#ifdef LDAP_DEVEL
+#define SLAP_LIGHTWEIGHT_DISPATCHER /* experimental slapd architecture */
+#define SLAP_MULTI_CONN_ARRAY
+#ifdef LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL
+#define SLAP_SEM_LOAD_CONTROL
+#endif /* LDAP_PVT_THREAD_POOL_SEM_LOAD_CONTROL */
+
#define SLAP_ACL_HONOR_DISCLOSE /* partially implemented */
#define SLAP_ACL_HONOR_MANAGE /* not yet implemented */
#define SLAP_DYNACL
#define LDAP_SYNC_TIMESTAMP
#define LDAP_COLLECTIVE_ATTRIBUTES
#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE
+#define SLAPD_CONF_UNKNOWN_BAILOUT
-#define SLAP_USE_CONFDIR /* partially implemented */
+#define SLAP_ORDERED_PRETTYNORM
+#define SLAP_AUTHZ_SYNTAX
#ifdef ENABLE_REWRITE
#define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */
#endif
#endif
+#if defined(LDAP_SLAPI) && !defined(SLAP_OVERLAY_ACCESS)
+#define SLAP_OVERLAY_ACCESS
+#endif
+
+/*
+ * ITS#3705: bail out if unknown config directives appear in slapd.conf
+ */
+#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
+#define SLAPD_CONF_UNKNOWN_IGNORED ""
+#define SLAPD_DEBUG_CONFIG_ERROR LDAP_DEBUG_ANY
+#else /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
+#define SLAPD_CONF_UNKNOWN_IGNORED " (ignored)"
+#define SLAPD_DEBUG_CONFIG_ERROR LDAP_DEBUG_CONFIG
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
/*
* SLAPD Memory allocation macros
#endif
#define SERVICE_NAME OPENLDAP_PACKAGE "-slapd"
-#define SLAPD_ANONYMOUS "cn=anonymous"
+#define SLAPD_ANONYMOUS ""
/* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h!
* This is a value used internally by the backends. It is needed to allow
AttributeTypeSchemaCheckFN *sat_check;
char *sat_oidmacro;
-#define SLAP_AT_NONE 0x0000U
-#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */
-#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */
+#define SLAP_AT_NONE 0x0000U
+#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */
+#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */
#ifdef LDAP_DEVEL
-#define SLAP_AT_HIDE 0x0000U /* publish everything */
+#define SLAP_AT_HIDE 0x0000U /* publish everything */
#else
-#define SLAP_AT_HIDE 0x8000U /* hide attribute */
+#define SLAP_AT_HIDE 0x8000U /* hide attribute */
#endif
-#define SLAP_AT_DYNAMIC 0x0400U /* dynamically generated */
+#define SLAP_AT_DYNAMIC 0x0400U /* dynamically generated */
+
+#define SLAP_AT_MANAGEABLE 0x0800U /* no-user-mod can be by-passed */
#define SLAP_AT_ORDERED_VAL 0x0001U /* values are ordered */
#define SLAP_AT_ORDERED_SIB 0x0002U /* siblings are ordered */
-#define SLAP_AT_ORDERED 0x0003U /* value has order index */
-#define SLAP_AT_HARDCODE 0x10000U /* This is hardcoded schema */
+#define SLAP_AT_ORDERED 0x0003U /* value has order index */
+
+#define SLAP_AT_HARDCODE 0x10000U /* hardcoded schema */
slap_mask_t sat_flags;
LDAP_STAILQ_ENTRY(slap_object_class) soc_next;
} ObjectClass;
+#define SLAP_OCF_SET_FLAGS 0x1
+#define SLAP_OCF_CHECK_SUP 0x2
+#define SLAP_OCF_MASK (SLAP_OCF_SET_FLAGS|SLAP_OCF_CHECK_SUP)
+
#define SLAP_OC_ALIAS 0x0001
#define SLAP_OC_REFERRAL 0x0002
#define SLAP_OC_SUBENTRY 0x0004
#define SLAP_DESC_TAG_RANGE 0x80U
} AttributeDescription;
+/* flags to slap_*2undef_ad to register undefined (0, the default)
+ * or proxied (SLAP_AD_PROXIED) AttributeDescriptions; the additional
+ * SLAP_AD_NOINSERT is to lookup without insert */
+#define SLAP_AD_UNDEF 0x00U
+#define SLAP_AD_PROXIED 0x01U
+#define SLAP_AD_NOINSERT 0x02U
+
typedef struct slap_attr_name {
struct berval an_name;
AttributeDescription *an_desc;
AttributeDescription *si_ad_children;
AttributeDescription *si_ad_saslAuthzTo;
AttributeDescription *si_ad_saslAuthzFrom;
-#ifdef SLAPD_ACI_ENABLED
- AttributeDescription *si_ad_aci;
-#endif /* SLAPD_ACI_ENABLED */
/* dynamic entries */
AttributeDescription *si_ad_entryTtl;
AttributeDescription *si_ad_name;
AttributeDescription *si_ad_cn;
AttributeDescription *si_ad_uid;
+ AttributeDescription *si_ad_uidNumber;
+ AttributeDescription *si_ad_gidNumber;
AttributeDescription *si_ad_userPassword;
AttributeDescription *si_ad_labeledURI;
#ifdef SLAPD_AUTHPASSWD
AttributeDescription *si_ad_authPassword;
+ AttributeDescription *si_ad_authPasswordSchemes;
#endif
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
AttributeDescription *si_ad_krbName;
#endif
-
+ AttributeDescription *si_ad_description;
+ AttributeDescription *si_ad_seeAlso;
+
/* Undefined Attribute Type */
AttributeType *si_at_undefined;
+ /* "Proxied" Attribute Type */
+ AttributeType *si_at_proxied;
+
/* Matching Rules */
MatchingRule *si_mr_distinguishedNameMatch;
MatchingRule *si_mr_dnSubtreeMatch;
* A list of LDAPMods
*/
typedef struct slap_mod {
- int sm_op;
+ short sm_op;
+ short sm_flags;
+/* Set for internal mods, will bypass ACL checks. Only needed when
+ * running as non-root user, for user modifiable attributes.
+ */
+#define SLAP_MOD_INTERNAL 0x01
+#define SLAP_MOD_MANAGING 0x02
+
AttributeDescription *sm_desc;
struct berval sm_type;
BerVarray sm_values;
typedef struct slap_mod_list {
Modification sml_mod;
#define sml_op sml_mod.sm_op
+#define sml_flags sml_mod.sm_flags
#define sml_desc sml_mod.sm_desc
#define sml_type sml_mod.sm_type
#define sml_values sml_mod.sm_values
ACL_WRITE,
ACL_MANAGE,
+ /* always leave at end of levels but not greater than ACL_LEVEL_MASK */
+ ACL_LAST,
+
/* ACL level mask and modifiers */
ACL_LEVEL_MASK = 0x000f,
ACL_QUALIFIER1 = 0x0100,
/*
* "dynamic" ACL infrastructure (for ACIs and more)
*/
-typedef int (slap_dynacl_parse)( const char *fname, int lineno, slap_style_t, const char *, void **privp );
-typedef int (slap_dynacl_unparse)( void *priv, struct berval *bv );
-typedef int (slap_dynacl_mask)(
+typedef int (slap_dynacl_parse) LDAP_P(( const char *fname, int lineno,
+ const char *opts, slap_style_t, const char *, void **privp ));
+typedef int (slap_dynacl_unparse) LDAP_P(( void *priv, struct berval *bv ));
+typedef int (slap_dynacl_mask) LDAP_P((
void *priv,
struct slap_op *op,
Entry *e,
int nmatch,
regmatch_t *matches,
slap_access_t *grant,
- slap_access_t *deny );
-typedef int (slap_dynacl_destroy)( void *priv );
+ slap_access_t *deny ));
+typedef int (slap_dynacl_destroy) LDAP_P(( void *priv ));
typedef struct slap_dynacl_t {
char *da_name;
#define ACL_PRIV_MANAGE ACL_ACCESS2PRIV( ACL_MANAGE )
/* NOTE: always use the highest level; current: 0x00ffUL */
-#define ACL_PRIV_MASK ((ACL_PRIV_MANAGE - 1) | ACL_QUALIFIER_MASK)
+#define ACL_PRIV_MASK ((ACL_ACCESS2PRIV(ACL_LAST) - 1) | ACL_QUALIFIER_MASK)
/* priv flags */
#define ACL_PRIV_LEVEL 0x1000UL
regex_t acl_dn_re;
struct berval acl_dn_pat;
AttributeName *acl_attrs;
+ MatchingRule *acl_attrval_mr;
slap_style_t acl_attrval_style;
regex_t acl_attrval_re;
struct berval acl_attrval;
#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, \
{ { 0, 0 } }, 0, NULL, 0, 0, NULL }
+#ifdef SLAPD_ACI_ENABLED
+typedef enum slap_aci_scope_t {
+ SLAP_ACI_SCOPE_ENTRY = 0x1,
+ SLAP_ACI_SCOPE_CHILDREN = 0x2,
+ SLAP_ACI_SCOPE_SUBTREE = ( SLAP_ACI_SCOPE_ENTRY | SLAP_ACI_SCOPE_CHILDREN )
+} slap_aci_scope_t;
+#endif /* SLAPD_ACI_ENABLED */
+
+enum {
+ ACI_BV_ENTRY,
+ ACI_BV_CHILDREN,
+ ACI_BV_ONELEVEL,
+ ACI_BV_SUBTREE,
+ ACI_BV_BR_ENTRY,
+ ACI_BV_BR_ALL,
+ ACI_BV_ACCESS_ID,
+#if 0
+ ACI_BV_ANONYMOUS = BER_BVC("anonymous"),
+#endif
+ ACI_BV_PUBLIC,
+ ACI_BV_USERS,
+ ACI_BV_SELF,
+ ACI_BV_DNATTR,
+ ACI_BV_GROUP,
+ ACI_BV_ROLE,
+ ACI_BV_SET,
+ ACI_BV_SET_REF,
+ ACI_BV_GRANT,
+ ACI_BV_DENY,
+
+ ACI_BV_IP_EQ,
+#ifdef LDAP_PF_LOCAL
+ ACI_BV_PATH_EQ,
+#if 0
+ ACI_BV_DIRSEP,
+#endif
+#endif /* LDAP_PF_LOCAL */
+
+ ACI_BV_GROUP_CLASS,
+ ACI_BV_GROUP_ATTR,
+ ACI_BV_ROLE_CLASS,
+ ACI_BV_ROLE_ATTR,
+ ACI_BV_SET_ATTR,
+
+ ACI_BV_LAST
+};
+
/*
* Backend-info
* represents a backend
#define SLAP_TOOL_READONLY 0x0400
#define SLAP_TOOL_QUICK 0x0800
+#define SB_TLS_DEFAULT (-1)
#define SB_TLS_OFF 0
#define SB_TLS_ON 1
-#define SB_TLS_CRITICAL 2
+#define SB_TLS_CRITICAL 2
typedef struct slap_bindconf {
int sb_tls;
typedef struct slap_verbmasks {
struct berval word;
- const int mask;
+ const slap_mask_t mask;
} slap_verbmasks;
#define SLAP_LIMIT_TIME 1
#define SLAP_MAX_CIDS 32 /* Maximum number of supported controls */
#endif
+struct ConfigOCs; /* config.h */
+
struct slap_backend_db {
BackendInfo *bd_info; /* pointer to shared backend info */
struct syncinfo_s *be_syncinfo; /* For syncrepl */
void *be_pb; /* Netscape plugin */
- struct ConfigTable *be_cf_table;
+ struct ConfigOCs *be_cf_ocs;
void *be_private; /* anything the backend database needs */
LDAP_STAILQ_ENTRY(slap_backend_db) be_next;
} req_extended_s;
typedef struct req_pwdexop_s {
- struct berval rs_reqoid;
- int rs_flags;
+ struct req_extended_s rs_extended;
struct berval rs_old;
struct berval rs_new;
Modifications *rs_mods;
typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e,
AttributeDescription *desc, struct berval *val, slap_access_t access,
AccessControlState *state, slap_mask_t *maskp ));
+typedef int (BI_acl_group) LDAP_P(( struct slap_op *op, Entry *target,
+ struct berval *gr_ndn, struct berval *op_ndn,
+ ObjectClass *group_oc, AttributeDescription *group_at ));
+typedef int (BI_acl_attribute) LDAP_P(( struct slap_op *op, Entry *target,
+ struct berval *entry_ndn, AttributeDescription *entry_at,
+ BerVarray *vals, slap_access_t access ));
#endif /* SLAP_OVERLAY_ACCESS */
typedef int (BI_connection_init) LDAP_P(( BackendDB *bd,
typedef ID (BI_tool_entry_modify) LDAP_P(( BackendDB *be, Entry *e,
struct berval *text ));
-struct ConfigTable; /* config.h */
-
struct slap_backend_info {
char *bi_type; /* type of backend */
BI_has_subordinates *bi_has_subordinates;
#ifdef SLAP_OVERLAY_ACCESS
BI_access_allowed *bi_access_allowed;
+ BI_acl_group *bi_acl_group;
+ BI_acl_attribute *bi_acl_attribute;
#endif /* SLAP_OVERLAY_ACCESS */
BI_connection_init *bi_connection_init;
slap_mask_t bi_flags; /* backend flags */
#define SLAP_BFLAG_MONITOR 0x0001U /* a monitor backend */
#define SLAP_BFLAG_CONFIG 0x0002U /* a config backend */
+#define SLAP_BFLAG_FRONTEND 0x0004U /* the frontendDB */
#define SLAP_BFLAG_NOLASTMODCMD 0x0010U
#define SLAP_BFLAG_INCREMENT 0x0100U
#define SLAP_BFLAG_ALIASES 0x1000U
#define SLAP_BFLAGS(be) ((be)->bd_info->bi_flags)
#define SLAP_MONITOR(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR)
#define SLAP_CONFIG(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_CONFIG)
+#define SLAP_FRONTEND(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_FRONTEND)
#define SLAP_INCREMENT(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_INCREMENT)
#define SLAP_ALIASES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES)
#define SLAP_REFERRALS(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS)
char bi_ctrls[SLAP_MAX_CIDS + 1];
unsigned int bi_nDB; /* number of databases of this type */
- struct ConfigTable *bi_cf_table;
+ struct ConfigOCs *bi_cf_ocs;
void *bi_private; /* anything the backend type needs */
LDAP_STAILQ_ENTRY(slap_backend_info) bi_next ;
};
struct slap_overinfo;
+typedef enum slap_operation_e {
+ op_bind = 0,
+ op_unbind,
+ op_search,
+ op_compare,
+ op_modify,
+ op_modrdn,
+ op_add,
+ op_delete,
+ op_abandon,
+ op_cancel,
+ op_extended,
+ op_aux_operational,
+ op_aux_chk_referrals,
+ op_aux_chk_controls,
+ op_last
+} slap_operation_t;
+
typedef struct slap_overinst {
BackendInfo on_bi;
slap_response *on_response;
typedef struct slap_overinfo {
BackendInfo oi_bi;
BackendInfo *oi_orig;
+ BackendDB *oi_origdb;
struct slap_overinst *oi_list;
} slap_overinfo;
int sc_preRead;
int sc_postRead;
int sc_proxyAuthz;
+ int sc_manageDIT;
int sc_manageDSAit;
int sc_modifyIncrement;
int sc_noOp;
char oh_log_prefix[sizeof("conn=18446744073709551615 op=18446744073709551615")];
#ifdef LDAP_SLAPI
- void *oh_pb; /* NS-SLAPI plugin */
void *oh_extensions; /* NS-SLAPI plugin */
#endif
} Opheader;
#define o_log_prefix o_hdr->oh_log_prefix
-#ifdef LDAP_SLAPI
-#define o_pb o_hdr->oh_pb
-#define o_extensions o_hdr->oh_extensions
-#endif
-
ber_tag_t o_tag; /* tag of the request */
time_t o_time; /* time op was initiated */
+ int o_tincr; /* counter for multiple ops with same o_time */
BackendDB *o_bd; /* backend DB processing this op */
struct berval o_req_dn; /* DN of target of request */
char o_do_not_cache; /* don't cache groups from this op */
char o_is_auth_check; /* authorization in progress */
+ char o_nocaching;
+ char o_delete_glue_parent;
+ char o_no_schema_check;
+#define get_no_schema_check(op) ((op)->o_no_schema_check)
+
#define SLAP_CONTROL_NONE 0
#define SLAP_CONTROL_IGNORED 1
#define SLAP_CONTROL_NONCRITICAL 2
char o_ctrlflag[SLAP_MAX_CIDS]; /* per-control flags */
void **o_controls; /* per-control state */
+#define o_managedit o_ctrlflag[slap_cids.sc_manageDIT]
+#define get_manageDIT(op) _SCM((op)->o_managedit)
+
#define o_managedsait o_ctrlflag[slap_cids.sc_manageDSAit]
#define get_manageDSAit(op) _SCM((op)->o_managedsait)
#define get_domainScope(op) (0)
#endif
-#ifdef LDAP_CONTROL_X_TREE_DELETE
+#ifdef SLAP_CONTROL_X_TREE_DELETE
#define o_tree_delete o_ctrlflag[slap_cids.sc_treeDelete]
#define get_treeDelete(op) ((int)(op)->o_tree_delete)
#else
BerElement *o_res_ber; /* ber of the CLDAP reply or readback control */
slap_callback *o_callback; /* callback pointers */
LDAPControl **o_ctrls; /* controls */
+ struct berval o_csn;
void *o_private; /* anything the backend needs */
LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */
- int o_nocaching;
- int o_delete_glue_parent;
-
} Operation;
-#define OPERATION_BUFFER_SIZE (sizeof(Operation)+sizeof(Opheader)+SLAP_MAX_CIDS*sizeof(void *))
+#define OPERATION_BUFFER_SIZE ( sizeof(Operation) + sizeof(Opheader) + \
+ SLAP_MAX_CIDS*sizeof(void *) )
+
+typedef LBER_ALIGNED_BUFFER(operation_buffer_u,OPERATION_BUFFER_SIZE)
+ OperationBuffer;
#define send_ldap_error( op, rs, err, text ) do { \
(rs)->sr_err = err; (rs)->sr_text = text; \
int c_struct_state; /* structure management state */
int c_conn_state; /* connection state */
int c_conn_idx; /* slot in connections array */
+ const char *c_close_reason; /* why connection is closing */
ldap_pvt_thread_mutex_t c_mutex; /* protect the connection */
Sockbuf *c_sb; /* ber connection stuff */
/* authorization backend */
Backend *c_authz_backend;
+ void *c_authz_cookie;
+#define SLAP_IS_AUTHZ_BACKEND( op ) \
+ ( (op)->o_bd != NULL \
+ && (op)->o_bd->be_private != NULL \
+ && (op)->o_conn != NULL \
+ && (op)->o_conn->c_authz_backend != NULL \
+ && ( (op)->o_bd->be_private == (op)->o_conn->c_authz_backend->be_private \
+ || (op)->o_bd->be_private == (op)->o_conn->c_authz_cookie ) )
AuthorizationInformation c_authz;
#ifdef LDAP_CONNECTIONLESS
int sl_is_udp; /* UDP listener is also data port */
#endif
- int sl_is_mute; /* Listening is temporarily disabled */
+ int sl_mute; /* Listener is temporarily disabled due to emfile */
+#ifdef SLAP_LIGHTWEIGHT_DISPATCHER
+ int sl_busy; /* Listener is busy (accept thread activated */
+#endif
ber_socket_t sl_sd;
Sockaddr sl_sa;
#define sl_addr sl_sa.sa_in_addr
};
-#ifdef SLAPD_MONITOR
/*
* Operation indices
*/
SLAP_OP_EXTENDED,
SLAP_OP_LAST
};
-#endif /* SLAPD_MONITOR */
typedef struct slap_counters_t {
ldap_pvt_thread_mutex_t sc_sent_mutex;
#define SLAP_CTRL_HIDE 0x80000000U
#endif
+#define SLAP_CTRL_REQUIRES_ROOT 0x40000000U /* for ManageDIT */
+
#define SLAP_CTRL_GLOBAL 0x00800000U
#define SLAP_CTRL_GLOBAL_SEARCH 0x00010000U /* for NOOP */
projects / openldap / blobdiff