From 5a2909c06494d84d47e5c4584c6e589ad4b1a24d Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Wed, 17 Dec 2003 21:44:47 +0000 Subject: [PATCH] Sync with HEAD --- acconfig.h | 8 +- clients/tools/ldapdelete.c | 2 +- clients/tools/ldapmodify.c | 2 +- clients/tools/ldapmodrdn.c | 2 +- clients/tools/ldappasswd.c | 2 +- clients/tools/ldapwhoami.c | 2 +- configure | 2 +- doc/man/man5/slapd-meta.5 | 63 +++++--- include/ldap.h | 218 ++++++++++++++------------ libraries/libldap/error.c | 8 +- servers/slapd/acl.c | 2 +- servers/slapd/aclparse.c | 41 ++++- servers/slapd/ad.c | 25 +-- servers/slapd/add.c | 2 +- servers/slapd/back-monitor/database.c | 4 +- servers/slapd/backend.c | 2 +- servers/slapd/bind.c | 4 +- servers/slapd/compare.c | 2 +- servers/slapd/connection.c | 6 +- servers/slapd/delete.c | 2 +- servers/slapd/extended.c | 2 +- servers/slapd/modify.c | 14 +- servers/slapd/modrdn.c | 2 +- servers/slapd/operation.c | 4 +- servers/slapd/repl.c | 1 + servers/slapd/result.c | 84 +++++++--- servers/slapd/sasl.c | 4 +- servers/slapd/search.c | 2 +- servers/slapd/slapi/plugin.c | 2 +- servers/slapd/slapi/proto-slapi.h | 24 +-- servers/slapd/slapi/slapi_ext.c | 8 +- servers/slapd/slapi/slapi_pblock.c | 11 +- servers/slapd/slapi/slapi_utils.c | 30 ++-- 33 files changed, 352 insertions(+), 235 deletions(-) diff --git a/acconfig.h b/acconfig.h index 7c8889b6f4..3d40c40326 100644 --- a/acconfig.h +++ b/acconfig.h @@ -87,10 +87,6 @@ #define LDAP_NEEDS_PROTOTYPES 1 #endif -#ifdef HAVE_STDDEF_H -# include -#endif - #ifndef LDAP_REL_ENG #if (LDAP_VENDOR_VERSION == 000000) && !defined(LDAP_DEVEL) #define LDAP_DEVEL @@ -100,6 +96,10 @@ #endif #endif +#ifdef HAVE_STDDEF_H +# include +#endif + #ifdef HAVE_EBCDIC /* ASCII/EBCDIC converting replacements for stdio funcs * vsnprintf and snprintf are used too, but they are already diff --git a/clients/tools/ldapdelete.c b/clients/tools/ldapdelete.c index b0f13eac84..3225f36196 100644 --- a/clients/tools/ldapdelete.c +++ b/clients/tools/ldapdelete.c @@ -74,7 +74,7 @@ usage( void ) const char options[] = "r" - "cCd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z"; + "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z"; int handle_private_option( int i ) diff --git a/clients/tools/ldapmodify.c b/clients/tools/ldapmodify.c index c2c52aeb88..e6792fe485 100644 --- a/clients/tools/ldapmodify.c +++ b/clients/tools/ldapmodify.c @@ -134,7 +134,7 @@ usage( void ) const char options[] = "aFrS:" - "cCd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z"; + "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z"; int handle_private_option( int i ) diff --git a/clients/tools/ldapmodrdn.c b/clients/tools/ldapmodrdn.c index 8bf23c4205..4bb2b80f86 100644 --- a/clients/tools/ldapmodrdn.c +++ b/clients/tools/ldapmodrdn.c @@ -89,7 +89,7 @@ usage( void ) const char options[] = "rs:" - "cCd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z"; + "cd:D:e:f:h:H:IkKMnO:p:P:QR:U:vVw:WxX:y:Y:Z"; int handle_private_option( int i ) diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index 5151d6994d..0cc34d7c16 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -81,7 +81,7 @@ usage( void ) const char options[] = "a:As:St:T:" - "Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z"; + "d:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z"; int handle_private_option( int i ) diff --git a/clients/tools/ldapwhoami.c b/clients/tools/ldapwhoami.c index c4e613b4c2..abbf45b923 100644 --- a/clients/tools/ldapwhoami.c +++ b/clients/tools/ldapwhoami.c @@ -62,7 +62,7 @@ usage( void ) const char options[] = "" - "Cd:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z"; + "d:D:e:h:H:InO:p:QR:U:vVw:WxX:y:Y:Z"; int handle_private_option( int i ) diff --git a/configure b/configure index 45caf3004b..3497dce256 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # $OpenLDAP$ -# from OpenLDAP: pkg/ldap/configure.in,v 1.478.2.9 2003/12/01 00:58:21 kurt Exp +# from OpenLDAP: pkg/ldap/configure.in,v 1.478.2.10 2003/12/15 22:05:18 kurt Exp # This work is part of OpenLDAP Software . # diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5 index e05ddb835d..cef94103b0 100644 --- a/doc/man/man5/slapd-meta.5 +++ b/doc/man/man5/slapd-meta.5 @@ -679,15 +679,15 @@ been written: .fi .LP with the advantage of saving one rewrite pass ...) -.SH PROXY CACHE EXTENSION -The proxy cache extension to -.B meta -backend allows caching of LDAP search requests (queries). For an incoming query, the +.SH PROXY CACHE OVERLAY +The proxy cache overlay +allows caching of LDAP search requests (queries) in a local database. +For an incoming query, the proxy cache determines its corresponding \fBtemplate\fP. If the template was -specified as cacheable using the \fBaddtemplate\fP directive and the request is +specified as cacheable using the \fBproxytemplate\fP directive and the request is contained in a cached request, it is answered from the proxy cache. Otherwise, -the proxy cache obtains and caches results from target(s) specified by the -\fBuri\fP directive. +the search is performed as usual and cacheable search results are saved in the +cache for use in future queries. .LP A template is defined by a filter string and an index identifying a set of @@ -700,28 +700,39 @@ projected attributes correspond to a cacheable template. Examples of template st The following cache specific directives can be used to configure the proxy cache: .TP -.B cacheparams -The directive enables proxy caching in the \fBmeta\fP backend and sets general -cache parameters. Cache replacement is invoked when the cache size crosses the - bytes and continues till the cache size is greater than -bytes. should be equal to the number of following \fBattrset\fP +.B overlay proxycache +This directive adds the proxycache overlay to the current backend. The +proxycache overlay may be used with any backend but is intended for use +with the +.B ldap +and +.B meta +backends. +.TP +.B proxycache +The directive enables proxy caching in the current backend and sets general +cache parameters. A backend will be used internally to maintain +the cached entries. The chosen database will need to be configured as well, +as shown below. Cache replacement is invoked when the cache size grows to + entries and continues till the cache size drops below this size. + should be equal to the number of following \fBproxyattrset\fP directives. Queries are cached only if they correspond to a cacheable template -(specified by the \fBaddtemplate\fP directive) and the number of entries -returned is less than . Consistency check is performed every +(specified by the \fBproxytemplate\fP directive) and the number of entries +returned is less than . Consistency check is performed every duration (specified in secs). In each cycle queries with expired "time to live(\fBTTL\fP)" are removed. A sample cache configuration is: .LP .RS -cacheparams \fB10000 150000 1 50 100\fP +proxycache \fBbdb 10000 1 50 100\fP .RE .TP -.B attrset +.B proxyattrset Used to associate a set of attributes with an . Each attribute set is associated with an integer from 0 to -1. These indices are -used by the \fBaddtemplate\fP directive to define cacheable templates. +used by the \fBproxytemplate\fP directive to define cacheable templates. .TP -.B addtemplate +.B proxytemplate Specifies a cacheable template and "time to live" (in sec) of queries belonging to the template. @@ -730,10 +741,22 @@ The following adds a template with filter string (&sn=)(givenName=)) and attribu .LP .RS .nf -attrset \fB0 mail postaladdress telephonenumber\fP -addtemplate \fB(&(sn=)(givenName=)) 0 3600\fP +proxyattrset \fB0 mail postaladdress telephonenumber\fP +proxytemplate \fB(&(sn=)(givenName=)) 0 3600\fP +.fi +.RE +.LP +Directives for configuring the underlying database must also be given, as +shown here: +.LP +.RS +.nf +directory /var/tmp/cache +cachesize 100 .fi .RE +.LP +Any valid directives for the chosen database type may be used. .SH FILES .TP ETCDIR/slapd.conf diff --git a/include/ldap.h b/include/ldap.h index 3ad3d5de8f..50b5c821d1 100644 --- a/include/ldap.h +++ b/include/ldap.h @@ -74,39 +74,39 @@ LDAP_BEGIN_DECL #define LDAP_ROOT_DSE "" #define LDAP_NO_ATTRS "1.1" #define LDAP_ALL_USER_ATTRIBUTES "*" -#define LDAP_ALL_OPERATIONAL_ATTRIBUTES "+" /* OpenLDAP extension */ +#define LDAP_ALL_OPERATIONAL_ATTRIBUTES "+" /* RFC 3673 */ /* - * LDAP_OPTions defined by draft-ldapext-ldap-c-api-02 - * 0x0000 - 0x0fff reserved for api options - * 0x1000 - 0x3fff reserved for api extended options - * 0x4000 - 0x7fff reserved for private and experimental options + * LDAP_OPTions + * 0x0000 - 0x0fff reserved for api options + * 0x1000 - 0x3fff reserved for api extended options + * 0x4000 - 0x7fff reserved for private and experimental options */ + #define LDAP_OPT_API_INFO 0x0000 -#define LDAP_OPT_DESC 0x0001 /* deprecated */ +#define LDAP_OPT_DESC 0x0001 /* historic */ #define LDAP_OPT_DEREF 0x0002 #define LDAP_OPT_SIZELIMIT 0x0003 #define LDAP_OPT_TIMELIMIT 0x0004 -/* 0x05 - 0x07 not defined by current draft */ +/* 0x05 - 0x07 not defined */ #define LDAP_OPT_REFERRALS 0x0008 #define LDAP_OPT_RESTART 0x0009 -/* 0x0a - 0x10 not defined by current draft */ +/* 0x0a - 0x10 not defined */ #define LDAP_OPT_PROTOCOL_VERSION 0x0011 #define LDAP_OPT_SERVER_CONTROLS 0x0012 #define LDAP_OPT_CLIENT_CONTROLS 0x0013 -/* 0x14 not defined by current draft */ +/* 0x14 not defined */ #define LDAP_OPT_API_FEATURE_INFO 0x0015 - -/* 0x16 - 0x2f not defined by current draft */ +/* 0x16 - 0x2f not defined */ #define LDAP_OPT_HOST_NAME 0x0030 #define LDAP_OPT_RESULT_CODE 0x0031 #define LDAP_OPT_ERROR_NUMBER LDAP_OPT_RESULT_CODE #define LDAP_OPT_ERROR_STRING 0x0032 #define LDAP_OPT_MATCHED_DN 0x0033 +/* 0x0034 - 0x3fff not defined */ -/* 0x34 - 0x0fff not defined by current draft */ - -#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x4000 /* to 0x7FFF inclusive */ +/* API Extensions */ +#define LDAP_OPT_API_EXTENSION_BASE 0x4000 /* API extensions */ /* private and experimental options */ /* OpenLDAP specific options */ @@ -130,10 +130,10 @@ LDAP_BEGIN_DECL #define LDAP_OPT_X_TLS_RANDOM_FILE 0x6009 #define LDAP_OPT_X_TLS_SSL_CTX 0x600a -#define LDAP_OPT_X_TLS_NEVER 0 +#define LDAP_OPT_X_TLS_NEVER 0 #define LDAP_OPT_X_TLS_HARD 1 -#define LDAP_OPT_X_TLS_DEMAND 2 -#define LDAP_OPT_X_TLS_ALLOW 3 +#define LDAP_OPT_X_TLS_DEMAND 2 +#define LDAP_OPT_X_TLS_ALLOW 3 #define LDAP_OPT_X_TLS_TRY 4 /* OpenLDAP SASL options */ @@ -148,9 +148,8 @@ LDAP_BEGIN_DECL #define LDAP_OPT_X_SASL_SSF_MAX 0x6108 #define LDAP_OPT_X_SASL_MAXBUFSIZE 0x6109 -/* on/off values */ -#define LDAP_OPT_ON ((void *) &ber_pvt_opt_on) -#define LDAP_OPT_OFF ((void *) 0) +/* Private API Extensions -- reserved for application use */ +#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x7000 /* Private API inclusive */ /* * ldap_get_option() and ldap_set_option() return values. @@ -161,9 +160,13 @@ LDAP_BEGIN_DECL #define LDAP_OPT_SUCCESS 0 #define LDAP_OPT_ERROR (-1) -#define LDAP_API_INFO_VERSION (1) +/* option on/off values */ +#define LDAP_OPT_ON ((void *) &ber_pvt_opt_on) +#define LDAP_OPT_OFF ((void *) 0) + typedef struct ldapapiinfo { - int ldapai_info_version; /* version of LDAPAPIInfo (1) */ + int ldapai_info_version; /* version of LDAPAPIInfo */ +#define LDAP_API_INFO_VERSION (1) int ldapai_api_version; /* revision of API supported */ int ldapai_protocol_version; /* highest LDAP version supported */ char **ldapai_extensions; /* names of API extensions */ @@ -171,39 +174,34 @@ typedef struct ldapapiinfo { int ldapai_vendor_version; /* supplier-specific version * 100 */ } LDAPAPIInfo; -#define LDAP_FEATURE_INFO_VERSION (1) /* version of api feature structure */ typedef struct ldap_apifeature_info { - int ldapaif_info_version; /* version of this struct (1) */ - char* ldapaif_name; /* matches LDAP_API_FEATURE_... less the prefix */ - int ldapaif_version; /* matches the value LDAP_API_FEATURE_... */ + int ldapaif_info_version; /* version of LDAPAPIFeatureInfo */ +#define LDAP_FEATURE_INFO_VERSION (1) /* apifeature_info struct version */ + char* ldapaif_name; /* LDAP_API_FEATURE_* (less prefix) */ + int ldapaif_version; /* value of LDAP_API_FEATURE_... */ } LDAPAPIFeatureInfo; +/* + * LDAP Control structure + */ typedef struct ldapcontrol { - char * ldctl_oid; - struct berval ldctl_value; - char ldctl_iscritical; + char * ldctl_oid; /* numericoid of control */ + struct berval ldctl_value; /* encoded value of control */ + char ldctl_iscritical; /* criticality */ } LDAPControl; /* LDAP Controls */ +/* standard track controls */ +#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" /* RFC 3296 */ +#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1" /* RFC 3672 */ +#define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" /* RFC 2696 */ + #define LDAP_CONTROL_ASSERT "1.3.6.1.4.1.4203.666.5.9" +#define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.1.10.2" #define LDAP_CONTROL_PRE_READ "1.3.6.1.4.1.4203.666.5.10.1" #define LDAP_CONTROL_POST_READ "1.3.6.1.4.1.4203.666.5.10.2" -#define LDAP_CONTROL_MODIFY_INCREMENT "1.3.6.1.4.1.4203.666.5.11" - -#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.334810.2.3" -#define LDAP_CONTROL_SUBENTRIES "1.3.6.1.4.1.4203.1.10.1" -#define LDAP_CONTROL_NOOP "1.3.6.1.4.1.4203.1.10.2" -#define LDAP_CONTROL_MANAGEDSAIT "2.16.840.1.113730.3.4.2" #define LDAP_CONTROL_PROXY_AUTHZ "2.16.840.1.113730.3.4.18" - -#if 0 -#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1" -#define LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2" -#define LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3" -#define LDAP_CONTROL_DUPENT LDAP_CONTROL_DUPENT_REQUEST -#endif - -#define LDAP_CONTROL_PAGEDRESULTS "1.2.840.113556.1.4.319" +#define LDAP_CONTROL_VALUESRETURNFILTER "1.2.826.0.1.334810.2.3" #define LDAP_CONTROL_SYNC "1.3.6.1.4.1.4203.666.5.6" #define LDAP_CONTROL_SYNC_STATE "1.3.6.1.4.1.4203.666.5.7" @@ -233,23 +231,33 @@ typedef struct ldapcontrol { #define LDAP_SYNC_MODIFY 2 #define LDAP_SYNC_DELETE 3 -#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473" -#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474" -#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9" -#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10" +#if 0 +#define LDAP_CONTROL_DUPENT_REQUEST "2.16.840.1.113719.1.27.101.1" +#define LDAP_CONTROL_DUPENT_RESPONSE "2.16.840.1.113719.1.27.101.2" +#define LDAP_CONTROL_DUPENT_ENTRY "2.16.840.1.113719.1.27.101.3" +#define LDAP_CONTROL_DUPENT LDAP_CONTROL_DUPENT_REQUEST +#endif /* controls for MSAD compatibility */ -#define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339" -#define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413" +#define LDAP_CONTROL_X_DOMAIN_SCOPE "1.2.840.113556.1.4.1339" +#define LDAP_CONTROL_X_PERMISSIVE_MODIFY "1.2.840.113556.1.4.1413" + +/* not implemented in slapd(8) */ +#define LDAP_CONTROL_SORTREQUEST "1.2.840.113556.1.4.473" /* RFC 2891 */ +#define LDAP_CONTROL_SORTRESPONSE "1.2.840.113556.1.4.474" /* RFC 2891 */ + +/* not implemented in slapd(8) */ +#define LDAP_CONTROL_VLVREQUEST "2.16.840.1.113730.3.4.9" +#define LDAP_CONTROL_VLVRESPONSE "2.16.840.1.113730.3.4.10" /* LDAP Unsolicited Notifications */ -#define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036" +#define LDAP_NOTICE_OF_DISCONNECTION "1.3.6.1.4.1.1466.20036" /* RFC 2251 */ #define LDAP_NOTICE_DISCONNECT LDAP_NOTICE_OF_DISCONNECTION /* LDAP Extended Operations */ -#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037" +#define LDAP_EXOP_START_TLS "1.3.6.1.4.1.1466.20037" /* RFC 2830 */ -#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1" +#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1" /* RFC 3062 */ #define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U) @@ -259,12 +267,14 @@ typedef struct ldapcontrol { #define LDAP_EXOP_X_CANCEL "1.3.6.1.4.1.4203.666.6.3" /* LDAP Features */ -#define LDAP_FEATURE_ALL_OPERATIONAL_ATTRS "1.3.6.1.4.1.4203.1.5.1" /* + */ -#define LDAP_FEATURE_OBJECTCLASS_ATTRS "1.3.6.1.4.1.4203.1.5.2" +#define LDAP_FEATURE_ALL_OP_ATTRS "1.3.6.1.4.1.4203.1.5.1" /* RFC 3673 */ +#define LDAP_FEATURE_OBJECTCLASS_ATTRS \ + "1.3.6.1.4.1.4203.1.5.2" /* @objectClass - new number to be assigned */ #define LDAP_FEATURE_ABSOLUTE_FILTERS "1.3.6.1.4.1.4203.1.5.3" /* (&) (|) */ #define LDAP_FEATURE_LANGUAGE_TAG_OPTIONS "1.3.6.1.4.1.4203.1.5.4" #define LDAP_FEATURE_LANGUAGE_RANGE_OPTIONS "1.3.6.1.4.1.4203.1.5.5" -#define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.4.1.4203.666.5.6" + +#define LDAP_FEATURE_MODIFY_INCREMENT "1.3.6.1.4.1.4203.666.8.2" /* * specific LDAP instantiations of BER types we know about @@ -345,24 +355,24 @@ typedef struct ldapcontrol { /* authentication methods available */ -#define LDAP_AUTH_NONE ((ber_tag_t) 0x00U) /* no authentication */ -#define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */ -#define LDAP_AUTH_SASL ((ber_tag_t) 0xa3U) /* context specific + constructed */ -#define LDAP_AUTH_KRBV4 ((ber_tag_t) 0xffU) /* means do both of the following */ -#define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */ -#define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */ +#define LDAP_AUTH_NONE ((ber_tag_t) 0x00U) /* no authentication */ +#define LDAP_AUTH_SIMPLE ((ber_tag_t) 0x80U) /* context specific + primitive */ +#define LDAP_AUTH_SASL ((ber_tag_t) 0xa3U) /* context specific + constructed */ +#define LDAP_AUTH_KRBV4 ((ber_tag_t) 0xffU) /* means do both of the following */ +#define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */ +#define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */ /* filter types */ #define LDAP_FILTER_AND ((ber_tag_t) 0xa0U) /* context specific + constructed */ #define LDAP_FILTER_OR ((ber_tag_t) 0xa1U) /* context specific + constructed */ #define LDAP_FILTER_NOT ((ber_tag_t) 0xa2U) /* context specific + constructed */ -#define LDAP_FILTER_EQUALITY ((ber_tag_t) 0xa3U) /* context specific + constructed */ -#define LDAP_FILTER_SUBSTRINGS ((ber_tag_t) 0xa4U) /* context specific + constructed */ -#define LDAP_FILTER_GE ((ber_tag_t) 0xa5U) /* context specific + constructed */ -#define LDAP_FILTER_LE ((ber_tag_t) 0xa6U) /* context specific + constructed */ -#define LDAP_FILTER_PRESENT ((ber_tag_t) 0x87U) /* context specific + primitive */ -#define LDAP_FILTER_APPROX ((ber_tag_t) 0xa8U) /* context specific + constructed */ +#define LDAP_FILTER_EQUALITY ((ber_tag_t) 0xa3U) /* context specific + constructed */ +#define LDAP_FILTER_SUBSTRINGS ((ber_tag_t) 0xa4U) /* context specific + constructed */ +#define LDAP_FILTER_GE ((ber_tag_t) 0xa5U) /* context specific + constructed */ +#define LDAP_FILTER_LE ((ber_tag_t) 0xa6U) /* context specific + constructed */ +#define LDAP_FILTER_PRESENT ((ber_tag_t) 0x87U) /* context specific + primitive */ +#define LDAP_FILTER_APPROX ((ber_tag_t) 0xa8U) /* context specific + constructed */ #define LDAP_FILTER_EXT ((ber_tag_t) 0xa9U) /* context specific + constructed */ /* extended filter component types */ @@ -377,10 +387,13 @@ typedef struct ldapcontrol { #define LDAP_SUBSTRING_FINAL ((ber_tag_t) 0x82U) /* context specific */ /* search scopes */ -#define LDAP_SCOPE_DEFAULT ((ber_int_t) -1) -#define LDAP_SCOPE_BASE ((ber_int_t) 0x0000) -#define LDAP_SCOPE_ONELEVEL ((ber_int_t) 0x0001) -#define LDAP_SCOPE_SUBTREE ((ber_int_t) 0x0002) +#define LDAP_SCOPE_DEFAULT ((ber_int_t) -1) /* OpenLDAP extension */ +#define LDAP_SCOPE_BASE ((ber_int_t) 0x0000) +#define LDAP_SCOPE_BASEOBJECT LDAP_SCOPE_BASE +#define LDAP_SCOPE_ONELEVEL ((ber_int_t) 0x0001) +#define LDAP_SCOPE_ONE LDAP_SCOPE_ONELEVEL +#define LDAP_SCOPE_SUBTREE ((ber_int_t) 0x0002) +#define LDAP_SCOPE_SUB LDAP_SCOPE_SUBTREE /* substring filter component types */ #define LDAP_SUBSTRING_INITIAL ((ber_tag_t) 0x80U) /* context specific */ @@ -455,20 +468,17 @@ typedef struct ldapcontrol { #define LDAP_OTHER 0x50 -/* Expermental result codes */ +/* Experimental result codes */ #define LDAP_X_ERROR(n) LDAP_RANGE((n),0x1000,0x3FFF) /* experimental */ #define LDAP_PVT_ERROR(n) LDAP_RANGE((n),0x4000,0xFFFF) /* private use */ -#define LDAP_SYNC_RESOURCES_EXHAUSTED 0x4100 -#define LDAP_SYNC_SECURITY_VIOLATION 0x4101 -#define LDAP_SYNC_INVALID_COOKIE 0x4102 -#define LDAP_SYNC_UNSUPPORTED_SCHEME 0x4103 -#define LDAP_SYNC_CLIENT_DISCONNECT 0x4104 -#define LDAP_SYNC_RELOAD_REQUIRED 0x4105 +/* for the LDAP Sync operation */ +#define LDAP_SYNC_REFRESH_REQUIRED 0x4100 +/* for the Assertion control */ #define LDAP_ASSERTION_FAILED 0x410f -/* resultCode for Cancel Response */ +/* for the Cancel operation */ #define LDAP_CANCELLED 0x4110 #define LDAP_NO_SUCH_OPERATION 0x4111 #define LDAP_TOO_LATE 0x4112 @@ -477,7 +487,7 @@ typedef struct ldapcontrol { /* API Error Codes * * Based on draft-ietf-ldap-c-api-xx - * but with new (negative) codes + * but with new negative code values */ #define LDAP_API_ERROR(n) ((n)<0) #define LDAP_API_RESULT(n) ((n)<=0) @@ -517,7 +527,7 @@ typedef struct ldapmod { #define LDAP_MOD_ADD (0x0000) #define LDAP_MOD_DELETE (0x0001) #define LDAP_MOD_REPLACE (0x0002) -#define LDAP_MOD_INCREMENT (0x0003) +#define LDAP_MOD_INCREMENT (0x0003) /* OpenLDAP extension */ #define LDAP_MOD_BVALUES (0x0080) /* IMPORTANT: do not use code 0x1000 (or above), * it is used internally by the backends! @@ -868,24 +878,6 @@ ldap_kerberos_bind2_s LDAP_P(( /* deprecated */ #endif -/* - * LDAP Cancel Extended Operation - */ - -LDAP_F( int ) -ldap_cancel LDAP_P(( LDAP *ld, - int cancelid, - LDAPControl **sctrls, - LDAPControl **cctrls, - int *msgidp )); - -LDAP_F( int ) -ldap_cancel_s LDAP_P(( - LDAP *ld, - int cancelid, - LDAPControl **sctrl, - LDAPControl **cctrl )); - /* * in compare.c: */ @@ -1222,8 +1214,8 @@ typedef struct ldap_ava { #define LDAP_AVA_STRING 0x0001U #define LDAP_AVA_BINARY 0x0002U #define LDAP_AVA_NONPRINTABLE 0x0004U -#define LDAP_AVA_FREE_ATTR 0x0010U -#define LDAP_AVA_FREE_VALUE 0x0020U +#define LDAP_AVA_FREE_ATTR 0x0010U +#define LDAP_AVA_FREE_VALUE 0x0020U void *la_private; } LDAPAVA; @@ -1613,6 +1605,26 @@ ldap_free_urldesc LDAP_P(( LDAPURLDesc *ludp )); +/* + * LDAP Cancel Extended Operation + * in cancel.c + */ +#define LDAP_API_FEATURE_CANCEL 1000 + +LDAP_F( int ) +ldap_cancel LDAP_P(( LDAP *ld, + int cancelid, + LDAPControl **sctrls, + LDAPControl **cctrls, + int *msgidp )); + +LDAP_F( int ) +ldap_cancel_s LDAP_P(( + LDAP *ld, + int cancelid, + LDAPControl **sctrl, + LDAPControl **cctrl )); + /* * LDAP Server Side Sort * in sortctrl.c @@ -1687,6 +1699,7 @@ ldap_parse_vlv_control LDAP_P(( * LDAP Who Am I? * in whoami.c */ +#define LDAP_API_FEATURE_WHOAMI 1000 LDAP_F( int ) ldap_parse_whoami LDAP_P(( @@ -1711,6 +1724,7 @@ ldap_whoami_s LDAP_P(( * LDAP Password Modify * in passwd.c */ +#define LDAP_API_FEATURE_PASSWD_MODIFY 1000 LDAP_F( int ) ldap_parse_passwd LDAP_P(( diff --git a/libraries/libldap/error.c b/libraries/libldap/error.c index 53fd800288..c537d398b6 100644 --- a/libraries/libldap/error.c +++ b/libraries/libldap/error.c @@ -105,15 +105,9 @@ static struct ldaperror ldap_builtin_errlist[] = { {LDAP_CLIENT_LOOP, N_("Client Loop")}, {LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")}, + {LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")}, {LDAP_ASSERTION_FAILED, N_("Assertion Failed")}, - {LDAP_SYNC_RESOURCES_EXHAUSTED, N_("Content Sync Resource Exhausted")}, - {LDAP_SYNC_SECURITY_VIOLATION, N_("Content Sync Security Violation")}, - {LDAP_SYNC_INVALID_COOKIE, N_("Content Sync Invalid Cookie")}, - {LDAP_SYNC_UNSUPPORTED_SCHEME, N_("Content Sync Unsupported Scheme")}, - {LDAP_SYNC_CLIENT_DISCONNECT, N_("Content Sync Client Disconnect")}, - {LDAP_SYNC_RELOAD_REQUIRED, N_("Content Sync Reload Required")}, - #ifdef LDAP_EXOP_X_CANCEL {LDAP_CANCELLED, N_("Cancelled")}, {LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")}, diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index c648d4ef6f..57f740af98 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -198,7 +198,7 @@ access_allowed( #ifdef LDAP_SLAPI if ( op->o_pb && - !slapi_x_access_allowed( op, e, desc, val, access, state )) { + !slapi_int_access_allowed( op, e, desc, val, access, state )) { /* ACL plugin denied access */ goto done; } diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index f559ae3e1c..609a2b5f12 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -38,6 +38,9 @@ #include "lber_pvt.h" #include "lutil.h" +static char *style_strings[] = { "regex", + "base", "one", "subtree", "children", NULL }; + static void split(char *line, int splitchar, char **left, char **right); static void access_append(Access **l, Access *a); static void acl_usage(void) LDAP_GCCATTR((noreturn)); @@ -279,7 +282,37 @@ parse_acl( } a->acl_attrval_style = ACL_STYLE_REGEX; } else { - a->acl_attrval_style = ACL_STYLE_BASE; + /* FIXME: if the attribute has DN syntax, + * we might allow one, subtree and children styles as well */ + if ( !strcasecmp( style, "exact" ) ) { + a->acl_attrval_style = ACL_STYLE_BASE; + + } else if ( a->acl_attrs[0].an_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) { + if ( !strcasecmp( style, "base" ) ) { + a->acl_attrval_style = ACL_STYLE_BASE; + } else if ( !strcasecmp( style, "onelevel" ) || !strcasecmp( style, "one" ) ) { + a->acl_attrval_style = ACL_STYLE_ONE; + } else if ( !strcasecmp( style, "subtree" ) || !strcasecmp( style, "sub" ) ) { + a->acl_attrval_style = ACL_STYLE_SUBTREE; + } else if ( !strcasecmp( style, "children" ) ) { + a->acl_attrval_style = ACL_STYLE_CHILDREN; + } else { + fprintf( stderr, + "%s: line %d: unknown val.