X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=9ebe047e77c619e80cb42e009966cd3062dd1bb7;hb=0f30fb0d8f0adbbb7b41fd455c57aa56d64c9853;hp=c5522666ed188bd52da05a157db0a8abaaa3d10a;hpb=79d9ab38baf8ee56f4f05b9171e86def5925b136;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index c5522666ed..9ebe047e77 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -32,12 +32,11 @@ #include #include "ldap_pvt_thread.h" -#include "ldif.h" LDAP_BEGIN_DECL #define SERVICE_NAME OPENLDAP_PACKAGE "-slapd" -#define SLAPD_ANONYMOUS "" +#define SLAPD_ANONYMOUS "cn=anonymous" #ifdef f_next #undef f_next /* name conflict between sys/file.h on SCO and struct filter */ @@ -52,14 +51,15 @@ LDAP_BEGIN_DECL */ #define SLAP_MOD_SOFTADD 0x1000 -#define ON 1 +#define ON (1) #define OFF (-1) -#define UNDEFINED 0 +#define UNDEFINED (0) -#define MAXREMATCHES 10 +#define MAXREMATCHES (10) -#define SLAP_MAX_WORKER_THREADS 32 +#define SLAP_MAX_WORKER_THREADS (32) +#define SLAP_TEXT_BUFLEN (256) /* psuedo error code indicating abandoned operation */ #define SLAPD_ABANDON (-1) @@ -86,7 +86,8 @@ LDAP_BEGIN_DECL || (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) ) #define DN_SEPARATOR(c) ((c) == ',' || (c) == ';') -#define RDN_SEPARATOR(c) ((c) == ',' || (c) == ';' || (c) == '+') +#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */ +#define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c)) #define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"') #define DESC_LEADCHAR(c) ( ASCII_ALPHA(c) ) @@ -106,7 +107,7 @@ LDAP_BEGIN_DECL #define SLAP_PRINTABLE(c) ( ASCII_ALNUM(c) || (c) == '\'' || \ (c) == '(' || (c) == ')' || (c) == '+' || (c) == ',' || \ (c) == '-' || (c) == '.' || (c) == '/' || (c) == ':' || \ - (c) == '?' || (c) == ' ' ) + (c) == '?' || (c) == ' ' || (c) == '=' ) #define SLAP_PRINTABLES(c) ( SLAP_PRINTABLE(c) || (c) == '$' ) /* must match in schema_init.c */ @@ -202,16 +203,31 @@ typedef struct slap_ssf_set { */ #define SLAP_SCHERR_OUTOFMEM 1 #define SLAP_SCHERR_CLASS_NOT_FOUND 2 -#define SLAP_SCHERR_ATTR_NOT_FOUND 3 -#define SLAP_SCHERR_DUP_CLASS 4 -#define SLAP_SCHERR_DUP_ATTR 5 -#define SLAP_SCHERR_DUP_SYNTAX 6 -#define SLAP_SCHERR_DUP_RULE 7 -#define SLAP_SCHERR_NO_NAME 8 -#define SLAP_SCHERR_ATTR_INCOMPLETE 9 -#define SLAP_SCHERR_MR_NOT_FOUND 10 -#define SLAP_SCHERR_SYN_NOT_FOUND 11 -#define SLAP_SCHERR_MR_INCOMPLETE 12 +#define SLAP_SCHERR_CLASS_BAD_USAGE 3 +#define SLAP_SCHERR_ATTR_NOT_FOUND 4 +#define SLAP_SCHERR_ATTR_BAD_USAGE 5 +#define SLAP_SCHERR_DUP_CLASS 6 +#define SLAP_SCHERR_DUP_ATTR 7 +#define SLAP_SCHERR_DUP_SYNTAX 8 +#define SLAP_SCHERR_DUP_RULE 9 +#define SLAP_SCHERR_NO_NAME 10 +#define SLAP_SCHERR_ATTR_INCOMPLETE 11 +#define SLAP_SCHERR_MR_NOT_FOUND 12 +#define SLAP_SCHERR_SYN_NOT_FOUND 13 +#define SLAP_SCHERR_MR_INCOMPLETE 14 +#define SLAP_SCHERR_NOT_SUPPORTED 15 +#define SLAP_SCHERR_BAD_DESCR 16 + +typedef union slap_sockaddr { + struct sockaddr sa_addr; + struct sockaddr_in sa_in_addr; +#ifdef LDAP_PF_INET6 + struct sockaddr_in6 sa_in6_addr; +#endif +#ifdef LDAP_PF_LOCAL + struct sockaddr_un sa_un_addr; +#endif +} Sockaddr; typedef struct slap_oid_macro { struct berval som_oid; @@ -329,6 +345,8 @@ typedef struct slap_matching_rule { /* this is used to kludge objectClass testing */ #define SLAP_MR_MODIFY_MATCHING 0x0001U +/* are we matching from a mr asserted value or a real value */ +#define SLAP_MR_VALUE_IS_IN_MR_SYNTAX 0x0002U Syntax *smr_syntax; slap_mr_convert_func *smr_convert; @@ -348,9 +366,11 @@ typedef struct slap_matching_rule { #define smr_extensions smr_mrule.mr_extensions } MatchingRule; +struct slap_attr_desc; + typedef struct slap_attribute_type { - char *sat_cname; LDAPAttributeType sat_atype; + struct berval sat_cname; struct slap_attribute_type *sat_sup; struct slap_attribute_type **sat_subtypes; MatchingRule *sat_equality; @@ -358,7 +378,9 @@ typedef struct slap_attribute_type { MatchingRule *sat_ordering; MatchingRule *sat_substr; Syntax *sat_syntax; + struct slap_attr_desc *sat_ad; struct slap_attribute_type *sat_next; + ldap_pvt_thread_mutex_t sat_ad_mutex; #define sat_oid sat_atype.at_oid #define sat_names sat_atype.at_names #define sat_desc sat_atype.at_desc @@ -378,6 +400,7 @@ typedef struct slap_attribute_type { #define is_at_operational(at) ((at)->sat_usage) #define is_at_single_value(at) ((at)->sat_single_value) #define is_at_collective(at) ((at)->sat_collective) +#define is_at_obsolete(at) ((at)->sat_obsolete) #define is_at_no_user_mod(at) ((at)->sat_no_user_mod) typedef struct slap_object_class { @@ -402,15 +425,16 @@ typedef struct slap_object_class { * represents a recognized attribute description ( type + options ) */ typedef struct slap_attr_desc { - struct berval *ad_cname; /* canonical name, must be specified */ + struct slap_attr_desc *ad_next; AttributeType *ad_type; /* attribute type, must be specified */ - char *ad_lang; /* NULL if no language tags */ + struct berval ad_cname; /* canonical name, must be specified */ + struct berval ad_lang; /* empty if no language tags */ unsigned ad_flags; #define SLAP_DESC_NONE 0x0U #define SLAP_DESC_BINARY 0x1U } AttributeDescription; -#define slap_ad_is_lang(ad) ( (ad)->ad_lang != NULL ) +#define slap_ad_is_lang(ad) ( (ad)->ad_lang.bv_len != 0 ) #define slap_ad_is_binary(ad) ( (int)((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 ) /* @@ -443,6 +467,7 @@ struct slap_internal_schema { AttributeDescription *si_ad_supportedExtension; AttributeDescription *si_ad_supportedLDAPVersion; AttributeDescription *si_ad_supportedSASLMechanisms; + AttributeDescription *si_ad_supportedFeatures; /* subschema subentry attribute descriptions */ AttributeDescription *si_ad_objectClasses; @@ -471,6 +496,14 @@ struct slap_internal_schema { /* Undefined Attribute Type */ AttributeType *si_at_undefined; + + /* Matching Rules */ + MatchingRule *si_mr_distinguishedNameMatch; + MatchingRule *si_mr_integerMatch; + + /* Syntaxes */ + Syntax *si_syn_distinguishedName; + Syntax *si_syn_integer; }; typedef struct slap_attr_assertion { @@ -802,6 +835,32 @@ LDAP_SLAPD_F (int) slapMode; #define SLAP_TRUNCATE_MODE 0x0100 +struct slap_replica_info { + char *ri_host; /* supersedes be_replica */ + char **ri_nsuffix; /* array of suffixes this replica accepts */ +}; + +struct slap_limits_set { + /* time limits */ + int lms_t_soft; + int lms_t_hard; + + /* size limits */ + int lms_s_soft; + int lms_s_hard; + int lms_s_unchecked; +}; + +struct slap_limits { + int lm_type; /* type of pattern */ +#define SLAP_LIMITS_UNDEFINED 0x0000 +#define SLAP_LIMITS_EXACT 0x0001 +#define SLAP_LIMITS_REGEX 0x0002 + regex_t lm_dn_regex; /* regex-based size and time limits */ + char *lm_dn_pat; /* ndn for EXACT; pattern for REGEX */ + struct slap_limits_set lm_limits; +}; + /* temporary aliases */ typedef BackendDB Backend; #define nbackends nBackendDB @@ -897,11 +956,13 @@ struct slap_backend_db { char *be_root_ndn; /* the magic "root" normalized dn for this db */ struct berval be_root_pw; /* the magic "root" password for this db */ unsigned int be_max_deref_depth; /* limit for depth of an alias deref */ - int be_sizelimit; /* size limit for this backend */ - int be_timelimit; /* time limit for this backend */ +#define be_sizelimit be_def_limit.lms_s_soft +#define be_timelimit be_def_limit.lms_t_soft + struct slap_limits_set be_def_limit; /* default limits */ + struct slap_limits **be_limits; /* regex-based size and time limits */ AccessControl *be_acl; /* access control list for this backend */ slap_access_t be_dfltaccess; /* access given if no acl matches */ - char **be_replica; /* replicas of this backend (in master) */ + struct slap_replica_info **be_replica; /* replicas of this backend (in master) */ char *be_replogfile; /* replication log file (in master) */ char *be_update_ndn; /* allowed to make changes (in replicas) */ struct berval **be_update_refs; /* where to refer modifying clients to */ @@ -1092,6 +1153,9 @@ struct slap_backend_info { typedef struct slap_op { ber_int_t o_opid; /* id of this operation */ ber_int_t o_msgid; /* msgid of the request */ +#ifdef LDAP_CONNECTIONLESS + Sockaddr o_peeraddr; /* UDP peer address */ +#endif ldap_pvt_thread_t o_tid; /* thread handling this op */ @@ -1115,6 +1179,19 @@ typedef struct slap_op { void *o_private; /* anything the backend needs */ } Operation; +/* + * Caches the result of a backend_group check for ACL evaluation + */ +typedef struct slap_gacl { + struct slap_gacl *next; + Backend *be; + ObjectClass *oc; + AttributeDescription *at; + int res; + int len; + char ndn[1]; +} GroupAssertion; + /* * represents a connection from an ldap client */ @@ -1147,6 +1224,7 @@ typedef struct slap_conn { Backend *c_authz_backend; AuthorizationInformation c_authz; + GroupAssertion *c_groups; ber_int_t c_protocol; /* version of the LDAP protocol used by client */ @@ -1159,6 +1237,9 @@ typedef struct slap_conn { BerElement *c_currentber; /* ber we're attempting to read */ int c_writewaiter; /* true if writer is waiting */ +#ifdef LDAP_CONNECTIONLESS + int c_is_udp; /* true if this is (C)LDAP over UDP */ +#endif #ifdef HAVE_TLS int c_is_tls; /* true if this LDAP over raw TLS */ int c_needs_tls_accept; /* true if SSL_accept should be called */