#include "ldap_pvt_thread.h"
#include "ldap_queue.h"
+#define SLAP_EXTENDED_SCHEMA 1
+
LDAP_BEGIN_DECL
/*
* SLAPD Memory allocation macros
slap_ssf_t sss_update_transport;
slap_ssf_t sss_update_tls;
slap_ssf_t sss_update_sasl;
+ slap_ssf_t sss_simple_bind;
} slap_ssf_set_t;
/*
#define SLAP_INDEX_SUBSTR_FINAL_PREFIX '$'
#define SLAP_INDEX_CONT_PREFIX '.' /* prefix for continuation keys */
-#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
-#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
-#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
+#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
+#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
+#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
+#define SLAP_SYNTAX_MATCHINGRULEUSES_OID "1.3.6.1.4.1.1466.115.121.1.31"
+#define SLAP_SYNTAX_CONTENTRULE_OID "1.3.6.1.4.1.1466.115.121.1.16"
+
+#ifdef LDAP_CLIENT_UPDATE
+#define LCUP_COOKIE_OID "1.3.6.1.4.1.4203.666.10.1"
+#endif /* LDAP_CLIENT_UPDATE */
/*
* represents schema information for a database
#define SLAP_SCHERR_CLASS_BAD_SUP 4
#define SLAP_SCHERR_CLASS_DUP 5
#define SLAP_SCHERR_ATTR_NOT_FOUND 6
-#define SLAP_SCHERR_ATTR_BAD_USAGE 7
-#define SLAP_SCHERR_ATTR_BAD_SUP 8
-#define SLAP_SCHERR_ATTR_INCOMPLETE 9
-#define SLAP_SCHERR_ATTR_DUP 10
-#define SLAP_SCHERR_MR_NOT_FOUND 11
-#define SLAP_SCHERR_MR_INCOMPLETE 12
-#define SLAP_SCHERR_MR_DUP 13
-#define SLAP_SCHERR_SYN_NOT_FOUND 14
-#define SLAP_SCHERR_SYN_DUP 15
-#define SLAP_SCHERR_NO_NAME 16
-#define SLAP_SCHERR_NOT_SUPPORTED 17
-#define SLAP_SCHERR_BAD_DESCR 18
-#define SLAP_SCHERR_OIDM 19
-#define SLAP_SCHERR_LAST SLAP_SCHERR_OIDM
+#define SLAP_SCHERR_ATTR_BAD_MR 7
+#define SLAP_SCHERR_ATTR_BAD_USAGE 8
+#define SLAP_SCHERR_ATTR_BAD_SUP 9
+#define SLAP_SCHERR_ATTR_INCOMPLETE 10
+#define SLAP_SCHERR_ATTR_DUP 11
+#define SLAP_SCHERR_MR_NOT_FOUND 12
+#define SLAP_SCHERR_MR_INCOMPLETE 13
+#define SLAP_SCHERR_MR_DUP 14
+#define SLAP_SCHERR_SYN_NOT_FOUND 15
+#define SLAP_SCHERR_SYN_DUP 16
+#define SLAP_SCHERR_NO_NAME 17
+#define SLAP_SCHERR_NOT_SUPPORTED 18
+#define SLAP_SCHERR_BAD_DESCR 19
+#define SLAP_SCHERR_OIDM 20
+#define SLAP_SCHERR_CR_DUP 21
+#define SLAP_SCHERR_CR_BAD_STRUCT 22
+#define SLAP_SCHERR_CR_BAD_AUX 23
+#define SLAP_SCHERR_CR_BAD_AT 24
+#define SLAP_SCHERR_LAST SLAP_SCHERR_CR_BAD_AT
typedef union slap_sockaddr {
struct sockaddr sa_addr;
struct sockaddr_in sa_in_addr;
#ifdef LDAP_PF_INET6
+ struct sockaddr_storage sa_storage;
struct sockaddr_in6 sa_in6_addr;
#endif
#ifdef LDAP_PF_LOCAL
#endif
} Sockaddr;
+#ifdef LDAP_PF_INET6
+extern int slap_inet4or6;
+#endif
+
typedef struct slap_oid_macro {
struct berval som_oid;
char **som_names;
#define ssyn_oid ssyn_syn.syn_oid
#define ssyn_desc ssyn_syn.syn_desc
#define ssyn_extensions ssyn_syn.syn_extensions
+ /*
+ * Note: the former
ber_len_t ssyn_oidlen;
+ * has been replaced by a struct berval that uses the value
+ * provided by ssyn_syn.syn_oid; a macro that expands to
+ * the bv_len field of the berval is provided for backward
+ * compatibility. CAUTION: NEVER FREE THE BERVAL
+ */
+ struct berval ssyn_bvoid;
+#define ssyn_oidlen ssyn_bvoid.bv_len
unsigned int ssyn_flags;
#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
+typedef struct slap_syntax_defs_rec {
+ char *sd_desc;
+ int sd_flags;
+ slap_syntax_validate_func *sd_validate;
+ slap_syntax_transform_func *sd_normalize;
+ slap_syntax_transform_func *sd_pretty;
+#ifdef SLAPD_BINARY_CONVERSION
+ slap_syntax_transform_func *sd_ber2str;
+ slap_syntax_transform_func *sd_str2ber;
+#endif
+} slap_syntax_defs_rec;
+
/* X -> Y Converter */
typedef int slap_mr_convert_func LDAP_P((
struct berval * in,
void * assertValue,
BerVarray *keys ));
+typedef struct slap_matching_rule_use MatchingRuleUse;
+
typedef struct slap_matching_rule {
LDAPMatchingRule smr_mrule;
- ber_len_t smr_oidlen;
+ MatchingRuleUse *smr_mru;
+ /* RFC2252 string representation */
+ struct berval smr_str;
+ /*
+ * Note: the former
+ ber_len_t smr_oidlen;
+ * has been replaced by a struct berval that uses the value
+ * provided by smr_mrule.mr_oid; a macro that expands to
+ * the bv_len field of the berval is provided for backward
+ * compatibility. CAUTION: NEVER FREE THE BERVAL
+ */
+ struct berval smr_bvoid;
+#define smr_oidlen smr_bvoid.bv_len
+
slap_mask_t smr_usage;
#define SLAP_MR_HIDE 0x8000U
#define SLAP_MR_EQUALITY 0x0100U
#define SLAP_MR_ORDERING 0x0200U
#define SLAP_MR_SUBSTR 0x0400U
-#define SLAP_MR_EXT 0x0800U
+#define SLAP_MR_EXT 0x0800U /* implicitly extensible */
#define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U )
#define SLAP_MR_DN_FOLD 0x0008U
slap_mr_indexer_func *smr_indexer;
slap_mr_filter_func *smr_filter;
+ /*
+ * null terminated list of syntaxes compatible with this syntax
+ * note: when MS_EXT is set, this MUST NOT contain the assertion
+ * syntax of the rule. When MS_EXT is not set, it MAY.
+ */
+ Syntax **smr_compat_syntaxes;
+
struct slap_matching_rule *smr_associated;
struct slap_matching_rule *smr_next;
#define smr_extensions smr_mrule.mr_extensions
} MatchingRule;
+struct slap_matching_rule_use {
+ LDAPMatchingRuleUse smru_mruleuse;
+ MatchingRule *smru_mr;
+ /* RFC2252 string representation */
+ struct berval smru_str;
+
+ struct slap_matching_rule_use *smru_next;
+
+#define smru_oid smru_mruleuse.mru_oid
+#define smru_names smru_mruleuse.mru_names
+#define smru_desc smru_mruleuse.mru_desc
+#define smru_obsolete smru_mruleuse.mru_obsolete
+#define smru_applies_oids smru_mruleuse.mru_applies_oids
+
+#define smru_usage smru_mr->smr_usage
+} /* MatchingRuleUse */ ;
+
+typedef struct slap_mrule_defs_rec {
+ char * mrd_desc;
+ slap_mask_t mrd_usage;
+ char ** mrd_compat_syntaxes;
+ slap_mr_convert_func * mrd_convert;
+ slap_mr_normalize_func * mrd_normalize;
+ slap_mr_match_func * mrd_match;
+ slap_mr_indexer_func * mrd_indexer;
+ slap_mr_filter_func * mrd_filter;
+
+ char * mrd_associated;
+} slap_mrule_defs_rec;
+
struct slap_backend_db;
struct slap_entry;
struct slap_attr;
char *textbuf, size_t textlen );
typedef struct slap_object_class {
- LDAPObjectClass soc_oclass;
+ LDAPObjectClass soc_oclass;
+ struct berval soc_cname;
struct slap_object_class **soc_sups;
AttributeType **soc_required;
AttributeType **soc_allowed;
#define SLAP_OC_OPERATIONAL 0x4000
#define SLAP_OC_HIDE 0x8000
-#ifdef LDAP_EXTENDED_SCHEMA
/*
* DIT content rule
*/
AttributeType **scr_required; /* optional */
AttributeType **scr_allowed; /* optional */
AttributeType **scr_precluded; /* optional */
-#define scr_oid scr_crule.cr_oid
-#define scr_names scr_crule.cr_names
-#define scr_desc scr_crule.cr_desc
-#define scr_obsolete soc_oclass.cr_obsolete
-#define scr_cr_oids_aux soc_oclass.cr_oc_oids_aux
-#define scr_cr_oids_must soc_oclass.cr_at_oids_must
-#define scr_cr_oids_may soc_oclass.cr_at_oids_may
-#define scr_cr_oids_not soc_oclass.cr_at_oids_not
+#define scr_oid scr_crule.cr_oid
+#define scr_names scr_crule.cr_names
+#define scr_desc scr_crule.cr_desc
+#define scr_obsolete scr_crule.cr_obsolete
+#define scr_oc_oids_aux scr_crule.cr_oc_oids_aux
+#define scr_at_oids_must scr_crule.cr_at_oids_must
+#define scr_at_oids_may scr_crule.cr_at_oids_may
+#define scr_at_oids_not scr_crule.cr_at_oids_not
+
+ struct slap_content_rule *scr_next;
} ContentRule;
-#endif
/*
* represents a recognized attribute description ( type + options )
AttributeDescription *si_ad_supportedLDAPVersion;
AttributeDescription *si_ad_supportedSASLMechanisms;
AttributeDescription *si_ad_supportedFeatures;
+ AttributeDescription *si_ad_monitorContext;
AttributeDescription *si_ad_vendorName;
AttributeDescription *si_ad_vendorVersion;
/* Access Control Internals */
AttributeDescription *si_ad_entry;
AttributeDescription *si_ad_children;
+ AttributeDescription *si_ad_saslAuthzTo;
+ AttributeDescription *si_ad_saslAuthzFrom;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *si_ad_aci;
#endif
#define SLAP_RESTRICT_OP_SEARCH 0x0080U
#define SLAP_RESTRICT_OP_READS \
- ( SLAP_RESTRICT_OP_COMPARE \
+ ( SLAP_RESTRICT_OP_COMPARE \
| SLAP_RESTRICT_OP_SEARCH )
#define SLAP_RESTRICT_OP_WRITES \
( SLAP_RESTRICT_OP_ADD \
#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
#define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */
-#define SLAP_ALLOW_BIND_ANON_DN 0x0003U /* dn should be empty */
+#define SLAP_ALLOW_BIND_ANON_DN 0x0004U /* dn should be empty */
+
+#define SLAP_ALLOW_UPDATE_ANON 0x0008U /* allow anonymous updates */
#define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */
#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */
-#define SLAP_DISALLOW_BIND_KRBV4 0x0004U /* Kerberos V4 authentication */
+#define SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED \
+ 0x0004U /* unprotected simple auth */
+#define SLAP_DISALLOW_BIND_KRBV4 0x0008U /* Kerberos V4 authentication */
#define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */
#define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */
+#define SLAP_DISALLOW_AUX_WO_CR 0x4000U
+
slap_mask_t be_requires; /* pre-operation requirements */
#define SLAP_REQUIRE_BIND 0x0001U /* bind before op */
#define SLAP_REQUIRE_LDAP_V3 0x0002U /* LDAPv3 before op */
BerVarray be_suffix; /* the DN suffixes of data in this backend */
BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */
BerVarray be_suffixAlias; /* pairs of DN suffix aliases and deref values */
+ struct berval be_schemadn; /* per-backend subschema subentry DN */
+ struct berval be_schemandn; /* normalized subschema DN */
struct berval be_rootdn; /* the magic "root" name (DN) for this db */
struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */
struct berval be_rootpw; /* the magic "root" password for this db */
- unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
+ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
#define be_sizelimit be_def_limit.lms_s_soft
#define be_timelimit be_def_limit.lms_t_soft
struct slap_limits_set be_def_limit; /* default limits */
ber_int_t msgid));
typedef int (BI_op_extended) LDAP_P((
- BackendDB *be,
- struct slap_conn *conn,
- struct slap_op *op,
+ BackendDB *be,
+ struct slap_conn *conn,
+ struct slap_op *op,
const char *reqoid,
- struct berval * reqdata,
+ struct berval * reqdata,
char **rspoid,
- struct berval ** rspdata,
+ struct berval ** rspdata,
LDAPControl *** rspctrls,
const char ** text,
BerVarray *refs ));
ID ps_id;
} PagedResultsState;
+
+#ifdef LDAP_CLIENT_UPDATE
+#define LCUP_PSEARCH_BY_ADD 0x01
+#define LCUP_PSEARCH_BY_DELETE 0x02
+#define LCUP_PSEARCH_BY_PREMODIFY 0x03
+#define LCUP_PSEARCH_BY_MODIFY 0x04
+#define LCUP_PSEARCH_BY_SCOPEOUT 0x05
+
+struct lcup_search_spec {
+ struct slap_op *op;
+ struct berval *base;
+ struct berval *nbase;
+ int scope;
+ int deref;
+ int slimit;
+ int tlimit;
+ Filter *filter;
+ struct berval *filterstr;
+ AttributeName *attrs;
+ int attrsonly;
+ struct lcup_entry *elist;
+ ldap_pvt_thread_mutex_t elist_mutex;
+ int entry_count;
+ LDAP_LIST_ENTRY(lcup_search_spec) link;
+};
+
+struct psid_entry {
+ struct lcup_search_spec* ps;
+ LDAP_LIST_ENTRY(psid_entry) link;
+};
+#endif /* LDAP_CLIENT_UPDATE */
+
+
/*
* represents an operation pending from an ldap client
*/
typedef struct slap_op {
unsigned long o_opid; /* id of this operation */
unsigned long o_connid; /* id of conn initiating this op */
+ struct slap_conn *o_conn; /* connection spawning this op */
ber_int_t o_msgid; /* msgid of the request */
ber_int_t o_protocol; /* version of the LDAP protocol used by client */
volatile sig_atomic_t o_abandon; /* abandon flag */
+ char o_do_not_cache; /* don't cache from this op */
+
#define SLAP_NO_CONTROL 0
#define SLAP_NONCRITICAL_CONTROL 1
#define SLAP_CRITICAL_CONTROL 2
ber_int_t o_pagedresults_size;
PagedResultsState o_pagedresults_state;
+#ifdef LDAP_CLIENT_UPDATE
+ char o_clientupdate;
+ char o_clientupdate_type;
+#define SLAP_LCUP_NONE (0x0)
+#define SLAP_LCUP_SYNC (0x1)
+#define SLAP_LCUP_PERSIST (0x2)
+#define SLAP_LCUP_SYNC_AND_PERSIST (0x3)
+ ber_int_t o_clientupdate_interval;
+ struct berval o_clientupdate_state;
+ LDAP_LIST_HEAD(lss, lcup_search_spec) psearch_spec;
+ LDAP_LIST_HEAD(pe, psid_entry) premodify_list;
+ LDAP_LIST_ENTRY(slap_op) link;
+#endif /* LDAP_CLIENT_UPDATE */
+
#ifdef LDAP_CONNECTIONLESS
Sockaddr o_peeraddr; /* UDP peer address */
#endif
slap_callback *o_callback; /* callback pointers */
LDAPControl **o_ctrls; /* controls */
+ void *o_threadctx; /* thread pool thread context */
void *o_private; /* anything the backend needs */
LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */
char ga_ndn[1];
} GroupAssertion;
+typedef struct slap_listener Listener;
+
/*
* represents a connection from an ldap client
*/
time_t c_activitytime; /* when the connection was last used */
unsigned long c_connid; /* id of this connection for stats*/
- struct berval c_listener_url; /* listener URL */
struct berval c_peer_domain; /* DNS name of client */
struct berval c_peer_name; /* peer name (trans=addr:port) */
- struct berval c_sock_name; /* sock name (trans=addr:port) */
+ Listener *c_listener;
+#define c_listener_url c_listener->sl_url /* listener URL */
+#define c_sock_name c_listener->sl_name /* sock name (trans=addr:port) */
/* only can be changed by binding thread */
int c_sasl_bind_in_progress; /* multi-op bind in progress */
struct berval c_sasl_bind_mech; /* mech in progress */
struct berval c_sasl_dn; /* temporary storage */
- struct berval c_cdn;
/* authorization backend */
Backend *c_authz_backend;
int c_sasl_layers; /* true if we need to install SASL i/o handlers */
void *c_sasl_context; /* SASL session context */
void *c_sasl_extra; /* SASL session extra stuff */
+ struct slap_op *c_sasl_bindop; /* set to current op if it's a bind */
PagedResultsState c_pagedresults_state; /* paged result state */
fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
if ( ldap_syslog & (level) ) \
syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
- (arg2), (arg3) ); \
+ (arg2), (arg3) ); \
} while (0)
#else
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )
#endif
-
-#define SASLREGEX_REPLACE 10
-#define SASL_AUTHZ_SOURCE_ATTR "saslAuthzTo"
-#define SASL_AUTHZ_DEST_ATTR "saslAuthzFrom"
-
-typedef struct sasl_uri {
- struct berval dn;
- struct berval filter;
- int scope;
-} SaslUri_t;
-
-typedef struct sasl_regexp {
- char *sr_match; /* regexp match pattern */
- SaslUri_t sr_replace; /* regexp replace pattern */
- regex_t sr_workspace; /* workspace for regexp engine */
- regmatch_t sr_strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */
- int sr_dn_offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */
- int sr_fi_offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */
-} SaslRegexp_t;
-
/*
* listener; need to access it from monitor backend
*/
-typedef struct slap_listener {
- char* sl_url;
- char* sl_name;
+struct slap_listener {
+ struct berval sl_url;
+ struct berval sl_name;
+ mode_t sl_perms;
#ifdef HAVE_TLS
int sl_is_tls;
#endif
ber_socket_t sl_sd;
Sockaddr sl_sa;
#define sl_addr sl_sa.sa_in_addr
-} Listener;
+};
#ifdef SLAPD_MONITOR
/*
};
#endif /* SLAPD_MONITOR */
+/*
+ * Better know these all around slapd
+ */
+#define SLAP_LDAPDN_PRETTY 0x1
+#define SLAP_LDAPDN_MAXLEN 8192
+
+/*
+ * Macros for LCUP
+ */
+#ifdef LDAP_CLIENT_UPDATE
+#define SLAP_LCUP_STATE_UPDATE_TRUE 1
+#define SLAP_LCUP_STATE_UPDATE_FALSE 0
+#define SLAP_LCUP_ENTRY_DELETED_TRUE 1
+#define SLAP_LCUP_ENTRY_DELETED_FALSE 0
+#endif /* LDAP_CLIENT_UPDATE */
+
LDAP_END_DECL
#include "proto-slap.h"
projects / openldap / blobdiff