X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslap.h;h=f1d55cab3628a8fc53bd71f9cdea230a4bc91e7a;hb=5631f25839a4a83521993639a96909267ea7bce6;hp=b4e7e187a32fac1895021e72285ca185d78951cb;hpb=bf110af72358faeec77524b197417dcea85dd28e;p=openldap diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index b4e7e187a3..f1d55cab36 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -71,11 +71,18 @@ LDAP_BEGIN_DECL #define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE #define SLAPD_CONF_UNKNOWN_BAILOUT +#define SLAP_ORDERED_PRETTYNORM +#define SLAP_AUTHZ_SYNTAX + #ifdef ENABLE_REWRITE #define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */ #endif #endif +#if defined(LDAP_SLAPI) && !defined(SLAP_OVERLAY_ACCESS) +#define SLAP_OVERLAY_ACCESS +#endif + /* * ITS#3705: bail out if unknown config directives appear in slapd.conf */ @@ -1145,7 +1152,13 @@ typedef struct slap_entry { * A list of LDAPMods */ typedef struct slap_mod { - int sm_op; + short sm_op; + short sm_flags; +/* Set for internal mods, will bypass ACL checks. Only needed when + * running as non-root user, for user modifiable attributes. + */ +#define SLAP_MOD_INTERNAL 0x01 + AttributeDescription *sm_desc; struct berval sm_type; BerVarray sm_values; @@ -1155,6 +1168,7 @@ typedef struct slap_mod { typedef struct slap_mod_list { Modification sml_mod; #define sml_op sml_mod.sm_op +#define sml_flags sml_mod.sm_flags #define sml_desc sml_mod.sm_desc #define sml_type sml_mod.sm_type #define sml_values sml_mod.sm_values @@ -1433,6 +1447,7 @@ typedef struct slap_acl { regex_t acl_dn_re; struct berval acl_dn_pat; AttributeName *acl_attrs; + MatchingRule *acl_attrval_mr; slap_style_t acl_attrval_style; regex_t acl_attrval_re; struct berval acl_attrval; @@ -1977,6 +1992,12 @@ typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e, AttributeDescription *desc, struct berval *val, slap_access_t access, AccessControlState *state, slap_mask_t *maskp )); +typedef int (BI_acl_group) LDAP_P(( struct slap_op *op, Entry *target, + struct berval *gr_ndn, struct berval *op_ndn, + ObjectClass *group_oc, AttributeDescription *group_at )); +typedef int (BI_acl_attribute) LDAP_P(( struct slap_op *op, Entry *target, + struct berval *entry_ndn, AttributeDescription *entry_at, + BerVarray *vals, slap_access_t access )); #endif /* SLAP_OVERLAY_ACCESS */ typedef int (BI_connection_init) LDAP_P(( BackendDB *bd, @@ -2079,6 +2100,8 @@ struct slap_backend_info { BI_has_subordinates *bi_has_subordinates; #ifdef SLAP_OVERLAY_ACCESS BI_access_allowed *bi_access_allowed; + BI_acl_group *bi_acl_group; + BI_acl_attribute *bi_acl_attribute; #endif /* SLAP_OVERLAY_ACCESS */ BI_connection_init *bi_connection_init; @@ -2103,6 +2126,7 @@ struct slap_backend_info { slap_mask_t bi_flags; /* backend flags */ #define SLAP_BFLAG_MONITOR 0x0001U /* a monitor backend */ #define SLAP_BFLAG_CONFIG 0x0002U /* a config backend */ +#define SLAP_BFLAG_FRONTEND 0x0004U /* the frontendDB */ #define SLAP_BFLAG_NOLASTMODCMD 0x0010U #define SLAP_BFLAG_INCREMENT 0x0100U #define SLAP_BFLAG_ALIASES 0x1000U @@ -2113,6 +2137,7 @@ struct slap_backend_info { #define SLAP_BFLAGS(be) ((be)->bd_info->bi_flags) #define SLAP_MONITOR(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_MONITOR) #define SLAP_CONFIG(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_CONFIG) +#define SLAP_FRONTEND(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_FRONTEND) #define SLAP_INCREMENT(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_INCREMENT) #define SLAP_ALIASES(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_ALIASES) #define SLAP_REFERRALS(be) (SLAP_BFLAGS(be) & SLAP_BFLAG_REFERRALS) @@ -2159,6 +2184,24 @@ typedef struct slap_callback { struct slap_overinfo; +typedef enum slap_operation_e { + op_bind = 0, + op_unbind, + op_search, + op_compare, + op_modify, + op_modrdn, + op_add, + op_delete, + op_abandon, + op_cancel, + op_extended, + op_aux_operational, + op_aux_chk_referrals, + op_aux_chk_controls, + op_last +} slap_operation_t; + typedef struct slap_overinst { BackendInfo on_bi; slap_response *on_response; @@ -2252,7 +2295,6 @@ typedef struct slap_op_header { char oh_log_prefix[sizeof("conn=18446744073709551615 op=18446744073709551615")]; #ifdef LDAP_SLAPI - void *oh_pb; /* NS-SLAPI plugin */ void *oh_extensions; /* NS-SLAPI plugin */ #endif } Opheader; @@ -2277,13 +2319,9 @@ typedef struct slap_op { #define o_log_prefix o_hdr->oh_log_prefix -#ifdef LDAP_SLAPI -#define o_pb o_hdr->oh_pb -#define o_extensions o_hdr->oh_extensions -#endif - ber_tag_t o_tag; /* tag of the request */ time_t o_time; /* time op was initiated */ + int o_tincr; /* counter for multiple ops with same o_time */ BackendDB *o_bd; /* backend DB processing this op */ struct berval o_req_dn; /* DN of target of request */ @@ -2360,6 +2398,8 @@ typedef struct slap_op { char o_nocaching; char o_delete_glue_parent; + char o_no_schema_check; +#define get_no_schema_check(op) ((op)->o_no_schema_check) #define SLAP_CONTROL_NONE 0 #define SLAP_CONTROL_IGNORED 1 @@ -2418,7 +2458,7 @@ typedef struct slap_op { #define get_domainScope(op) (0) #endif -#ifdef LDAP_CONTROL_X_TREE_DELETE +#ifdef SLAP_CONTROL_X_TREE_DELETE #define o_tree_delete o_ctrlflag[slap_cids.sc_treeDelete] #define get_treeDelete(op) ((int)(op)->o_tree_delete) #else