X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=56e732d5e452606182c646c4cd1e64628fc7bb12;hb=740f1b422edc48c9eeed8346c45872a63b683370;hp=e34f4e38f312a413cfd28843379b1907f51538d6;hpb=2660d0b42f6467dcd9043bd4666110e7f3d4b218;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index e34f4e38f3..56e732d5e4 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1,4 +1,8 @@ /* slap.h - stand alone ldap server include file */ +/* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ #ifndef _SLDAPD_H_ #define _SLDAPD_H_ @@ -9,6 +13,11 @@ #include #include #include +#include + +#ifdef HAVE_CYRUS_SASL +#include +#endif #include "avl.h" @@ -19,10 +28,8 @@ #include "ldap_log.h" -#include "lber.h" -#include "ldap.h" - -#include "ldap_schema.h" +#include +#include #include "ldap_pvt_thread.h" #include "ldif.h" @@ -44,8 +51,10 @@ LDAP_BEGIN_DECL */ #define LDAP_MOD_SOFTADD 0x1000 +#ifdef DNS_DN #define DN_DNS 0 #define DN_X500 1 +#endif #define ON 1 #define OFF (-1) @@ -53,9 +62,25 @@ LDAP_BEGIN_DECL #define MAXREMATCHES 10 +/* XXYYZ: these macros assume 'x' is an ASCII x */ #define DNSEPARATOR(c) ((c) == ',' || (c) == ';') #define SEPARATOR(c) ((c) == ',' || (c) == ';' || (c) == '+') #define SPACE(c) ((c) == ' ' || (c) == '\n') + +#define ASCII_LOWER(c) ( (c) >= 'a' && (c) <= 'z' ) +#define ASCII_UPPER(c) ( (c) >= 'A' && (c) <= 'Z' ) +#define ASCII_ALPHA(c) ( ASCII_LOWER(c) || ASCII_UPPER(c) ) +#define ASCII_DIGIT(c) ( (c) >= '0' && (c) <= '9' ) +#define ASCII_ALNUM(c) ( ASCII_ALPHA(c) || ASCII_DIGIT(c) ) + +#define LEADKEYCHAR(c) ( ASCII_ALPHA(c) ) +#define KEYCHAR(c) ( ASCII_ALNUM(c) || (c) == '-' ) +#define LEADOIDCHAR(c) ( ASCII_DIGIT(c) ) +#define OIDCHAR(c) ( ASCII_DIGIT(c) || (c) == '.' ) + +#define LEADATTRCHAR(c) ( LEADKEYCHAR(c) || LEADOIDCHAR(c) ) +#define ATTRCHAR(c) ( KEYCHAR((c)) || (c) == '.' ) + #define NEEDSESCAPE(c) ((c) == '\\' || (c) == '"') #define SLAP_SCHERR_OUTOFMEM 1 @@ -76,18 +101,31 @@ extern int slap_debug; struct slap_op; struct slap_conn; +struct replog_moddn { + char *newrdn; + int deloldrdn; + char *newsup; +}; + /* * represents an attribute value assertion (i.e., attr=value) */ -typedef struct ava { +typedef struct slap_ava { char *ava_type; struct berval ava_value; } Ava; +typedef struct slap_mra { + char *mra_rule; + char *mra_type; + char *mra_value; + int mra_dnattrs; +} Mra; + /* * represents a search filter */ -typedef struct filter { +typedef struct slap_filter { ber_tag_t f_choice; /* values taken from ldap.h */ union f_un_u { @@ -97,8 +135,11 @@ typedef struct filter { /* equality, lessorequal, greaterorequal, approx */ Ava f_un_ava; + /* extensible */ + Mra f_un_fra; + /* and, or, not */ - struct filter *f_un_complex; + struct slap_filter *f_un_complex; /* substrings */ struct sub { @@ -112,6 +153,10 @@ typedef struct filter { #define f_ava f_un.f_un_ava #define f_avtype f_un.f_un_ava.ava_type #define f_avvalue f_un.f_un_ava.ava_value +#define f_mra f_un.f_un_mra +#define f_mrtype f_un.f_un_mra.mra_type +#define f_mrvalue f_un.f_un_mra.mra_value +#define f_mrdnaddrs f_un.f_un_mra.mra_dnattrs #define f_and f_un.f_un_complex #define f_or f_un.f_un_complex #define f_not f_un.f_un_complex @@ -122,17 +167,17 @@ typedef struct filter { #define f_sub_any f_un.f_un_sub.f_un_sub_any #define f_sub_final f_un.f_un_sub.f_un_sub_final - struct filter *f_next; + struct slap_filter *f_next; } Filter; /* * represents an attribute (type + values + syntax) */ -typedef struct attr { +typedef struct slap_attr { char *a_type; struct berval **a_vals; int a_syntax; - struct attr *a_next; + struct slap_attr *a_next; } Attribute; /* @@ -149,12 +194,12 @@ typedef struct attr { * the id used in the indexes to refer to an entry */ typedef unsigned long ID; -#define NOID ((unsigned long)~0) +#define NOID ((ID)~0) /* * represents an entry in core */ -typedef struct entry { +typedef struct slap_entry { /* * The ID field should only be changed before entry is * inserted into a cache. The ID value is backend @@ -175,41 +220,76 @@ typedef struct entry { */ /* the "by" part */ -struct access { -#define ACL_NONE 0x01 -#define ACL_COMPARE 0x02 -#define ACL_SEARCH 0x04 -#define ACL_READ 0x08 -#define ACL_WRITE 0x10 -#define ACL_SELF 0x40 +typedef struct slap_access { + +#define ACL_NONE 0x0001 +#define ACL_AUTH 0x0004 +#define ACL_COMPARE 0x0008 +#define ACL_SEARCH 0x0010 +#define ACL_READ 0x0020 +#define ACL_WRITE 0x0040 +#define ACL_PRIV_MASK 0x00ff + +#define ACL_SELF 0x4000 +#define ACL_INVALID (-1) + +#define ACL_IS(a,lvl) (((a) & (lvl)) == (lvl)) + +#define ACL_IS_NONE(a) ACL_IS((a),ACL_SELF) +#define ACL_IS_AUTH(a) ACL_IS((a),ACL_AUTH) +#define ACL_IS_COMPARE(a) ACL_IS((a),ACL_COMPARE) +#define ACL_IS_SEARCH(a) ACL_IS((a),ACL_SEARCH) +#define ACL_IS_READ(a) ACL_IS((a),ACL_READ) +#define ACL_IS_WRITE(a) ACL_IS((a),ACL_WRITE) +#define ACL_IS_SELF(a) ACL_IS((a),ACL_SELF) +#define ACL_IS_INVALID(a) ((a) == ACL_INVALID) + +#define ACL_CLR(a) ((a) = 0) +#define ACL_SET(a,lvl) ((a) |= (lvl)) +#define ACL_SET_NONE(a) ACL_SET((a),ACL_SELF) +#define ACL_SET_AUTH(a) ACL_SET((a),ACL_AUTH) +#define ACL_SET_COMPARE(a) ACL_SET((a),ACL_COMPARE) +#define ACL_SET_SEARCH(a) ACL_SET((a),ACL_SEARCH) +#define ACL_SET_READ(a) ACL_SET((a),ACL_READ) +#define ACL_SET_WRITE(a) ACL_SET((a),ACL_WRITE) +#define ACL_SET_SELF(a) ACL_SET((a),ACL_SELF) +#define ACL_SET_INVALID(a) ((a) = ACL_INVALID) + +#define ACL_PRIV(a) ((a) & ACL_PRIV_MASK) +#define ACL_GRANT(a,lvl) (ACL_PRIV(a) >= (lvl)) + int a_access; - char *a_dnpat; - char *a_addrpat; - char *a_domainpat; - char *a_dnattr; + char *a_dn_pat; + char *a_dn_at; -#ifdef SLAPD_ACLGROUPS - char *a_group; - char *a_objectclassvalue; - char *a_groupattrname; -#endif - struct access *a_next; -}; + char *a_peername_pat; + char *a_sockname_pat; + + char *a_domain_pat; + char *a_sockurl_pat; + + /* ACL Groups */ + char *a_group_pat; + char *a_group_oc; + char *a_group_at; + + struct slap_access *a_next; +} Access; /* the "to" part */ -struct acl { +typedef struct slap_acl { /* "to" part: the entries this acl applies to */ Filter *acl_filter; - regex_t acl_dnre; - char *acl_dnpat; + regex_t acl_dn_re; + char *acl_dn_pat; char **acl_attrs; /* "by" part: list of who has what access to the entries */ - struct access *acl_access; + Access *acl_access; - struct acl *acl_next; -}; + struct slap_acl *acl_next; +} AccessControl; /* * A list of LDAPMods @@ -300,8 +380,8 @@ typedef struct slap_object_class { * represents a backend */ -typedef struct backend_info BackendInfo; /* per backend type */ -typedef struct backend_db BackendDB; /* per backend database */ +typedef struct slap_backend_info BackendInfo; /* per backend type */ +typedef struct slap_backend_db BackendDB; /* per backend database */ extern int nBackendInfo; extern int nBackendDB; @@ -322,7 +402,7 @@ typedef BackendDB Backend; #define nbackends nBackendDB #define backends backendDB -struct backend_db { +struct slap_backend_db { BackendInfo *bd_info; /* pointer to shared backend info */ /* BackendInfo accessors */ @@ -348,25 +428,28 @@ struct backend_db { /* these should be renamed from be_ to bd_ */ char **be_suffix; /* the DN suffixes of data in this backend */ char **be_nsuffix; /* the normalized DN suffixes in this backend */ - char **be_suffixAlias; /* the DN suffix aliases of data in this backend */ + char **be_suffixAlias; /* pairs of DN suffix aliases and deref values */ char *be_root_dn; /* the magic "root" dn for this db */ char *be_root_ndn; /* the magic "root" normalized dn for this db */ char *be_root_pw; /* the magic "root" password for this db */ int be_readonly; /* 1 => db is in "read only" mode */ - int be_maxDerefDepth; /* limit for depth of an alias deref */ + unsigned int be_max_deref_depth; /* limit for depth of an alias deref */ int be_sizelimit; /* size limit for this backend */ int be_timelimit; /* time limit for this backend */ - struct acl *be_acl; /* access control list for this backend */ + AccessControl *be_acl; /* access control list for this backend */ int be_dfltaccess; /* access given if no acl matches */ char **be_replica; /* replicas of this backend (in master) */ char *be_replogfile; /* replication log file (in master) */ char *be_update_ndn; /* allowed to make changes (in replicas) */ + struct berval **be_update_refs; /* where to refer modifying clients to */ int be_lastmod; /* keep track of lastmodified{by,time} */ + char *be_realm; + void *be_private; /* anything the backend database needs */ }; -struct backend_info { +struct slap_backend_info { char *bi_type; /* type of backend */ /* @@ -427,7 +510,8 @@ struct backend_info { /* LDAP Operations Handling Routines */ int (*bi_op_bind) LDAP_P(( BackendDB *bd, struct slap_conn *c, struct slap_op *o, - char *dn, int method, struct berval *cred, char** edn )); + char *dn, int method, char* mechanism, + struct berval *cred, char** edn )); int (*bi_op_unbind) LDAP_P((BackendDB *bd, struct slap_conn *c, struct slap_op *o )); int (*bi_op_search) LDAP_P((BackendDB *bd, @@ -452,18 +536,16 @@ struct backend_info { int (*bi_op_delete) LDAP_P((BackendDB *bd, struct slap_conn *c, struct slap_op *o, char *dn)); - /* Bug: be_op_abandon in unused! */ int (*bi_op_abandon) LDAP_P((BackendDB *bd, struct slap_conn *c, struct slap_op *o, ber_int_t msgid)); /* Auxilary Functions */ int (*bi_entry_release_rw) LDAP_P((BackendDB *bd, Entry *e, int rw)); -#ifdef SLAPD_ACLGROUPS + int (*bi_acl_group) LDAP_P((Backend *bd, Entry *e, char *bdn, char *edn, char *objectclassValue, char *groupattrName )); -#endif int (*bi_connection_init) LDAP_P((BackendDB *bd, struct slap_conn *c)); @@ -489,13 +571,20 @@ typedef struct slap_op { ber_tag_t o_tag; /* tag of the request */ time_t o_time; /* time op was initiated */ + + int o_bind_in_progress; /* multi-step bind in progress */ + char *o_dn; /* dn bound when op was initiated */ char *o_ndn; /* normalized dn bound when op was initiated */ + ber_int_t o_protocol; /* version of the LDAP protocol used by client */ ber_tag_t o_authtype; /* auth method used to bind dn */ /* values taken from ldap.h */ /* LDAP_AUTH_* */ + char *o_authmech; /* SASL mechanism used to bind dn */ -/* long o_connid; *//* id of conn initiating this op */ + LDAPControl **o_ctrls; /* controls */ + + unsigned long o_connid; /* id of conn initiating this op */ #ifdef LDAP_CONNECTIONLESS int o_cldap; /* != 0 if this came in via CLDAP */ @@ -525,14 +614,25 @@ typedef struct slap_conn { time_t c_starttime; /* when the connection was opened */ time_t c_activitytime; /* when the connection was last used */ unsigned long c_connid; /* id of this connection for stats*/ - char *c_client_addr; /* address of client */ - char *c_client_name; /* name of client */ + + char *c_listener_url; /* listener URL */ + char *c_peer_domain; /* DNS name of client */ + char *c_peer_name; /* peer name (trans=addr:port) */ + char *c_sock_name; /* sock name (trans=addr:port) */ + +#ifdef HAVE_CYRUS_SASL + sasl_conn_t *c_sasl_context; +#endif /* only can be changed by binding thread */ + int c_bind_in_progress; /* multi-op bind in progress */ + char *c_cdn; /* DN provided by the client */ char *c_dn; /* DN bound to this conn */ ber_int_t c_protocol; /* version of the LDAP protocol used by client */ - ber_tag_t c_authtype; /* auth method used to bind c_dn */ + ber_tag_t c_authtype;/* auth method used to bind c_dn */ + char *c_authmech; /* SASL mechanism used to bind c_dn */ + void *c_authstate; /* SASL state data */ Operation *c_ops; /* list of operations being processed */ Operation *c_pending_ops; /* list of pending operations */ @@ -543,10 +643,19 @@ typedef struct slap_conn { BerElement *c_currentber; /* ber we're attempting to read */ int c_writewaiter; /* true if writer is waiting */ +#ifdef HAVE_TLS + int c_is_tls; /* true if this LDAP over raw TLS */ + int c_needs_tls_accept; /* true if SSL_accept should be called */ +#endif + long c_n_ops_received; /* num of ops received (next op_id) */ long c_n_ops_executing; /* num of ops currently executing */ long c_n_ops_pending; /* num of ops pending execution */ long c_n_ops_completed; /* num of ops completed */ + + long c_n_get; /* num of get calls */ + long c_n_read; /* num of read calls */ + long c_n_write; /* num of write calls */ } Connection; #if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG)