X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=a7c28fc0106668e69d8d946019797bd09c2f33de;hb=17f95a3fd30247a0735a3526d85b46178304748d;hp=68f86064198d26a776c4312ac5a0cc1d23f50b09;hpb=ac1332cdb868b6a30f545796aca8e0bbf13fe939;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 68f8606419..a7c28fc010 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1,7 +1,7 @@ /* slap.h - stand alone ldap server include file */ /* $OpenLDAP$ */ /* - * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,8 @@ #include "ldap_pvt_thread.h" #include "ldap_queue.h" +#define SLAP_EXTENDED_SCHEMA 1 + LDAP_BEGIN_DECL /* * SLAPD Memory allocation macros @@ -69,14 +72,13 @@ LDAP_BEGIN_DECL */ #define SLAP_MOD_SOFTADD 0x1000 -#define ON (1) -#define OFF (-1) -#define UNDEFINED (0) - -#define MAXREMATCHES (10) +#define MAXREMATCHES (100) #define SLAP_MAX_WORKER_THREADS (32) +#define SLAP_SB_MAX_INCOMING_DEFAULT ((1<<18) - 1) +#define SLAP_SB_MAX_INCOMING_AUTH ((1<<24) - 1) + #define SLAP_TEXT_BUFLEN (256) /* psuedo error code indicating abandoned operation */ @@ -137,7 +139,10 @@ LDAP_BEGIN_DECL #define SLAPD_ROLE_ATTR "roleOccupant" #define SLAPD_ROLE_CLASS "organizationalRole" +#ifdef SLAPD_ACI_ENABLED #define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" +#endif + #define SLAPD_OCTETSTRING_SYNTAX "1.3.6.1.4.1.1466.115.121.1.40" /* change this to "OpenLDAPset" */ @@ -161,8 +166,14 @@ typedef struct slap_ssf_set { slap_ssf_t sss_update_transport; slap_ssf_t sss_update_tls; slap_ssf_t sss_update_sasl; + slap_ssf_t sss_simple_bind; } slap_ssf_set_t; + +/* Flags for telling slap_sasl_getdn() what type of identity is being passed */ +#define SLAP_GETDN_AUTHCID 2 +#define SLAP_GETDN_AUTHZID 4 + /* * Index types */ @@ -176,7 +187,7 @@ typedef struct slap_ssf_set { #define SLAP_INDEX_DEFAULT SLAP_INDEX_EQUALITY -#define IS_SLAP_INDEX(mask, type) (((mask) & (type)) == (type) ) +#define IS_SLAP_INDEX(mask, type) (((mask) & (type)) == (type)) #define SLAP_INDEX_SUBSTR_TYPE 0x0F00UL @@ -195,8 +206,7 @@ typedef struct slap_ssf_set { #define SLAP_INDEX_FLAGS 0xF000UL #define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */ -#define SLAP_INDEX_NOLANG 0x2000UL /* don't use index w/ lang */ -#define SLAP_INDEX_AUTO_SUBTYPES 0x4000UL /* use mask with lang subtypes */ +#define SLAP_INDEX_NOTAGS 0x2000UL /* don't use index w/ tags */ /* * there is a single index for each attribute. these prefixes ensure @@ -208,38 +218,51 @@ typedef struct slap_ssf_set { #define SLAP_INDEX_SUBSTR_INITIAL_PREFIX '^' #define SLAP_INDEX_SUBSTR_FINAL_PREFIX '$' #define SLAP_INDEX_CONT_PREFIX '.' /* prefix for continuation keys */ -#define SLAP_INDEX_UNKNOWN_PREFIX '?' /* prefix for unknown keys */ -#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30" -#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3" -#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37" +#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30" +#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3" +#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37" +#define SLAP_SYNTAX_MATCHINGRULEUSES_OID "1.3.6.1.4.1.1466.115.121.1.31" +#define SLAP_SYNTAX_CONTENTRULE_OID "1.3.6.1.4.1.1466.115.121.1.16" + +#ifdef LDAP_CLIENT_UPDATE +#define LCUP_COOKIE_OID "1.3.6.1.4.1.4203.666.10.1" +#endif /* LDAP_CLIENT_UPDATE */ /* * represents schema information for a database */ -#define SLAP_SCHERR_OUTOFMEM 1 -#define SLAP_SCHERR_CLASS_NOT_FOUND 2 -#define SLAP_SCHERR_CLASS_BAD_USAGE 3 -#define SLAP_SCHERR_ATTR_NOT_FOUND 4 -#define SLAP_SCHERR_ATTR_BAD_USAGE 5 -#define SLAP_SCHERR_DUP_CLASS 6 -#define SLAP_SCHERR_DUP_ATTR 7 -#define SLAP_SCHERR_DUP_SYNTAX 8 -#define SLAP_SCHERR_DUP_RULE 9 -#define SLAP_SCHERR_NO_NAME 10 -#define SLAP_SCHERR_ATTR_INCOMPLETE 11 -#define SLAP_SCHERR_MR_NOT_FOUND 12 -#define SLAP_SCHERR_SYN_NOT_FOUND 13 -#define SLAP_SCHERR_MR_INCOMPLETE 14 -#define SLAP_SCHERR_NOT_SUPPORTED 15 -#define SLAP_SCHERR_BAD_DESCR 16 -#define SLAP_SCHERR_OIDM 17 -#define SLAP_SCHERR_LAST SLAP_SCHERR_OIDM +#define SLAP_SCHERR_OUTOFMEM 1 +#define SLAP_SCHERR_CLASS_NOT_FOUND 2 +#define SLAP_SCHERR_CLASS_BAD_USAGE 3 +#define SLAP_SCHERR_CLASS_BAD_SUP 4 +#define SLAP_SCHERR_CLASS_DUP 5 +#define SLAP_SCHERR_ATTR_NOT_FOUND 6 +#define SLAP_SCHERR_ATTR_BAD_MR 7 +#define SLAP_SCHERR_ATTR_BAD_USAGE 8 +#define SLAP_SCHERR_ATTR_BAD_SUP 9 +#define SLAP_SCHERR_ATTR_INCOMPLETE 10 +#define SLAP_SCHERR_ATTR_DUP 11 +#define SLAP_SCHERR_MR_NOT_FOUND 12 +#define SLAP_SCHERR_MR_INCOMPLETE 13 +#define SLAP_SCHERR_MR_DUP 14 +#define SLAP_SCHERR_SYN_NOT_FOUND 15 +#define SLAP_SCHERR_SYN_DUP 16 +#define SLAP_SCHERR_NO_NAME 17 +#define SLAP_SCHERR_NOT_SUPPORTED 18 +#define SLAP_SCHERR_BAD_DESCR 19 +#define SLAP_SCHERR_OIDM 20 +#define SLAP_SCHERR_CR_DUP 21 +#define SLAP_SCHERR_CR_BAD_STRUCT 22 +#define SLAP_SCHERR_CR_BAD_AUX 23 +#define SLAP_SCHERR_CR_BAD_AT 24 +#define SLAP_SCHERR_LAST SLAP_SCHERR_CR_BAD_AT typedef union slap_sockaddr { struct sockaddr sa_addr; struct sockaddr_in sa_in_addr; #ifdef LDAP_PF_INET6 + struct sockaddr_storage sa_storage; struct sockaddr_in6 sa_in6_addr; #endif #ifdef LDAP_PF_LOCAL @@ -247,6 +270,10 @@ typedef union slap_sockaddr { #endif } Sockaddr; +#ifdef LDAP_PF_INET6 +extern int slap_inet4or6; +#endif + typedef struct slap_oid_macro { struct berval som_oid; char **som_names; @@ -271,7 +298,16 @@ typedef struct slap_syntax { #define ssyn_oid ssyn_syn.syn_oid #define ssyn_desc ssyn_syn.syn_desc #define ssyn_extensions ssyn_syn.syn_extensions + /* + * Note: the former ber_len_t ssyn_oidlen; + * has been replaced by a struct berval that uses the value + * provided by ssyn_syn.syn_oid; a macro that expands to + * the bv_len field of the berval is provided for backward + * compatibility. CAUTION: NEVER FREE THE BERVAL + */ + struct berval ssyn_bvoid; +#define ssyn_oidlen ssyn_bvoid.bv_len unsigned int ssyn_flags; @@ -300,6 +336,18 @@ typedef struct slap_syntax { #define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER) #define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE) +typedef struct slap_syntax_defs_rec { + char *sd_desc; + int sd_flags; + slap_syntax_validate_func *sd_validate; + slap_syntax_transform_func *sd_normalize; + slap_syntax_transform_func *sd_pretty; +#ifdef SLAPD_BINARY_CONVERSION + slap_syntax_transform_func *sd_ber2str; + slap_syntax_transform_func *sd_str2ber; +#endif +} slap_syntax_defs_rec; + /* X -> Y Converter */ typedef int slap_mr_convert_func LDAP_P(( struct berval * in, @@ -342,9 +390,24 @@ typedef int slap_mr_filter_func LDAP_P(( void * assertValue, BerVarray *keys )); +typedef struct slap_matching_rule_use MatchingRuleUse; + typedef struct slap_matching_rule { LDAPMatchingRule smr_mrule; - ber_len_t smr_oidlen; + MatchingRuleUse *smr_mru; + /* RFC2252 string representation */ + struct berval smr_str; + /* + * Note: the former + ber_len_t smr_oidlen; + * has been replaced by a struct berval that uses the value + * provided by smr_mrule.mr_oid; a macro that expands to + * the bv_len field of the berval is provided for backward + * compatibility. CAUTION: NEVER FREE THE BERVAL + */ + struct berval smr_bvoid; +#define smr_oidlen smr_bvoid.bv_len + slap_mask_t smr_usage; #define SLAP_MR_HIDE 0x8000U @@ -357,7 +420,7 @@ typedef struct slap_matching_rule { #define SLAP_MR_EQUALITY 0x0100U #define SLAP_MR_ORDERING 0x0200U #define SLAP_MR_SUBSTR 0x0400U -#define SLAP_MR_EXT 0x0800U +#define SLAP_MR_EXT 0x0800U /* implicitly extensible */ #define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U ) #define SLAP_MR_DN_FOLD 0x0008U @@ -376,6 +439,7 @@ typedef struct slap_matching_rule { #define SLAP_MR_ASSERTION_SYNTAX_MATCH 0x0000U #define SLAP_MR_VALUE_SYNTAX_MATCH 0x0001U #define SLAP_MR_VALUE_SYNTAX_CONVERTED_MATCH 0x0003U +#define SLAP_MR_VALUE_NORMALIZED_MATCH 0x0004U #define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \ (!((usage) & SLAP_MR_VALUE_SYNTAX_MATCH)) @@ -396,6 +460,13 @@ typedef struct slap_matching_rule { slap_mr_indexer_func *smr_indexer; slap_mr_filter_func *smr_filter; + /* + * null terminated list of syntaxes compatible with this syntax + * note: when MS_EXT is set, this MUST NOT contain the assertion + * syntax of the rule. When MS_EXT is not set, it MAY. + */ + Syntax **smr_compat_syntaxes; + struct slap_matching_rule *smr_associated; struct slap_matching_rule *smr_next; @@ -407,6 +478,36 @@ typedef struct slap_matching_rule { #define smr_extensions smr_mrule.mr_extensions } MatchingRule; +struct slap_matching_rule_use { + LDAPMatchingRuleUse smru_mruleuse; + MatchingRule *smru_mr; + /* RFC2252 string representation */ + struct berval smru_str; + + struct slap_matching_rule_use *smru_next; + +#define smru_oid smru_mruleuse.mru_oid +#define smru_names smru_mruleuse.mru_names +#define smru_desc smru_mruleuse.mru_desc +#define smru_obsolete smru_mruleuse.mru_obsolete +#define smru_applies_oids smru_mruleuse.mru_applies_oids + +#define smru_usage smru_mr->smr_usage +} /* MatchingRuleUse */ ; + +typedef struct slap_mrule_defs_rec { + char * mrd_desc; + slap_mask_t mrd_usage; + char ** mrd_compat_syntaxes; + slap_mr_convert_func * mrd_convert; + slap_mr_normalize_func * mrd_normalize; + slap_mr_match_func * mrd_match; + slap_mr_indexer_func * mrd_indexer; + slap_mr_filter_func * mrd_filter; + + char * mrd_associated; +} slap_mrule_defs_rec; + struct slap_backend_db; struct slap_entry; struct slap_attr; @@ -430,15 +531,20 @@ typedef struct slap_attribute_type { Syntax *sat_syntax; AttributeTypeSchemaCheckFN *sat_check; + +#define SLAP_AT_NONE 0x0000U +#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */ +#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */ +#define SLAP_AT_HIDE 0x8000U /* hide attribute */ slap_mask_t sat_flags; struct slap_attribute_type *sat_next; -#define sat_oid sat_atype.at_oid -#define sat_names sat_atype.at_names -#define sat_desc sat_atype.at_desc +#define sat_oid sat_atype.at_oid +#define sat_names sat_atype.at_names +#define sat_desc sat_atype.at_desc #define sat_obsolete sat_atype.at_obsolete -#define sat_sup_oid sat_atype.at_sup_oid +#define sat_sup_oid sat_atype.at_sup_oid #define sat_equality_oid sat_atype.at_equality_oid #define sat_ordering_oid sat_atype.at_ordering_oid #define sat_substr_oid sat_atype.at_substr_oid @@ -446,7 +552,7 @@ typedef struct slap_attribute_type { #define sat_single_value sat_atype.at_single_value #define sat_collective sat_atype.at_collective #define sat_no_user_mod sat_atype.at_no_user_mod -#define sat_usage sat_atype.at_usage +#define sat_usage sat_atype.at_usage #define sat_extensions sat_atype.at_extensions struct slap_attr_desc *sat_ad; @@ -469,12 +575,13 @@ typedef int (ObjectClassSchemaCheckFN)( char *textbuf, size_t textlen ); typedef struct slap_object_class { - LDAPObjectClass soc_oclass; + LDAPObjectClass soc_oclass; + struct berval soc_cname; struct slap_object_class **soc_sups; AttributeType **soc_required; AttributeType **soc_allowed; - ObjectClassSchemaCheckFN *sco_check; - slap_mask_t sco_flags; + ObjectClassSchemaCheckFN *soc_check; + slap_mask_t soc_flags; #define soc_oid soc_oclass.oc_oid #define soc_names soc_oclass.oc_names #define soc_desc soc_oclass.oc_desc @@ -488,7 +595,16 @@ typedef struct slap_object_class { struct slap_object_class *soc_next; } ObjectClass; -#ifdef LDAP_EXTENDED_SCHEMA +#define SLAP_OC_ALIAS 0x0001 +#define SLAP_OC_REFERRAL 0x0002 +#define SLAP_OC_SUBENTRY 0x0004 +#define SLAP_OC_DYNAMICOBJECT 0x0008 +#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x0010 +#define SLAP_OC__MASK 0x001F +#define SLAP_OC__END 0x0020 +#define SLAP_OC_OPERATIONAL 0x4000 +#define SLAP_OC_HIDE 0x8000 + /* * DIT content rule */ @@ -499,28 +615,28 @@ typedef struct slap_content_rule { AttributeType **scr_required; /* optional */ AttributeType **scr_allowed; /* optional */ AttributeType **scr_precluded; /* optional */ -#define scr_oid scr_crule.cr_oid -#define scr_names scr_crule.cr_names -#define scr_desc scr_crule.cr_desc -#define scr_obsolete soc_oclass.cr_obsolete -#define scr_cr_oids_aux soc_oclass.cr_oc_oids_aux -#define scr_cr_oids_must soc_oclass.cr_at_oids_must -#define scr_cr_oids_may soc_oclass.cr_at_oids_may -#define scr_cr_oids_not soc_oclass.cr_at_oids_not +#define scr_oid scr_crule.cr_oid +#define scr_names scr_crule.cr_names +#define scr_desc scr_crule.cr_desc +#define scr_obsolete scr_crule.cr_obsolete +#define scr_oc_oids_aux scr_crule.cr_oc_oids_aux +#define scr_at_oids_must scr_crule.cr_at_oids_must +#define scr_at_oids_may scr_crule.cr_at_oids_may +#define scr_at_oids_not scr_crule.cr_at_oids_not + + struct slap_content_rule *scr_next; } ContentRule; -#endif -/* - * represents a recognized attribute description ( type + options ) - */ +/* Represents a recognized attribute description ( type + options ). */ typedef struct slap_attr_desc { struct slap_attr_desc *ad_next; AttributeType *ad_type; /* attribute type, must be specified */ struct berval ad_cname; /* canonical name, must be specified */ - struct berval ad_lang; /* empty if no language tags */ + struct berval ad_tags; /* empty if no tagging options */ unsigned ad_flags; -#define SLAP_DESC_NONE 0x0U -#define SLAP_DESC_BINARY 0x1U +#define SLAP_DESC_NONE 0x00U +#define SLAP_DESC_BINARY 0x01U +#define SLAP_DESC_TAG_RANGE 0x80U } AttributeDescription; typedef struct slap_attr_name { @@ -529,8 +645,11 @@ typedef struct slap_attr_name { ObjectClass *an_oc; } AttributeName; -#define slap_ad_is_lang(ad) ( (ad)->ad_lang.bv_len != 0 ) -#define slap_ad_is_binary(ad) ( (int)((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 ) +#define slap_ad_is_tagged(ad) ( (ad)->ad_tags.bv_len != 0 ) +#define slap_ad_is_tag_range(ad) \ + ( ((ad)->ad_flags & SLAP_DESC_TAG_RANGE) ? 1 : 0 ) +#define slap_ad_is_binary(ad) \ + ( ((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 ) /* * pointers to schema elements used internally @@ -545,7 +664,7 @@ struct slap_internal_schema { ObjectClass *si_oc_subentry; ObjectClass *si_oc_subschema; ObjectClass *si_oc_monitor; - ObjectClass *si_oc_collectiveAttributes; + ObjectClass *si_oc_collectiveAttributeSubentry; ObjectClass *si_oc_dynamicObject; /* objectClass attribute descriptions */ @@ -559,10 +678,11 @@ struct slap_internal_schema { AttributeDescription *si_ad_modifyTimestamp; AttributeDescription *si_ad_hasSubordinates; AttributeDescription *si_ad_subschemaSubentry; - AttributeDescription *si_ad_collectiveSubentry; + AttributeDescription *si_ad_collectiveSubentries; AttributeDescription *si_ad_collectiveExclusions; AttributeDescription *si_ad_entryUUID; AttributeDescription *si_ad_entryCSN; + AttributeDescription *si_ad_superiorUUID; /* root DSE attribute descriptions */ AttributeDescription *si_ad_altServer; @@ -572,6 +692,7 @@ struct slap_internal_schema { AttributeDescription *si_ad_supportedLDAPVersion; AttributeDescription *si_ad_supportedSASLMechanisms; AttributeDescription *si_ad_supportedFeatures; + AttributeDescription *si_ad_monitorContext; AttributeDescription *si_ad_vendorName; AttributeDescription *si_ad_vendorVersion; @@ -596,6 +717,8 @@ struct slap_internal_schema { /* Access Control Internals */ AttributeDescription *si_ad_entry; AttributeDescription *si_ad_children; + AttributeDescription *si_ad_saslAuthzTo; + AttributeDescription *si_ad_saslAuthzFrom; #ifdef SLAPD_ACI_ENABLED AttributeDescription *si_ad_aci; #endif @@ -624,6 +747,7 @@ struct slap_internal_schema { MatchingRule *si_mr_integerMatch; /* Syntaxes */ + Syntax *si_syn_octetString; Syntax *si_syn_distinguishedName; Syntax *si_syn_integer; }; @@ -688,7 +812,7 @@ typedef struct slap_filter { #define f_sub_final f_un.f_un_ssa->sa_final #define f_mra f_un.f_un_mra #define f_mr_rule f_un.f_un_mra->ma_rule -#define f_mr_rule_text f_un.f_un_mra->ma_rule_text +#define f_mr_rule_text f_un.f_un_mra->ma_rule_text #define f_mr_desc f_un.f_un_mra->ma_desc #define f_mr_value f_un.f_un_mra->ma_value #define f_mr_dnattrs f_un.f_un_mra->ma_dnattrs @@ -709,6 +833,32 @@ typedef struct slap_filter { /* compare routines can return undefined */ #define SLAPD_COMPARE_UNDEFINED ((ber_int_t) -1) +typedef struct slap_valuesreturnfilter { + ber_tag_t f_choice; + + union vrf_un_u { + /* precomputed result */ + ber_int_t f_un_result; + + /* DN */ + char *f_un_dn; + + /* present */ + AttributeDescription *f_un_desc; + + /* simple value assertion */ + AttributeAssertion *f_un_ava; + + /* substring assertion */ + SubstringsAssertion *f_un_ssa; + + /* matching rule assertion */ + MatchingRuleAssertion *f_un_mra; + } f_un; + + struct slap_valuesreturnfilter *f_next; +} ValuesReturnFilter; + /* * represents an attribute (description + values) */ @@ -748,6 +898,10 @@ typedef struct slap_entry { Attribute *e_attrs; /* list of attributes + values */ + slap_mask_t e_ocflags; + + struct berval e_bv; /* For entry_encode/entry_decode */ + /* for use by the backend for any purpose */ void* e_private; } Entry; @@ -814,7 +968,7 @@ typedef enum slap_style_e { typedef struct slap_authz_info { ber_tag_t sai_method; /* LDAP_AUTH_* from */ - char * sai_mech; /* SASL Mechanism */ + struct berval sai_mech; /* SASL Mechanism */ struct berval sai_dn; /* DN for reporting purposes */ struct berval sai_ndn; /* Normalized DN */ @@ -894,16 +1048,19 @@ typedef struct slap_access { slap_style_t a_dn_style; AttributeDescription *a_dn_at; int a_dn_self; + int a_dn_expand; slap_style_t a_peername_style; - char *a_peername_pat; + struct berval a_peername_pat; slap_style_t a_sockname_style; - char *a_sockname_pat; + struct berval a_sockname_pat; slap_style_t a_domain_style; - char *a_domain_pat; + struct berval a_domain_pat; + int a_domain_expand; + slap_style_t a_sockurl_style; - char *a_sockurl_pat; + struct berval a_sockurl_pat; slap_style_t a_set_style; struct berval a_set_pat; @@ -935,6 +1092,28 @@ typedef struct slap_acl { struct slap_acl *acl_next; } AccessControl; +typedef struct slap_acl_state { + unsigned as_recorded; +#define ACL_STATE_NOT_RECORDED 0x0 +#define ACL_STATE_RECORDED_VD 0x1 +#define ACL_STATE_RECORDED_NV 0x2 +#define ACL_STATE_RECORDED 0x3 + + /* Access state */ + AccessControl *as_vd_acl; + AccessControl *as_vi_acl; + slap_mask_t as_vd_acl_mask; + regmatch_t as_vd_acl_matches[MAXREMATCHES]; + int as_vd_acl_count; + + Access *as_vd_access; + int as_vd_access_count; + + int as_result; + AttributeDescription *as_vd_ad; +} AccessControlState; +#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, { { 0, 0 } }, 0, NULL, 0, 0, NULL } + /* * replog moddn param structure */ @@ -967,7 +1146,9 @@ LDAP_SLAPD_V (int) slapMode; struct slap_replica_info { char *ri_host; /* supersedes be_replica */ - struct berval **ri_nsuffix; /* array of suffixes this replica accepts */ + BerVarray ri_nsuffix; /* array of suffixes this replica accepts */ + AttributeName *ri_attrs; /* attrs to replicate, NULL=all */ + int ri_exclude; /* 1 => exclude ri_attrs */ }; struct slap_limits_set { @@ -979,6 +1160,8 @@ struct slap_limits_set { int lms_s_soft; int lms_s_hard; int lms_s_unchecked; + int lms_s_pr; + int lms_s_pr_hide; }; struct slap_limits { @@ -992,6 +1175,7 @@ struct slap_limits { #define SLAP_LIMITS_REGEX 0x0005 #define SLAP_LIMITS_ANONYMOUS 0x0006 #define SLAP_LIMITS_USERS 0x0007 +#define SLAP_LIMITS_ANY 0x0008 regex_t lm_dn_regex; /* regex data for REGEX */ /* @@ -1032,6 +1216,14 @@ struct slap_backend_db { #define be_attribute bd_info->bi_acl_attribute #define be_operational bd_info->bi_operational +/* + * define to honor hasSubordinates operational attribute in search filters + * (in previous use there was a flaw with back-bdb and back-ldbm; now it + * is fixed). + */ + +#define be_has_subordinates bd_info->bi_has_subordinates + #define be_controls bd_info->bi_controls #define be_connection_init bd_info->bi_connection_init @@ -1076,7 +1268,7 @@ struct slap_backend_db { #define SLAP_RESTRICT_OP_SEARCH 0x0080U #define SLAP_RESTRICT_OP_READS \ - ( SLAP_RESTRICT_OP_COMPARE \ + ( SLAP_RESTRICT_OP_COMPARE \ | SLAP_RESTRICT_OP_SEARCH ) #define SLAP_RESTRICT_OP_WRITES \ ( SLAP_RESTRICT_OP_ADD \ @@ -1086,15 +1278,21 @@ struct slap_backend_db { #define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */ #define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */ -#define SLAP_ALLOW_BIND_ANON_DN 0x0003U /* dn should be empty */ +#define SLAP_ALLOW_BIND_ANON_DN 0x0004U /* dn should be empty */ + +#define SLAP_ALLOW_UPDATE_ANON 0x0008U /* allow anonymous updates */ #define SLAP_DISALLOW_BIND_ANON 0x0001U /* no anonymous */ #define SLAP_DISALLOW_BIND_SIMPLE 0x0002U /* simple authentication */ -#define SLAP_DISALLOW_BIND_KRBV4 0x0004U /* Kerberos V4 authentication */ +#define SLAP_DISALLOW_BIND_SIMPLE_UNPROTECTED \ + 0x0004U /* unprotected simple auth */ +#define SLAP_DISALLOW_BIND_KRBV4 0x0008U /* Kerberos V4 authentication */ #define SLAP_DISALLOW_TLS_2_ANON 0x0010U /* StartTLS -> Anonymous */ #define SLAP_DISALLOW_TLS_AUTHC 0x0020U /* TLS while authenticated */ +#define SLAP_DISALLOW_AUX_WO_CR 0x4000U + slap_mask_t be_requires; /* pre-operation requirements */ #define SLAP_REQUIRE_BIND 0x0001U /* bind before op */ #define SLAP_REQUIRE_LDAP_V3 0x0002U /* LDAPv3 before op */ @@ -1106,13 +1304,15 @@ struct slap_backend_db { slap_ssf_set_t be_ssf_set; /* these should be renamed from be_ to bd_ */ - struct berval **be_suffix; /* the DN suffixes of data in this backend */ - struct berval **be_nsuffix; /* the normalized DN suffixes in this backend */ - struct berval **be_suffixAlias; /* pairs of DN suffix aliases and deref values */ + BerVarray be_suffix; /* the DN suffixes of data in this backend */ + BerVarray be_nsuffix; /* the normalized DN suffixes in this backend */ + BerVarray be_suffixAlias; /* pairs of DN suffix aliases and deref values */ + struct berval be_schemadn; /* per-backend subschema subentry DN */ + struct berval be_schemandn; /* normalized subschema DN */ struct berval be_rootdn; /* the magic "root" name (DN) for this db */ struct berval be_rootndn; /* the magic "root" normalized name (DN) for this db */ struct berval be_rootpw; /* the magic "root" password for this db */ - unsigned int be_max_deref_depth; /* limit for depth of an alias deref */ + unsigned int be_max_deref_depth; /* limit for depth of an alias deref */ #define be_sizelimit be_def_limit.lms_s_soft #define be_timelimit be_def_limit.lms_t_soft struct slap_limits_set be_def_limit; /* default limits */ @@ -1124,8 +1324,9 @@ struct slap_backend_db { struct berval be_update_ndn; /* allowed to make changes (in replicas) */ BerVarray be_update_refs; /* where to refer modifying clients to */ char *be_realm; - void *be_private; /* anything the backend database needs */ + + void *be_pb; /* Netscape plugin */ }; struct slap_conn; @@ -1186,13 +1387,13 @@ typedef int (BI_op_abandon) LDAP_P((BackendDB *bd, ber_int_t msgid)); typedef int (BI_op_extended) LDAP_P(( - BackendDB *be, - struct slap_conn *conn, - struct slap_op *op, + BackendDB *be, + struct slap_conn *conn, + struct slap_op *op, const char *reqoid, - struct berval * reqdata, + struct berval * reqdata, char **rspoid, - struct berval ** rspdata, + struct berval ** rspdata, LDAPControl *** rspctrls, const char ** text, BerVarray *refs )); @@ -1224,6 +1425,10 @@ typedef int (BI_operational) LDAP_P((Backend *bd, struct slap_conn *c, struct slap_op *o, Entry *e, AttributeName *attrs, int opattrs, Attribute **a )); +typedef int (BI_has_subordinates) LDAP_P((Backend *bd, + struct slap_conn *c, struct slap_op *o, + Entry *e, int *has_subordinates )); + typedef int (BI_connection_init) LDAP_P((BackendDB *bd, struct slap_conn *c)); typedef int (BI_connection_destroy) LDAP_P((BackendDB *bd, @@ -1317,6 +1522,7 @@ struct slap_backend_info { BI_acl_attribute *bi_acl_attribute; BI_operational *bi_operational; + BI_has_subordinates *bi_has_subordinates; BI_connection_init *bi_connection_init; BI_connection_destroy *bi_connection_destroy; @@ -1358,9 +1564,6 @@ struct slap_backend_info { #define o_tls_ssf o_authz.sai_tls_ssf #define o_sasl_ssf o_authz.sai_sasl_ssf -struct slap_op; -struct slap_conn; - typedef void (slap_response)( struct slap_conn *, struct slap_op *, ber_tag_t, ber_int_t, ber_int_t, const char *, const char *, BerVarray, const char *, struct berval *, @@ -1380,27 +1583,97 @@ typedef struct slap_callback { void *sc_private; } slap_callback; +/* + * Paged Results state + */ +typedef unsigned long PagedResultsCookie; +typedef struct slap_paged_state { + Backend *ps_be; + PagedResultsCookie ps_cookie; + ID ps_id; +} PagedResultsState; + + +#ifdef LDAP_CLIENT_UPDATE +#define LCUP_PSEARCH_BY_ADD 0x01 +#define LCUP_PSEARCH_BY_DELETE 0x02 +#define LCUP_PSEARCH_BY_PREMODIFY 0x03 +#define LCUP_PSEARCH_BY_MODIFY 0x04 +#define LCUP_PSEARCH_BY_SCOPEOUT 0x05 + +struct lcup_search_spec { + struct slap_op *op; + struct berval *base; + struct berval *nbase; + int scope; + int deref; + int slimit; + int tlimit; + Filter *filter; + struct berval *filterstr; + AttributeName *attrs; + int attrsonly; + struct lcup_entry *elist; + ldap_pvt_thread_mutex_t elist_mutex; + int entry_count; + LDAP_LIST_ENTRY(lcup_search_spec) link; +}; + +struct psid_entry { + struct lcup_search_spec* ps; + LDAP_LIST_ENTRY(psid_entry) link; +}; +#endif /* LDAP_CLIENT_UPDATE */ + + /* * represents an operation pending from an ldap client */ typedef struct slap_op { - ber_int_t o_opid; /* id of this operation */ - ber_int_t o_msgid; /* msgid of the request */ + unsigned long o_opid; /* id of this operation */ + unsigned long o_connid; /* id of conn initiating this op */ + struct slap_conn *o_conn; /* connection spawning this op */ + + ber_int_t o_msgid; /* msgid of the request */ ber_int_t o_protocol; /* version of the LDAP protocol used by client */ - ber_tag_t o_tag; /* tag of the request */ - time_t o_time; /* time op was initiated */ - unsigned long o_connid; /* id of conn initiating this op */ - ldap_pvt_thread_t o_tid; /* thread handling this op */ + ber_tag_t o_tag; /* tag of the request */ + time_t o_time; /* time op was initiated */ + + char * o_extendedop; /* extended operation OID */ + + ldap_pvt_thread_t o_tid; /* thread handling this op */ + + volatile sig_atomic_t o_abandon; /* abandon flag */ + + char o_do_not_cache; /* don't cache from this op */ #define SLAP_NO_CONTROL 0 #define SLAP_NONCRITICAL_CONTROL 1 #define SLAP_CRITICAL_CONTROL 2 char o_managedsait; + char o_noop; + char o_proxy_authz; char o_subentries; char o_subentries_visibility; - - int o_abandon; /* abandon flag */ - ldap_pvt_thread_mutex_t o_abandonmutex; /* protects o_abandon */ + char o_valuesreturnfilter; + + char o_pagedresults; + ber_int_t o_pagedresults_size; + PagedResultsState o_pagedresults_state; + +#ifdef LDAP_CLIENT_UPDATE + char o_clientupdate; + char o_clientupdate_type; +#define SLAP_LCUP_NONE (0x0) +#define SLAP_LCUP_SYNC (0x1) +#define SLAP_LCUP_PERSIST (0x2) +#define SLAP_LCUP_SYNC_AND_PERSIST (0x3) + ber_int_t o_clientupdate_interval; + struct berval o_clientupdate_state; + LDAP_LIST_HEAD(lss, lcup_search_spec) psearch_spec; + LDAP_LIST_HEAD(pe, psid_entry) premodify_list; + LDAP_LIST_ENTRY(slap_op) link; +#endif /* LDAP_CLIENT_UPDATE */ #ifdef LDAP_CONNECTIONLESS Sockaddr o_peeraddr; /* UDP peer address */ @@ -1411,28 +1684,111 @@ typedef struct slap_op { slap_callback *o_callback; /* callback pointers */ LDAPControl **o_ctrls; /* controls */ + void *o_threadctx; /* thread pool thread context */ void *o_private; /* anything the backend needs */ LDAP_STAILQ_ENTRY(slap_op) o_next; /* next operation in list */ + ValuesReturnFilter *vrFilter; /* Structure represents ValuesReturnFilter */ + + void *o_pb; /* Netscape plugin */ + } Operation; #define get_manageDSAit(op) ((int)(op)->o_managedsait) #define get_subentries(op) ((int)(op)->o_subentries) #define get_subentries_visibility(op) ((int)(op)->o_subentries_visibility) +#define get_pagedresults(op) ((int)(op)->o_pagedresults) + + + +typedef void (*SEND_LDAP_RESULT)( + struct slap_conn *conn, + struct slap_op *op, + ber_int_t err, + const char *matched, + const char *text, + BerVarray ref, + LDAPControl **ctrls + ); + +#define send_ldap_result( conn, op, err, matched, text, ref, ctrls ) \ +(*conn->c_send_ldap_result)( conn, op, err, matched, text, ref, ctrls ) + + +typedef int (*SEND_SEARCH_ENTRY)( + struct slap_backend_db *be, + struct slap_conn *conn, + struct slap_op *op, + struct slap_entry *e, + AttributeName *attrs, + int attrsonly, + LDAPControl **ctrls + ); + +#define send_search_entry( be, conn, op, e, attrs, attrsonly, ctrls) \ +(*conn->c_send_search_entry)( be, conn, op, e, attrs, attrsonly, ctrls) + + +typedef void (*SEND_SEARCH_RESULT)( + struct slap_conn *conn, + struct slap_op *op, + ber_int_t err, + const char *matched, + const char *text, + BerVarray refs, + LDAPControl **ctrls, + int nentries + ); + +#define send_search_result( conn, op, err, matched, text, refs, ctrls, nentries ) \ +(*conn->c_send_search_result)( conn, op, err, matched, text, refs, ctrls, nentries ) + + +typedef int (*SEND_SEARCH_REFERENCE)( + struct slap_backend_db *be, + struct slap_conn *conn, + struct slap_op *op, + struct slap_entry *e, + BerVarray refs, + LDAPControl **ctrls, + BerVarray *v2refs + ); + +#define send_search_reference( be, conn, op, e, refs, ctrls, v2refs ) \ +(*conn->c_send_search_reference)( be, conn, op, e, refs, ctrls, v2refs ) + + +typedef void (*SEND_LDAP_EXTENDED)( + struct slap_conn *conn, + struct slap_op *op, + ber_int_t err, + const char *matched, + const char *text, + BerVarray refs, + const char *rspoid, + struct berval *rspdata, + LDAPControl **ctrls + ); + +#define send_ldap_extended( conn, op, err, matched, text, refs, rspoid, rspdata, ctrls) \ +(*conn->c_send_ldap_extended)( conn, op, err, matched, text, refs, rspoid, rspdata, ctrls ) + /* * Caches the result of a backend_group check for ACL evaluation */ typedef struct slap_gacl { - struct slap_gacl *next; - Backend *be; - ObjectClass *oc; - AttributeDescription *at; - int res; - ber_len_t len; - char ndn[1]; + struct slap_gacl *ga_next; + Backend *ga_be; + ObjectClass *ga_oc; + AttributeDescription *ga_at; + int ga_res; + ber_len_t ga_len; + char ga_ndn[1]; } GroupAssertion; +typedef struct slap_listener Listener; + /* * represents a connection from an ldap client */ @@ -1448,20 +1804,18 @@ typedef struct slap_conn { time_t c_activitytime; /* when the connection was last used */ unsigned long c_connid; /* id of this connection for stats*/ - char *c_listener_url; /* listener URL */ - char *c_peer_domain; /* DNS name of client */ - char *c_peer_name; /* peer name (trans=addr:port) */ - char *c_sock_name; /* sock name (trans=addr:port) */ + struct berval c_peer_domain; /* DNS name of client */ + struct berval c_peer_name; /* peer name (trans=addr:port) */ + Listener *c_listener; +#define c_listener_url c_listener->sl_url /* listener URL */ +#define c_sock_name c_listener->sl_name /* sock name (trans=addr:port) */ /* only can be changed by binding thread */ int c_sasl_bind_in_progress; /* multi-op bind in progress */ - char *c_sasl_bind_mech; /* mech in progress */ - struct berval c_cdn; - - /* authentication backend */ - Backend *c_authc_backend; + struct berval c_sasl_bind_mech; /* mech in progress */ + struct berval c_sasl_dn; /* temporary storage */ - /* authorization backend - normally same as c_authc_backend */ + /* authorization backend */ Backend *c_authz_backend; AuthorizationInformation c_authz; @@ -1488,15 +1842,32 @@ typedef struct slap_conn { int c_sasl_layers; /* true if we need to install SASL i/o handlers */ void *c_sasl_context; /* SASL session context */ void *c_sasl_extra; /* SASL session extra stuff */ + struct slap_op *c_sasl_bindop; /* set to current op if it's a bind */ - long c_n_ops_received; /* num of ops received (next op_id) */ + PagedResultsState c_pagedresults_state; /* paged result state */ + + long c_n_ops_received; /* num of ops received (next op_id) */ long c_n_ops_executing; /* num of ops currently executing */ - long c_n_ops_pending; /* num of ops pending execution */ + long c_n_ops_pending; /* num of ops pending execution */ long c_n_ops_completed; /* num of ops completed */ long c_n_get; /* num of get calls */ long c_n_read; /* num of read calls */ long c_n_write; /* num of write calls */ + + void *c_pb; /* Netscape plugin */ + + /* + * These are the "callbacks" that are available for back-ends to + * supply data back to connected clients that are connected + * through the "front-end". + */ + SEND_LDAP_RESULT c_send_ldap_result; + SEND_SEARCH_ENTRY c_send_search_entry; + SEND_SEARCH_RESULT c_send_search_result; + SEND_SEARCH_REFERENCE c_send_search_reference; + SEND_LDAP_EXTENDED c_send_ldap_extended; + } Connection; #if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG) @@ -1506,36 +1877,36 @@ typedef struct slap_conn { fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ if ( ldap_syslog & (level) ) \ syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \ - (arg2), (arg3) ); \ + (arg2), (arg3) ); \ } while (0) +#define StatslogTest( level ) ((ldap_debug | ldap_syslog) & (level)) +#elif defined(LDAP_DEBUG) +#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ + do { \ + if ( ldap_debug & (level) ) \ + fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\ + } while (0) +#define StatslogTest( level ) (ldap_debug & (level)) +#elif defined(LDAP_SYSLOG) +#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) \ + do { \ + if ( ldap_syslog & (level) ) \ + syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \ + (arg2), (arg3) ); \ + } while (0) +#define StatslogTest( level ) (ldap_syslog & (level)) #else #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 ) +#define StatslogTest( level ) (0) #endif - -#define SASLREGEX_REPLACE 10 -#define SASL_AUTHZ_SOURCE_ATTR "saslAuthzTo" -#define SASL_AUTHZ_DEST_ATTR "saslAuthzFrom" - -typedef struct sasl_regexp { - char *match; /* regexp match pattern */ - char *replace; /* regexp replace pattern */ - regex_t workspace; /* workspace for regexp engine */ - regmatch_t strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */ - int offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */ -} SaslRegexp_t; - -/* Flags for telling slap_sasl_getdn() what type of identity is being passed */ -#define FLAG_GETDN_FINAL 1 -#define FLAG_GETDN_AUTHCID 2 -#define FLAG_GETDN_AUTHZID 4 - /* * listener; need to access it from monitor backend */ -typedef struct slap_listener { - char* sl_url; - char* sl_name; +struct slap_listener { + struct berval sl_url; + struct berval sl_name; + mode_t sl_perms; #ifdef HAVE_TLS int sl_is_tls; #endif @@ -1545,7 +1916,42 @@ typedef struct slap_listener { ber_socket_t sl_sd; Sockaddr sl_sa; #define sl_addr sl_sa.sa_in_addr -} Listener; +}; + +#ifdef SLAPD_MONITOR +/* + * Operation indices + */ +enum { + SLAP_OP_BIND = 0, + SLAP_OP_UNBIND, + SLAP_OP_ADD, + SLAP_OP_DELETE, + SLAP_OP_MODRDN, + SLAP_OP_MODIFY, + SLAP_OP_COMPARE, + SLAP_OP_SEARCH, + SLAP_OP_ABANDON, + SLAP_OP_EXTENDED, + SLAP_OP_LAST +}; +#endif /* SLAPD_MONITOR */ + +/* + * Better know these all around slapd + */ +#define SLAP_LDAPDN_PRETTY 0x1 +#define SLAP_LDAPDN_MAXLEN 8192 + +/* + * Macros for LCUP + */ +#ifdef LDAP_CLIENT_UPDATE +#define SLAP_LCUP_STATE_UPDATE_TRUE 1 +#define SLAP_LCUP_STATE_UPDATE_FALSE 0 +#define SLAP_LCUP_ENTRY_DELETED_TRUE 1 +#define SLAP_LCUP_ENTRY_DELETED_FALSE 0 +#endif /* LDAP_CLIENT_UPDATE */ LDAP_END_DECL