#include "ldap_defaults.h"
+#include <stdio.h>
#include <ac/stdlib.h>
#include <sys/types.h>
#include <ldap_schema.h>
#include "ldap_pvt_thread.h"
-#include "ldif.h"
LDAP_BEGIN_DECL
#define SERVICE_NAME OPENLDAP_PACKAGE "-slapd"
-#define SLAPD_ANONYMOUS "<anonymous>"
+#define SLAPD_ANONYMOUS "cn=anonymous"
#ifdef f_next
#undef f_next /* name conflict between sys/file.h on SCO and struct filter */
*/
#define SLAP_MOD_SOFTADD 0x1000
-#define ON 1
+#define ON (1)
#define OFF (-1)
-#define UNDEFINED 0
+#define UNDEFINED (0)
-#define MAXREMATCHES 10
+#define MAXREMATCHES (10)
-#define SLAP_MAX_WORKER_THREADS 32
+#define SLAP_MAX_WORKER_THREADS (32)
+#define SLAP_TEXT_BUFLEN (256)
/* psuedo error code indicating abandoned operation */
#define SLAPD_ABANDON (-1)
#define FILTER_ESCAPE(c) ( (c) == '*' || (c) == '\\' \
|| (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) )
+#define DN_ESCAPE(c) ((c) == SLAP_ESCAPE_CHAR)
#define DN_SEPARATOR(c) ((c) == ',' || (c) == ';')
-#define RDN_SEPARATOR(c) ((c) == ',' || (c) == ';' || (c) == '+')
+#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */
+#define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c))
#define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"')
#define DESC_LEADCHAR(c) ( ASCII_ALPHA(c) )
#define AD_LEADCHAR(c) ( ATTR_CHAR(c) )
#define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' )
+#define SLAP_NUMERIC(c) ( ASCII_DIGIT(c) || ASCII_SPACE(c) )
+
+#define SLAP_PRINTABLE(c) ( ASCII_ALNUM(c) || (c) == '\'' || \
+ (c) == '(' || (c) == ')' || (c) == '+' || (c) == ',' || \
+ (c) == '-' || (c) == '.' || (c) == '/' || (c) == ':' || \
+ (c) == '?' || (c) == ' ' || (c) == '=' )
+#define SLAP_PRINTABLES(c) ( SLAP_PRINTABLE(c) || (c) == '$' )
+
/* must match in schema_init.c */
#define SLAPD_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
#define SLAPD_NAMEUID_SYNTAX "1.3.6.1.4.1.1466.115.121.1.34"
#define SLAPD_TOP_OID "2.5.6.0"
-LDAP_SLAPD_F (int) slap_debug;
+LDAP_SLAPD_V (int) slap_debug;
typedef unsigned long slap_mask_t;
#define SLAP_INDEX_SUBSTR_MAXLEN 4
#define SLAP_INDEX_SUBSTR_STEP 2
-#define SLAP_INDEX_FLAGS 0xF000UL
-#define SLAP_INDEX_SUBTYPES 0x1000UL /* use index with subtypes */
-#define SLAP_INDEX_AUTO_SUBTYPES 0x2000UL /* use mask with subtypes */
-#define SLAP_INDEX_LANG 0x4000UL /* use index with lang subtypes */
-#define SLAP_INDEX_AUTO_LANG 0x8000UL /* use mask with lang subtypes */
+#define SLAP_INDEX_FLAGS 0xF000UL
+#define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */
+#define SLAP_INDEX_NOLANG 0x2000UL /* don't use index w/ lang */
+#define SLAP_INDEX_AUTO_SUBTYPES 0x4000UL /* use mask with lang subtypes */
/*
* there is a single index for each attribute. these prefixes ensure
*/
#define SLAP_SCHERR_OUTOFMEM 1
#define SLAP_SCHERR_CLASS_NOT_FOUND 2
-#define SLAP_SCHERR_ATTR_NOT_FOUND 3
-#define SLAP_SCHERR_DUP_CLASS 4
-#define SLAP_SCHERR_DUP_ATTR 5
-#define SLAP_SCHERR_DUP_SYNTAX 6
-#define SLAP_SCHERR_DUP_RULE 7
-#define SLAP_SCHERR_NO_NAME 8
-#define SLAP_SCHERR_ATTR_INCOMPLETE 9
-#define SLAP_SCHERR_MR_NOT_FOUND 10
-#define SLAP_SCHERR_SYN_NOT_FOUND 11
-#define SLAP_SCHERR_MR_INCOMPLETE 12
+#define SLAP_SCHERR_CLASS_BAD_USAGE 3
+#define SLAP_SCHERR_ATTR_NOT_FOUND 4
+#define SLAP_SCHERR_ATTR_BAD_USAGE 5
+#define SLAP_SCHERR_DUP_CLASS 6
+#define SLAP_SCHERR_DUP_ATTR 7
+#define SLAP_SCHERR_DUP_SYNTAX 8
+#define SLAP_SCHERR_DUP_RULE 9
+#define SLAP_SCHERR_NO_NAME 10
+#define SLAP_SCHERR_ATTR_INCOMPLETE 11
+#define SLAP_SCHERR_MR_NOT_FOUND 12
+#define SLAP_SCHERR_SYN_NOT_FOUND 13
+#define SLAP_SCHERR_MR_INCOMPLETE 14
+#define SLAP_SCHERR_NOT_SUPPORTED 15
+#define SLAP_SCHERR_BAD_DESCR 16
+
+typedef union slap_sockaddr {
+ struct sockaddr sa_addr;
+ struct sockaddr_in sa_in_addr;
+#ifdef LDAP_PF_INET6
+ struct sockaddr_in6 sa_in6_addr;
+#endif
+#ifdef LDAP_PF_LOCAL
+ struct sockaddr_un sa_un_addr;
+#endif
+} Sockaddr;
typedef struct slap_oid_macro {
struct berval som_oid;
#define ssyn_oid ssyn_syn.syn_oid
#define ssyn_desc ssyn_syn.syn_desc
#define ssyn_extensions ssyn_syn.syn_extensions
+ ber_len_t ssyn_oidlen;
unsigned ssyn_flags;
typedef struct slap_matching_rule {
LDAPMatchingRule smr_mrule;
+ ber_len_t smr_oidlen;
slap_mask_t smr_usage;
#define SLAP_MR_TYPE_MASK 0xFF00U
#define SLAP_MR_EXT 0x0800U
#define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U )
+#define SLAP_MR_DN_FOLD 0x0008U
#define SLAP_MR_SUBSTR_INITIAL ( SLAP_MR_SUBSTR | 0x0010U )
#define SLAP_MR_SUBSTR_ANY ( SLAP_MR_SUBSTR | 0x0020U )
#define SLAP_MR_SUBSTR_FINAL ( SLAP_MR_SUBSTR | 0x0040U )
-/* this is used to kludge objectClass testing */
-#define SLAP_MR_MODIFY_MATCHING 0x0001U
+/*
+ * normally the provided value is expected to conform to
+ * assertion syntax specified in the matching rule, however
+ * at times (such as during individual value modification),
+ * the provided value is expected to conform to the
+ * attribute's value syntax.
+ */
+#define SLAP_MR_ASSERTION_SYNTAX_MATCH 0x0000U
+#define SLAP_MR_VALUE_SYNTAX_MATCH 0x0001U
+#define SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH 0x0003U
+
+#define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \
+ (!((usage) & SLAP_MR_VALUE_SYNTAX_MATCH))
+#define SLAP_IS_MR_VALUE_SYNTAX_MATCH( usage ) \
+ ((usage) & SLAP_MR_VALUE_SYNTAX_MATCH)
+
+#define SLAP_IS_MR_VALUE_SYNTAX_CONVERTED_MATCH( usage ) \
+ (((usage) & SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH) \
+ == SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH)
+#define SLAP_IS_MR_VALUE_SYNTAX_NONCONVERTED_MATCH( usage ) \
+ (((usage) & SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH) \
+ == SLAP_MR_VALUE_SYNTAX_MATCH)
Syntax *smr_syntax;
slap_mr_convert_func *smr_convert;
#define smr_extensions smr_mrule.mr_extensions
} MatchingRule;
+struct slap_attr_desc;
+
typedef struct slap_attribute_type {
- char *sat_cname;
LDAPAttributeType sat_atype;
+ struct berval sat_cname;
struct slap_attribute_type *sat_sup;
struct slap_attribute_type **sat_subtypes;
MatchingRule *sat_equality;
MatchingRule *sat_ordering;
MatchingRule *sat_substr;
Syntax *sat_syntax;
+ struct slap_attr_desc *sat_ad;
struct slap_attribute_type *sat_next;
+ ldap_pvt_thread_mutex_t sat_ad_mutex;
#define sat_oid sat_atype.at_oid
#define sat_names sat_atype.at_names
#define sat_desc sat_atype.at_desc
#define is_at_operational(at) ((at)->sat_usage)
#define is_at_single_value(at) ((at)->sat_single_value)
#define is_at_collective(at) ((at)->sat_collective)
+#define is_at_obsolete(at) ((at)->sat_obsolete)
#define is_at_no_user_mod(at) ((at)->sat_no_user_mod)
typedef struct slap_object_class {
* represents a recognized attribute description ( type + options )
*/
typedef struct slap_attr_desc {
- struct berval *ad_cname; /* canonical name, must be specified */
+ struct slap_attr_desc *ad_next;
AttributeType *ad_type; /* attribute type, must be specified */
- char *ad_lang; /* NULL if no language tags */
+ struct berval ad_cname; /* canonical name, must be specified */
+ struct berval ad_lang; /* empty if no language tags */
unsigned ad_flags;
#define SLAP_DESC_NONE 0x0U
#define SLAP_DESC_BINARY 0x1U
} AttributeDescription;
-#define slap_ad_is_lang(ad) ( (ad)->ad_lang != NULL )
+#define slap_ad_is_lang(ad) ( (ad)->ad_lang.bv_len != 0 )
#define slap_ad_is_binary(ad) ( (int)((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
/*
/* operational attribute descriptions */
AttributeDescription *si_ad_structuralObjectClass;
+ AttributeDescription *si_ad_entryUUID;
+ AttributeDescription *si_ad_entryCSN;
AttributeDescription *si_ad_creatorsName;
AttributeDescription *si_ad_createTimestamp;
AttributeDescription *si_ad_modifiersName;
AttributeDescription *si_ad_modifyTimestamp;
+ AttributeDescription *si_ad_hasSubordinates;
AttributeDescription *si_ad_subschemaSubentry;
/* root DSE attribute descriptions */
AttributeDescription *si_ad_supportedExtension;
AttributeDescription *si_ad_supportedLDAPVersion;
AttributeDescription *si_ad_supportedSASLMechanisms;
+ AttributeDescription *si_ad_supportedFeatures;
/* subschema subentry attribute descriptions */
AttributeDescription *si_ad_objectClasses;
/* Undefined Attribute Type */
AttributeType *si_at_undefined;
+
+ /* Matching Rules */
+ MatchingRule *si_mr_distinguishedNameMatch;
+ MatchingRule *si_mr_integerMatch;
+
+ /* Syntaxes */
+ Syntax *si_syn_distinguishedName;
+ Syntax *si_syn_integer;
};
typedef struct slap_attr_assertion {
} SubstringsAssertion;
typedef struct slap_mr_assertion {
- char *ma_rule; /* optional */
+ MatchingRule *ma_rule; /* optional */
+ struct berval ma_rule_text; /* optional */
AttributeDescription *ma_desc; /* optional */
int ma_dnattrs; /* boolean */
struct berval *ma_value; /* required */
} MatchingRuleAssertion;
-
/*
* represents a search filter
*/
#define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2)
#define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3)
-
union f_un_u {
/* precomputed result */
ber_int_t f_un_result;
#define f_sub_final f_un.f_un_ssa->sa_final
#define f_mra f_un.f_un_mra
#define f_mr_rule f_un.f_un_mra->ma_rule
+#define f_mr_rule_text f_un.f_un_mra->ma_rule_text
#define f_mr_desc f_un.f_un_mra->ma_desc
#define f_mr_value f_un.f_un_mra->ma_value
#define f_mr_dnattrs f_un.f_un_mra->ma_dnattrs
*/
ID e_id;
- char *e_dn; /* DN of this entry */
- char *e_ndn; /* normalized DN of this entry */
+ struct berval e_name; /* name (DN) of this entry */
+ struct berval e_nname; /* normalized name (DN) of this entry */
+
+ /* for migration purposes */
+#define e_dn e_name.bv_val
+#define e_ndn e_nname.bv_val
+
Attribute *e_attrs; /* list of attributes + values */
/* for use by the backend for any purpose */
typedef struct slap_authz_info {
ber_tag_t sai_method; /* LDAP_AUTH_* from <ldap.h> */
char * sai_mech; /* SASL Mechanism */
- char * sai_dn; /* DN for reporting purposes */
- char * sai_ndn; /* Normalized DN */
+ struct berval sai_dn; /* DN for reporting purposes */
+ struct berval sai_ndn; /* Normalized DN */
/* Security Strength Factors */
slap_ssf_t sai_ssf; /* Overall SSF */
slap_style_t a_sockurl_style;
char *a_sockurl_pat;
slap_style_t a_set_style;
- char *a_set_pat;
+ struct berval a_set_pat;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *a_aci_at;
/* ACL Groups */
slap_style_t a_group_style;
- char *a_group_pat;
+ struct berval a_group_pat;
ObjectClass *a_group_oc;
AttributeDescription *a_group_at;
Filter *acl_filter;
slap_style_t acl_dn_style;
regex_t acl_dn_re;
- char *acl_dn_pat;
- char **acl_attrs;
+ struct berval acl_dn_pat;
+ struct berval **acl_attrs;
/* "by" part: list of who has what access to the entries */
Access *acl_access;
/*
* replog moddn param structure
*/
-struct replog_moddn {
- char *newrdn;
+struct slap_replog_moddn {
+ struct berval *newrdn;
int deloldrdn;
- char *newsup;
+ struct berval *newsup;
};
/*
typedef struct slap_backend_info BackendInfo; /* per backend type */
typedef struct slap_backend_db BackendDB; /* per backend database */
-LDAP_SLAPD_F (int) nBackendInfo;
-LDAP_SLAPD_F (int) nBackendDB;
-LDAP_SLAPD_F (BackendInfo *) backendInfo;
-LDAP_SLAPD_F (BackendDB *) backendDB;
+LDAP_SLAPD_V (int) nBackendInfo;
+LDAP_SLAPD_V (int) nBackendDB;
+LDAP_SLAPD_V (BackendInfo *) backendInfo;
+LDAP_SLAPD_V (BackendDB *) backendDB;
-LDAP_SLAPD_F (int) slapMode;
+LDAP_SLAPD_V (int) slapMode;
#define SLAP_UNDEFINED_MODE 0x0000
#define SLAP_SERVER_MODE 0x0001
#define SLAP_TOOL_MODE 0x0002
#define SLAP_TRUNCATE_MODE 0x0100
+struct slap_replica_info {
+ char *ri_host; /* supersedes be_replica */
+ struct berval **ri_nsuffix; /* array of suffixes this replica accepts */
+};
+
+struct slap_limits_set {
+ /* time limits */
+ int lms_t_soft;
+ int lms_t_hard;
+
+ /* size limits */
+ int lms_s_soft;
+ int lms_s_hard;
+ int lms_s_unchecked;
+};
+
+struct slap_limits {
+ int lm_type; /* type of pattern */
+#define SLAP_LIMITS_UNDEFINED 0x0000
+#define SLAP_LIMITS_EXACT 0x0001
+#define SLAP_LIMITS_BASE SLAP_LIMITS_EXACT
+#define SLAP_LIMITS_ONE 0x0002
+#define SLAP_LIMITS_SUBTREE 0x0003
+#define SLAP_LIMITS_CHILDREN 0x0004
+#define SLAP_LIMITS_REGEX 0x0005
+#define SLAP_LIMITS_ANONYMOUS 0x0006
+#define SLAP_LIMITS_USERS 0x0007
+ regex_t lm_dn_regex; /* regex data for REGEX */
+
+ /*
+ * normalized DN for EXACT, BASE, ONE, SUBTREE, CHILDREN;
+ * pattern for REGEX; NULL for ANONYMOUS, USERS
+ */
+ struct berval *lm_dn_pat;
+
+ struct slap_limits_set lm_limits;
+};
+
/* temporary aliases */
typedef BackendDB Backend;
#define nbackends nBackendDB
#define be_chk_referrals bd_info->bi_chk_referrals
#define be_group bd_info->bi_acl_group
#define be_attribute bd_info->bi_acl_attribute
+#define be_operational bd_info->bi_operational
#define be_controls bd_info->bi_controls
| SLAP_RESTRICT_OP_MODIFY \
| SLAP_RESTRICT_OP_RENAME )
-#define SLAP_ALLOW_TLS_2_ANON 0x0001U /* StartTLS -> Anonymous */
-
-#define SLAP_DISALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
-#define SLAP_DISALLOW_BIND_ANON 0x0002U /* no anonymous */
-#define SLAP_DISALLOW_BIND_ANON_CRED \
- 0x0004U /* cred should be empty */
-#define SLAP_DISALLOW_BIND_ANON_DN \
- 0x0008U /* dn should be empty */
+#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
+#define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */
+#define SLAP_ALLOW_BIND_ANON_DN 0x0003U /* dn should be empty */
-#define SLAP_DISALLOW_BIND_SIMPLE 0x0010U /* simple authentication */
-#define SLAP_DISALLOW_BIND_KRBV4 0x0020U /* Kerberos V4 authentication */
+#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
+#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
+#define SLAP_DISALLOW_BIND_KRBV4 0x0004U /* Kerberos V4 authentication */
-#define SLAP_DISALLOW_TLS_AUTHC 0x0100U /* TLS while authenticated */
+#define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */
+#define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */
slap_mask_t be_requires; /* pre-operation requirements */
#define SLAP_REQUIRE_BIND 0x0001U /* bind before op */
slap_ssf_set_t be_ssf_set;
/* these should be renamed from be_ to bd_ */
- char **be_suffix; /* the DN suffixes of data in this backend */
- char **be_nsuffix; /* the normalized DN suffixes in this backend */
- char **be_suffixAlias; /* pairs of DN suffix aliases and deref values */
- char *be_root_dn; /* the magic "root" dn for this db */
- char *be_root_ndn; /* the magic "root" normalized dn for this db */
- struct berval be_root_pw; /* the magic "root" password for this db */
+ struct berval **be_suffix; /* the DN suffixes of data in this backend */
+ struct berval **be_nsuffix; /* the normalized DN suffixes in this backend */
+ struct berval **be_suffixAlias; /* pairs of DN suffix aliases and deref values */
+ struct berval be_rootdn; /* the magic "root" name (DN) for this db */
+ struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */
+ struct berval be_rootpw; /* the magic "root" password for this db */
unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
- int be_sizelimit; /* size limit for this backend */
- int be_timelimit; /* time limit for this backend */
+#define be_sizelimit be_def_limit.lms_s_soft
+#define be_timelimit be_def_limit.lms_t_soft
+ struct slap_limits_set be_def_limit; /* default limits */
+ struct slap_limits **be_limits; /* regex-based size and time limits */
AccessControl *be_acl; /* access control list for this backend */
slap_access_t be_dfltaccess; /* access given if no acl matches */
- char **be_replica; /* replicas of this backend (in master) */
+ struct slap_replica_info **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
- char *be_update_ndn; /* allowed to make changes (in replicas) */
+ struct berval be_update_ndn; /* allowed to make changes (in replicas) */
struct berval **be_update_refs; /* where to refer modifying clients to */
+ char *be_realm;
int be_lastmod; /* keep track of lastmodified{by,time} */
- char *be_realm;
+#define SLAP_GLUE_INSTANCE 0x01 /* a glue backend */
+#define SLAP_GLUE_SUBORDINATE 0x02 /* child of a glue hierarchy */
+#define SLAP_GLUE_LINKED 0x04 /* child is connected to parent */
+ int be_glueflags; /* */
void *be_private; /* anything the backend database needs */
};
struct slap_conn;
struct slap_op;
-typedef int (*SLAP_EXTENDED_FN) LDAP_P((
+/* Backend function typedefs */
+typedef int (BI_init) LDAP_P((BackendInfo *bi));
+typedef int (BI_config) LDAP_P((BackendInfo *bi, const char *fname,
+ int lineno, int argc, char **argv));
+typedef int (BI_open) LDAP_P((BackendInfo *bi));
+typedef int (BI_close) LDAP_P((BackendInfo *bi));
+typedef int (BI_destroy) LDAP_P((BackendInfo *bi));
+
+typedef int (BI_db_init) LDAP_P((Backend *bd));
+typedef int (BI_db_config) LDAP_P((Backend *bd, const char *fname,
+ int lineno, int argc, char **argv));
+typedef int (BI_db_open) LDAP_P((Backend *bd));
+typedef int (BI_db_close) LDAP_P((Backend *bd));
+typedef int (BI_db_destroy) LDAP_P((Backend *bd));
+
+typedef int (BI_op_bind) LDAP_P(( BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ struct berval *dn, struct berval *ndn, int method,
+ struct berval *cred, struct berval *edn ));
+typedef int (BI_op_unbind) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o ));
+typedef int (BI_op_search) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ const char *base, const char *nbase,
+ int scope, int deref,
+ int slimit, int tlimit,
+ Filter *f, const char *filterstr,
+ struct berval **attrs, int attrsonly));
+typedef int (BI_op_compare)LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ const char *dn, const char *ndn,
+ AttributeAssertion *ava));
+typedef int (BI_op_modify) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ const char *dn, const char *ndn, Modifications *m));
+typedef int (BI_op_modrdn) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ const char *dn, const char *ndn,
+ const char *newrdn, int deleteoldrdn,
+ const char *newSuperior));
+typedef int (BI_op_add) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e));
+typedef int (BI_op_delete) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ const char *dn, const char *ndn));
+typedef int (BI_op_abandon) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ ber_int_t msgid));
+
+typedef int (BI_op_extended) LDAP_P((
BackendDB *be,
struct slap_conn *conn,
struct slap_op *op,
const char ** text,
struct berval *** refs ));
+typedef int (BI_entry_release_rw) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e, int rw));
+
+typedef int (BI_chk_referrals) LDAP_P((BackendDB *bd,
+ struct slap_conn *c, struct slap_op *o,
+ const char *dn, const char *ndn,
+ const char **text ));
+
+typedef int (BI_acl_group) LDAP_P((Backend *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e, const char *bdn, const char *edn,
+ ObjectClass *group_oc,
+ AttributeDescription *group_at ));
+typedef int (BI_acl_attribute) LDAP_P((Backend *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e, const char *edn,
+ AttributeDescription *entry_at,
+ struct berval ***vals ));
+
+typedef int (BI_operational) LDAP_P((Backend *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e, struct berval **attrs, int opattrs, Attribute **a ));
+
+typedef int (BI_connection_init) LDAP_P((BackendDB *bd,
+ struct slap_conn *c));
+typedef int (BI_connection_destroy) LDAP_P((BackendDB *bd,
+ struct slap_conn *c));
+
+typedef int (BI_tool_entry_open) LDAP_P(( BackendDB *be, int mode ));
+typedef int (BI_tool_entry_close) LDAP_P(( BackendDB *be ));
+typedef ID (BI_tool_entry_first) LDAP_P(( BackendDB *be ));
+typedef ID (BI_tool_entry_next) LDAP_P(( BackendDB *be ));
+typedef Entry* (BI_tool_entry_get) LDAP_P(( BackendDB *be, ID id ));
+typedef ID (BI_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e ));
+typedef int (BI_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id ));
+typedef int (BI_tool_sync) LDAP_P(( BackendDB *be ));
+
struct slap_backend_info {
char *bi_type; /* type of backend */
* once during shutdown after all bi_db_destroy calls.
* bi_destory() is called from backend_destroy()
*/
- int (*bi_init) LDAP_P((BackendInfo *bi));
- int (*bi_config) LDAP_P((BackendInfo *bi,
- const char *fname, int lineno, int argc, char **argv ));
- int (*bi_open) LDAP_P((BackendInfo *bi));
- int (*bi_close) LDAP_P((BackendInfo *bi));
- int (*bi_destroy) LDAP_P((BackendInfo *bi));
+ BI_init *bi_init;
+ BI_config *bi_config;
+ BI_open *bi_open;
+ BI_close *bi_close;
+ BI_destroy *bi_destroy;
/*
* per database routines:
* bi_close calls but before bi_destory calls.
* called only by backend_destory()
*/
- int (*bi_db_init) LDAP_P((Backend *bd));
- int (*bi_db_config) LDAP_P((Backend *bd,
- const char *fname, int lineno, int argc, char **argv ));
- int (*bi_db_open) LDAP_P((Backend *bd));
- int (*bi_db_close) LDAP_P((Backend *bd));
- int (*bi_db_destroy) LDAP_P((Backend *db));
+ BI_db_init *bi_db_init;
+ BI_db_config *bi_db_config;
+ BI_db_open *bi_db_open;
+ BI_db_close *bi_db_close;
+ BI_db_destroy *bi_db_destroy;
/* LDAP Operations Handling Routines */
- int (*bi_op_bind) LDAP_P(( BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- const char *dn, const char *ndn, int method,
- struct berval *cred, char** edn ));
- int (*bi_op_unbind) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o ));
- int (*bi_op_search) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- const char *base, const char *nbase,
- int scope, int deref,
- int slimit, int tlimit,
- Filter *f, const char *filterstr,
- char **attrs, int attrsonly));
- int (*bi_op_compare)LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- const char *dn, const char *ndn,
- AttributeAssertion *ava));
- int (*bi_op_modify) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- const char *dn, const char *ndn, Modifications *m));
- int (*bi_op_modrdn) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- const char *dn, const char *ndn,
- const char *newrdn, int deleteoldrdn,
- const char *newSuperior));
- int (*bi_op_add) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- Entry *e));
- int (*bi_op_delete) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- const char *dn, const char *ndn));
- int (*bi_op_abandon) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- ber_int_t msgid));
+ BI_op_bind *bi_op_bind;
+ BI_op_unbind *bi_op_unbind;
+ BI_op_search *bi_op_search;
+ BI_op_compare *bi_op_compare;
+ BI_op_modify *bi_op_modify;
+ BI_op_modrdn *bi_op_modrdn;
+ BI_op_add *bi_op_add;
+ BI_op_delete *bi_op_delete;
+ BI_op_abandon *bi_op_abandon;
/* Extended Operations Helper */
- SLAP_EXTENDED_FN bi_extended;
+ BI_op_extended *bi_extended;
/* Auxilary Functions */
- int (*bi_entry_release_rw) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- Entry *e, int rw));
+ BI_entry_release_rw *bi_entry_release_rw;
+ BI_chk_referrals *bi_chk_referrals;
- int (*bi_chk_referrals) LDAP_P((BackendDB *bd,
- struct slap_conn *c, struct slap_op *o,
- const char *dn, const char *ndn,
- const char **text ));
+ BI_acl_group *bi_acl_group;
+ BI_acl_attribute *bi_acl_attribute;
- int (*bi_acl_group) LDAP_P((Backend *bd,
- struct slap_conn *c, struct slap_op *o,
- Entry *e, const char *bdn, const char *edn,
- ObjectClass *group_oc,
- AttributeDescription *group_at ));
- int (*bi_acl_attribute) LDAP_P((Backend *bd,
- struct slap_conn *c, struct slap_op *o,
- Entry *e, const char *edn,
- AttributeDescription *entry_at,
- struct berval ***vals ));
+ BI_operational *bi_operational;
- int (*bi_connection_init) LDAP_P((BackendDB *bd,
- struct slap_conn *c));
- int (*bi_connection_destroy) LDAP_P((BackendDB *bd,
- struct slap_conn *c));
+ BI_connection_init *bi_connection_init;
+ BI_connection_destroy *bi_connection_destroy;
/* hooks for slap tools */
- int (*bi_tool_entry_open) LDAP_P(( BackendDB *be, int mode ));
- int (*bi_tool_entry_close) LDAP_P(( BackendDB *be ));
- ID (*bi_tool_entry_first) LDAP_P(( BackendDB *be ));
- ID (*bi_tool_entry_next) LDAP_P(( BackendDB *be ));
- Entry* (*bi_tool_entry_get) LDAP_P(( BackendDB *be, ID id ));
- ID (*bi_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e ));
- int (*bi_tool_entry_reindex) LDAP_P(( BackendDB *be, ID id ));
- int (*bi_tool_sync) LDAP_P(( BackendDB *be ));
+ BI_tool_entry_open *bi_tool_entry_open;
+ BI_tool_entry_close *bi_tool_entry_close;
+ BI_tool_entry_first *bi_tool_entry_first;
+ BI_tool_entry_next *bi_tool_entry_next;
+ BI_tool_entry_get *bi_tool_entry_get;
+ BI_tool_entry_put *bi_tool_entry_put;
+ BI_tool_entry_reindex *bi_tool_entry_reindex;
+ BI_tool_sync *bi_tool_sync;
#define SLAP_INDEX_ADD_OP 0x0001
#define SLAP_INDEX_DELETE_OP 0x0002
#define c_authtype c_authz.sai_method
#define c_authmech c_authz.sai_mech
#define c_dn c_authz.sai_dn
+#define c_ndn c_authz.sai_ndn
#define c_ssf c_authz.sai_ssf
#define c_transport_ssf c_authz.sai_transport_ssf
#define c_tls_ssf c_authz.sai_tls_ssf
#define o_tls_ssf o_authz.sai_tls_ssf
#define o_sasl_ssf o_authz.sai_sasl_ssf
+struct slap_op;
+struct slap_conn;
+
+typedef void (slap_response)(struct slap_conn *, struct slap_op *, ber_tag_t,
+ ber_int_t, ber_int_t, const char *, const char *, struct berval **,
+ const char *, struct berval *, struct berval *, LDAPControl **);
+
+typedef void (slap_sresult)(struct slap_conn *, struct slap_op *, ber_int_t,
+ const char *, const char *, struct berval **, LDAPControl **,
+ int nentries);
+
/*
* represents an operation pending from an ldap client
*/
typedef struct slap_op {
ber_int_t o_opid; /* id of this operation */
ber_int_t o_msgid; /* msgid of the request */
+#ifdef LDAP_CONNECTIONLESS
+ Sockaddr o_peeraddr; /* UDP peer address */
+#endif
ldap_pvt_thread_t o_tid; /* thread handling this op */
ldap_pvt_thread_mutex_t o_abandonmutex; /* protects o_abandon */
int o_abandon; /* abandon flag */
+ slap_response *o_response; /* callback function */
+ slap_sresult *o_sresult; /* search result callback */
struct slap_op *o_next; /* next operation in list */
void *o_private; /* anything the backend needs */
+ void *o_glue; /* for the glue backend */
} Operation;
+/*
+ * Caches the result of a backend_group check for ACL evaluation
+ */
+typedef struct slap_gacl {
+ struct slap_gacl *next;
+ Backend *be;
+ ObjectClass *oc;
+ AttributeDescription *at;
+ int res;
+ ber_len_t len;
+ char ndn[1];
+} GroupAssertion;
+
/*
* represents a connection from an ldap client
*/
Backend *c_authz_backend;
AuthorizationInformation c_authz;
+ GroupAssertion *c_groups;
ber_int_t c_protocol; /* version of the LDAP protocol used by client */
BerElement *c_currentber; /* ber we're attempting to read */
int c_writewaiter; /* true if writer is waiting */
+#ifdef LDAP_CONNECTIONLESS
+ int c_is_udp; /* true if this is (C)LDAP over UDP */
+#endif
#ifdef HAVE_TLS
int c_is_tls; /* true if this LDAP over raw TLS */
int c_needs_tls_accept; /* true if SSL_accept should be called */
int offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */
} SaslRegexp_t;
+/* Flags for telling slap_sasl_getdn() what type of identity is being passed */
+#define FLAG_GETDN_FINAL 1
+#define FLAG_GETDN_AUTHCID 2
+#define FLAG_GETDN_AUTHZID 4
+
LDAP_END_DECL