662
693
#define OC_FLAG_OBSOLETE 8
664
695
/* values for oc_kind */
665
#define OC_KIND_STRUCTURAL 0
666
#define OC_KIND_AUXILIARY 1
667
#define OC_KIND_ABSTRACT 2
696
#define OC_KIND_ABSTRACT 0
697
#define OC_KIND_STRUCTURAL 1
698
#define OC_KIND_AUXILIARY 2
670
701
/* XXXmcs: ../plugins/cos/cos_cache.c has its own copy of this definition! */
671
702
struct objclass {
672
char *oc_name; /* NAME */
673
char *oc_desc; /* DESC */
674
char *oc_oid; /* object identifier */
675
char *oc_superior; /* SUP -- XXXmcs: should be an array */
676
PRUint8 oc_kind; /* ABSTRACT/STRUCTURAL/AUXILIARY */
677
PRUint8 oc_flags; /* misc. flags, e.g., OBSOLETE */
680
char **oc_orig_required; /* MUST */
681
char **oc_orig_allowed; /* MAY */
682
char **oc_origin; /* X-ORIGIN extension */
683
struct objclass *oc_next;
703
char *oc_name; /* NAME */
704
char *oc_desc; /* DESC */
705
char *oc_oid; /* object identifier */
706
char *oc_superior; /* SUP -- XXXmcs: should be an array */
707
PRUint8 oc_kind; /* ABSTRACT/STRUCTURAL/AUXILIARY */
708
PRUint8 oc_flags; /* misc. flags, e.g., OBSOLETE */
711
char **oc_orig_required; /* MUST */
712
char **oc_orig_allowed; /* MAY */
713
schemaext *oc_extensions; /* schema extensions (X-ORIGIN, X-?????, ...) */
714
struct objclass *oc_next;
686
717
struct matchingRuleList {
1409
1442
char *c_authtype; /* auth method used to bind c_dn */
1410
1443
char *c_external_dn; /* client DN of this SSL session */
1411
1444
char *c_external_authtype; /* used for c_external_dn */
1412
PRNetAddr *cin_addr; /* address of client on this conn */
1445
PRNetAddr *cin_addr; /* address of client on this conn */
1413
1446
PRNetAddr *cin_destaddr; /* address client connected to */
1414
1447
struct berval **c_domain; /* DNS names of client */
1415
1448
Operation *c_ops; /* list of pending operations */
1416
1449
int c_gettingber; /* in the middle of ber_get_next */
1417
1450
BerElement *c_currentber; /* ber we're getting */
1418
1451
time_t c_starttime; /* when the connection was opened */
1419
PRUint64 c_connid; /* id of this connection for stats*/
1452
PRUint64 c_connid; /* id of this connection for stats*/
1453
PRUint64 c_maxthreadscount; /* # of times a conn hit max threads */
1454
PRUint64 c_maxthreadsblocked; /* # of operations blocked by maxthreads */
1420
1455
int c_opsinitiated; /* # ops initiated/next op id */
1421
1456
PRInt32 c_opscompleted; /* # ops completed */
1422
1457
PRInt32 c_threadnumber; /* # threads used in this conn */
1520
1560
/* End of interface to support online tasks **********************************/
1563
* structure for holding password scheme info.
1566
/* case-insensitive name used in prefix of passwords that use scheme */
1569
/* length of pws_name */
1572
/* thread-safe comparison function; returns 0 for positive matches */
1573
/* userpwd is value sent over LDAP bind; dbpwd is from the database */
1574
int (*pws_cmp)( char *userpwd, char *dbpwd );
1576
/* thread-safe encoding function (returns pointer to malloc'd string) */
1577
char *(*pws_enc)( char *pwd );
1579
/* thread-safe decoding function (returns pointer to malloc'd string) */
1580
char *(*pws_dec)( char *pwd );
1522
1583
typedef struct passwordpolicyarray {
1523
int pw_change; /* 1 - indicates that users are allowed to change the pwd */
1524
int pw_must_change; /* 1 - indicates that users must change pwd upon reset */
1584
slapi_onoff_t pw_change; /* 1 - indicates that users are allowed to change the pwd */
1585
slapi_onoff_t pw_must_change; /* 1 - indicates that users must change pwd upon reset */
1586
slapi_onoff_t pw_syntax;
1526
1587
int pw_minlength;
1527
1588
int pw_mindigits;
1528
1589
int pw_minalphas;
2048
2121
#define CONFIG_DISK_MONITORING "nsslapd-disk-monitoring"
2049
2122
#define CONFIG_DISK_THRESHOLD "nsslapd-disk-monitoring-threshold"
2050
2123
#define CONFIG_DISK_GRACE_PERIOD "nsslapd-disk-monitoring-grace-period"
2051
#define CONFIG_DISK_PRESERVE_LOGGING "nsslapd-disk-monitoring-preserve-logging"
2052
2124
#define CONFIG_DISK_LOGGING_CRITICAL "nsslapd-disk-monitoring-logging-critical"
2053
2125
#define CONFIG_NDN_CACHE "nsslapd-ndn-cache-enabled"
2054
2126
#define CONFIG_NDN_CACHE_SIZE "nsslapd-ndn-cache-max-size"
2055
2127
#define CONFIG_ALLOWED_SASL_MECHS "nsslapd-allowed-sasl-mechanisms"
2128
#define CONFIG_IGNORE_VATTRS "nsslapd-ignore-virtual-attrs"
2129
#define CONFIG_SASL_MAPPING_FALLBACK "nsslapd-sasl-mapping-fallback"
2130
#define CONFIG_SASL_MAXBUFSIZE "nsslapd-sasl-max-buffer-size"
2131
#define CONFIG_SEARCH_RETURN_ORIGINAL_TYPE "nsslapd-search-return-original-type-switch"
2132
#define CONFIG_ENABLE_TURBO_MODE "nsslapd-enable-turbo-mode"
2133
#define CONFIG_CONNECTION_BUFFER "nsslapd-connection-buffer"
2134
#define CONFIG_CONNECTION_NOCANON "nsslapd-connection-nocanon"
2135
#define CONFIG_PLUGIN_LOGGING "nsslapd-plugin-logging"
2136
#define CONFIG_LISTEN_BACKLOG_SIZE "nsslapd-listen-backlog-size"
2139
* Define the backlog number for use in listen() call.
2140
* We use the same definition as in ldapserver/include/base/systems.h
2142
#ifndef DAEMON_LISTEN_SIZE
2143
#define DAEMON_LISTEN_SIZE 128
2145
#define CONFIG_IGNORE_TIME_SKEW "nsslapd-ignore-time-skew"
2057
2147
#ifdef MEMPOOL_EXPERIMENTAL
2058
2148
#define CONFIG_MEMPOOL_SWITCH_ATTRIBUTE "nsslapd-mempool"
2087
2189
PRLock *cfg_lock;
2089
2191
struct pw_scheme *rootpwstoragescheme;
2192
slapi_onoff_t accesscontrol;
2091
2193
int groupevalnestlevel;
2092
2194
int idletimeout;
2195
slapi_int_t ioblocktimeout;
2196
slapi_onoff_t lastmod;
2095
2197
#if !defined(_WIN32) && !defined(AIX)
2096
2198
int maxdescriptors;
2097
2199
#endif /* !_WIN32 && !AIX */
2098
2200
int conntablesize;
2099
int maxthreadsperconn;
2201
slapi_int_t maxthreadsperconn;
2100
2202
int outbound_ldap_io_timeout;
2203
slapi_onoff_t nagle;
2205
slapi_onoff_t readonly;
2104
2206
int reservedescriptors;
2109
int dn_validate_strict;
2110
int ds4_compatible_schema;
2111
int schema_ignore_trailing_spaces;
2207
slapi_onoff_t schemacheck;
2208
slapi_onoff_t schemamod;
2209
slapi_onoff_t syntaxcheck;
2210
slapi_onoff_t syntaxlogging;
2211
slapi_onoff_t dn_validate_strict;
2212
slapi_onoff_t ds4_compatible_schema;
2213
slapi_onoff_t schema_ignore_trailing_spaces;
2112
2214
int secureport;
2215
slapi_onoff_t security;
2114
2216
int SSLclientAuth;
2115
int ssl_check_hostname;
2217
slapi_onoff_t ssl_check_hostname;
2116
2218
int validate_cert;
2118
2220
int SNMPenabled;
2142
2245
char **backendconfig;
2143
2246
char **include;
2248
slapi_onoff_t plugin_track;
2146
2249
struct pw_scheme *pw_storagescheme;
2149
int pw_is_global_policy;
2251
slapi_onoff_t pwpolicy_local;
2252
slapi_onoff_t pw_is_global_policy;
2150
2253
passwdPolicy pw_policy;
2152
2255
/* ACCESS LOG */
2153
int accesslog_logging_enabled;
2256
slapi_onoff_t accesslog_logging_enabled;
2154
2257
char *accesslog_mode;
2155
2258
int accesslog_maxnumlogs;
2156
2259
int accesslog_maxlogsize;
2157
int accesslog_rotationsync_enabled;
2260
slapi_onoff_t accesslog_rotationsync_enabled;
2158
2261
int accesslog_rotationsynchour;
2159
2262
int accesslog_rotationsyncmin;
2160
2263
int accesslog_rotationtime;
2199
2302
int auditlog_minfreespace;
2200
2303
int auditlog_exptime;
2201
2304
char *auditlog_exptimeunit;
2202
int auditlog_logging_hide_unhashed_pw;
2204
int return_exact_case; /* Return attribute names with the same case
2205
* as they appear in at.conf */
2305
slapi_onoff_t auditlog_logging_hide_unhashed_pw;
2307
slapi_onoff_t return_exact_case; /* Return attribute names with the same case
2308
as they appear in at.conf */
2310
slapi_onoff_t result_tweak;
2208
2311
char *refer_url; /* for referral mode */
2209
2312
int refer_mode; /* for quick test */
2210
2313
int slapd_type; /* Directory type; Full or Lite */
2212
2315
ber_len_t maxbersize; /* Maximum BER element size we'll accept */
2213
int max_filter_nest_level;/* deepest nested filter we will accept */
2214
int enquote_sup_oc; /* put single quotes around an oc's
2215
superior oc in cn=schema */
2316
slapi_int_t max_filter_nest_level;/* deepest nested filter we will accept */
2317
slapi_onoff_t enquote_sup_oc; /* put single quotes around an oc's
2318
superior oc in cn=schema */
2217
2320
char *certmap_basedn; /* Default Base DN for certmap */
2227
2330
char *bakdir; /* full path name of directory containing bakup files */
2228
2331
char *rundir; /* where pid, snmp stats, and ldapi files go */
2229
2332
char *saslpath; /* full path name of directory containing sasl plugins */
2230
int attrname_exceptions; /* if true, allow questionable attribute names */
2231
int rewrite_rfc1274; /* return attrs for both v2 and v3 names */
2333
slapi_onoff_t attrname_exceptions; /* if true, allow questionable attribute names */
2334
slapi_onoff_t rewrite_rfc1274; /* return attrs for both v2 and v3 names */
2232
2335
char *schemareplace; /* see CONFIG_SCHEMAREPLACE_* #defines below */
2233
2336
char *ldapi_filename; /* filename for ldapi socket */
2234
int ldapi_switch; /* switch to turn ldapi on/off */
2235
int ldapi_bind_switch; /* switch to turn ldapi auto binding on/off */
2337
slapi_onoff_t ldapi_switch; /* switch to turn ldapi on/off */
2338
slapi_onoff_t ldapi_bind_switch; /* switch to turn ldapi auto binding on/off */
2236
2339
char *ldapi_root_dn; /* DN to map root to over LDAPI */
2237
int ldapi_map_entries; /* turns ldapi entry bind mapping on/off */
2340
slapi_onoff_t ldapi_map_entries; /* turns ldapi entry bind mapping on/off */
2238
2341
char *ldapi_uidnumber_type; /* type that contains uid number */
2239
2342
char *ldapi_gidnumber_type; /* type that contains gid number */
2240
2343
char *ldapi_search_base_dn; /* base dn to search for mapped entries */
2241
2344
char *ldapi_auto_dn_suffix; /* suffix to be appended to auto gen DNs */
2242
int slapi_counters; /* switch to turn slapi_counters on/off */
2243
int allow_unauth_binds; /* switch to enable/disable unauthenticated binds */
2244
int require_secure_binds; /* switch to require simple binds to use a secure channel */
2245
int allow_anon_access; /* switch to enable/disable anonymous access */
2345
slapi_onoff_t slapi_counters; /* switch to turn slapi_counters on/off */
2346
slapi_onoff_t allow_unauth_binds; /* switch to enable/disable unauthenticated binds */
2347
slapi_onoff_t require_secure_binds; /* switch to require simple binds to use a secure channel */
2348
slapi_onoff_t allow_anon_access; /* switch to enable/disable anonymous access */
2246
2349
int localssf; /* the security strength factor to assign to local conns (ldapi) */
2247
2350
int minssf; /* minimum security strength factor (for SASL and SSL/TLS) */
2248
int minssf_exclude_rootdse; /* ON: minssf is ignored when searching rootdse */
2351
slapi_onoff_t minssf_exclude_rootdse; /* ON: minssf is ignored when searching rootdse */
2249
2352
size_t maxsasliosize; /* limit incoming SASL IO packet size */
2250
2353
char *anon_limits_dn; /* template entry for anonymous resource limits */
2354
slapi_int_t listen_backlog_size; /* size of backlog parameter to PR_Listen */
2252
2356
struct passwd *localuserinfo; /* userinfo of localuser */
2253
2357
#endif /* _WIN32 */
2254
2358
#ifdef MEMPOOL_EXPERIMENTAL
2255
int mempool_switch; /* switch to turn memory pool on/off */
2359
slapi_onoff_t mempool_switch; /* switch to turn memory pool on/off */
2256
2360
int mempool_maxfreelist; /* max free list length per memory pool item */
2257
2361
long system_page_size; /* system page size */
2258
2362
int system_page_bits; /* bit count to shift the system page size */
2259
2363
#endif /* MEMPOOL_EXPERIMENTAL */
2260
int force_sasl_external; /* force SIMPLE bind to be SASL/EXTERNAL if client cert credentials were supplied */
2261
int entryusn_global; /* Entry USN: Use global counter */
2364
slapi_onoff_t force_sasl_external; /* force SIMPLE bind to be SASL/EXTERNAL if client cert credentials were supplied */
2365
slapi_onoff_t entryusn_global; /* Entry USN: Use global counter */
2262
2366
char *allowed_to_delete_attrs;/* list of config attrs allowed to delete */
2263
2367
char *entryusn_import_init; /* Entry USN: determine the initital value of import */
2264
2368
int pagedsizelimit;
2265
2369
char *default_naming_context; /* Default naming context (normalized) */
2266
2370
char *allowed_sasl_mechs; /* comma/space separated list of allowed sasl mechs */
2371
int sasl_max_bufsize; /* The max receive buffer size for SASL */
2268
2373
/* disk monitoring */
2269
int disk_monitoring;
2374
slapi_onoff_t disk_monitoring;
2375
PRUint64 disk_threshold;
2271
2376
int disk_grace_period;
2272
int disk_preserve_logging;
2273
int disk_logging_critical;
2377
slapi_onoff_t disk_logging_critical;
2275
2379
/* normalized dn cache */
2276
int ndn_cache_enabled;
2380
slapi_onoff_t ndn_cache_enabled;
2277
2381
size_t ndn_cache_max_size;
2383
slapi_onoff_t return_orig_type; /* if on, search returns original type set in attr list */
2384
slapi_onoff_t sasl_mapping_fallback;
2385
slapi_onoff_t ignore_vattrs;
2386
slapi_onoff_t unhashed_pw_switch; /* switch to on/off/nolog unhashed pw */
2387
slapi_onoff_t enable_turbo_mode;
2388
slapi_int_t connection_buffer; /* values are CONNECTION_BUFFER_* below */
2389
slapi_onoff_t connection_nocanon; /* if "on" sets LDAP_OPT_X_SASL_NOCANON */
2390
slapi_onoff_t plugin_logging; /* log all internal plugin operations */
2391
slapi_onoff_t ignore_time_skew;
2278
2392
} slapdFrontendConfig_t;
2280
2394
/* possible values for slapdFrontendConfig_t.schemareplace */