#ifndef _SLAP_H_
#define _SLAP_H_
+#define USE_LDAP_DN_PARSING
+
#include "ldap_defaults.h"
#include <ac/stdlib.h>
#include <ldap_schema.h>
#include "ldap_pvt_thread.h"
-#include "ldif.h"
LDAP_BEGIN_DECL
#define FILTER_ESCAPE(c) ( (c) == '*' || (c) == '\\' \
|| (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) )
+#define DN_ESCAPE(c) ((c) == SLAP_ESCAPE_CHAR)
#define DN_SEPARATOR(c) ((c) == ',' || (c) == ';')
#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */
#define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c))
#define SLAP_INDEX_SUBSTR_MAXLEN 4
#define SLAP_INDEX_SUBSTR_STEP 2
-#define SLAP_INDEX_FLAGS 0xF000UL
-#define SLAP_INDEX_SUBTYPES 0x1000UL /* use index with subtypes */
-#define SLAP_INDEX_AUTO_SUBTYPES 0x2000UL /* use mask with subtypes */
-#define SLAP_INDEX_LANG 0x4000UL /* use index with lang subtypes */
-#define SLAP_INDEX_AUTO_LANG 0x8000UL /* use mask with lang subtypes */
+#define SLAP_INDEX_FLAGS 0xF000UL
+#define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */
+#define SLAP_INDEX_NOLANG 0x2000UL /* don't use index w/ lang */
+#define SLAP_INDEX_AUTO_SUBTYPES 0x4000UL /* use mask with lang subtypes */
/*
* there is a single index for each attribute. these prefixes ensure
#define SLAP_SCHERR_NOT_SUPPORTED 15
#define SLAP_SCHERR_BAD_DESCR 16
+typedef union slap_sockaddr {
+ struct sockaddr sa_addr;
+ struct sockaddr_in sa_in_addr;
+#ifdef LDAP_PF_INET6
+ struct sockaddr_in6 sa_in6_addr;
+#endif
+#ifdef LDAP_PF_LOCAL
+ struct sockaddr_un sa_un_addr;
+#endif
+} Sockaddr;
+
typedef struct slap_oid_macro {
struct berval som_oid;
char **som_names;
#define SLAP_MR_EXT 0x0800U
#define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U )
+#define SLAP_MR_DN_FOLD 0x0008U
#define SLAP_MR_SUBSTR_INITIAL ( SLAP_MR_SUBSTR | 0x0010U )
#define SLAP_MR_SUBSTR_ANY ( SLAP_MR_SUBSTR | 0x0020U )
#define SLAP_MR_SUBSTR_FINAL ( SLAP_MR_SUBSTR | 0x0040U )
-/* this is used to kludge objectClass testing */
-#define SLAP_MR_MODIFY_MATCHING 0x0001U
+/*
+ * normally the provided value is expected to conform to
+ * assertion syntax specified in the matching rule, however
+ * at times (such as during individual value modification),
+ * the provided value is expected to conform to the
+ * attribute's value syntax.
+ */
+#define SLAP_MR_ASSERTION_SYNTAX_MATCH 0x0000U
+#define SLAP_MR_VALUE_SYNTAX_MATCH 0x0001U
+#define SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH 0x0003U
+
+#define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \
+ (!((usage) & SLAP_MR_VALUE_SYNTAX_MATCH))
+#define SLAP_IS_MR_VALUE_SYNTAX_MATCH( usage ) \
+ ((usage) & SLAP_MR_VALUE_SYNTAX_MATCH)
+
+#define SLAP_IS_MR_VALUE_SYNTAX_CONVERTED_MATCH( usage ) \
+ (((usage) & SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH) \
+ == SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH)
+#define SLAP_IS_MR_VALUE_SYNTAX_NONCONVERTED_MATCH( usage ) \
+ (((usage) & SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH) \
+ == SLAP_MR_VALUE_SYNTAX_MATCH)
Syntax *smr_syntax;
slap_mr_convert_func *smr_convert;
#define smr_extensions smr_mrule.mr_extensions
} MatchingRule;
+struct slap_attr_desc;
+
typedef struct slap_attribute_type {
- char *sat_cname;
LDAPAttributeType sat_atype;
+ struct berval sat_cname;
struct slap_attribute_type *sat_sup;
struct slap_attribute_type **sat_subtypes;
MatchingRule *sat_equality;
MatchingRule *sat_ordering;
MatchingRule *sat_substr;
Syntax *sat_syntax;
+ struct slap_attr_desc *sat_ad;
struct slap_attribute_type *sat_next;
+ ldap_pvt_thread_mutex_t sat_ad_mutex;
#define sat_oid sat_atype.at_oid
#define sat_names sat_atype.at_names
#define sat_desc sat_atype.at_desc
* represents a recognized attribute description ( type + options )
*/
typedef struct slap_attr_desc {
- struct berval *ad_cname; /* canonical name, must be specified */
+ struct slap_attr_desc *ad_next;
AttributeType *ad_type; /* attribute type, must be specified */
- char *ad_lang; /* NULL if no language tags */
+ struct berval ad_cname; /* canonical name, must be specified */
+ struct berval ad_lang; /* empty if no language tags */
unsigned ad_flags;
#define SLAP_DESC_NONE 0x0U
#define SLAP_DESC_BINARY 0x1U
} AttributeDescription;
-#define slap_ad_is_lang(ad) ( (ad)->ad_lang != NULL )
+#define slap_ad_is_lang(ad) ( (ad)->ad_lang.bv_len != 0 )
#define slap_ad_is_binary(ad) ( (int)((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
/*
/* operational attribute descriptions */
AttributeDescription *si_ad_structuralObjectClass;
+ AttributeDescription *si_ad_entryUUID;
+ AttributeDescription *si_ad_entryCSN;
AttributeDescription *si_ad_creatorsName;
AttributeDescription *si_ad_createTimestamp;
AttributeDescription *si_ad_modifiersName;
AttributeDescription *si_ad_supportedExtension;
AttributeDescription *si_ad_supportedLDAPVersion;
AttributeDescription *si_ad_supportedSASLMechanisms;
+ AttributeDescription *si_ad_supportedFeatures;
/* subschema subentry attribute descriptions */
AttributeDescription *si_ad_objectClasses;
/* Undefined Attribute Type */
AttributeType *si_at_undefined;
+
+ /* Matching Rules */
+ MatchingRule *si_mr_distinguishedNameMatch;
+ MatchingRule *si_mr_integerMatch;
+
+ /* Syntaxes */
+ Syntax *si_syn_distinguishedName;
+ Syntax *si_syn_integer;
};
typedef struct slap_attr_assertion {
struct berval *ma_value; /* required */
} MatchingRuleAssertion;
-
/*
* represents a search filter
*/
#define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2)
#define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3)
-
union f_un_u {
/* precomputed result */
ber_int_t f_un_result;
#define SLAP_TRUNCATE_MODE 0x0100
+struct slap_replica_info {
+ char *ri_host; /* supersedes be_replica */
+ char **ri_nsuffix; /* array of suffixes this replica accepts */
+};
+
+struct slap_limits_set {
+ /* time limits */
+ int lms_t_soft;
+ int lms_t_hard;
+
+ /* size limits */
+ int lms_s_soft;
+ int lms_s_hard;
+ int lms_s_unchecked;
+};
+
+struct slap_limits {
+ int lm_type; /* type of pattern */
+#define SLAP_LIMITS_UNDEFINED 0x0000
+#define SLAP_LIMITS_EXACT 0x0001
+#define SLAP_LIMITS_BASE SLAP_LIMITS_EXACT
+#define SLAP_LIMITS_ONE 0x0002
+#define SLAP_LIMITS_SUBTREE 0x0003
+#define SLAP_LIMITS_CHILDREN 0x0004
+#define SLAP_LIMITS_REGEX 0x0005
+#define SLAP_LIMITS_ANONYMOUS 0x0006
+#define SLAP_LIMITS_USERS 0x0007
+ regex_t lm_dn_regex; /* regex data for REGEX */
+ struct berval *lm_dn_pat; /* ndn for EXACT, BASE, ONE, SUBTREE,
+ * CHILDREN; pattern for REGEX; NULL
+ * for ANONYMOUS, USERS */
+ struct slap_limits_set lm_limits;
+};
+
/* temporary aliases */
typedef BackendDB Backend;
#define nbackends nBackendDB
char *be_root_ndn; /* the magic "root" normalized dn for this db */
struct berval be_root_pw; /* the magic "root" password for this db */
unsigned int be_max_deref_depth; /* limit for depth of an alias deref */
- int be_sizelimit; /* size limit for this backend */
- int be_timelimit; /* time limit for this backend */
+#define be_sizelimit be_def_limit.lms_s_soft
+#define be_timelimit be_def_limit.lms_t_soft
+ struct slap_limits_set be_def_limit; /* default limits */
+ struct slap_limits **be_limits; /* regex-based size and time limits */
AccessControl *be_acl; /* access control list for this backend */
slap_access_t be_dfltaccess; /* access given if no acl matches */
- char **be_replica; /* replicas of this backend (in master) */
+ struct slap_replica_info **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
char *be_update_ndn; /* allowed to make changes (in replicas) */
struct berval **be_update_refs; /* where to refer modifying clients to */
typedef struct slap_op {
ber_int_t o_opid; /* id of this operation */
ber_int_t o_msgid; /* msgid of the request */
+#ifdef LDAP_CONNECTIONLESS
+ Sockaddr o_peeraddr; /* UDP peer address */
+#endif
ldap_pvt_thread_t o_tid; /* thread handling this op */
void *o_private; /* anything the backend needs */
} Operation;
+/*
+ * Caches the result of a backend_group check for ACL evaluation
+ */
+typedef struct slap_gacl {
+ struct slap_gacl *next;
+ Backend *be;
+ ObjectClass *oc;
+ AttributeDescription *at;
+ int res;
+ int len;
+ char ndn[1];
+} GroupAssertion;
+
/*
* represents a connection from an ldap client
*/
Backend *c_authz_backend;
AuthorizationInformation c_authz;
+ GroupAssertion *c_groups;
ber_int_t c_protocol; /* version of the LDAP protocol used by client */
BerElement *c_currentber; /* ber we're attempting to read */
int c_writewaiter; /* true if writer is waiting */
+#ifdef LDAP_CONNECTIONLESS
+ int c_is_udp; /* true if this is (C)LDAP over UDP */
+#endif
#ifdef HAVE_TLS
int c_is_tls; /* true if this LDAP over raw TLS */
int c_needs_tls_accept; /* true if SSL_accept should be called */