/* slap.h - stand alone ldap server include file */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include "ldap_pvt_thread.h"
#include "ldap_queue.h"
+#define SLAP_EXTENDED_SCHEMA 1
+
LDAP_BEGIN_DECL
/*
* SLAPD Memory allocation macros
slap_ssf_t sss_update_transport;
slap_ssf_t sss_update_tls;
slap_ssf_t sss_update_sasl;
+ slap_ssf_t sss_simple_bind;
} slap_ssf_set_t;
+
+/* Flags for telling slap_sasl_getdn() what type of identity is being passed */
+#define SLAP_GETDN_AUTHCID 2
+#define SLAP_GETDN_AUTHZID 4
+
/*
* Index types
*/
#define SLAP_INDEX_FLAGS 0xF000UL
#define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */
-#define SLAP_INDEX_NOLANG 0x2000UL /* don't use index w/ lang */
+#define SLAP_INDEX_NOTAGS 0x2000UL /* don't use index w/ tags */
/*
* there is a single index for each attribute. these prefixes ensure
#define SLAP_INDEX_SUBSTR_FINAL_PREFIX '$'
#define SLAP_INDEX_CONT_PREFIX '.' /* prefix for continuation keys */
-#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
-#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
-#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
+#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
+#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
+#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
+#define SLAP_SYNTAX_MATCHINGRULEUSES_OID "1.3.6.1.4.1.1466.115.121.1.31"
+#define SLAP_SYNTAX_CONTENTRULE_OID "1.3.6.1.4.1.1466.115.121.1.16"
+
+#ifdef LDAP_CLIENT_UPDATE
+#define LCUP_COOKIE_OID "1.3.6.1.4.1.4203.666.10.1"
+#endif /* LDAP_CLIENT_UPDATE */
/*
* represents schema information for a database
#define SLAP_SCHERR_NOT_SUPPORTED 18
#define SLAP_SCHERR_BAD_DESCR 19
#define SLAP_SCHERR_OIDM 20
-#define SLAP_SCHERR_LAST SLAP_SCHERR_OIDM
+#define SLAP_SCHERR_CR_DUP 21
+#define SLAP_SCHERR_CR_BAD_STRUCT 22
+#define SLAP_SCHERR_CR_BAD_AUX 23
+#define SLAP_SCHERR_CR_BAD_AT 24
+#define SLAP_SCHERR_LAST SLAP_SCHERR_CR_BAD_AT
typedef union slap_sockaddr {
struct sockaddr sa_addr;
struct sockaddr_in sa_in_addr;
#ifdef LDAP_PF_INET6
+ struct sockaddr_storage sa_storage;
struct sockaddr_in6 sa_in6_addr;
#endif
#ifdef LDAP_PF_LOCAL
#define SLAP_MR_ASSERTION_SYNTAX_MATCH 0x0000U
#define SLAP_MR_VALUE_SYNTAX_MATCH 0x0001U
#define SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH 0x0003U
+#define SLAP_MR_VALUE_NORMALIZED_MATCH 0x0004U
#define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \
(!((usage) & SLAP_MR_VALUE_SYNTAX_MATCH))
#define SLAP_OC_OPERATIONAL 0x4000
#define SLAP_OC_HIDE 0x8000
-#ifdef LDAP_EXTENDED_SCHEMA
/*
* DIT content rule
*/
AttributeType **scr_required; /* optional */
AttributeType **scr_allowed; /* optional */
AttributeType **scr_precluded; /* optional */
-#define scr_oid scr_crule.cr_oid
-#define scr_names scr_crule.cr_names
-#define scr_desc scr_crule.cr_desc
-#define scr_obsolete soc_oclass.cr_obsolete
-#define scr_cr_oids_aux soc_oclass.cr_oc_oids_aux
-#define scr_cr_oids_must soc_oclass.cr_at_oids_must
-#define scr_cr_oids_may soc_oclass.cr_at_oids_may
-#define scr_cr_oids_not soc_oclass.cr_at_oids_not
+#define scr_oid scr_crule.cr_oid
+#define scr_names scr_crule.cr_names
+#define scr_desc scr_crule.cr_desc
+#define scr_obsolete scr_crule.cr_obsolete
+#define scr_oc_oids_aux scr_crule.cr_oc_oids_aux
+#define scr_at_oids_must scr_crule.cr_at_oids_must
+#define scr_at_oids_may scr_crule.cr_at_oids_may
+#define scr_at_oids_not scr_crule.cr_at_oids_not
+
+ struct slap_content_rule *scr_next;
} ContentRule;
-#endif
-/*
- * represents a recognized attribute description ( type + options )
- */
+/* Represents a recognized attribute description ( type + options ). */
typedef struct slap_attr_desc {
struct slap_attr_desc *ad_next;
AttributeType *ad_type; /* attribute type, must be specified */
struct berval ad_cname; /* canonical name, must be specified */
- struct berval ad_lang; /* empty if no language tags */
+ struct berval ad_tags; /* empty if no tagging options */
unsigned ad_flags;
#define SLAP_DESC_NONE 0x00U
#define SLAP_DESC_BINARY 0x01U
-#define SLAP_DESC_LANG_RANGE 0x80U
+#define SLAP_DESC_TAG_RANGE 0x80U
} AttributeDescription;
typedef struct slap_attr_name {
ObjectClass *an_oc;
} AttributeName;
-#define slap_ad_is_lang(ad) ( (ad)->ad_lang.bv_len != 0 )
-#define slap_ad_is_lang_range(ad) \
- ( ((ad)->ad_flags & SLAP_DESC_LANG_RANGE) ? 1 : 0 )
+#define slap_ad_is_tagged(ad) ( (ad)->ad_tags.bv_len != 0 )
+#define slap_ad_is_tag_range(ad) \
+ ( ((ad)->ad_flags & SLAP_DESC_TAG_RANGE) ? 1 : 0 )
#define slap_ad_is_binary(ad) \
( ((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
AttributeDescription *si_ad_collectiveExclusions;
AttributeDescription *si_ad_entryUUID;
AttributeDescription *si_ad_entryCSN;
+ AttributeDescription *si_ad_superiorUUID;
/* root DSE attribute descriptions */
AttributeDescription *si_ad_altServer;
/* Access state */
AccessControl *as_vd_acl;
+ AccessControl *as_vi_acl;
slap_mask_t as_vd_acl_mask;
regmatch_t as_vd_acl_matches[MAXREMATCHES];
int as_vd_acl_count;
int as_vd_access_count;
int as_result;
+ AttributeDescription *as_vd_ad;
} AccessControlState;
-#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, 0UL, { { 0, 0 } }, 0, NULL, 0, 0 }
+#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, { { 0, 0 } }, 0, NULL, 0, 0, NULL }
/*
* replog moddn param structure
int lms_s_soft;
int lms_s_hard;
int lms_s_unchecked;
+ int lms_s_pr;
+ int lms_s_pr_hide;
};
struct slap_limits {
#define be_attribute bd_info->bi_acl_attribute
#define be_operational bd_info->bi_operational
+/*
+ * define to honor hasSubordinates operational attribute in search filters
+ * (in previous use there was a flaw with back-bdb and back-ldbm; now it
+ * is fixed).
+ */
+
+#define be_has_subordinates bd_info->bi_has_subordinates
+
#define be_controls bd_info->bi_controls
#define be_connection_init bd_info->bi_connection_init
#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
#define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */
-#define SLAP_ALLOW_BIND_ANON_DN 0x0003U /* dn should be empty */
+#define SLAP_ALLOW_BIND_ANON_DN 0x0004U /* dn should be empty */
+
+#define SLAP_ALLOW_UPDATE_ANON 0x0008U /* allow anonymous updates */
#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
#define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */
#define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */
+#define SLAP_DISALLOW_AUX_WO_CR 0x4000U
+
slap_mask_t be_requires; /* pre-operation requirements */
#define SLAP_REQUIRE_BIND 0x0001U /* bind before op */
#define SLAP_REQUIRE_LDAP_V3 0x0002U /* LDAPv3 before op */
BerVarray be_suffix; /* the DN suffixes of data in this backend */
BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */
BerVarray be_suffixAlias; /* pairs of DN suffix aliases and deref values */
-#ifdef SLAPD_SCHEMA_DN
struct berval be_schemadn; /* per-backend subschema subentry DN */
struct berval be_schemandn; /* normalized subschema DN */
-#endif
struct berval be_rootdn; /* the magic "root" name (DN) for this db */
struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */
struct berval be_rootpw; /* the magic "root" password for this db */
BerVarray be_update_refs; /* where to refer modifying clients to */
char *be_realm;
void *be_private; /* anything the backend database needs */
+
+ void *be_pb; /* Netscape plugin */
};
struct slap_conn;
struct slap_conn *c, struct slap_op *o,
Entry *e, AttributeName *attrs, int opattrs, Attribute **a ));
+typedef int (BI_has_subordinates) LDAP_P((Backend *bd,
+ struct slap_conn *c, struct slap_op *o,
+ Entry *e, int *has_subordinates ));
+
typedef int (BI_connection_init) LDAP_P((BackendDB *bd,
struct slap_conn *c));
typedef int (BI_connection_destroy) LDAP_P((BackendDB *bd,
BI_acl_attribute *bi_acl_attribute;
BI_operational *bi_operational;
+ BI_has_subordinates *bi_has_subordinates;
BI_connection_init *bi_connection_init;
BI_connection_destroy *bi_connection_destroy;
ID ps_id;
} PagedResultsState;
+
+#ifdef LDAP_CLIENT_UPDATE
+#define LCUP_PSEARCH_BY_ADD 0x01
+#define LCUP_PSEARCH_BY_DELETE 0x02
+#define LCUP_PSEARCH_BY_PREMODIFY 0x03
+#define LCUP_PSEARCH_BY_MODIFY 0x04
+#define LCUP_PSEARCH_BY_SCOPEOUT 0x05
+
+struct lcup_search_spec {
+ struct slap_op *op;
+ struct berval *base;
+ struct berval *nbase;
+ int scope;
+ int deref;
+ int slimit;
+ int tlimit;
+ Filter *filter;
+ struct berval *filterstr;
+ AttributeName *attrs;
+ int attrsonly;
+ struct lcup_entry *elist;
+ ldap_pvt_thread_mutex_t elist_mutex;
+ int entry_count;
+ LDAP_LIST_ENTRY(lcup_search_spec) link;
+};
+
+struct psid_entry {
+ struct lcup_search_spec* ps;
+ LDAP_LIST_ENTRY(psid_entry) link;
+};
+#endif /* LDAP_CLIENT_UPDATE */
+
+
/*
* represents an operation pending from an ldap client
*/
ber_tag_t o_tag; /* tag of the request */
time_t o_time; /* time op was initiated */
+ char * o_extendedop; /* extended operation OID */
+
ldap_pvt_thread_t o_tid; /* thread handling this op */
volatile sig_atomic_t o_abandon; /* abandon flag */
#define SLAP_CRITICAL_CONTROL 2
char o_managedsait;
char o_noop;
+ char o_proxy_authz;
char o_subentries;
char o_subentries_visibility;
char o_valuesreturnfilter;
#define SLAP_LCUP_PERSIST (0x2)
#define SLAP_LCUP_SYNC_AND_PERSIST (0x3)
ber_int_t o_clientupdate_interval;
- struct berval* o_clientupdate_state;
-#endif
+ struct berval o_clientupdate_state;
+ LDAP_LIST_HEAD(lss, lcup_search_spec) psearch_spec;
+ LDAP_LIST_HEAD(pe, psid_entry) premodify_list;
+ LDAP_LIST_ENTRY(slap_op) link;
+#endif /* LDAP_CLIENT_UPDATE */
#ifdef LDAP_CONNECTIONLESS
Sockaddr o_peeraddr; /* UDP peer address */
LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */
ValuesReturnFilter *vrFilter; /* Structure represents ValuesReturnFilter */
+
+ void *o_pb; /* Netscape plugin */
+
} Operation;
#define get_manageDSAit(op) ((int)(op)->o_managedsait)
#define get_subentries(op) ((int)(op)->o_subentries)
#define get_subentries_visibility(op) ((int)(op)->o_subentries_visibility)
+#define get_pagedresults(op) ((int)(op)->o_pagedresults)
+
+
+
+typedef void (*SEND_LDAP_RESULT)(
+ struct slap_conn *conn,
+ struct slap_op *op,
+ ber_int_t err,
+ const char *matched,
+ const char *text,
+ BerVarray ref,
+ LDAPControl **ctrls
+ );
+
+#define send_ldap_result( conn, op, err, matched, text, ref, ctrls ) \
+(*conn->c_send_ldap_result)( conn, op, err, matched, text, ref, ctrls )
+
+
+typedef int (*SEND_SEARCH_ENTRY)(
+ struct slap_backend_db *be,
+ struct slap_conn *conn,
+ struct slap_op *op,
+ struct slap_entry *e,
+ AttributeName *attrs,
+ int attrsonly,
+ LDAPControl **ctrls
+ );
+
+#define send_search_entry( be, conn, op, e, attrs, attrsonly, ctrls) \
+(*conn->c_send_search_entry)( be, conn, op, e, attrs, attrsonly, ctrls)
+
+
+typedef void (*SEND_SEARCH_RESULT)(
+ struct slap_conn *conn,
+ struct slap_op *op,
+ ber_int_t err,
+ const char *matched,
+ const char *text,
+ BerVarray refs,
+ LDAPControl **ctrls,
+ int nentries
+ );
+
+#define send_search_result( conn, op, err, matched, text, refs, ctrls, nentries ) \
+(*conn->c_send_search_result)( conn, op, err, matched, text, refs, ctrls, nentries )
+
+
+typedef int (*SEND_SEARCH_REFERENCE)(
+ struct slap_backend_db *be,
+ struct slap_conn *conn,
+ struct slap_op *op,
+ struct slap_entry *e,
+ BerVarray refs,
+ LDAPControl **ctrls,
+ BerVarray *v2refs
+ );
+
+#define send_search_reference( be, conn, op, e, refs, ctrls, v2refs ) \
+(*conn->c_send_search_reference)( be, conn, op, e, refs, ctrls, v2refs )
+
+
+typedef void (*SEND_LDAP_EXTENDED)(
+ struct slap_conn *conn,
+ struct slap_op *op,
+ ber_int_t err,
+ const char *matched,
+ const char *text,
+ BerVarray refs,
+ const char *rspoid,
+ struct berval *rspdata,
+ LDAPControl **ctrls
+ );
+
+#define send_ldap_extended( conn, op, err, matched, text, refs, rspoid, rspdata, ctrls) \
+(*conn->c_send_ldap_extended)( conn, op, err, matched, text, refs, rspoid, rspdata, ctrls )
+
/*
* Caches the result of a backend_group check for ACL evaluation
char ga_ndn[1];
} GroupAssertion;
+typedef struct slap_listener Listener;
+
/*
* represents a connection from an ldap client
*/
time_t c_activitytime; /* when the connection was last used */
unsigned long c_connid; /* id of this connection for stats*/
- struct berval c_listener_url; /* listener URL */
struct berval c_peer_domain; /* DNS name of client */
struct berval c_peer_name; /* peer name (trans=addr:port) */
- struct berval c_sock_name; /* sock name (trans=addr:port) */
+ Listener *c_listener;
+#define c_listener_url c_listener->sl_url /* listener URL */
+#define c_sock_name c_listener->sl_name /* sock name (trans=addr:port) */
/* only can be changed by binding thread */
int c_sasl_bind_in_progress; /* multi-op bind in progress */
long c_n_get; /* num of get calls */
long c_n_read; /* num of read calls */
long c_n_write; /* num of write calls */
+
+ void *c_pb; /* Netscape plugin */
+
+ /*
+ * These are the "callbacks" that are available for back-ends to
+ * supply data back to connected clients that are connected
+ * through the "front-end".
+ */
+ SEND_LDAP_RESULT c_send_ldap_result;
+ SEND_SEARCH_ENTRY c_send_search_entry;
+ SEND_SEARCH_RESULT c_send_search_result;
+ SEND_SEARCH_REFERENCE c_send_search_reference;
+ SEND_LDAP_EXTENDED c_send_ldap_extended;
+
} Connection;
#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG)
syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
(arg2), (arg3) ); \
} while (0)
+#define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level))
+#elif defined(LDAP_DEBUG)
+#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
+ do { \
+ if ( ldap_debug & (level) ) \
+ fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
+ } while (0)
+#define StatslogTest( level ) (ldap_debug & (level))
+#elif defined(LDAP_SYSLOG)
+#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \
+ do { \
+ if ( ldap_syslog & (level) ) \
+ syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
+ (arg2), (arg3) ); \
+ } while (0)
+#define StatslogTest( level ) (ldap_syslog & (level))
#else
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )
+#define StatslogTest( level ) (0)
#endif
/*
* listener; need to access it from monitor backend
*/
-typedef struct slap_listener {
- char* sl_url;
- char* sl_name;
+struct slap_listener {
+ struct berval sl_url;
+ struct berval sl_name;
+ mode_t sl_perms;
#ifdef HAVE_TLS
int sl_is_tls;
#endif
ber_socket_t sl_sd;
Sockaddr sl_sa;
#define sl_addr sl_sa.sa_in_addr
-} Listener;
+};
#ifdef SLAPD_MONITOR
/*
#define SLAP_LDAPDN_PRETTY 0x1
#define SLAP_LDAPDN_MAXLEN 8192
+/*
+ * Macros for LCUP
+ */
+#ifdef LDAP_CLIENT_UPDATE
+#define SLAP_LCUP_STATE_UPDATE_TRUE 1
+#define SLAP_LCUP_STATE_UPDATE_FALSE 0
+#define SLAP_LCUP_ENTRY_DELETED_TRUE 1
+#define SLAP_LCUP_ENTRY_DELETED_FALSE 0
+#endif /* LDAP_CLIENT_UPDATE */
+
LDAP_END_DECL
#include "proto-slap.h"