X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=f1d55cab3628a8fc53bd71f9cdea230a4bc91e7a;hb=5631f25839a4a83521993639a96909267ea7bce6;hp=16ed4a632c3f3a3cb8de87554982adb68cf1376c;hpb=2544a320b9bd5aaef02c0676ce753eabbe182b1d;p=openldap

diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 16ed4a632c..f1d55cab36 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -71,11 +71,18 @@ LDAP_BEGIN_DECL
 #define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE
 #define SLAPD_CONF_UNKNOWN_BAILOUT
 
+#define SLAP_ORDERED_PRETTYNORM
+#define SLAP_AUTHZ_SYNTAX
+
 #ifdef ENABLE_REWRITE
 #define SLAP_AUTH_REWRITE	1 /* use librewrite for sasl-regexp */
 #endif
 #endif
 
+#if defined(LDAP_SLAPI) && !defined(SLAP_OVERLAY_ACCESS)
+#define SLAP_OVERLAY_ACCESS
+#endif
+
 /*
  * ITS#3705: bail out if unknown config directives appear in slapd.conf
  */
@@ -658,20 +665,23 @@ typedef struct slap_attribute_type {
 	AttributeTypeSchemaCheckFN	*sat_check;
 	char					*sat_oidmacro;
 
-#define SLAP_AT_NONE		0x0000U
-#define SLAP_AT_ABSTRACT	0x0100U /* cannot be instantiated */
-#define SLAP_AT_FINAL		0x0200U /* cannot be subtyped */
+#define SLAP_AT_NONE			0x0000U
+#define SLAP_AT_ABSTRACT		0x0100U /* cannot be instantiated */
+#define SLAP_AT_FINAL			0x0200U /* cannot be subtyped */
 #ifdef LDAP_DEVEL
-#define SLAP_AT_HIDE		0x0000U /* publish everything */
+#define SLAP_AT_HIDE			0x0000U /* publish everything */
 #else
-#define SLAP_AT_HIDE		0x8000U /* hide attribute */
+#define SLAP_AT_HIDE			0x8000U /* hide attribute */
 #endif
-#define	SLAP_AT_DYNAMIC		0x0400U	/* dynamically generated */
+#define	SLAP_AT_DYNAMIC			0x0400U	/* dynamically generated */
+
+#define SLAP_AT_MANAGEABLE		0x0800U	/* no-user-mod can be by-passed */
 
 #define	SLAP_AT_ORDERED_VAL		0x0001U /* values are ordered */
 #define	SLAP_AT_ORDERED_SIB		0x0002U /* siblings are ordered */
-#define	SLAP_AT_ORDERED		0x0003U /* value has order index */
-#define	SLAP_AT_HARDCODE	0x10000U	/* This is hardcoded schema */
+#define	SLAP_AT_ORDERED			0x0003U /* value has order index */
+
+#define	SLAP_AT_HARDCODE	0x10000U	/* hardcoded schema */
 
 	slap_mask_t					sat_flags;
 
@@ -1142,7 +1152,13 @@ typedef struct slap_entry {
  * A list of LDAPMods
  */
 typedef struct slap_mod {
-	int sm_op;
+	short sm_op;
+	short sm_flags;
+/* Set for internal mods, will bypass ACL checks. Only needed when
+ * running as non-root user, for user modifiable attributes.
+ */
+#define	SLAP_MOD_INTERNAL	0x01
+
 	AttributeDescription *sm_desc;
 	struct berval sm_type;
 	BerVarray sm_values;
@@ -1152,6 +1168,7 @@ typedef struct slap_mod {
 typedef struct slap_mod_list {
 	Modification sml_mod;
 #define sml_op		sml_mod.sm_op
+#define sml_flags	sml_mod.sm_flags
 #define sml_desc	sml_mod.sm_desc
 #define	sml_type	sml_mod.sm_type
 #define sml_values	sml_mod.sm_values
@@ -1181,6 +1198,9 @@ typedef enum slap_access_e {
 	ACL_WRITE,
 	ACL_MANAGE,
 
+	/* always leave at end of levels but not greater than ACL_LEVEL_MASK */
+	ACL_LAST,
+
 	/* ACL level mask and modifiers */
 	ACL_LEVEL_MASK = 0x000f,
 	ACL_QUALIFIER1 = 0x0100,
@@ -1299,7 +1319,7 @@ typedef struct slap_access {
 #define ACL_PRIV_MANAGE			ACL_ACCESS2PRIV( ACL_MANAGE )
 
 /* NOTE: always use the highest level; current: 0x00ffUL */
-#define ACL_PRIV_MASK			((ACL_PRIV_MANAGE - 1) | ACL_QUALIFIER_MASK)
+#define ACL_PRIV_MASK			((ACL_ACCESS2PRIV(ACL_LAST) - 1) | ACL_QUALIFIER_MASK)
 
 /* priv flags */
 #define ACL_PRIV_LEVEL			0x1000UL
@@ -1427,6 +1447,7 @@ typedef struct slap_acl {
 	regex_t		acl_dn_re;
 	struct berval	acl_dn_pat;
 	AttributeName	*acl_attrs;
+	MatchingRule	*acl_attrval_mr;
 	slap_style_t	acl_attrval_style;
 	regex_t		acl_attrval_re;
 	struct berval	acl_attrval;
@@ -1487,9 +1508,10 @@ LDAP_SLAPD_V (int) slapMode;
 #define	SLAP_TOOL_READONLY	0x0400
 #define	SLAP_TOOL_QUICK		0x0800
 
+#define SB_TLS_DEFAULT		(-1)
 #define SB_TLS_OFF		0
 #define SB_TLS_ON		1
-#define SB_TLS_CRITICAL	2
+#define SB_TLS_CRITICAL		2
 
 typedef struct slap_bindconf {
 	int sb_tls;
@@ -1514,7 +1536,7 @@ struct slap_replica_info {
 
 typedef struct slap_verbmasks {
 	struct berval word;
-	const int mask;
+	const slap_mask_t mask;
 } slap_verbmasks;
 
 #define SLAP_LIMIT_TIME	1
@@ -1970,6 +1992,12 @@ typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op,
 typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e,
 	AttributeDescription *desc, struct berval *val, slap_access_t access,
 	AccessControlState *state, slap_mask_t *maskp ));
+typedef int (BI_acl_group) LDAP_P(( struct slap_op *op, Entry *target,
+	struct berval *gr_ndn, struct berval *op_ndn,
+	ObjectClass *group_oc, AttributeDescription *group_at ));
+typedef int (BI_acl_attribute) LDAP_P(( struct slap_op *op, Entry *target,
+	struct berval *entry_ndn, AttributeDescription *entry_at,
+	BerVarray *vals, slap_access_t access ));
 #endif /* SLAP_OVERLAY_ACCESS */
 
 typedef int (BI_connection_init) LDAP_P(( BackendDB *bd,
@@ -2072,6 +2100,8 @@ struct slap_backend_info {
 	BI_has_subordinates	*bi_has_subordinates;
 #ifdef SLAP_OVERLAY_ACCESS
 	BI_access_allowed	*bi_access_allowed;
+	BI_acl_group		*bi_acl_group;
+	BI_acl_attribute	*bi_acl_attribute;
 #endif /* SLAP_OVERLAY_ACCESS */
 
 	BI_connection_init	*bi_connection_init;
@@ -2096,6 +2126,7 @@ struct slap_backend_info {
 	slap_mask_t	bi_flags; /* backend flags */
 #define SLAP_BFLAG_MONITOR			0x0001U /* a monitor backend */
 #define SLAP_BFLAG_CONFIG			0x0002U /* a config backend */
+#define SLAP_BFLAG_FRONTEND			0x0004U /* the frontendDB */
 #define SLAP_BFLAG_NOLASTMODCMD		0x0010U
 #define SLAP_BFLAG_INCREMENT		0x0100U
 #define SLAP_BFLAG_ALIASES			0x1000U
@@ -2106,6 +2137,7 @@ struct slap_backend_info {
 #define SLAP_BFLAGS(be)		((be)->bd_info->bi_flags)
 #define SLAP_MONITOR(be)	(SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR)
 #define SLAP_CONFIG(be)		(SLAP_BFLAGS(be) & SLAP_BFLAG_CONFIG)
+#define SLAP_FRONTEND(be)	(SLAP_BFLAGS(be) & SLAP_BFLAG_FRONTEND)
 #define SLAP_INCREMENT(be)	(SLAP_BFLAGS(be) & SLAP_BFLAG_INCREMENT)
 #define SLAP_ALIASES(be)	(SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES)
 #define SLAP_REFERRALS(be)	(SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS)
@@ -2152,6 +2184,24 @@ typedef struct slap_callback {
 
 struct slap_overinfo;
 
+typedef enum slap_operation_e {
+	op_bind = 0,
+	op_unbind,
+	op_search,
+	op_compare,
+	op_modify,
+	op_modrdn,
+	op_add,
+	op_delete,
+	op_abandon,
+	op_cancel,
+	op_extended,
+	op_aux_operational,
+	op_aux_chk_referrals,
+	op_aux_chk_controls,
+	op_last
+} slap_operation_t;
+
 typedef struct slap_overinst {
 	BackendInfo on_bi;
 	slap_response *on_response;
@@ -2208,6 +2258,7 @@ struct slap_control_ids {
 	int sc_preRead;
 	int sc_postRead;
 	int sc_proxyAuthz;
+	int sc_manageDIT;
 	int sc_manageDSAit;
 	int sc_modifyIncrement;
 	int sc_noOp;
@@ -2244,7 +2295,6 @@ typedef struct slap_op_header {
 	char		oh_log_prefix[sizeof("conn=18446744073709551615 op=18446744073709551615")];
 
 #ifdef LDAP_SLAPI
-	void    *oh_pb;                  /* NS-SLAPI plugin */
 	void	*oh_extensions;		/* NS-SLAPI plugin */
 #endif
 } Opheader;
@@ -2269,13 +2319,9 @@ typedef struct slap_op {
 
 #define o_log_prefix o_hdr->oh_log_prefix
 
-#ifdef LDAP_SLAPI
-#define o_pb o_hdr->oh_pb
-#define o_extensions o_hdr->oh_extensions
-#endif
-
 	ber_tag_t	o_tag;		/* tag of the request */
 	time_t		o_time;		/* time op was initiated */
+	int			o_tincr;	/* counter for multiple ops with same o_time */
 
 	BackendDB	*o_bd;	/* backend DB processing this op */
 	struct berval	o_req_dn;	/* DN of target of request */
@@ -2350,6 +2396,11 @@ typedef struct slap_op {
 	char o_do_not_cache;	/* don't cache groups from this op */
 	char o_is_auth_check;	/* authorization in progress */
 
+	char o_nocaching;
+	char o_delete_glue_parent;
+	char o_no_schema_check;
+#define get_no_schema_check(op)			((op)->o_no_schema_check)
+
 #define SLAP_CONTROL_NONE	0
 #define SLAP_CONTROL_IGNORED	1
 #define SLAP_CONTROL_NONCRITICAL 2
@@ -2369,6 +2420,9 @@ typedef struct slap_op {
 	char o_ctrlflag[SLAP_MAX_CIDS];	/* per-control flags */
 	void **o_controls;		/* per-control state */
 
+#define o_managedit				o_ctrlflag[slap_cids.sc_manageDIT]
+#define get_manageDIT(op)		_SCM((op)->o_managedit)
+
 #define o_managedsait	o_ctrlflag[slap_cids.sc_manageDSAit]
 #define get_manageDSAit(op)				_SCM((op)->o_managedsait)
 
@@ -2404,7 +2458,7 @@ typedef struct slap_op {
 #define get_domainScope(op)				(0)
 #endif
 
-#ifdef LDAP_CONTROL_X_TREE_DELETE
+#ifdef SLAP_CONTROL_X_TREE_DELETE
 #define	o_tree_delete	o_ctrlflag[slap_cids.sc_treeDelete]
 #define get_treeDelete(op)				((int)(op)->o_tree_delete)
 #else
@@ -2438,9 +2492,6 @@ typedef struct slap_op {
 
 	LDAP_STAILQ_ENTRY(slap_op)	o_next;	/* next operation in list	  */
 
-	int o_nocaching;
-	int	o_delete_glue_parent;
-
 } Operation;
 #define	OPERATION_BUFFER_SIZE	(sizeof(Operation)+sizeof(Opheader)+SLAP_MAX_CIDS*sizeof(void *))
 
@@ -2665,6 +2716,8 @@ typedef struct slap_counters_t {
 #define SLAP_CTRL_HIDE				0x80000000U
 #endif
 
+#define SLAP_CTRL_REQUIRES_ROOT		0x40000000U /* for ManageDIT */
+
 #define SLAP_CTRL_GLOBAL			0x00800000U
 #define SLAP_CTRL_GLOBAL_SEARCH		0x00010000U	/* for NOOP */