X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=96f7747cdc61507b7078e96ddab5161b98aae9c7;hb=d6449b1d57964b189259f7388f03418fb09e3000;hp=9bf1b8dd1f78ff03517395bb8a1d4cb8ca59a72d;hpb=41e8195c2eb32bc1c80322c591f44c5b678fc0c2;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 9bf1b8dd1f..96f7747cdc 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -69,7 +70,7 @@ LDAP_BEGIN_DECL */ #define SLAP_MOD_SOFTADD 0x1000 -#define MAXREMATCHES (10) +#define MAXREMATCHES (100) #define SLAP_MAX_WORKER_THREADS (32) @@ -136,7 +137,10 @@ LDAP_BEGIN_DECL #define SLAPD_ROLE_ATTR "roleOccupant" #define SLAPD_ROLE_CLASS "organizationalRole" +#ifdef SLAPD_ACI_ENABLED #define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" +#endif + #define SLAPD_OCTETSTRING_SYNTAX "1.3.6.1.4.1.1466.115.121.1.40" /* change this to "OpenLDAPset" */ @@ -214,24 +218,26 @@ typedef struct slap_ssf_set { /* * represents schema information for a database */ -#define SLAP_SCHERR_OUTOFMEM 1 -#define SLAP_SCHERR_CLASS_NOT_FOUND 2 -#define SLAP_SCHERR_CLASS_BAD_USAGE 3 -#define SLAP_SCHERR_ATTR_NOT_FOUND 4 -#define SLAP_SCHERR_ATTR_BAD_USAGE 5 -#define SLAP_SCHERR_DUP_CLASS 6 -#define SLAP_SCHERR_DUP_ATTR 7 -#define SLAP_SCHERR_DUP_SYNTAX 8 -#define SLAP_SCHERR_DUP_RULE 9 -#define SLAP_SCHERR_NO_NAME 10 -#define SLAP_SCHERR_ATTR_INCOMPLETE 11 -#define SLAP_SCHERR_MR_NOT_FOUND 12 -#define SLAP_SCHERR_SYN_NOT_FOUND 13 -#define SLAP_SCHERR_MR_INCOMPLETE 14 -#define SLAP_SCHERR_NOT_SUPPORTED 15 -#define SLAP_SCHERR_BAD_DESCR 16 -#define SLAP_SCHERR_OIDM 17 -#define SLAP_SCHERR_LAST SLAP_SCHERR_OIDM +#define SLAP_SCHERR_OUTOFMEM 1 +#define SLAP_SCHERR_CLASS_NOT_FOUND 2 +#define SLAP_SCHERR_CLASS_BAD_USAGE 3 +#define SLAP_SCHERR_CLASS_BAD_SUP 4 +#define SLAP_SCHERR_CLASS_DUP 5 +#define SLAP_SCHERR_ATTR_NOT_FOUND 6 +#define SLAP_SCHERR_ATTR_BAD_USAGE 7 +#define SLAP_SCHERR_ATTR_BAD_SUP 8 +#define SLAP_SCHERR_ATTR_INCOMPLETE 9 +#define SLAP_SCHERR_ATTR_DUP 10 +#define SLAP_SCHERR_MR_NOT_FOUND 11 +#define SLAP_SCHERR_MR_INCOMPLETE 12 +#define SLAP_SCHERR_MR_DUP 13 +#define SLAP_SCHERR_SYN_NOT_FOUND 14 +#define SLAP_SCHERR_SYN_DUP 15 +#define SLAP_SCHERR_NO_NAME 16 +#define SLAP_SCHERR_NOT_SUPPORTED 17 +#define SLAP_SCHERR_BAD_DESCR 18 +#define SLAP_SCHERR_OIDM 19 +#define SLAP_SCHERR_LAST SLAP_SCHERR_OIDM typedef union slap_sockaddr { struct sockaddr sa_addr; @@ -244,6 +250,10 @@ typedef union slap_sockaddr { #endif } Sockaddr; +#ifdef LDAP_PF_INET6 +extern int slap_inet4or6; +#endif + typedef struct slap_oid_macro { struct berval som_oid; char **som_names; @@ -297,6 +307,18 @@ typedef struct slap_syntax { #define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER) #define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE) +typedef struct slap_syntax_defs_rec { + char *sd_desc; + int sd_flags; + slap_syntax_validate_func *sd_validate; + slap_syntax_transform_func *sd_normalize; + slap_syntax_transform_func *sd_pretty; +#ifdef SLAPD_BINARY_CONVERSION + slap_syntax_transform_func *sd_ber2str; + slap_syntax_transform_func *sd_str2ber; +#endif +} slap_syntax_defs_rec; + /* X -> Y Converter */ typedef int slap_mr_convert_func LDAP_P(( struct berval * in, @@ -404,6 +426,18 @@ typedef struct slap_matching_rule { #define smr_extensions smr_mrule.mr_extensions } MatchingRule; +typedef struct slap_mrule_defs_rec { + char * mrd_desc; + slap_mask_t mrd_usage; + slap_mr_convert_func * mrd_convert; + slap_mr_normalize_func * mrd_normalize; + slap_mr_match_func * mrd_match; + slap_mr_indexer_func * mrd_indexer; + slap_mr_filter_func * mrd_filter; + + char * mrd_associated; +} slap_mrule_defs_rec; + struct slap_backend_db; struct slap_entry; struct slap_attr; @@ -427,6 +461,11 @@ typedef struct slap_attribute_type { Syntax *sat_syntax; AttributeTypeSchemaCheckFN *sat_check; + +#define SLAP_AT_NONE 0x0000U +#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */ +#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */ +#define SLAP_AT_HIDE 0x8000U /* hide attribute */ slap_mask_t sat_flags; struct slap_attribute_type *sat_next; @@ -485,13 +524,15 @@ typedef struct slap_object_class { struct slap_object_class *soc_next; } ObjectClass; -#define SLAP_OC_ALIAS 0x01 -#define SLAP_OC_REFERRAL 0x02 -#define SLAP_OC_SUBENTRY 0x04 -#define SLAP_OC_DYNAMICOBJECT 0x08 -#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x10 -#define SLAP_OC__MASK 0x1F -#define SLAP_OC__END 0x20 +#define SLAP_OC_ALIAS 0x0001 +#define SLAP_OC_REFERRAL 0x0002 +#define SLAP_OC_SUBENTRY 0x0004 +#define SLAP_OC_DYNAMICOBJECT 0x0008 +#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x0010 +#define SLAP_OC__MASK 0x001F +#define SLAP_OC__END 0x0020 +#define SLAP_OC_OPERATIONAL 0x4000 +#define SLAP_OC_HIDE 0x8000 #ifdef LDAP_EXTENDED_SCHEMA /* @@ -581,6 +622,7 @@ struct slap_internal_schema { AttributeDescription *si_ad_supportedLDAPVersion; AttributeDescription *si_ad_supportedSASLMechanisms; AttributeDescription *si_ad_supportedFeatures; + AttributeDescription *si_ad_monitorContext; AttributeDescription *si_ad_vendorName; AttributeDescription *si_ad_vendorVersion; @@ -605,6 +647,8 @@ struct slap_internal_schema { /* Access Control Internals */ AttributeDescription *si_ad_entry; AttributeDescription *si_ad_children; + AttributeDescription *si_ad_saslAuthzTo; + AttributeDescription *si_ad_saslAuthzFrom; #ifdef SLAPD_ACI_ENABLED AttributeDescription *si_ad_aci; #endif @@ -633,6 +677,7 @@ struct slap_internal_schema { MatchingRule *si_mr_integerMatch; /* Syntaxes */ + Syntax *si_syn_octetString; Syntax *si_syn_distinguishedName; Syntax *si_syn_integer; }; @@ -718,6 +763,32 @@ typedef struct slap_filter { /* compare routines can return undefined */ #define SLAPD_COMPARE_UNDEFINED ((ber_int_t) -1) +typedef struct slap_valuesreturnfilter { + ber_tag_t f_choice; + + union vrf_un_u { + /* precomputed result */ + ber_int_t f_un_result; + + /* DN */ + char *f_un_dn; + + /* present */ + AttributeDescription *f_un_desc; + + /* simple value assertion */ + AttributeAssertion *f_un_ava; + + /* substring assertion */ + SubstringsAssertion *f_un_ssa; + + /* matching rule assertion */ + MatchingRuleAssertion *f_un_mra; + } f_un; + + struct slap_valuesreturnfilter *f_next; +} ValuesReturnFilter; + /* * represents an attribute (description + values) */ @@ -907,6 +978,7 @@ typedef struct slap_access { slap_style_t a_dn_style; AttributeDescription *a_dn_at; int a_dn_self; + int a_dn_expand; slap_style_t a_peername_style; struct berval a_peername_pat; @@ -915,6 +987,8 @@ typedef struct slap_access { slap_style_t a_domain_style; struct berval a_domain_pat; + int a_domain_expand; + slap_style_t a_sockurl_style; struct berval a_sockurl_pat; slap_style_t a_set_style; @@ -948,6 +1022,26 @@ typedef struct slap_acl { struct slap_acl *acl_next; } AccessControl; +typedef struct slap_acl_state { + unsigned as_recorded; +#define ACL_STATE_NOT_RECORDED 0x0 +#define ACL_STATE_RECORDED_VD 0x1 +#define ACL_STATE_RECORDED_NV 0x2 +#define ACL_STATE_RECORDED 0x3 + + /* Access state */ + AccessControl *as_vd_acl; + slap_mask_t as_vd_acl_mask; + regmatch_t as_vd_acl_matches[MAXREMATCHES]; + int as_vd_acl_count; + + Access *as_vd_access; + int as_vd_access_count; + + int as_result; +} AccessControlState; +#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, 0UL, { { 0, 0 } }, 0, NULL, 0, 0 } + /* * replog moddn param structure */ @@ -980,7 +1074,9 @@ LDAP_SLAPD_V (int) slapMode; struct slap_replica_info { char *ri_host; /* supersedes be_replica */ - struct berval **ri_nsuffix; /* array of suffixes this replica accepts */ + BerVarray ri_nsuffix; /* array of suffixes this replica accepts */ + AttributeName *ri_attrs; /* attrs to replicate, NULL=all */ + int ri_exclude; /* 1 => exclude ri_attrs */ }; struct slap_limits_set { @@ -1005,6 +1101,7 @@ struct slap_limits { #define SLAP_LIMITS_REGEX 0x0005 #define SLAP_LIMITS_ANONYMOUS 0x0006 #define SLAP_LIMITS_USERS 0x0007 +#define SLAP_LIMITS_ANY 0x0008 regex_t lm_dn_regex; /* regex data for REGEX */ /* @@ -1103,7 +1200,9 @@ struct slap_backend_db { #define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */ #define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */ -#define SLAP_DISALLOW_BIND_KRBV4 0x0004U /* Kerberos V4 authentication */ +#define SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED \ + 0x0004U /* unprotected simple auth */ +#define SLAP_DISALLOW_BIND_KRBV4 0x0008U /* Kerberos V4 authentication */ #define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */ #define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */ @@ -1119,9 +1218,13 @@ struct slap_backend_db { slap_ssf_set_t be_ssf_set; /* these should be renamed from be_ to bd_ */ - struct berval **be_suffix; /* the DN suffixes of data in this backend */ - struct berval **be_nsuffix; /* the normalized DN suffixes in this backend */ - struct berval **be_suffixAlias; /* pairs of DN suffix aliases and deref values */ + BerVarray be_suffix; /* the DN suffixes of data in this backend */ + BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */ + BerVarray be_suffixAlias; /* pairs of DN suffix aliases and deref values */ +#ifdef SLAPD_SCHEMA_DN + struct berval be_schemadn; /* per-backend subschema subentry DN */ + struct berval be_schemandn; /* normalized subschema DN */ +#endif struct berval be_rootdn; /* the magic "root" name (DN) for this db */ struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */ struct berval be_rootpw; /* the magic "root" password for this db */ @@ -1137,7 +1240,6 @@ struct slap_backend_db { struct berval be_update_ndn; /* allowed to make changes (in replicas) */ BerVarray be_update_refs; /* where to refer modifying clients to */ char *be_realm; - void *be_private; /* anything the backend database needs */ }; @@ -1390,28 +1492,46 @@ typedef struct slap_callback { void *sc_private; } slap_callback; +/* + * Paged Results state + */ +typedef unsigned long PagedResultsCookie; +typedef struct slap_paged_state { + Backend *ps_be; + PagedResultsCookie ps_cookie; + ID ps_id; +} PagedResultsState; + /* * represents an operation pending from an ldap client */ typedef struct slap_op { - ber_int_t o_opid; /* id of this operation */ - ber_int_t o_msgid; /* msgid of the request */ + unsigned long o_opid; /* id of this operation */ + unsigned long o_connid; /* id of conn initiating this op */ + + ber_int_t o_msgid; /* msgid of the request */ ber_int_t o_protocol; /* version of the LDAP protocol used by client */ - ber_tag_t o_tag; /* tag of the request */ - time_t o_time; /* time op was initiated */ - unsigned long o_connid; /* id of conn initiating this op */ - ldap_pvt_thread_t o_tid; /* thread handling this op */ + ber_tag_t o_tag; /* tag of the request */ + time_t o_time; /* time op was initiated */ + + ldap_pvt_thread_t o_tid; /* thread handling this op */ + + volatile sig_atomic_t o_abandon; /* abandon flag */ + + char o_do_not_cache; /* don't cache from this op */ #define SLAP_NO_CONTROL 0 #define SLAP_NONCRITICAL_CONTROL 1 #define SLAP_CRITICAL_CONTROL 2 char o_managedsait; + char o_noop; char o_subentries; char o_subentries_visibility; - char o_noop; + char o_valuesreturnfilter; - char o_abandon; /* abandon flag */ - ldap_pvt_thread_mutex_t o_abandonmutex; /* protects o_abandon */ + char o_pagedresults; + ber_int_t o_pagedresults_size; + PagedResultsState o_pagedresults_state; #ifdef LDAP_CONNECTIONLESS Sockaddr o_peeraddr; /* UDP peer address */ @@ -1422,9 +1542,11 @@ typedef struct slap_op { slap_callback *o_callback; /* callback pointers */ LDAPControl **o_ctrls; /* controls */ + void *o_threadctx; /* thread pool thread context */ void *o_private; /* anything the backend needs */ LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */ + ValuesReturnFilter *vrFilter; /* Structure represents ValuesReturnFilter */ } Operation; #define get_manageDSAit(op) ((int)(op)->o_managedsait) @@ -1467,12 +1589,9 @@ typedef struct slap_conn { /* only can be changed by binding thread */ int c_sasl_bind_in_progress; /* multi-op bind in progress */ struct berval c_sasl_bind_mech; /* mech in progress */ - struct berval c_cdn; - - /* authentication backend */ - Backend *c_authc_backend; + struct berval c_sasl_dn; /* temporary storage */ - /* authorization backend - normally same as c_authc_backend */ + /* authorization backend */ Backend *c_authz_backend; AuthorizationInformation c_authz; @@ -1499,6 +1618,10 @@ typedef struct slap_conn { int c_sasl_layers; /* true if we need to install SASL i/o handlers */ void *c_sasl_context; /* SASL session context */ void *c_sasl_extra; /* SASL session extra stuff */ + struct slap_op *c_sasl_bindop; /* set to current op if it's a bind */ + ldap_pvt_thread_mutex_t c_sasl_bindmutex; /* lock for bindop */ + + PagedResultsState c_pagedresults_state; /* paged result state */ long c_n_ops_received; /* num of ops received (next op_id) */ long c_n_ops_executing; /* num of ops currently executing */ @@ -1523,19 +1646,6 @@ typedef struct slap_conn { #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) #endif - -#define SASLREGEX_REPLACE 10 -#define SASL_AUTHZ_SOURCE_ATTR "saslAuthzTo" -#define SASL_AUTHZ_DEST_ATTR "saslAuthzFrom" - -typedef struct sasl_regexp { - char *sr_match; /* regexp match pattern */ - char *sr_replace; /* regexp replace pattern */ - regex_t sr_workspace; /* workspace for regexp engine */ - regmatch_t sr_strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */ - int sr_offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */ -} SaslRegexp_t; - /* * listener; need to access it from monitor backend */ @@ -1553,6 +1663,25 @@ typedef struct slap_listener { #define sl_addr sl_sa.sa_in_addr } Listener; +#ifdef SLAPD_MONITOR +/* + * Operation indices + */ +enum { + SLAP_OP_BIND = 0, + SLAP_OP_UNBIND, + SLAP_OP_ADD, + SLAP_OP_DELETE, + SLAP_OP_MODRDN, + SLAP_OP_MODIFY, + SLAP_OP_COMPARE, + SLAP_OP_SEARCH, + SLAP_OP_ABANDON, + SLAP_OP_EXTENDED, + SLAP_OP_LAST +}; +#endif /* SLAPD_MONITOR */ + LDAP_END_DECL #include "proto-slap.h"