X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=9ebe047e77c619e80cb42e009966cd3062dd1bb7;hb=0f30fb0d8f0adbbb7b41fd455c57aa56d64c9853;hp=69007e65e907f3ddf31a18fa1c04323241f89937;hpb=3342ea3b4923df2c2560124a741d66d3012cb20a;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 69007e65e9..9ebe047e77 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -32,12 +32,11 @@ #include #include "ldap_pvt_thread.h" -#include "ldif.h" LDAP_BEGIN_DECL #define SERVICE_NAME OPENLDAP_PACKAGE "-slapd" -#define SLAPD_ANONYMOUS "" +#define SLAPD_ANONYMOUS "cn=anonymous" #ifdef f_next #undef f_next /* name conflict between sys/file.h on SCO and struct filter */ @@ -52,14 +51,15 @@ LDAP_BEGIN_DECL */ #define SLAP_MOD_SOFTADD 0x1000 -#define ON 1 +#define ON (1) #define OFF (-1) -#define UNDEFINED 0 +#define UNDEFINED (0) -#define MAXREMATCHES 10 +#define MAXREMATCHES (10) -#define SLAP_MAX_WORKER_THREADS 32 +#define SLAP_MAX_WORKER_THREADS (32) +#define SLAP_TEXT_BUFLEN (256) /* psuedo error code indicating abandoned operation */ #define SLAPD_ABANDON (-1) @@ -86,7 +86,8 @@ LDAP_BEGIN_DECL || (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) ) #define DN_SEPARATOR(c) ((c) == ',' || (c) == ';') -#define RDN_SEPARATOR(c) ((c) == ',' || (c) == ';' || (c) == '+') +#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */ +#define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c)) #define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"') #define DESC_LEADCHAR(c) ( ASCII_ALPHA(c) ) @@ -101,8 +102,17 @@ LDAP_BEGIN_DECL #define AD_LEADCHAR(c) ( ATTR_CHAR(c) ) #define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' ) +#define SLAP_NUMERIC(c) ( ASCII_DIGIT(c) || ASCII_SPACE(c) ) + +#define SLAP_PRINTABLE(c) ( ASCII_ALNUM(c) || (c) == '\'' || \ + (c) == '(' || (c) == ')' || (c) == '+' || (c) == ',' || \ + (c) == '-' || (c) == '.' || (c) == '/' || (c) == ':' || \ + (c) == '?' || (c) == ' ' || (c) == '=' ) +#define SLAP_PRINTABLES(c) ( SLAP_PRINTABLE(c) || (c) == '$' ) + /* must match in schema_init.c */ #define SLAPD_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12" +#define SLAPD_NAMEUID_SYNTAX "1.3.6.1.4.1.1466.115.121.1.34" #define SLAPD_GROUP_ATTR "member" #define SLAPD_GROUP_CLASS "groupOfNames" #define SLAPD_ROLE_ATTR "roleOccupant" @@ -193,16 +203,31 @@ typedef struct slap_ssf_set { */ #define SLAP_SCHERR_OUTOFMEM 1 #define SLAP_SCHERR_CLASS_NOT_FOUND 2 -#define SLAP_SCHERR_ATTR_NOT_FOUND 3 -#define SLAP_SCHERR_DUP_CLASS 4 -#define SLAP_SCHERR_DUP_ATTR 5 -#define SLAP_SCHERR_DUP_SYNTAX 6 -#define SLAP_SCHERR_DUP_RULE 7 -#define SLAP_SCHERR_NO_NAME 8 -#define SLAP_SCHERR_ATTR_INCOMPLETE 9 -#define SLAP_SCHERR_MR_NOT_FOUND 10 -#define SLAP_SCHERR_SYN_NOT_FOUND 11 -#define SLAP_SCHERR_MR_INCOMPLETE 12 +#define SLAP_SCHERR_CLASS_BAD_USAGE 3 +#define SLAP_SCHERR_ATTR_NOT_FOUND 4 +#define SLAP_SCHERR_ATTR_BAD_USAGE 5 +#define SLAP_SCHERR_DUP_CLASS 6 +#define SLAP_SCHERR_DUP_ATTR 7 +#define SLAP_SCHERR_DUP_SYNTAX 8 +#define SLAP_SCHERR_DUP_RULE 9 +#define SLAP_SCHERR_NO_NAME 10 +#define SLAP_SCHERR_ATTR_INCOMPLETE 11 +#define SLAP_SCHERR_MR_NOT_FOUND 12 +#define SLAP_SCHERR_SYN_NOT_FOUND 13 +#define SLAP_SCHERR_MR_INCOMPLETE 14 +#define SLAP_SCHERR_NOT_SUPPORTED 15 +#define SLAP_SCHERR_BAD_DESCR 16 + +typedef union slap_sockaddr { + struct sockaddr sa_addr; + struct sockaddr_in sa_in_addr; +#ifdef LDAP_PF_INET6 + struct sockaddr_in6 sa_in6_addr; +#endif +#ifdef LDAP_PF_LOCAL + struct sockaddr_un sa_un_addr; +#endif +} Sockaddr; typedef struct slap_oid_macro { struct berval som_oid; @@ -320,6 +345,8 @@ typedef struct slap_matching_rule { /* this is used to kludge objectClass testing */ #define SLAP_MR_MODIFY_MATCHING 0x0001U +/* are we matching from a mr asserted value or a real value */ +#define SLAP_MR_VALUE_IS_IN_MR_SYNTAX 0x0002U Syntax *smr_syntax; slap_mr_convert_func *smr_convert; @@ -339,9 +366,11 @@ typedef struct slap_matching_rule { #define smr_extensions smr_mrule.mr_extensions } MatchingRule; +struct slap_attr_desc; + typedef struct slap_attribute_type { - char *sat_cname; LDAPAttributeType sat_atype; + struct berval sat_cname; struct slap_attribute_type *sat_sup; struct slap_attribute_type **sat_subtypes; MatchingRule *sat_equality; @@ -349,7 +378,9 @@ typedef struct slap_attribute_type { MatchingRule *sat_ordering; MatchingRule *sat_substr; Syntax *sat_syntax; + struct slap_attr_desc *sat_ad; struct slap_attribute_type *sat_next; + ldap_pvt_thread_mutex_t sat_ad_mutex; #define sat_oid sat_atype.at_oid #define sat_names sat_atype.at_names #define sat_desc sat_atype.at_desc @@ -369,6 +400,7 @@ typedef struct slap_attribute_type { #define is_at_operational(at) ((at)->sat_usage) #define is_at_single_value(at) ((at)->sat_single_value) #define is_at_collective(at) ((at)->sat_collective) +#define is_at_obsolete(at) ((at)->sat_obsolete) #define is_at_no_user_mod(at) ((at)->sat_no_user_mod) typedef struct slap_object_class { @@ -393,15 +425,16 @@ typedef struct slap_object_class { * represents a recognized attribute description ( type + options ) */ typedef struct slap_attr_desc { - struct berval *ad_cname; /* canonical name, must be specified */ + struct slap_attr_desc *ad_next; AttributeType *ad_type; /* attribute type, must be specified */ - char *ad_lang; /* NULL if no language tags */ + struct berval ad_cname; /* canonical name, must be specified */ + struct berval ad_lang; /* empty if no language tags */ unsigned ad_flags; #define SLAP_DESC_NONE 0x0U #define SLAP_DESC_BINARY 0x1U } AttributeDescription; -#define slap_ad_is_lang(ad) ( (ad)->ad_lang != NULL ) +#define slap_ad_is_lang(ad) ( (ad)->ad_lang.bv_len != 0 ) #define slap_ad_is_binary(ad) ( (int)((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 ) /* @@ -434,6 +467,7 @@ struct slap_internal_schema { AttributeDescription *si_ad_supportedExtension; AttributeDescription *si_ad_supportedLDAPVersion; AttributeDescription *si_ad_supportedSASLMechanisms; + AttributeDescription *si_ad_supportedFeatures; /* subschema subentry attribute descriptions */ AttributeDescription *si_ad_objectClasses; @@ -462,6 +496,14 @@ struct slap_internal_schema { /* Undefined Attribute Type */ AttributeType *si_at_undefined; + + /* Matching Rules */ + MatchingRule *si_mr_distinguishedNameMatch; + MatchingRule *si_mr_integerMatch; + + /* Syntaxes */ + Syntax *si_syn_distinguishedName; + Syntax *si_syn_integer; }; typedef struct slap_attr_assertion { @@ -477,7 +519,8 @@ typedef struct slap_ss_assertion { } SubstringsAssertion; typedef struct slap_mr_assertion { - char *ma_rule; /* optional */ + MatchingRule *ma_rule; /* optional */ + char *ma_rule_text; /* optional */ AttributeDescription *ma_desc; /* optional */ int ma_dnattrs; /* boolean */ struct berval *ma_value; /* required */ @@ -525,9 +568,10 @@ typedef struct slap_filter { #define f_sub_final f_un.f_un_ssa->sa_final #define f_mra f_un.f_un_mra #define f_mr_rule f_un.f_un_mra->ma_rule +#define f_mr_rule_text f_un.f_un_mra->ma_rule_text #define f_mr_desc f_un.f_un_mra->ma_desc #define f_mr_value f_un.f_un_mra->ma_value -#define f_mr_dnaddrs f_un.f_un_mra->ma_dnattrs +#define f_mr_dnattrs f_un.f_un_mra->ma_dnattrs /* and, or, not */ struct slap_filter *f_un_complex; @@ -791,6 +835,32 @@ LDAP_SLAPD_F (int) slapMode; #define SLAP_TRUNCATE_MODE 0x0100 +struct slap_replica_info { + char *ri_host; /* supersedes be_replica */ + char **ri_nsuffix; /* array of suffixes this replica accepts */ +}; + +struct slap_limits_set { + /* time limits */ + int lms_t_soft; + int lms_t_hard; + + /* size limits */ + int lms_s_soft; + int lms_s_hard; + int lms_s_unchecked; +}; + +struct slap_limits { + int lm_type; /* type of pattern */ +#define SLAP_LIMITS_UNDEFINED 0x0000 +#define SLAP_LIMITS_EXACT 0x0001 +#define SLAP_LIMITS_REGEX 0x0002 + regex_t lm_dn_regex; /* regex-based size and time limits */ + char *lm_dn_pat; /* ndn for EXACT; pattern for REGEX */ + struct slap_limits_set lm_limits; +}; + /* temporary aliases */ typedef BackendDB Backend; #define nbackends nBackendDB @@ -886,11 +956,13 @@ struct slap_backend_db { char *be_root_ndn; /* the magic "root" normalized dn for this db */ struct berval be_root_pw; /* the magic "root" password for this db */ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */ - int be_sizelimit; /* size limit for this backend */ - int be_timelimit; /* time limit for this backend */ +#define be_sizelimit be_def_limit.lms_s_soft +#define be_timelimit be_def_limit.lms_t_soft + struct slap_limits_set be_def_limit; /* default limits */ + struct slap_limits **be_limits; /* regex-based size and time limits */ AccessControl *be_acl; /* access control list for this backend */ slap_access_t be_dfltaccess; /* access given if no acl matches */ - char **be_replica; /* replicas of this backend (in master) */ + struct slap_replica_info **be_replica; /* replicas of this backend (in master) */ char *be_replogfile; /* replication log file (in master) */ char *be_update_ndn; /* allowed to make changes (in replicas) */ struct berval **be_update_refs; /* where to refer modifying clients to */ @@ -905,8 +977,8 @@ struct slap_conn; struct slap_op; typedef int (*SLAP_EXTENDED_FN) LDAP_P(( - Backend *be, - struct slap_conn *conn, + BackendDB *be, + struct slap_conn *conn, struct slap_op *op, const char *reqoid, struct berval * reqdata, @@ -1014,7 +1086,9 @@ struct slap_backend_info { SLAP_EXTENDED_FN bi_extended; /* Auxilary Functions */ - int (*bi_entry_release_rw) LDAP_P((BackendDB *bd, Entry *e, int rw)); + int (*bi_entry_release_rw) LDAP_P((BackendDB *bd, + struct slap_conn *c, struct slap_op *o, + Entry *e, int rw)); int (*bi_chk_referrals) LDAP_P((BackendDB *bd, struct slap_conn *c, struct slap_op *o, @@ -1022,6 +1096,7 @@ struct slap_backend_info { const char **text )); int (*bi_acl_group) LDAP_P((Backend *bd, + struct slap_conn *c, struct slap_op *o, Entry *e, const char *bdn, const char *edn, ObjectClass *group_oc, AttributeDescription *group_at )); @@ -1078,6 +1153,9 @@ struct slap_backend_info { typedef struct slap_op { ber_int_t o_opid; /* id of this operation */ ber_int_t o_msgid; /* msgid of the request */ +#ifdef LDAP_CONNECTIONLESS + Sockaddr o_peeraddr; /* UDP peer address */ +#endif ldap_pvt_thread_t o_tid; /* thread handling this op */ @@ -1101,6 +1179,19 @@ typedef struct slap_op { void *o_private; /* anything the backend needs */ } Operation; +/* + * Caches the result of a backend_group check for ACL evaluation + */ +typedef struct slap_gacl { + struct slap_gacl *next; + Backend *be; + ObjectClass *oc; + AttributeDescription *at; + int res; + int len; + char ndn[1]; +} GroupAssertion; + /* * represents a connection from an ldap client */ @@ -1133,6 +1224,7 @@ typedef struct slap_conn { Backend *c_authz_backend; AuthorizationInformation c_authz; + GroupAssertion *c_groups; ber_int_t c_protocol; /* version of the LDAP protocol used by client */ @@ -1145,6 +1237,9 @@ typedef struct slap_conn { BerElement *c_currentber; /* ber we're attempting to read */ int c_writewaiter; /* true if writer is waiting */ +#ifdef LDAP_CONNECTIONLESS + int c_is_udp; /* true if this is (C)LDAP over UDP */ +#endif #ifdef HAVE_TLS int c_is_tls; /* true if this LDAP over raw TLS */ int c_needs_tls_accept; /* true if SSL_accept should be called */ @@ -1176,6 +1271,25 @@ typedef struct slap_conn { #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) #endif + +#define SASLREGEX_REPLACE 10 +#define SASL_AUTHZ_SOURCE_ATTR "saslAuthzTo" +#define SASL_AUTHZ_DEST_ATTR "saslAuthzFrom" + +typedef struct sasl_regexp { + char *match; /* regexp match pattern */ + char *replace; /* regexp replace pattern */ + regex_t workspace; /* workspace for regexp engine */ + regmatch_t strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */ + int offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */ +} SaslRegexp_t; + +/* Flags for telling slap_sasl_getdn() what type of identity is being passed */ +#define FLAG_GETDN_FINAL 1 +#define FLAG_GETDN_AUTHCID 2 +#define FLAG_GETDN_AUTHZID 4 + + LDAP_END_DECL #include "proto-slap.h"