* Exop does writes */
02052 
02053 typedef struct req_extended_s {
02054        struct berval rs_reqoid;
02055        int rs_flags;
02056        struct berval *rs_reqdata;
02057 } req_extended_s;
02058 
02059 typedef struct req_pwdexop_s {
02060        struct req_extended_s rs_extended;
02061        struct berval rs_old;
02062        struct berval rs_new;
02063        Modifications *rs_mods;
02064        Modifications **rs_modtail;
02065 } req_pwdexop_s;
02066 
02067 typedef enum slap_reply_e {
02068        REP_RESULT,
02069        REP_SASL,
02070        REP_EXTENDED,
02071        REP_SEARCH,
02072        REP_SEARCHREF,
02073        REP_INTERMEDIATE,
02074        REP_GLUE_RESULT
02075 } slap_reply_t;
02076 
02077 typedef struct rep_sasl_s {
02078        struct berval *r_sasldata;
02079 } rep_sasl_s;
02080 
02081 typedef struct rep_extended_s {
02082        const char *r_rspoid;
02083        struct berval *r_rspdata;
02084 } rep_extended_s;
02085 
02086 typedef struct rep_search_s {
02087        Entry *r_entry;
02088        slap_mask_t r_attr_flags;
02089 #define SLAP_ATTRS_UNDEFINED       (0x00U)
02090 #define SLAP_OPATTRS_NO                   (0x01U)
02091 #define SLAP_OPATTRS_YES           (0x02U)
02092 #define SLAP_USERATTRS_NO          (0x10U)
02093 #define SLAP_USERATTRS_YES         (0x20U)
02094 #define SLAP_OPATTRS_MASK(f)       ((f) & (SLAP_OPATTRS_NO|SLAP_OPATTRS_YES))
02095 #define SLAP_OPATTRS(f)                   (((f) & SLAP_OPATTRS_YES) == SLAP_OPATTRS_YES)
02096 #define SLAP_USERATTRS_MASK(f)     ((f) & (SLAP_USERATTRS_NO|SLAP_USERATTRS_YES))
02097 #define SLAP_USERATTRS(f)          \
02098        (((f) & SLAP_USERATTRS_YES) == SLAP_USERATTRS_YES)
02099 
02100        Attribute *r_operational_attrs;
02101        AttributeName *r_attrs;
02102        int r_nentries;
02103        BerVarray r_v2ref;
02104 } rep_search_s;
02105 
02106 struct SlapReply {
02107        slap_reply_t sr_type;
02108        ber_tag_t sr_tag;
02109        ber_int_t sr_msgid;
02110        ber_int_t sr_err;
02111        const char *sr_matched;
02112        const char *sr_text;
02113        BerVarray sr_ref;
02114        LDAPControl **sr_ctrls;
02115        union sr_u {
02116               rep_search_s sru_search;
02117               rep_sasl_s sru_sasl;
02118               rep_extended_s sru_extended;
02119        } sr_un;
02120        slap_mask_t sr_flags;
02121 #define       REP_ENTRY_MODIFIABLE ((slap_mask_t) 0x0001U)
02122 #define       REP_ENTRY_MUSTBEFREED       ((slap_mask_t) 0x0002U)
02123 #define       REP_ENTRY_MUSTRELEASE       ((slap_mask_t) 0x0004U)
02124 #define       REP_ENTRY_MASK              (REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTFLUSH)
02125 #define       REP_ENTRY_MUSTFLUSH  (REP_ENTRY_MUSTBEFREED|REP_ENTRY_MUSTRELEASE)
02126 
02127 #define       REP_MATCHED_MUSTBEFREED     ((slap_mask_t) 0x0010U)
02128 #define       REP_MATCHED_MASK     (REP_MATCHED_MUSTBEFREED)
02129 
02130 #define REP_REF_MUSTBEFREED ((slap_mask_t) 0x0020U)
02131 #define REP_REF_MASK        (REP_REF_MUSTBEFREED)
02132 
02133 #define REP_CTRLS_MUSTBEFREED      ((slap_mask_t) 0x0040U)
02134 #define REP_CTRLS_MASK             (REP_CTRLS_MUSTBEFREED)
02135 
02136 #define       REP_NO_ENTRYDN              ((slap_mask_t) 0x1000U)
02137 #define       REP_NO_SUBSCHEMA     ((slap_mask_t) 0x2000U)
02138 #define       REP_NO_OPERATIONALS  (REP_NO_ENTRYDN|REP_NO_SUBSCHEMA)
02139 };
02140 
02141 /* short hands for response members */
02142 #define       sr_attrs sr_un.sru_search.r_attrs
02143 #define       sr_entry sr_un.sru_search.r_entry
02144 #define       sr_operational_attrs sr_un.sru_search.r_operational_attrs
02145 #define sr_attr_flags sr_un.sru_search.r_attr_flags
02146 #define       sr_v2ref sr_un.sru_search.r_v2ref
02147 #define       sr_nentries sr_un.sru_search.r_nentries
02148 #define       sr_rspoid sr_un.sru_extended.r_rspoid
02149 #define       sr_rspdata sr_un.sru_extended.r_rspdata
02150 #define       sr_sasldata sr_un.sru_sasl.r_sasldata
02151 
02152 typedef int (BI_op_func) LDAP_P(( Operation *op, SlapReply *rs ));
02153 typedef BI_op_func BI_op_bind;
02154 typedef BI_op_func BI_op_unbind;
02155 typedef BI_op_func BI_op_search;
02156 typedef BI_op_func BI_op_compare;
02157 typedef BI_op_func BI_op_modify;
02158 typedef BI_op_func BI_op_modrdn;
02159 typedef BI_op_func BI_op_add;
02160 typedef BI_op_func BI_op_delete;
02161 typedef BI_op_func BI_op_abandon;
02162 typedef BI_op_func BI_op_extended;
02163 typedef BI_op_func BI_op_cancel;
02164 typedef BI_op_func BI_chk_referrals;
02165 typedef BI_op_func BI_chk_controls;
02166 typedef int (BI_entry_release_rw)
02167        LDAP_P(( Operation *op, Entry *e, int rw ));
02168 typedef int (BI_entry_get_rw) LDAP_P(( Operation *op, struct berval *ndn,
02169        ObjectClass *oc, AttributeDescription *at, int rw, Entry **e ));
02170 typedef int (BI_operational) LDAP_P(( Operation *op, SlapReply *rs ));
02171 typedef int (BI_has_subordinates) LDAP_P(( Operation *op,
02172        Entry *e, int *hasSubs ));
02173 typedef int (BI_access_allowed) LDAP_P(( Operation *op, Entry *e,
02174        AttributeDescription *desc, struct berval *val, slap_access_t access,
02175        AccessControlState *state, slap_mask_t *maskp ));
02176 typedef int (BI_acl_group) LDAP_P(( Operation *op, Entry *target,
02177        struct berval *gr_ndn, struct berval *op_ndn,
02178        ObjectClass *group_oc, AttributeDescription *group_at ));
02179 typedef int (BI_acl_attribute) LDAP_P(( Operation *op, Entry *target,
02180        struct berval *entry_ndn, AttributeDescription *entry_at,
02181        BerVarray *vals, slap_access_t access ));
02182 
02183 typedef int (BI_conn_func) LDAP_P(( BackendDB *bd, Connection *c ));
02184 typedef BI_conn_func BI_connection_init;
02185 typedef BI_conn_func BI_connection_destroy;
02186 
02187 typedef int (BI_tool_entry_open) LDAP_P(( BackendDB *be, int mode ));
02188 typedef int (BI_tool_entry_close) LDAP_P(( BackendDB *be ));
02189 typedef ID (BI_tool_entry_first) LDAP_P(( BackendDB *be ));
02190 typedef ID (BI_tool_entry_first_x) LDAP_P(( BackendDB *be, struct berval *base, int scope, Filter *f ));
02191 typedef ID (BI_tool_entry_next) LDAP_P(( BackendDB *be ));
02192 typedef Entry* (BI_tool_entry_get) LDAP_P(( BackendDB *be, ID id ));
02193 typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e, 
02194        struct berval *text ));
02195 typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id, AttributeDescription **adv ));
02196 typedef int (BI_tool_sync) LDAP_P(( BackendDB *be ));
02197 typedef ID (BI_tool_dn2id_get) LDAP_P(( BackendDB *be, struct berval *dn ));
02198 typedef ID (BI_tool_entry_modify) LDAP_P(( BackendDB *be, Entry *e, 
02199        struct berval *text ));
02200 
02201 struct BackendInfo {
02202        char   *bi_type; /* type of backend */
02203 
02204        /*
02205         * per backend type routines:
02206         * bi_init: called to allocate a backend_info structure,
02207         *            called once BEFORE configuration file is read.
02208         *            bi_init() initializes this structure hence is
02209         *            called directly from be_initialize()
02210         * bi_config: called per 'backend' specific option
02211         *            all such options must before any 'database' options
02212         *            bi_config() is called only from read_config()
02213         * bi_open: called to open each database, called
02214         *            once AFTER configuration file is read but
02215         *            BEFORE any bi_db_open() calls.
02216         *            bi_open() is called from backend_startup()
02217         * bi_close: called to close each database, called
02218         *            once during shutdown after all bi_db_close calls.
02219         *            bi_close() is called from backend_shutdown()
02220         * bi_destroy: called to destroy each database, called
02221         *            once during shutdown after all bi_db_destroy calls.
02222         *            bi_destory() is called from backend_destroy()
02223         */
02224        BI_init       *bi_init;
02225        BI_config     *bi_config;
02226        BI_open *bi_open;
02227        BI_close      *bi_close;
02228        BI_destroy    *bi_destroy;
02229 
02230        /*
02231         * per database routines:
02232         * bi_db_init: called to initialize each database,
02233         *     called upon reading 'database <type>' 
02234         *     called only from backend_db_init()
02235         * bi_db_config: called to configure each database,
02236         *  called per database to handle per database options
02237         *     called only from read_config()
02238         * bi_db_open: called to open each database
02239         *     called once per database immediately AFTER bi_open()
02240         *     calls but before daemon startup.
02241         *  called only by backend_startup()
02242         * bi_db_close: called to close each database
02243         *     called once per database during shutdown but BEFORE
02244         *  any bi_close call.
02245         *  called only by backend_shutdown()
02246         * bi_db_destroy: called to destroy each database
02247         *  called once per database during shutdown AFTER all
02248         *  bi_close calls but before bi_destory calls.
02249         *  called only by backend_destory()
02250         */
02251        BI_db_init    *bi_db_init;
02252        BI_db_config  *bi_db_config;
02253        BI_db_open    *bi_db_open;
02254        BI_db_close   *bi_db_close;
02255        BI_db_destroy *bi_db_destroy;
02256 
02257        /* LDAP Operations Handling Routines */
02258        BI_op_bind    *bi_op_bind;
02259        BI_op_unbind  *bi_op_unbind;
02260        BI_op_search  *bi_op_search;
02261        BI_op_compare *bi_op_compare;
02262        BI_op_modify  *bi_op_modify;
02263        BI_op_modrdn  *bi_op_modrdn;
02264        BI_op_add     *bi_op_add;
02265        BI_op_delete  *bi_op_delete;
02266        BI_op_abandon *bi_op_abandon;
02267 
02268        /* Extended Operations Helper */
02269        BI_op_extended       *bi_extended;
02270        BI_op_cancel  *bi_op_cancel;
02271 
02272        /* Auxilary Functions */
02273        BI_operational              *bi_operational;
02274        BI_chk_referrals     *bi_chk_referrals;
02275        BI_chk_controls             *bi_chk_controls;
02276        BI_entry_get_rw             *bi_entry_get_rw;
02277        BI_entry_release_rw  *bi_entry_release_rw;
02278 
02279        BI_has_subordinates  *bi_has_subordinates;
02280        BI_access_allowed    *bi_access_allowed;
02281        BI_acl_group         *bi_acl_group;
02282        BI_acl_attribute     *bi_acl_attribute;
02283 
02284        BI_connection_init   *bi_connection_init;
02285        BI_connection_destroy       *bi_connection_destroy;
02286 
02287        /* hooks for slap tools */
02288        BI_tool_entry_open   *bi_tool_entry_open;
02289        BI_tool_entry_close  *bi_tool_entry_close;
02290        BI_tool_entry_first  *bi_tool_entry_first;       /* deprecated */
02291        BI_tool_entry_first_x       *bi_tool_entry_first_x;
02292        BI_tool_entry_next   *bi_tool_entry_next;
02293        BI_tool_entry_get    *bi_tool_entry_get;
02294        BI_tool_entry_put    *bi_tool_entry_put;
02295        BI_tool_entry_reindex       *bi_tool_entry_reindex;
02296        BI_tool_sync         *bi_tool_sync;
02297        BI_tool_dn2id_get    *bi_tool_dn2id_get;
02298        BI_tool_entry_modify *bi_tool_entry_modify;
02299 
02300 #define SLAP_INDEX_ADD_OP          0x0001
02301 #define SLAP_INDEX_DELETE_OP       0x0002
02302 
02303        slap_mask_t   bi_flags; /* backend flags */
02304 #define SLAP_BFLAG_MONITOR                0x0001U /* a monitor backend */
02305 #define SLAP_BFLAG_CONFIG                 0x0002U /* a config backend */
02306 #define SLAP_BFLAG_FRONTEND               0x0004U /* the frontendDB */
02307 #define SLAP_BFLAG_NOLASTMODCMD           0x0010U
02308 #define SLAP_BFLAG_INCREMENT              0x0100U
02309 #define SLAP_BFLAG_ALIASES                0x1000U
02310 #define SLAP_BFLAG_REFERRALS              0x2000U
02311 #define SLAP_BFLAG_SUBENTRIES             0x4000U
02312 #define SLAP_BFLAG_DYNAMIC                0x8000U
02313 
02314 /* overlay specific */
02315 #define       SLAPO_BFLAG_SINGLE          0x01000000U
02316 #define       SLAPO_BFLAG_DBONLY          0x02000000U
02317 #define       SLAPO_BFLAG_GLOBONLY        0x04000000U
02318 #define       SLAPO_BFLAG_MASK            0xFF000000U
02319 
02320 #define SLAP_BFLAGS(be)            ((be)->bd_info->bi_flags)
02321 #define SLAP_MONITOR(be)    (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR)
02322 #define SLAP_CONFIG(be)            (SLAP_BFLAGS(be) & SLAP_BFLAG_CONFIG)
02323 #define SLAP_FRONTEND(be)   (SLAP_BFLAGS(be) & SLAP_BFLAG_FRONTEND)
02324 #define SLAP_INCREMENT(be)  (SLAP_BFLAGS(be) & SLAP_BFLAG_INCREMENT)
02325 #define SLAP_ALIASES(be)    (SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES)
02326 #define SLAP_REFERRALS(be)  (SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS)
02327 #define SLAP_SUBENTRIES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_SUBENTRIES)
02328 #define SLAP_DYNAMIC(be)    ((SLAP_BFLAGS(be) & SLAP_BFLAG_DYNAMIC) || (SLAP_DBFLAGS(be) & SLAP_DBFLAG_DYNAMIC))
02329 #define SLAP_NOLASTMODCMD(be)      (SLAP_BFLAGS(be) & SLAP_BFLAG_NOLASTMODCMD)
02330 #define SLAP_LASTMODCMD(be) (!SLAP_NOLASTMODCMD(be))
02331 
02332 /* overlay specific */
02333 #define SLAPO_SINGLE(be)    (SLAP_BFLAGS(be) & SLAPO_BFLAG_SINGLE)
02334 #define SLAPO_DBONLY(be)    (SLAP_BFLAGS(be) & SLAPO_BFLAG_DBONLY)
02335 #define SLAPO_GLOBONLY(be)  (SLAP_BFLAGS(be) & SLAPO_BFLAG_GLOBONLY)
02336 
02337        char   **bi_controls;              /* supported controls */
02338        char   bi_ctrls[SLAP_MAX_CIDS + 1];
02339 
02340        unsigned int bi_nDB; /* number of databases of this type */
02341        struct ConfigOCs *bi_cf_ocs;
02342        char   **bi_obsolete_names;
02343        void   *bi_extra;           /* backend type-specific APIs */
02344        void   *bi_private;  /* backend type-specific config data */
02345        LDAP_STAILQ_ENTRY(BackendInfo) bi_next ;
02346 };
02347 
02348 #define c_authtype   c_authz.sai_method
02349 #define c_authmech   c_authz.sai_mech
02350 #define c_dn         c_authz.sai_dn
02351 #define c_ndn        c_authz.sai_ndn
02352 #define c_ssf        c_authz.sai_ssf
02353 #define c_transport_ssf     c_authz.sai_transport_ssf
02354 #define c_tls_ssf    c_authz.sai_tls_ssf
02355 #define c_sasl_ssf   c_authz.sai_sasl_ssf
02356 
02357 #define o_authtype   o_authz.sai_method
02358 #define o_authmech   o_authz.sai_mech
02359 #define o_dn         o_authz.sai_dn
02360 #define o_ndn        o_authz.sai_ndn
02361 #define o_ssf        o_authz.sai_ssf
02362 #define o_transport_ssf     o_authz.sai_transport_ssf
02363 #define o_tls_ssf    o_authz.sai_tls_ssf
02364 #define o_sasl_ssf   o_authz.sai_sasl_ssf
02365 
02366 typedef int (slap_response)( Operation *, SlapReply * );
02367 
02368 typedef struct slap_callback {
02369        struct slap_callback *sc_next;
02370        slap_response *sc_response;
02371        slap_response *sc_cleanup;
02372        void *sc_private;
02373 } slap_callback;
02374 
02375 struct slap_overinfo;
02376 
02377 typedef enum slap_operation_e {
02378        op_bind = 0,
02379        op_unbind,
02380        op_search,
02381        op_compare,
02382        op_modify,
02383        op_modrdn,
02384        op_add,
02385        op_delete,
02386        op_abandon,
02387        op_extended,
02388        op_cancel,
02389        op_aux_operational,
02390        op_aux_chk_referrals,
02391        op_aux_chk_controls,
02392        op_last
02393 } slap_operation_t;
02394 
02395 typedef struct slap_overinst {
02396        BackendInfo on_bi;
02397        slap_response *on_response;
02398        struct slap_overinfo *on_info;
02399        struct slap_overinst *on_next;
02400 } slap_overinst;
02401 
02402 typedef struct slap_overinfo {
02403        BackendInfo oi_bi;
02404        BackendInfo *oi_orig;
02405        BackendDB     *oi_origdb;
02406        struct slap_overinst *oi_list;
02407 } slap_overinfo;
02408 
02409 /* Should successive callbacks in a chain be processed? */
02410 #define       SLAP_CB_BYPASS              0x08800
02411 #define       SLAP_CB_CONTINUE     0x08000
02412 
02413 /*
02414  * Paged Results state
02415  */
02416 typedef unsigned long PagedResultsCookie;
02417 typedef struct PagedResultsState {
02418        Backend *ps_be;
02419        ber_int_t ps_size;
02420        int ps_count;
02421        PagedResultsCookie ps_cookie;
02422        struct berval ps_cookieval;
02423 } PagedResultsState;
02424 
02425 struct slap_csn_entry {
02426        struct berval ce_csn;
02427        int ce_sid;
02428        unsigned long ce_opid;
02429        unsigned long ce_connid;
02430 #define SLAP_CSN_PENDING    1
02431 #define SLAP_CSN_COMMIT            2
02432        long ce_state;
02433        LDAP_TAILQ_ENTRY (slap_csn_entry) ce_csn_link;
02434 };
02435 
02436 /*
02437  * Caches the result of a backend_group check for ACL evaluation
02438  */
02439 typedef struct GroupAssertion {
02440        struct GroupAssertion *ga_next;
02441        Backend *ga_be;
02442        ObjectClass *ga_oc;
02443        AttributeDescription *ga_at;
02444        int ga_res;
02445        ber_len_t ga_len;
02446        char ga_ndn[1];
02447 } GroupAssertion;
02448 
02449 struct slap_control_ids {
02450        int sc_LDAPsync;
02451        int sc_assert;
02452        int sc_domainScope;
02453        int sc_dontUseCopy;
02454        int sc_manageDSAit;
02455        int sc_modifyIncrement;
02456        int sc_noOp;
02457        int sc_pagedResults;
02458        int sc_permissiveModify;
02459        int sc_postRead;
02460        int sc_preRead;
02461        int sc_proxyAuthz;
02462        int sc_relax;
02463        int sc_searchOptions;
02464 #ifdef SLAP_CONTROL_X_SORTEDRESULTS
02465        int sc_sortedResults;
02466 #endif
02467        int sc_subentries;
02468 #ifdef SLAP_CONTROL_X_TREE_DELETE
02469        int sc_treeDelete;
02470 #endif
02471 #ifdef LDAP_X_TXN
02472        int sc_txnSpec;
02473 #endif
02474 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
02475        int sc_sessionTracking;
02476 #endif
02477        int sc_valuesReturnFilter;
02478 #ifdef SLAP_CONTROL_X_WHATFAILED
02479        int sc_whatFailed;
02480 #endif
02481 };
02482 
02483 /*
02484  * Operation indices
02485  */
02486 typedef enum {
02487        SLAP_OP_BIND = 0,
02488        SLAP_OP_UNBIND,
02489        SLAP_OP_SEARCH,
02490        SLAP_OP_COMPARE,
02491        SLAP_OP_MODIFY,
02492        SLAP_OP_MODRDN,
02493        SLAP_OP_ADD,
02494        SLAP_OP_DELETE,
02495        SLAP_OP_ABANDON,
02496        SLAP_OP_EXTENDED,
02497        SLAP_OP_LAST
02498 } slap_op_t;
02499 
02500 typedef struct slap_counters_t {
02501        struct slap_counters_t      *sc_next;
02502        ldap_pvt_thread_mutex_t     sc_mutex;
02503        ldap_pvt_mp_t        sc_bytes;
02504        ldap_pvt_mp_t        sc_pdu;
02505        ldap_pvt_mp_t        sc_entries;
02506        ldap_pvt_mp_t        sc_refs;
02507 
02508        ldap_pvt_mp_t        sc_ops_completed;
02509        ldap_pvt_mp_t        sc_ops_initiated;
02510 #ifdef SLAPD_MONITOR
02511        ldap_pvt_mp_t        sc_ops_completed_[SLAP_OP_LAST];
02512        ldap_pvt_mp_t        sc_ops_initiated_[SLAP_OP_LAST];
02513 #endif /* SLAPD_MONITOR */
02514 } slap_counters_t;
02515 
02516 /*
02517  * represents an operation pending from an ldap client
02518  */
02519 typedef struct Opheader {
02520        unsigned long oh_opid;      /* id of this operation */
02521        unsigned long oh_connid;    /* id of conn initiating this op */
02522        Connection    *oh_conn;     /* connection spawning this op */
02523 
02524        ber_int_t     oh_msgid;     /* msgid of the request */
02525        ber_int_t     oh_protocol;  /* version of the LDAP protocol used by client */
02526 
02527        ldap_pvt_thread_t    oh_tid;       /* thread handling this op */
02528 
02529        void   *oh_threadctx;              /* thread pool thread context */
02530        void   *oh_tmpmemctx;              /* slab malloc context */
02531        BerMemoryFunctions *oh_tmpmfuncs;
02532 
02533        slap_counters_t      *oh_counters;
02534 
02535        char          oh_log_prefix[ /* sizeof("conn= op=") + 2*LDAP_PVT_INTTYPE_CHARS(unsigned long) */ SLAP_TEXT_BUFLEN ];
02536 
02537 #ifdef LDAP_SLAPI
02538        void   *oh_extensions;             /* NS-SLAPI plugin */
02539 #endif
02540 } Opheader;
02541 
02542 typedef union OpRequest {
02543        req_add_s oq_add;
02544        req_bind_s oq_bind;
02545        req_compare_s oq_compare;
02546        req_modify_s oq_modify;
02547        req_modrdn_s oq_modrdn;
02548        req_search_s oq_search;
02549        req_abandon_s oq_abandon;
02550        req_abandon_s oq_cancel;
02551        req_extended_s oq_extended;
02552        req_pwdexop_s oq_pwdexop;
02553 } OpRequest;
02554 
02555 /* This is only a header. Actual users should define their own
02556  * structs with the oe_next / oe_key fields at the top and
02557  * whatever else they need following.
02558  */
02559 typedef struct OpExtra {
02560        LDAP_SLIST_ENTRY(OpExtra) oe_next;
02561        void *oe_key;
02562 } OpExtra;
02563 
02564 typedef struct OpExtraDB {
02565        OpExtra oe;
02566        BackendDB *oe_db;
02567 } OpExtraDB;
02568 
02569 struct Operation {
02570        Opheader *o_hdr;
02571 
02572 #define o_opid o_hdr->oh_opid
02573 #define o_connid o_hdr->oh_connid
02574 #define o_conn o_hdr->oh_conn
02575 #define o_msgid o_hdr->oh_msgid
02576 #define o_protocol o_hdr->oh_protocol
02577 #define o_tid o_hdr->oh_tid
02578 #define o_threadctx o_hdr->oh_threadctx
02579 #define o_tmpmemctx o_hdr->oh_tmpmemctx
02580 #define o_tmpmfuncs o_hdr->oh_tmpmfuncs
02581 #define o_counters o_hdr->oh_counters
02582 
02583 #define       o_tmpalloc    o_tmpmfuncs->bmf_malloc
02584 #define o_tmpcalloc  o_tmpmfuncs->bmf_calloc
02585 #define       o_tmprealloc  o_tmpmfuncs->bmf_realloc
02586 #define       o_tmpfree     o_tmpmfuncs->bmf_free
02587 
02588 #define o_log_prefix o_hdr->oh_log_prefix
02589 
02590        ber_tag_t     o_tag;        /* tag of the request */
02591        time_t        o_time;              /* time op was initiated */
02592        int                  o_tincr;      /* counter for multiple ops with same o_time */
02593 
02594        BackendDB     *o_bd; /* backend DB processing this op */
02595        struct berval o_req_dn;     /* DN of target of request */
02596        struct berval o_req_ndn;
02597 
02598        OpRequest o_request;
02599 
02600 /* short hands for union members */
02601 #define oq_add o_request.oq_add
02602 #define oq_bind o_request.oq_bind
02603 #define oq_compare o_request.oq_compare
02604 #define oq_modify o_request.oq_modify
02605 #define oq_modrdn o_request.oq_modrdn
02606 #define oq_search o_request.oq_search
02607 #define oq_abandon o_request.oq_abandon
02608 #define oq_cancel o_request.oq_cancel
02609 #define oq_extended o_request.oq_extended
02610 #define oq_pwdexop o_request.oq_pwdexop
02611 
02612 /* short hands for inner request members */
02613 #define orb_method oq_bind.rb_method
02614 #define orb_cred oq_bind.rb_cred
02615 #define orb_edn oq_bind.rb_edn
02616 #define orb_ssf oq_bind.rb_ssf
02617 #define orb_mech oq_bind.rb_mech
02618 
02619 #define ors_scope oq_search.rs_scope
02620 #define ors_deref oq_search.rs_deref
02621 #define ors_slimit oq_search.rs_slimit
02622 #define ors_tlimit oq_search.rs_tlimit
02623 #define ors_limit oq_search.rs_limit
02624 #define ors_attrsonly oq_search.rs_attrsonly
02625 #define ors_attrs oq_search.rs_attrs
02626 #define ors_filter oq_search.rs_filter
02627 #define ors_filterstr oq_search.rs_filterstr
02628 
02629 #define orr_modlist oq_modrdn.rs_mods.rs_modlist
02630 #define orr_no_opattrs oq_modrdn.rs_mods.rs_no_opattrs
02631 #define orr_deleteoldrdn oq_modrdn.rs_deleteoldrdn
02632 #define orr_newrdn oq_modrdn.rs_newrdn
02633 #define orr_nnewrdn oq_modrdn.rs_nnewrdn
02634 #define orr_newSup oq_modrdn.rs_newSup
02635 #define orr_nnewSup oq_modrdn.rs_nnewSup
02636 
02637 #define orc_ava oq_compare.rs_ava
02638 
02639 #define ora_e oq_add.rs_e
02640 #define ora_modlist oq_add.rs_modlist
02641 
02642 #define orn_msgid oq_abandon.rs_msgid
02643 
02644 #define orm_modlist oq_modify.rs_mods.rs_modlist
02645 #define orm_no_opattrs oq_modify.rs_mods.rs_no_opattrs
02646 #define orm_increment oq_modify.rs_increment
02647 
02648 #define ore_reqoid oq_extended.rs_reqoid
02649 #define ore_flags oq_extended.rs_flags
02650 #define ore_reqdata oq_extended.rs_reqdata
02651        volatile sig_atomic_t o_abandon;   /* abandon flag */
02652        volatile sig_atomic_t o_cancel;           /* cancel flag */
02653 #define SLAP_CANCEL_NONE                         0x00
02654 #define SLAP_CANCEL_REQ                                 0x01
02655 #define SLAP_CANCEL_ACK                                 0x02
02656 #define SLAP_CANCEL_DONE                         0x03
02657 
02658        GroupAssertion *o_groups;
02659        char o_do_not_cache; /* don't cache groups from this op */
02660        char o_is_auth_check;       /* authorization in progress */
02661        char o_dont_replicate;
02662        slap_access_t o_acl_priv;
02663 
02664        char o_nocaching;
02665        char o_delete_glue_parent;
02666        char o_no_schema_check;
02667 #define get_no_schema_check(op)                  ((op)->o_no_schema_check)
02668        char o_no_subordinate_glue;
02669 #define get_no_subordinate_glue(op)              ((op)->o_no_subordinate_glue)
02670 
02671 #define SLAP_CONTROL_NONE   0
02672 #define SLAP_CONTROL_IGNORED       1
02673 #define SLAP_CONTROL_NONCRITICAL 2
02674 #define SLAP_CONTROL_CRITICAL      3
02675 #define       SLAP_CONTROL_MASK    3
02676 
02677 /* spare bits for simple flags */
02678 #define SLAP_CONTROL_SHIFT  4      /* shift to reach data bits */
02679 #define SLAP_CONTROL_DATA0  0x10
02680 #define SLAP_CONTROL_DATA1  0x20
02681 #define SLAP_CONTROL_DATA2  0x40
02682 #define SLAP_CONTROL_DATA3  0x80
02683 
02684 #define _SCM(x)      ((x) & SLAP_CONTROL_MASK)
02685 
02686        char o_ctrlflag[SLAP_MAX_CIDS];    /* per-control flags */
02687        void **o_controls;          /* per-control state */
02688 
02689 #define o_dontUseCopy                     o_ctrlflag[slap_cids.sc_dontUseCopy]
02690 #define get_dontUseCopy(op)        _SCM((op)->o_dontUseCopy)
02691 
02692 #define o_relax                           o_ctrlflag[slap_cids.sc_relax]
02693 #define get_relax(op)              _SCM((op)->o_relax)
02694 
02695 #define o_managedsait       o_ctrlflag[slap_cids.sc_manageDSAit]
02696 #define get_manageDSAit(op)                      _SCM((op)->o_managedsait)
02697 
02698 #define o_noop       o_ctrlflag[slap_cids.sc_noOp]
02699 #define o_proxy_authz       o_ctrlflag[slap_cids.sc_proxyAuthz]
02700 #define o_subentries o_ctrlflag[slap_cids.sc_subentries]
02701 
02702 #define get_subentries(op)                       _SCM((op)->o_subentries)
02703 #define       o_subentries_visibility     o_ctrlflag[slap_cids.sc_subentries]
02704 
02705 #define set_subentries_visibility(op)     ((op)->o_subentries |= SLAP_CONTROL_DATA0)
02706 #define get_subentries_visibility(op)     (((op)->o_subentries & SLAP_CONTROL_DATA0) != 0)
02707 
02708 #define o_assert     o_ctrlflag[slap_cids.sc_assert]
02709 #define get_assert(op)                                  ((int)(op)->o_assert)
02710 #define o_assertion  o_controls[slap_cids.sc_assert]
02711 #define get_assertion(op)                        ((op)->o_assertion)
02712 
02713 #define       o_valuesreturnfilter o_ctrlflag[slap_cids.sc_valuesReturnFilter]
02714 #define o_vrFilter   o_controls[slap_cids.sc_valuesReturnFilter]
02715 
02716 #define o_permissive_modify o_ctrlflag[slap_cids.sc_permissiveModify]
02717 #define get_permissiveModify(op)          ((int)(op)->o_permissive_modify)
02718 
02719 #define o_domain_scope      o_ctrlflag[slap_cids.sc_domainScope]
02720 #define get_domainScope(op)                      ((int)(op)->o_domain_scope)
02721 
02722 #ifdef SLAP_CONTROL_X_TREE_DELETE
02723 #define       o_tree_delete o_ctrlflag[slap_cids.sc_treeDelete]
02724 #define get_treeDelete(op)                       ((int)(op)->o_tree_delete)
02725 #endif
02726 
02727 #define o_preread    o_ctrlflag[slap_cids.sc_preRead]
02728 #define o_postread   o_ctrlflag[slap_cids.sc_postRead]
02729 
02730 #define       o_preread_attrs      o_controls[slap_cids.sc_preRead]
02731 #define o_postread_attrs    o_controls[slap_cids.sc_postRead]
02732 
02733 #define o_pagedresults      o_ctrlflag[slap_cids.sc_pagedResults]
02734 #define o_pagedresults_state       o_controls[slap_cids.sc_pagedResults]
02735 #define get_pagedresults(op)                     ((int)(op)->o_pagedresults)
02736 
02737 #ifdef SLAP_CONTROL_X_SORTEDRESULTS
02738 #define o_sortedresults            o_ctrlflag[slap_cids.sc_sortedResults]
02739 #endif
02740 
02741 #ifdef LDAP_X_TXN
02742 #define o_txnSpec           o_ctrlflag[slap_cids.sc_txnSpec]
02743 #endif
02744 
02745 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
02746 #define o_session_tracking  o_ctrlflag[slap_cids.sc_sessionTracking]
02747 #define o_tracked_sessions  o_controls[slap_cids.sc_sessionTracking]
02748 #define get_sessionTracking(op)                  ((int)(op)->o_session_tracking)
02749 #endif
02750 
02751 #ifdef SLAP_CONTROL_X_WHATFAILED
02752 #define o_whatFailed o_ctrlflag[slap_cids.sc_whatFailed]
02753 #define get_whatFailed(op)                       _SCM((op)->o_whatFailed)
02754 #endif
02755 
02756 #define o_sync                     o_ctrlflag[slap_cids.sc_LDAPsync]
02757 
02758        AuthorizationInformation o_authz;
02759 
02760        BerElement    *o_ber;              /* ber of the request */
02761        BerElement    *o_res_ber;   /* ber of the CLDAP reply or readback control */
02762        slap_callback *o_callback;  /* callback pointers */
02763        LDAPControl   **o_ctrls;     /* controls */
02764        struct berval o_csn;
02765 
02766        /* DEPRECATE o_private - use o_extra instead */
02767        void   *o_private;   /* anything the backend needs */
02768        LDAP_SLIST_HEAD(o_e, OpExtra) o_extra;    /* anything the backend needs */
02769 
02770        LDAP_STAILQ_ENTRY(Operation)       o_next;       /* next operation in list */
02771 };
02772 
02773 typedef struct OperationBuffer {
02774        Operation     ob_op;
02775        Opheader      ob_hdr;
02776        void          *ob_controls[SLAP_MAX_CIDS];
02777 } OperationBuffer;
02778 
02779 #define send_ldap_error( op, rs, err, text ) do { \
02780               (rs)->sr_err = err; (rs)->sr_text = text; \
02781               ((op)->o_conn->c_send_ldap_result)( op, rs ); \
02782        } while (0)
02783 #define send_ldap_discon( op, rs, err, text ) do { \
02784               (rs)->sr_err = err; (rs)->sr_text = text; \
02785               send_ldap_disconnect( op, rs ); \
02786        } while (0)
02787 
02788 typedef void (SEND_LDAP_RESULT)(
02789        Operation *op, SlapReply *rs);
02790 typedef int (SEND_SEARCH_ENTRY)(
02791        Operation *op, SlapReply *rs);
02792 typedef int (SEND_SEARCH_REFERENCE)(
02793        Operation *op, SlapReply *rs);
02794 typedef void (SEND_LDAP_EXTENDED)(
02795        Operation *op, SlapReply *rs);
02796 typedef void (SEND_LDAP_INTERMEDIATE)(
02797        Operation *op, SlapReply *rs);
02798 
02799 #define send_ldap_result( op, rs ) \
02800        ((op)->o_conn->c_send_ldap_result)( op, rs )
02801 #define send_search_entry( op, rs ) \
02802        ((op)->o_conn->c_send_search_entry)( op, rs )
02803 #define send_search_reference( op, rs ) \
02804        ((op)->o_conn->c_send_search_reference)( op, rs )
02805 #define send_ldap_extended( op, rs ) \
02806        ((op)->o_conn->c_send_ldap_extended)( op, rs )
02807 #define send_ldap_intermediate( op, rs ) \
02808        ((op)->o_conn->c_send_ldap_intermediate)( op, rs )
02809 
02810 typedef struct Listener Listener;
02811 
02812 /*
02813  * represents a connection from an ldap client
02814  */
02815 /* structure state (protected by connections_mutex) */
02816 enum sc_struct_state {
02817        SLAP_C_UNINITIALIZED = 0,   /* MUST BE ZERO (0) */
02818        SLAP_C_UNUSED,
02819        SLAP_C_USED,
02820        SLAP_C_PENDING
02821 };
02822 
02823 /* connection state (protected by c_mutex ) */
02824 enum sc_conn_state {
02825        SLAP_C_INVALID = 0,         /* MUST BE ZERO (0) */
02826        SLAP_C_INACTIVE,            /* zero threads */
02827        SLAP_C_CLOSING,                    /* closing */
02828        SLAP_C_ACTIVE,                     /* one or more threads */
02829        SLAP_C_BINDING,                    /* binding */
02830        SLAP_C_CLIENT               /* outbound client conn */
02831 };
02832 struct Connection {
02833        enum sc_struct_state c_struct_state; /* structure management state */
02834        enum sc_conn_state   c_conn_state; /* connection state */
02835        int                  c_conn_idx;          /* slot in connections array */
02836        ber_socket_t  c_sd;
02837        const char    *c_close_reason; /* why connection is closing */
02838 
02839        ldap_pvt_thread_mutex_t     c_mutex; /* protect the connection */
02840        Sockbuf              *c_sb;               /* ber connection stuff              */
02841 
02842        /* only can be changed by connect_init */
02843        time_t        c_starttime;  /* when the connection was opened */
02844        time_t        c_activitytime;      /* when the connection was last used */
02845        unsigned long        c_connid;     /* id of this connection for stats*/
02846 
02847        struct berval c_peer_domain;       /* DNS name of client */
02848        struct berval c_peer_name;  /* peer name (trans=addr:port) */
02849        Listener      *c_listener;
02850 #define c_listener_url c_listener->sl_url /* listener URL */
02851 #define c_sock_name c_listener->sl_name   /* sock name (trans=addr:port) */
02852 
02853        /* only can be changed by binding thread */
02854        struct berval c_sasl_bind_mech;                  /* mech in progress */
02855        struct berval c_sasl_dn;    /* temporary storage */
02856        struct berval c_sasl_authz_dn;     /* SASL proxy authz */
02857 
02858        /* authorization backend */
02859        Backend *c_authz_backend;
02860        void   *c_authz_cookie;
02861 #define SLAP_IS_AUTHZ_BACKEND( op )       \
02862        ( (op)->o_bd != NULL \
02863               && (op)->o_bd->be_private != NULL \
02864               && (op)->o_conn != NULL \
02865               && (op)->o_conn->c_authz_backend != NULL \
02866               && ( (op)->o_bd->be_private == (op)->o_conn->c_authz_backend->be_private \
02867                      || (op)->o_bd->be_private == (op)->o_conn->c_authz_cookie ) )
02868 
02869        AuthorizationInformation c_authz;
02870 
02871        ber_int_t     c_protocol;   /* version of the LDAP protocol used by client */
02872 
02873        LDAP_STAILQ_HEAD(c_o, Operation) c_ops;   /* list of operations being processed */
02874        LDAP_STAILQ_HEAD(c_po, Operation) c_pending_ops; /* list of pending operations */
02875 
02876        ldap_pvt_thread_mutex_t     c_write1_mutex;      /* only one pdu written at a time */
02877        ldap_pvt_thread_cond_t      c_write1_cv;  /* only one pdu written at a time */
02878        ldap_pvt_thread_mutex_t     c_write2_mutex;      /* used to wait for sd write-ready */
02879        ldap_pvt_thread_cond_t      c_write2_cv;  /* used to wait for sd write-ready*/
02880 
02881        BerElement    *c_currentber;       /* ber we're attempting to read */
02882        int                  c_writers;           /* number of writers waiting */
02883        char          c_writing;           /* someone is writing */
02884 
02885        char          c_sasl_bind_in_progress;    /* multi-op bind in progress */
02886        char          c_writewaiter;       /* true if blocked on write */
02887 
02888 
02889 #define       CONN_IS_TLS   1
02890 #define       CONN_IS_UDP   2
02891 #define       CONN_IS_CLIENT       4
02892 #define       CONN_IS_IPC   8
02893 
02894 #ifdef LDAP_CONNECTIONLESS
02895        char   c_is_udp;            /* true if this is (C)LDAP over UDP */
02896 #endif
02897 #ifdef HAVE_TLS
02898        char   c_is_tls;            /* true if this LDAP over raw TLS */
02899        char   c_needs_tls_accept;  /* true if SSL_accept should be called */
02900 #endif
02901        char   c_sasl_layers;        /* true if we need to install SASL i/o handlers */
02902        char   c_sasl_done;         /* SASL completed once */
02903        void   *c_sasl_authctx;     /* SASL authentication context */
02904        void   *c_sasl_sockctx;     /* SASL security layer context */
02905        void   *c_sasl_extra;              /* SASL session extra stuff */
02906        Operation     *c_sasl_bindop;      /* set to current op if it's a bind */
02907 
02908 #ifdef LDAP_X_TXN
02909 #define CONN_TXN_INACTIVE 0
02910 #define CONN_TXN_SPECIFY 1
02911 #define CONN_TXN_SETTLE -1
02912        int c_txn;
02913 
02914        Backend *c_txn_backend;
02915        LDAP_STAILQ_HEAD(c_to, Operation) c_txn_ops; /* list of operations in txn */
02916 #endif
02917 
02918        PagedResultsState c_pagedresults_state; /* paged result state */
02919 
02920        long   c_n_ops_received;    /* num of ops received (next op_id) */
02921        long   c_n_ops_executing;   /* num of ops currently executing */
02922        long   c_n_ops_pending;     /* num of ops pending execution */
02923        long   c_n_ops_completed;   /* num of ops completed */
02924 
02925        long   c_n_get;             /* num of get calls */
02926        long   c_n_read;            /* num of read calls */
02927        long   c_n_write;           /* num of write calls */
02928 
02929        void   *c_extensions;              /* Netscape plugin */
02930 
02931        /*
02932         * Client connection handling
02933         */
02934        ldap_pvt_thread_start_t     *c_clientfunc;
02935        void   *c_clientarg;
02936 
02937        /*
02938         * These are the "callbacks" that are available for back-ends to
02939         * supply data back to connected clients that are connected
02940         * through the "front-end".
02941         */
02942        SEND_LDAP_RESULT *c_send_ldap_result;
02943        SEND_SEARCH_ENTRY *c_send_search_entry;
02944        SEND_SEARCH_REFERENCE *c_send_search_reference;
02945        SEND_LDAP_EXTENDED *c_send_ldap_extended;
02946        SEND_LDAP_INTERMEDIATE *c_send_ldap_intermediate;
02947 };
02948 
02949 #ifdef LDAP_DEBUG
02950 #ifdef LDAP_SYSLOG
02951 #ifdef LOG_LOCAL4
02952 #define SLAP_DEFAULT_SYSLOG_USER   LOG_LOCAL4
02953 #endif /* LOG_LOCAL4 */
02954 
02955 #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
02956        Log5( (level), ldap_syslog_level, (fmt), (connid), (opid), (arg1), (arg2), (arg3) )
02957 #define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level))
02958 #else /* !LDAP_SYSLOG */
02959 #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
02960        do { \
02961               if ( ldap_debug & (level) ) \
02962                      lutil_debug( ldap_debug, (level), (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
02963        } while (0)
02964 #define StatslogTest( level ) (ldap_debug & (level))
02965 #endif /* !LDAP_SYSLOG */
02966 #else /* !LDAP_DEBUG */
02967 #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) ((void) 0)
02968 #define StatslogTest( level ) (0)
02969 #endif /* !LDAP_DEBUG */
02970 
02971 /*
02972  * listener; need to access it from monitor backend
02973  */
02974 struct Listener {
02975        struct berval sl_url;
02976        struct berval sl_name;
02977        mode_t sl_perms;
02978 #ifdef HAVE_TLS
02979        int           sl_is_tls;
02980 #endif
02981 #ifdef LDAP_CONNECTIONLESS
02982        int    sl_is_udp;           /* UDP listener is also data port */
02983 #endif
02984        int    sl_mute;      /* Listener is temporarily disabled due to emfile */
02985        int    sl_busy;      /* Listener is busy (accept thread activated) */
02986        ber_socket_t sl_sd;
02987        Sockaddr sl_sa;
02988 #define sl_addr      sl_sa.sa_in_addr
02989 #ifdef LDAP_DEVEL
02990 #define LDAP_TCP_BUFFER
02991 #endif
02992 #ifdef LDAP_TCP_BUFFER
02993        int    sl_tcp_rmem;  /* custom TCP read buffer size */
02994        int    sl_tcp_wmem;  /* custom TCP write buffer size */
02995 #endif
02996 };
02997 
02998 /*
02999  * Better know these all around slapd
03000  */
03001 #define SLAP_LDAPDN_PRETTY 0x1
03002 #define SLAP_LDAPDN_MAXLEN 8192
03003 
03004 /* number of response controls supported */
03005 #define SLAP_MAX_RESPONSE_CONTROLS   6
03006 
03007 #ifdef SLAP_SCHEMA_EXPOSE
03008 #define SLAP_CTRL_HIDE                           0x00000000U
03009 #else
03010 #define SLAP_CTRL_HIDE                           0x80000000U
03011 #endif
03012 
03013 #define SLAP_CTRL_REQUIRES_ROOT           0x40000000U /* for Relax */
03014 
03015 #define SLAP_CTRL_GLOBAL                  0x00800000U
03016 #define SLAP_CTRL_GLOBAL_SEARCH           0x00010000U   /* for NOOP */
03017 
03018 #define SLAP_CTRL_OPFLAGS                 0x0000FFFFU
03019 #define SLAP_CTRL_ABANDON                 0x00000001U
03020 #define SLAP_CTRL_ADD                            0x00002002U
03021 #define SLAP_CTRL_BIND                           0x00000004U
03022 #define SLAP_CTRL_COMPARE                 0x00001008U
03023 #define SLAP_CTRL_DELETE                  0x00002010U
03024 #define SLAP_CTRL_MODIFY                  0x00002020U
03025 #define SLAP_CTRL_RENAME                  0x00002040U
03026 #define SLAP_CTRL_SEARCH                  0x00001080U
03027 #define SLAP_CTRL_UNBIND                  0x00000100U
03028 
03029 #define SLAP_CTRL_INTROGATE (SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH)
03030 #define SLAP_CTRL_UPDATE \
03031        (SLAP_CTRL_ADD|SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME)
03032 #define SLAP_CTRL_ACCESS    (SLAP_CTRL_INTROGATE|SLAP_CTRL_UPDATE)
03033 
03034 typedef int (SLAP_CTRL_PARSE_FN) LDAP_P((
03035        Operation *op,
03036        SlapReply *rs,
03037        LDAPControl *ctrl ));
03038 
03039 typedef int (*SLAP_ENTRY_INFO_FN) LDAP_P(( void *arg, Entry *e ));
03040 
03041 #define SLAP_SLAB_SIZE      (1024*1024)
03042 #define SLAP_SLAB_STACK 1
03043 
03044 #define SLAP_ZONE_ALLOC 1
03045 #undef SLAP_ZONE_ALLOC
03046 
03047 #ifdef LDAP_COMP_MATCH
03048 /*
03049  * Extensible Filter Definition
03050  *
03051  * MatchingRuleAssertion := SEQUENCE {
03052  *     matchingRule  [1] MatchingRuleId OPTIONAL,
03053  *     type          [2] AttributeDescription OPTIONAL,
03054  *     matchValue    [3] AssertionValue,
03055  *     dnAttributes  [4] BOOLEAN DEFAULT FALSE }
03056  *
03057  * Following ComponentFilter is contained in matchValue
03058  *
03059  * ComponentAssertion ::= SEQUENCE {
03060  *     component            ComponentReference (SIZE(1..MAX)) OPTIONAL
03061  *     useDefaultValues     BOOLEAN DEFAULT TRUE,
03062  *     rule                 MATCHING-RULE.&id,
03063  *     value                MATCHING-RULE.&AssertionType }
03064  *
03065  * ComponentFilter ::= CHOICE {
03066  *     item   [0] ComponentAssertion,
03067  *     and    [1] SEQUENCE OF ComponentFilter,
03068  *     or     [2] SEQUENCE OF ComponentFilter,
03069  *     not    [3] ComponentFilter }
03070  */
03071 
03072 #define LDAP_COMPREF_IDENTIFIER           ((ber_tag_t) 0x80U)
03073 #define LDAP_COMPREF_FROM_BEGINNING       ((ber_tag_t) 0x81U)
03074 #define LDAP_COMPREF_COUNT         ((ber_tag_t) 0x82U)
03075 #define LDAP_COMPREF_FROM_END             ((ber_tag_t) 0x83U)
03076 #define LDAP_COMPREF_CONTENT              ((ber_tag_t) 0x84U)
03077 #define LDAP_COMPREF_SELECT        ((ber_tag_t) 0x85U)
03078 #define LDAP_COMPREF_ALL           ((ber_tag_t) 0x86U)
03079 #define LDAP_COMPREF_DEFINED              ((ber_tag_t) 0x87U)
03080 #define LDAP_COMPREF_UNDEFINED            ((ber_tag_t) 0x88U)
03081 
03082 #define LDAP_COMP_FILTER_AND              ((ber_tag_t) 0xa0U)
03083 #define LDAP_COMP_FILTER_OR        ((ber_tag_t) 0xa1U)
03084 #define LDAP_COMP_FILTER_NOT              ((ber_tag_t) 0xa2U)
03085 #define LDAP_COMP_FILTER_ITEM             ((ber_tag_t) 0xa3U)
03086 #define LDAP_COMP_FILTER_UNDEFINED ((ber_tag_t) 0xa4U)
03087 
03088 typedef struct ComponentId ComponentId;
03089 typedef struct ComponentReference ComponentReference;
03090 typedef struct ComponentAssertion ComponentAssertion;
03091 typedef struct ComponentAssertionValue ComponentAssertionValue;
03092 typedef struct ComponentSyntaxInfo ComponentSyntaxInfo;
03093 typedef struct ComponentDesc ComponentDesc;
03094 
03095 struct ComponentData {
03096        void                 *cd_mem_op;   /* nibble memory handler */
03097        ComponentSyntaxInfo**       cd_tree;      /* component tree */
03098 };
03099 
03100 struct ComponentId {
03101        int           ci_type;
03102        ComponentId   *ci_next;
03103 
03104        union comp_id_value{
03105               BerValue      ci_identifier;
03106               ber_int_t     ci_from_beginning;
03107               ber_int_t     ci_count;
03108               ber_int_t     ci_from_end;
03109               ber_int_t     ci_content;
03110               BerValue      ci_select_value;
03111               char          ci_all;
03112        } ci_val;
03113 };
03114 
03115 struct ComponentReference {
03116        ComponentId   *cr_list;
03117        ComponentId   *cr_curr;
03118        struct berval cr_string;
03119        int cr_len;
03120        /* Component Indexing */
03121        int           cr_asn_type_id;
03122        slap_mask_t   cr_indexmask;
03123        AttributeDescription* cr_ad;
03124        BerVarray     cr_nvals;
03125        ComponentReference* cr_next;
03126 };
03127 
03128 struct ComponentAssertion {
03129        ComponentReference   *ca_comp_ref;
03130        ber_int_t            ca_use_def;
03131        MatchingRule         *ca_ma_rule;
03132        struct berval        ca_ma_value;
03133        ComponentData        ca_comp_data; /* componentized assertion */
03134        ComponentFilter             *ca_cf;
03135        MatchingRuleAssertion   *ca_mra;
03136 };
03137 
03138 struct ComponentFilter {
03139        ber_tag_t     cf_choice;
03140        union cf_un_u {
03141               ber_int_t            cf_un_result;
03142               ComponentAssertion   *cf_un_ca;
03143               ComponentFilter             *cf_un_complex;
03144        } cf_un;
03145 
03146 #define cf_ca        cf_un.cf_un_ca
03147 #define cf_result    cf_un.cf_un_result
03148 #define cf_and              cf_un.cf_un_complex
03149 #define cf_or        cf_un.cf_un_complex
03150 #define cf_not              cf_un.cf_un_complex
03151 #define cf_any              cf_un.cf_un_complex
03152        
03153        ComponentFilter      *cf_next;
03154 };
03155 
03156 struct ComponentAssertionValue {
03157        char* cav_buf;
03158        char* cav_ptr;
03159        char* cav_end;
03160 };
03161 
03162 typedef int encoder_func LDAP_P((
03163        void* b,
03164        void* comp));
03165 
03166 typedef int gser_decoder_func LDAP_P((
03167        void* mem_op,
03168        void* b,
03169        ComponentSyntaxInfo** comp_syn_info,
03170        int* len,
03171        int mode));
03172 
03173 typedef int comp_free_func LDAP_P((
03174        void* b));
03175 
03176 typedef int ber_decoder_func LDAP_P((
03177        void* mem_op,
03178        void* b,
03179        int tag,
03180        int elmtLen,
03181        ComponentSyntaxInfo* comp_syn_info,
03182        int* len,
03183        int mode));
03184 
03185 typedef int ber_tag_decoder_func LDAP_P((
03186        void* mem_op,
03187        void* b,
03188        ComponentSyntaxInfo* comp_syn_info,
03189        int* len,
03190        int mode));
03191 
03192 typedef void* extract_component_from_id_func LDAP_P((
03193        void* mem_op,
03194        ComponentReference* cr,
03195        void* comp ));
03196 
03197 typedef void* convert_attr_to_comp_func LDAP_P ((
03198         Attribute* a,
03199        Syntax* syn,
03200         struct berval* bv ));
03201 
03202 typedef void* alloc_nibble_func LDAP_P ((
03203        int initial_size,
03204        int increment_size ));
03205 
03206 typedef void free_nibble_func LDAP_P ((
03207        void* nm ));
03208 
03209 typedef void convert_assert_to_comp_func LDAP_P ((
03210        void *mem_op,
03211         ComponentSyntaxInfo* csi_attr,
03212         struct berval* bv,
03213         ComponentSyntaxInfo** csi,
03214         int* len,
03215         int mode ));
03216                                                                           
03217 typedef int convert_asn_to_ldap_func LDAP_P ((
03218         ComponentSyntaxInfo* csi,
03219         struct berval *bv ));
03220 
03221 typedef void free_component_func LDAP_P ((
03222         void* mem_op));
03223 
03224 typedef int test_component_func LDAP_P ((
03225        void* attr_mem_op,
03226        void* assert_mem_op,
03227         ComponentSyntaxInfo* csi,
03228        ComponentAssertion* ca));
03229 
03230 typedef void* test_membership_func LDAP_P ((
03231        void* in ));
03232 
03233 typedef void* get_component_info_func LDAP_P ((
03234        int in ));
03235 
03236 typedef int component_encoder_func LDAP_P ((
03237        void* mem_op,
03238        ComponentSyntaxInfo* csi,
03239        struct berval* nvals ));
03240        
03241 typedef int allcomponent_matching_func LDAP_P((
03242        char* oid,
03243        ComponentSyntaxInfo* comp1,
03244        ComponentSyntaxInfo* comp));
03245 
03246 struct ComponentDesc {
03247        /* Don't change the order of following four fields */
03248        int                         cd_tag;
03249        AttributeType               *cd_comp_type;
03250        struct berval               cd_ad_type;   /* ad_type, ad_cname */
03251        struct berval               cd_ad_cname;  /* ad_type, ad_cname */
03252        unsigned                    cd_flags;     /* ad_flags */
03253        int                         cd_type;
03254        int                         cd_type_id;
03255        encoder_func                *cd_ldap_encoder;
03256        encoder_func                *cd_gser_encoder;
03257        encoder_func                *cd_ber_encoder;
03258        gser_decoder_func           *cd_gser_decoder;
03259        ber_decoder_func            *cd_ber_decoder;
03260        comp_free_func                     *cd_free;
03261        extract_component_from_id_func*  cd_extract_i;
03262        allcomponent_matching_func  *cd_all_match;
03263 };
03264 
03265 struct ComponentSyntaxInfo {
03266        Syntax        *csi_syntax;
03267        ComponentDesc *csi_comp_desc;
03268 };
03269 
03270 #endif /* LDAP_COMP_MATCH */
03271 
03272 #ifdef SLAP_ZONE_ALLOC
03273 #define SLAP_ZONE_SIZE 0x80000            /* 512KB */
03274 #define SLAP_ZONE_SHIFT 19
03275 #define SLAP_ZONE_INITSIZE 0x800000 /* 8MB */
03276 #define SLAP_ZONE_MAXSIZE 0x80000000/* 2GB */
03277 #define SLAP_ZONE_DELTA 0x800000   /* 8MB */
03278 #define SLAP_ZONE_ZOBLOCK 256
03279 
03280 struct zone_object {
03281        void *zo_ptr;
03282        int zo_siz;
03283        int zo_idx;
03284        int zo_blockhead;
03285        LDAP_LIST_ENTRY(zone_object) zo_link;
03286 };
03287 
03288 struct zone_latency_history {
03289        double zlh_latency;
03290        LDAP_STAILQ_ENTRY(zone_latency_history) zlh_next;
03291 };
03292 
03293 struct zone_heap {
03294        int zh_fd;
03295        int zh_zonesize;
03296        int zh_zoneorder;
03297        int zh_numzones;
03298        int zh_maxzones;
03299        int zh_deltazones;
03300        void **zh_zones;
03301        ldap_pvt_thread_rdwr_t *zh_znlock;
03302        Avlnode *zh_zonetree;
03303        unsigned char ***zh_maps;
03304        int *zh_seqno;
03305        LDAP_LIST_HEAD( zh_freelist, zone_object ) *zh_free;
03306        LDAP_LIST_HEAD( zh_so, zone_object ) zh_zopool;
03307        ldap_pvt_thread_mutex_t zh_mutex;
03308        ldap_pvt_thread_rdwr_t zh_lock;
03309        double zh_ema_latency;
03310        unsigned long zh_ema_samples;
03311        LDAP_STAILQ_HEAD( zh_latency_history, zone_latency_history )
03312                             zh_latency_history_queue;
03313        int zh_latency_history_qlen;
03314        int zh_latency_jump;
03315        int zh_swapping;
03316 };
03317 #endif
03318 
03319 #define SLAP_BACKEND_INIT_MODULE(b) \
03320        static BackendInfo bi;      \
03321        int \
03322        init_module( int argc, char *argv[] ) \
03323        { \
03324               bi.bi_type = #b ; \
03325               bi.bi_init = b ## _back_initialize; \
03326               backend_add( &bi ); \
03327               return 0; \
03328        }
03329 
03330 typedef int (OV_init)(void);
03331 typedef struct slap_oinit_t {
03332        const char    *ov_type;
03333        OV_init              *ov_init;
03334 } OverlayInit;
03335 
03336 LDAP_END_DECL
03337 
03338 #include "proto-slap.h"
03339 
03340 #endif /* _SLAP_H_ */