X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=9ebe047e77c619e80cb42e009966cd3062dd1bb7;hb=0f30fb0d8f0adbbb7b41fd455c57aa56d64c9853;hp=797be64a6a6a48445bde85b119ab2c3c4d489268;hpb=bff5608926608a32f62ac54499c91d902efa4f20;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 797be64a6a..9ebe047e77 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -32,7 +32,6 @@ #include #include "ldap_pvt_thread.h" -#include "ldif.h" LDAP_BEGIN_DECL @@ -219,6 +218,17 @@ typedef struct slap_ssf_set { #define SLAP_SCHERR_NOT_SUPPORTED 15 #define SLAP_SCHERR_BAD_DESCR 16 +typedef union slap_sockaddr { + struct sockaddr sa_addr; + struct sockaddr_in sa_in_addr; +#ifdef LDAP_PF_INET6 + struct sockaddr_in6 sa_in6_addr; +#endif +#ifdef LDAP_PF_LOCAL + struct sockaddr_un sa_un_addr; +#endif +} Sockaddr; + typedef struct slap_oid_macro { struct berval som_oid; char **som_names; @@ -335,6 +345,8 @@ typedef struct slap_matching_rule { /* this is used to kludge objectClass testing */ #define SLAP_MR_MODIFY_MATCHING 0x0001U +/* are we matching from a mr asserted value or a real value */ +#define SLAP_MR_VALUE_IS_IN_MR_SYNTAX 0x0002U Syntax *smr_syntax; slap_mr_convert_func *smr_convert; @@ -354,9 +366,11 @@ typedef struct slap_matching_rule { #define smr_extensions smr_mrule.mr_extensions } MatchingRule; +struct slap_attr_desc; + typedef struct slap_attribute_type { - char *sat_cname; LDAPAttributeType sat_atype; + struct berval sat_cname; struct slap_attribute_type *sat_sup; struct slap_attribute_type **sat_subtypes; MatchingRule *sat_equality; @@ -364,7 +378,9 @@ typedef struct slap_attribute_type { MatchingRule *sat_ordering; MatchingRule *sat_substr; Syntax *sat_syntax; + struct slap_attr_desc *sat_ad; struct slap_attribute_type *sat_next; + ldap_pvt_thread_mutex_t sat_ad_mutex; #define sat_oid sat_atype.at_oid #define sat_names sat_atype.at_names #define sat_desc sat_atype.at_desc @@ -409,15 +425,16 @@ typedef struct slap_object_class { * represents a recognized attribute description ( type + options ) */ typedef struct slap_attr_desc { - struct berval *ad_cname; /* canonical name, must be specified */ + struct slap_attr_desc *ad_next; AttributeType *ad_type; /* attribute type, must be specified */ - char *ad_lang; /* NULL if no language tags */ + struct berval ad_cname; /* canonical name, must be specified */ + struct berval ad_lang; /* empty if no language tags */ unsigned ad_flags; #define SLAP_DESC_NONE 0x0U #define SLAP_DESC_BINARY 0x1U } AttributeDescription; -#define slap_ad_is_lang(ad) ( (ad)->ad_lang != NULL ) +#define slap_ad_is_lang(ad) ( (ad)->ad_lang.bv_len != 0 ) #define slap_ad_is_binary(ad) ( (int)((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 ) /* @@ -450,6 +467,7 @@ struct slap_internal_schema { AttributeDescription *si_ad_supportedExtension; AttributeDescription *si_ad_supportedLDAPVersion; AttributeDescription *si_ad_supportedSASLMechanisms; + AttributeDescription *si_ad_supportedFeatures; /* subschema subentry attribute descriptions */ AttributeDescription *si_ad_objectClasses; @@ -478,6 +496,14 @@ struct slap_internal_schema { /* Undefined Attribute Type */ AttributeType *si_at_undefined; + + /* Matching Rules */ + MatchingRule *si_mr_distinguishedNameMatch; + MatchingRule *si_mr_integerMatch; + + /* Syntaxes */ + Syntax *si_syn_distinguishedName; + Syntax *si_syn_integer; }; typedef struct slap_attr_assertion { @@ -809,6 +835,32 @@ LDAP_SLAPD_F (int) slapMode; #define SLAP_TRUNCATE_MODE 0x0100 +struct slap_replica_info { + char *ri_host; /* supersedes be_replica */ + char **ri_nsuffix; /* array of suffixes this replica accepts */ +}; + +struct slap_limits_set { + /* time limits */ + int lms_t_soft; + int lms_t_hard; + + /* size limits */ + int lms_s_soft; + int lms_s_hard; + int lms_s_unchecked; +}; + +struct slap_limits { + int lm_type; /* type of pattern */ +#define SLAP_LIMITS_UNDEFINED 0x0000 +#define SLAP_LIMITS_EXACT 0x0001 +#define SLAP_LIMITS_REGEX 0x0002 + regex_t lm_dn_regex; /* regex-based size and time limits */ + char *lm_dn_pat; /* ndn for EXACT; pattern for REGEX */ + struct slap_limits_set lm_limits; +}; + /* temporary aliases */ typedef BackendDB Backend; #define nbackends nBackendDB @@ -904,11 +956,13 @@ struct slap_backend_db { char *be_root_ndn; /* the magic "root" normalized dn for this db */ struct berval be_root_pw; /* the magic "root" password for this db */ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */ - int be_sizelimit; /* size limit for this backend */ - int be_timelimit; /* time limit for this backend */ +#define be_sizelimit be_def_limit.lms_s_soft +#define be_timelimit be_def_limit.lms_t_soft + struct slap_limits_set be_def_limit; /* default limits */ + struct slap_limits **be_limits; /* regex-based size and time limits */ AccessControl *be_acl; /* access control list for this backend */ slap_access_t be_dfltaccess; /* access given if no acl matches */ - char **be_replica; /* replicas of this backend (in master) */ + struct slap_replica_info **be_replica; /* replicas of this backend (in master) */ char *be_replogfile; /* replication log file (in master) */ char *be_update_ndn; /* allowed to make changes (in replicas) */ struct berval **be_update_refs; /* where to refer modifying clients to */ @@ -1099,6 +1153,9 @@ struct slap_backend_info { typedef struct slap_op { ber_int_t o_opid; /* id of this operation */ ber_int_t o_msgid; /* msgid of the request */ +#ifdef LDAP_CONNECTIONLESS + Sockaddr o_peeraddr; /* UDP peer address */ +#endif ldap_pvt_thread_t o_tid; /* thread handling this op */ @@ -1122,6 +1179,19 @@ typedef struct slap_op { void *o_private; /* anything the backend needs */ } Operation; +/* + * Caches the result of a backend_group check for ACL evaluation + */ +typedef struct slap_gacl { + struct slap_gacl *next; + Backend *be; + ObjectClass *oc; + AttributeDescription *at; + int res; + int len; + char ndn[1]; +} GroupAssertion; + /* * represents a connection from an ldap client */ @@ -1154,6 +1224,7 @@ typedef struct slap_conn { Backend *c_authz_backend; AuthorizationInformation c_authz; + GroupAssertion *c_groups; ber_int_t c_protocol; /* version of the LDAP protocol used by client */ @@ -1166,6 +1237,9 @@ typedef struct slap_conn { BerElement *c_currentber; /* ber we're attempting to read */ int c_writewaiter; /* true if writer is waiting */ +#ifdef LDAP_CONNECTIONLESS + int c_is_udp; /* true if this is (C)LDAP over UDP */ +#endif #ifdef HAVE_TLS int c_is_tls; /* true if this LDAP over raw TLS */ int c_needs_tls_accept; /* true if SSL_accept should be called */