/* slap.h - stand alone ldap server include file */
+/*
+ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
#ifndef _SLDAPD_H_
#define _SLDAPD_H_
-#include <stdlib.h>
-
-#ifndef LDAP_SYSLOG
-#define LDAP_SYSLOG 1
-#endif
+#include <ac/stdlib.h>
#include <sys/types.h>
#include <ac/syslog.h>
#include <ac/regex.h>
+#include <ac/socket.h>
+#include <ac/time.h>
+
+#ifdef HAVE_CYRUS_SASL
+#include <sasl.h>
+#endif
#include "avl.h"
#include "ldap_log.h"
-#include "../../libraries/liblber/lber-int.h"
-#include "ldap.h"
+#include <ldap.h>
+#include <ldap_schema.h>
#include "ldap_pvt_thread.h"
#include "ldif.h"
+
+LDAP_BEGIN_DECL
+
#ifdef f_next
#undef f_next /* name conflict between sys/file.h on SCO and struct filter */
#endif
+#define SERVICE_NAME OPENLDAP_PACKAGE "-slapd"
+
+/* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h!
+ *
+ * This is a value used internally by the backends. It is needed to allow
+ * adding values that already exist without getting an error as required by
+ * modrdn when the new rdn was already an attribute value itself.
+ * JCG 05/1999 (gomez@engr.sgi.com)
+ */
+#define LDAP_MOD_SOFTADD 0x1000
+
+#ifdef DNS_DN
#define DN_DNS 0
#define DN_X500 1
+#endif
#define ON 1
#define OFF (-1)
#define MAXREMATCHES 10
+/* XXYYZ: these macros assume 'x' is an ASCII x */
#define DNSEPARATOR(c) ((c) == ',' || (c) == ';')
#define SEPARATOR(c) ((c) == ',' || (c) == ';' || (c) == '+')
#define SPACE(c) ((c) == ' ' || (c) == '\n')
+
+#define ASCII_LOWER(c) ( (c) >= 'a' && (c) <= 'z' )
+#define ASCII_UPPER(c) ( (c) >= 'A' && (c) <= 'Z' )
+#define ASCII_ALPHA(c) ( ASCII_LOWER(c) || ASCII_UPPER(c) )
+#define ASCII_DIGIT(c) ( (c) >= '0' && (c) <= '9' )
+#define ASCII_ALNUM(c) ( ASCII_ALPHA(c) || ASCII_DIGIT(c) )
+
+#define LEADKEYCHAR(c) ( ASCII_ALPHA(c) )
+#define KEYCHAR(c) ( ASCII_ALNUM(c) || (c) == '-' )
+#define LEADOIDCHAR(c) ( ASCII_DIGIT(c) )
+#define OIDCHAR(c) ( ASCII_DIGIT(c) || (c) == '.' )
+
+#define LEADATTRCHAR(c) ( LEADKEYCHAR(c) || LEADOIDCHAR(c) )
+#define ATTRCHAR(c) ( KEYCHAR((c)) || (c) == '.' )
+
#define NEEDSESCAPE(c) ((c) == '\\' || (c) == '"')
-LDAP_BEGIN_DECL
+#define SLAP_SCHERR_OUTOFMEM 1
+#define SLAP_SCHERR_CLASS_NOT_FOUND 2
+#define SLAP_SCHERR_ATTR_NOT_FOUND 3
+#define SLAP_SCHERR_DUP_CLASS 4
+#define SLAP_SCHERR_DUP_ATTR 5
+#define SLAP_SCHERR_DUP_SYNTAX 6
+#define SLAP_SCHERR_DUP_RULE 7
+#define SLAP_SCHERR_NO_NAME 8
+#define SLAP_SCHERR_ATTR_INCOMPLETE 9
+#define SLAP_SCHERR_MR_NOT_FOUND 10
+#define SLAP_SCHERR_SYN_NOT_FOUND 11
+#define SLAP_SCHERR_MR_INCOMPLETE 12
extern int slap_debug;
struct slap_op;
struct slap_conn;
+struct replog_moddn {
+ char *newrdn;
+ int deloldrdn;
+ char *newsup;
+};
+
/*
* represents an attribute value assertion (i.e., attr=value)
*/
-typedef struct ava {
+typedef struct slap_ava {
char *ava_type;
struct berval ava_value;
} Ava;
+typedef struct slap_mra {
+ char *mra_rule;
+ char *mra_type;
+ char *mra_value;
+ int mra_dnattrs;
+} Mra;
+
/*
* represents a search filter
*/
-typedef struct filter {
- unsigned long f_choice; /* values taken from ldap.h */
+typedef struct slap_filter {
+ ber_tag_t f_choice; /* values taken from ldap.h */
- union {
+ union f_un_u {
/* present */
char *f_un_type;
/* equality, lessorequal, greaterorequal, approx */
Ava f_un_ava;
+ /* extensible */
+ Mra f_un_fra;
+
/* and, or, not */
- struct filter *f_un_complex;
+ struct slap_filter *f_un_complex;
/* substrings */
struct sub {
#define f_ava f_un.f_un_ava
#define f_avtype f_un.f_un_ava.ava_type
#define f_avvalue f_un.f_un_ava.ava_value
+#define f_mra f_un.f_un_mra
+#define f_mrtype f_un.f_un_mra.mra_type
+#define f_mrvalue f_un.f_un_mra.mra_value
+#define f_mrdnaddrs f_un.f_un_mra.mra_dnattrs
#define f_and f_un.f_un_complex
#define f_or f_un.f_un_complex
#define f_not f_un.f_un_complex
#define f_sub_any f_un.f_un_sub.f_un_sub_any
#define f_sub_final f_un.f_un_sub.f_un_sub_final
- struct filter *f_next;
+ struct slap_filter *f_next;
} Filter;
/*
* represents an attribute (type + values + syntax)
*/
-typedef struct attr {
+typedef struct slap_attr {
char *a_type;
struct berval **a_vals;
int a_syntax;
- struct attr *a_next;
+ struct slap_attr *a_next;
} Attribute;
/*
* the id used in the indexes to refer to an entry
*/
typedef unsigned long ID;
-#define NOID ((unsigned long)-1)
+#define NOID ((ID)~0)
/*
* represents an entry in core
*/
-typedef struct entry {
+typedef struct slap_entry {
/*
* The ID field should only be changed before entry is
* inserted into a cache. The ID value is backend
*/
/* the "by" part */
-struct access {
-#define ACL_NONE 0x01
-#define ACL_COMPARE 0x02
-#define ACL_SEARCH 0x04
-#define ACL_READ 0x08
-#define ACL_WRITE 0x10
-#define ACL_SELF 0x40
+typedef struct slap_access {
+
+#define ACL_NONE 0x0001
+#define ACL_AUTH 0x0004
+#define ACL_COMPARE 0x0008
+#define ACL_SEARCH 0x0010
+#define ACL_READ 0x0020
+#define ACL_WRITE 0x0040
+#define ACL_PRIV_MASK 0x00ff
+
+#define ACL_SELF 0x4000
+#define ACL_INVALID (-1)
+
+#define ACL_IS(a,lvl) (((a) & (lvl)) == (lvl))
+
+#define ACL_IS_NONE(a) ACL_IS((a),ACL_SELF)
+#define ACL_IS_AUTH(a) ACL_IS((a),ACL_AUTH)
+#define ACL_IS_COMPARE(a) ACL_IS((a),ACL_COMPARE)
+#define ACL_IS_SEARCH(a) ACL_IS((a),ACL_SEARCH)
+#define ACL_IS_READ(a) ACL_IS((a),ACL_READ)
+#define ACL_IS_WRITE(a) ACL_IS((a),ACL_WRITE)
+#define ACL_IS_SELF(a) ACL_IS((a),ACL_SELF)
+#define ACL_IS_INVALID(a) ((a) == ACL_INVALID)
+
+#define ACL_CLR(a) ((a) = 0)
+#define ACL_SET(a,lvl) ((a) |= (lvl))
+#define ACL_SET_NONE(a) ACL_SET((a),ACL_SELF)
+#define ACL_SET_AUTH(a) ACL_SET((a),ACL_AUTH)
+#define ACL_SET_COMPARE(a) ACL_SET((a),ACL_COMPARE)
+#define ACL_SET_SEARCH(a) ACL_SET((a),ACL_SEARCH)
+#define ACL_SET_READ(a) ACL_SET((a),ACL_READ)
+#define ACL_SET_WRITE(a) ACL_SET((a),ACL_WRITE)
+#define ACL_SET_SELF(a) ACL_SET((a),ACL_SELF)
+#define ACL_SET_INVALID(a) ((a) = ACL_INVALID)
+
+#define ACL_PRIV(a) ((a) & ACL_PRIV_MASK)
+#define ACL_GRANT(a,lvl) (ACL_PRIV(a) >= (lvl))
+
int a_access;
- char *a_dnpat;
- char *a_addrpat;
- char *a_domainpat;
- char *a_dnattr;
+ char *a_dn_pat;
+ char *a_dn_at;
-#ifdef SLAPD_ACLGROUPS
- char *a_group;
- char *a_objectclassvalue;
- char *a_groupattrname;
-#endif
- struct access *a_next;
-};
+ char *a_peername_pat;
+ char *a_sockname_pat;
+
+ char *a_domain_pat;
+ char *a_sockurl_pat;
+
+ /* ACL Groups */
+ char *a_group_pat;
+ char *a_group_oc;
+ char *a_group_at;
+
+ struct slap_access *a_next;
+} Access;
/* the "to" part */
-struct acl {
+typedef struct slap_acl {
/* "to" part: the entries this acl applies to */
Filter *acl_filter;
- regex_t acl_dnre;
- char *acl_dnpat;
+ regex_t acl_dn_re;
+ char *acl_dn_pat;
char **acl_attrs;
/* "by" part: list of who has what access to the entries */
- struct access *acl_access;
+ Access *acl_access;
- struct acl *acl_next;
-};
+ struct slap_acl *acl_next;
+} AccessControl;
/*
* A list of LDAPMods
/*
* represents schema information for a database
*/
-
-struct objclass {
- char *oc_name;
- char **oc_required;
- char **oc_allowed;
- struct objclass *oc_next;
-};
+typedef int slap_syntax_check_func LDAP_P((struct berval * val));
+
+typedef struct slap_syntax {
+ LDAP_SYNTAX ssyn_syn;
+ slap_syntax_check_func *ssyn_check;
+ struct slap_syntax *ssyn_next;
+} Syntax;
+#define ssyn_oid ssyn_syn.syn_oid
+#define ssyn_desc ssyn_syn.syn_desc
+
+typedef int slap_mr_normalize_func LDAP_P((struct berval * val, struct berval **normalized));
+typedef int slap_mr_compare_func LDAP_P((struct berval * val1, struct berval * val2));
+
+typedef struct slap_matching_rule {
+ LDAP_MATCHING_RULE smr_mrule;
+ slap_mr_normalize_func *smr_normalize;
+ slap_mr_compare_func *smr_compare;
+ Syntax *smr_syntax;
+ struct slap_matching_rule *smr_next;
+} MatchingRule;
+#define smr_oid smr_mrule.mr_oid
+#define smr_names smr_mrule.mr_names
+#define smr_desc smr_mrule.mr_desc
+#define smr_obsolete smr_mrule.mr_obsolete
+#define smr_syntax_oid smr_mrule.mr_syntax_oid
+
+typedef struct slap_attribute_type {
+ LDAP_ATTRIBUTE_TYPE sat_atype;
+ struct slap_attribute_type *sat_sup;
+ struct slap_attribute_type **sat_subtypes;
+ MatchingRule *sat_equality;
+ MatchingRule *sat_ordering;
+ MatchingRule *sat_substr;
+ Syntax *sat_syntax;
+ /* The next one is created to help in the transition */
+ int sat_syntax_compat;
+ struct slap_attribute_type *sat_next;
+} AttributeType;
+#define sat_oid sat_atype.at_oid
+#define sat_names sat_atype.at_names
+#define sat_desc sat_atype.at_desc
+#define sat_obsolete sat_atype.at_obsolete
+#define sat_sup_oid sat_atype.at_sup_oid
+#define sat_equality_oid sat_atype.at_equality_oid
+#define sat_ordering_oid sat_atype.at_ordering_oid
+#define sat_substr_oid sat_atype.at_substr_oid
+#define sat_syntax_oid sat_atype.at_syntax_oid
+#define sat_syntax_len sat_atype.at_syntax_len
+#define sat_single_value sat_atype.at_single_value
+#define sat_collective sat_atype.at_collective
+#define sat_no_user_mods sat_atype.at_no_user_mods
+#define sat_usage sat_atype.at_usage
+
+typedef struct slap_object_class {
+ LDAP_OBJECT_CLASS soc_oclass;
+ struct slap_object_class **soc_sups;
+ AttributeType **soc_required;
+ AttributeType **soc_allowed;
+ struct slap_object_class *soc_next;
+} ObjectClass;
+#define soc_oid soc_oclass.oc_oid
+#define soc_names soc_oclass.oc_names
+#define soc_desc soc_oclass.oc_desc
+#define soc_obsolete soc_oclass.oc_obsolete
+#define soc_sup_oids soc_oclass.oc_sup_oids
+#define soc_kind soc_oclass.oc_kind
+#define soc_at_oids_must soc_oclass.oc_at_oids_must
+#define soc_at_oids_may soc_oclass.oc_at_oids_may
/*
* Backend-info
* represents a backend
*/
-typedef struct backend_info BackendInfo; /* per backend type */
-typedef struct backend_db BackendDB; /* per backend database */
+typedef struct slap_backend_info BackendInfo; /* per backend type */
+typedef struct slap_backend_db BackendDB; /* per backend database */
extern int nBackendInfo;
extern int nBackendDB;
#define nbackends nBackendDB
#define backends backendDB
-struct backend_db {
+struct slap_backend_db {
BackendInfo *bd_info; /* pointer to shared backend info */
/* BackendInfo accessors */
#define be_modrdn bd_info->bi_op_modrdn
#define be_search bd_info->bi_op_search
+#define be_release bd_info->bi_entry_release_rw
#define be_group bd_info->bi_acl_group
+#define be_connection_init bd_info->bi_connection_init
+#define be_connection_destroy bd_info->bi_connection_destroy
+
+
/* these should be renamed from be_ to bd_ */
char **be_suffix; /* the DN suffixes of data in this backend */
- char **be_suffixAlias; /* the DN suffix aliases of data in this backend */
+ char **be_nsuffix; /* the normalized DN suffixes in this backend */
+ char **be_suffixAlias; /* pairs of DN suffix aliases and deref values */
char *be_root_dn; /* the magic "root" dn for this db */
char *be_root_ndn; /* the magic "root" normalized dn for this db */
char *be_root_pw; /* the magic "root" password for this db */
int be_readonly; /* 1 => db is in "read only" mode */
- int be_maxDerefDepth; /* limit for depth of an alias deref */
+ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
int be_sizelimit; /* size limit for this backend */
int be_timelimit; /* time limit for this backend */
- struct acl *be_acl; /* access control list for this backend */
+ AccessControl *be_acl; /* access control list for this backend */
int be_dfltaccess; /* access given if no acl matches */
char **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
char *be_update_ndn; /* allowed to make changes (in replicas) */
+ struct berval **be_update_refs; /* where to refer modifying clients to */
int be_lastmod; /* keep track of lastmodified{by,time} */
+ char *be_realm;
+
void *be_private; /* anything the backend database needs */
};
-struct backend_info {
+struct slap_backend_info {
char *bi_type; /* type of backend */
/*
/* LDAP Operations Handling Routines */
int (*bi_op_bind) LDAP_P(( BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
- char *dn, int method, struct berval *cred, char** edn ));
+ char *dn, int method, char* mechanism,
+ struct berval *cred, char** edn ));
int (*bi_op_unbind) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o ));
int (*bi_op_search) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
- char *base, int scope, int deref, int slimit, int tlimit,
- Filter *f, char *filterstr, char **attrs, int attrsonly));
+ char *base, int scope, int deref,
+ int slimit, int tlimit,
+ Filter *f, char *filterstr, char **attrs,
+ int attrsonly));
int (*bi_op_compare)LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
char *dn, Ava *ava));
int (*bi_op_delete) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
char *dn));
- /* Bug: be_op_abandon in unused! */
int (*bi_op_abandon) LDAP_P((BackendDB *bd,
struct slap_conn *c, struct slap_op *o,
- int msgid));
+ ber_int_t msgid));
/* Auxilary Functions */
-#ifdef SLAPD_ACLGROUPS
+ int (*bi_entry_release_rw) LDAP_P((BackendDB *bd, Entry *e, int rw));
+
int (*bi_acl_group) LDAP_P((Backend *bd,
Entry *e, char *bdn, char *edn,
char *objectclassValue, char *groupattrName ));
-#endif
+
+ int (*bi_connection_init) LDAP_P((BackendDB *bd,
+ struct slap_conn *c));
+ int (*bi_connection_destroy) LDAP_P((BackendDB *bd,
+ struct slap_conn *c));
+
unsigned int bi_nDB; /* number of databases of this type */
void *bi_private; /* anything the backend type needs */
*/
typedef struct slap_op {
- long o_opid; /* id of this operation */
- long o_msgid; /* msgid of the request */
+ ber_int_t o_opid; /* id of this operation */
+ ber_int_t o_msgid; /* msgid of the request */
ldap_pvt_thread_t o_tid; /* thread handling this op */
BerElement *o_ber; /* ber of the request */
- unsigned long o_tag; /* tag of the request */
+ ber_tag_t o_tag; /* tag of the request */
time_t o_time; /* time op was initiated */
+
+ int o_bind_in_progress; /* multi-step bind in progress */
+
char *o_dn; /* dn bound when op was initiated */
char *o_ndn; /* normalized dn bound when op was initiated */
- int o_authtype; /* auth method used to bind dn */
+ ber_int_t o_protocol; /* version of the LDAP protocol used by client */
+ ber_tag_t o_authtype; /* auth method used to bind dn */
/* values taken from ldap.h */
/* LDAP_AUTH_* */
+ char *o_authmech; /* SASL mechanism used to bind dn */
+
+ LDAPControl **o_ctrls; /* controls */
-/* long o_connid; *//* id of conn initiating this op */
+ unsigned long o_connid; /* id of conn initiating this op */
#ifdef LDAP_CONNECTIONLESS
int o_cldap; /* != 0 if this came in via CLDAP */
int c_conn_state; /* connection state */
ldap_pvt_thread_mutex_t c_mutex; /* protect the connection */
- Sockbuf c_sb; /* ber connection stuff */
+ Sockbuf *c_sb; /* ber connection stuff */
/* only can be changed by connect_init */
time_t c_starttime; /* when the connection was opened */
- long c_connid; /* id of this connection for stats*/
- char *c_client_addr; /* address of client */
- char *c_client_name; /* name of client */
+ time_t c_activitytime; /* when the connection was last used */
+ unsigned long c_connid; /* id of this connection for stats*/
+
+ char *c_listener_url; /* listener URL */
+ char *c_peer_domain; /* DNS name of client */
+ char *c_peer_name; /* peer name (trans=addr:port) */
+ char *c_sock_name; /* sock name (trans=addr:port) */
+
+#ifdef HAVE_CYRUS_SASL
+ sasl_conn_t *c_sasl_context;
+#endif
/* only can be changed by binding thread */
+ int c_bind_in_progress; /* multi-op bind in progress */
+
char *c_cdn; /* DN provided by the client */
char *c_dn; /* DN bound to this conn */
- int c_protocol; /* version of the LDAP protocol used by client */
- int c_authtype; /* auth method used to bind c_dn */
-#ifdef LDAP_COMPAT
- int c_version; /* for compatibility w/2.0, 3.0 */
-#endif
+ ber_int_t c_protocol; /* version of the LDAP protocol used by client */
+ ber_tag_t c_authtype;/* auth method used to bind c_dn */
+ char *c_authmech; /* SASL mechanism used to bind c_dn */
+ void *c_authstate; /* SASL state data */
Operation *c_ops; /* list of operations being processed */
Operation *c_pending_ops; /* list of pending operations */
BerElement *c_currentber; /* ber we're attempting to read */
int c_writewaiter; /* true if writer is waiting */
+#ifdef HAVE_TLS
+ int c_is_tls; /* true if this LDAP over raw TLS */
+ int c_needs_tls_accept; /* true if SSL_accept should be called */
+#endif
+
long c_n_ops_received; /* num of ops received (next op_id) */
-#ifdef LDAP_COUNTERS
long c_n_ops_executing; /* num of ops currently executing */
long c_n_ops_pending; /* num of ops pending execution */
long c_n_ops_completed; /* num of ops completed */
-#endif
+
+ long c_n_get; /* num of get calls */
+ long c_n_read; /* num of read calls */
+ long c_n_write; /* num of write calls */
} Connection;
#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG)
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
- { \
- if ( ldap_debug & level ) \
- fprintf( stderr, fmt, connid, opid, arg1, arg2, arg3 );\
- if ( ldap_syslog & level ) \
- syslog( ldap_syslog_level, fmt, connid, opid, arg1, \
- arg2, arg3 ); \
- }
+ do { \
+ if ( ldap_debug & (level) ) \
+ fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
+ if ( ldap_syslog & (level) ) \
+ syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
+ (arg2), (arg3) ); \
+ } while (0)
#else
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )
#endif
-#include "proto-slap.h"
-
LDAP_END_DECL
+#include "proto-slap.h"
+
#endif /* _slap_h_ */
projects / openldap / blobdiff