Newer
Older
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* Portions Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
#include "ldap_defaults.h"
#include <sys/types.h>
#include <ac/syslog.h>
#include <ac/regex.h>
#include <ac/param.h>
#ifndef ldap_debug
#define ldap_debug slap_debug
#endif
#include "ldap_log.h"
#include <ldap.h>
#include <ldap_schema.h>
#ifdef LDAP_DEVEL
#define LDAP_COLLECTIVE_ATTRIBUTES
#define SLAP_CONTROL_X_SESSION_TRACKING
#define SLAP_CONFIG_DELETE
#ifndef SLAP_SCHEMA_EXPOSE
#define SLAP_SCHEMA_EXPOSE
#endif
#define LDAP_DYNAMIC_OBJECTS
#define SLAP_CONTROL_X_TREE_DELETE LDAP_CONTROL_X_TREE_DELETE
Pierangelo Masarati
committed
#ifdef ENABLE_REWRITE
#define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */
#endif
/*
* SLAPD Memory allocation macros
*
* Unlike ch_*() routines, these routines do not assert() upon
* allocation error. They are intended to be used instead of
* ch_*() routines where the caller has implemented proper
* checking for and handling of allocation errors.
*
* Patches to convert ch_*() calls to SLAP_*() calls welcomed.
*/
#define SLAP_MALLOC(s) ber_memalloc((s))
#define SLAP_CALLOC(n,s) ber_memcalloc((n),(s))
#define SLAP_REALLOC(p,s) ber_memrealloc((p),(s))
#define SLAP_FREE(p) ber_memfree((p))
#define SLAP_VFREE(v) ber_memvfree((void**)(v))
#define SLAP_STRDUP(s) ber_strdup((s))
#define SLAP_STRNDUP(s,l) ber_strndup((s),(l))
#ifdef f_next
#undef f_next /* name conflict between sys/file.h on SCO and struct filter */
#endif
#define SERVICE_NAME OPENLDAP_PACKAGE "-slapd"
#define SLAPD_ANONYMOUS ""
#ifdef HAVE_TCPD
# include <tcpd.h>
# define SLAP_STRING_UNKNOWN STRING_UNKNOWN
#else /* ! TCP Wrappers */
# define SLAP_STRING_UNKNOWN "unknown"
#endif /* ! TCP Wrappers */
Pierangelo Masarati
committed
/* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h! */
/* These values are used internally by the backends. */
/* SLAP_MOD_SOFTADD allows adding values that already exist without getting
* an error as required by modrdn when the new rdn was already an attribute
* value itself.
*/
#define SLAP_MOD_SOFTADD 0x1000
/* SLAP_MOD_SOFTDEL allows deleting values if they exist without getting
* an error otherwise.
*/
#define SLAP_MOD_SOFTDEL 0x1001
/* SLAP_MOD_ADD_IF_NOT_PRESENT allows adding values unless the attribute
* is already present without getting an error.
*/
#define SLAP_MOD_ADD_IF_NOT_PRESENT 0x1002
/* SLAP_MOD_DEL_IF_PRESENT allows deleting values if the attribute
* is present, without getting an error otherwise.
* The semantics can be obtained using SLAP_MOD_SOFTDEL with NULL values.
Pierangelo Masarati
committed
#define MAXREMATCHES (100)
#define SLAP_MAX_WORKER_THREADS (16)
#define SLAP_SB_MAX_INCOMING_DEFAULT ((1<<18) - 1)
#define SLAP_SB_MAX_INCOMING_AUTH ((1<<24) - 1)
#define SLAP_CONN_MAX_PENDING_DEFAULT 100
#define SLAP_CONN_MAX_PENDING_AUTH 1000
#define SLAP_TEXT_BUFLEN (256)
/* pseudo error code indicating abandoned operation */
/* unknown config file directive */
/* We assume "C" locale, that is US-ASCII */
#define ASCII_SPACE(c) ( (c) == ' ' )
#define ASCII_LOWER(c) ( (c) >= 'a' && (c) <= 'z' )
#define ASCII_UPPER(c) ( (c) >= 'A' && (c) <= 'Z' )
#define ASCII_ALPHA(c) ( ASCII_LOWER(c) || ASCII_UPPER(c) )
#define ASCII_DIGIT(c) ( (c) >= '0' && (c) <= '9' )
#define ASCII_HEXLOWER(c) ( (c) >= 'a' && (c) <= 'f' )
#define ASCII_HEXUPPER(c) ( (c) >= 'A' && (c) <= 'F' )
#define ASCII_HEX(c) ( ASCII_DIGIT(c) || \
ASCII_HEXLOWER(c) || ASCII_HEXUPPER(c) )
#define ASCII_ALNUM(c) ( ASCII_ALPHA(c) || ASCII_DIGIT(c) )
#define ASCII_PRINTABLE(c) ( (c) >= ' ' && (c) <= '~' )
#define SLAP_NIBBLE(c) ((c)&0x0f)
#define SLAP_ESCAPE_CHAR ('\\')
#define SLAP_ESCAPE_LO(c) ( "0123456789ABCDEF"[SLAP_NIBBLE(c)] )
#define SLAP_ESCAPE_HI(c) ( SLAP_ESCAPE_LO((c)>>4) )
#define FILTER_ESCAPE(c) ( (c) == '*' || (c) == '\\' \
|| (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) )
Pierangelo Masarati
committed
#define DN_ESCAPE(c) ((c) == SLAP_ESCAPE_CHAR)
/* NOTE: for consistency, this macro must only operate
* on normalized/pretty DN, such that ';' is never used
* as RDN separator, and all occurrences of ';' must be escaped */
#define DN_SEPARATOR(c) ((c) == ',')
#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 4514 */
#define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c))
#define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"')
#define DESC_LEADCHAR(c) ( ASCII_ALPHA(c) )
#define DESC_CHAR(c) ( ASCII_ALNUM(c) || (c) == '-' )
#define OID_LEADCHAR(c) ( ASCII_DIGIT(c) )
#define OID_SEPARATOR(c) ( (c) == '.' )
#define OID_CHAR(c) ( OID_LEADCHAR(c) || OID_SEPARATOR(c) )
#define ATTR_LEADCHAR(c) ( DESC_LEADCHAR(c) || OID_LEADCHAR(c) )
#define ATTR_CHAR(c) ( DESC_CHAR((c)) || OID_SEPARATOR(c) )
#define AD_LEADCHAR(c) ( ATTR_LEADCHAR(c) )
#define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' )
#define SLAP_NUMERIC(c) ( ASCII_DIGIT(c) || ASCII_SPACE(c) )
#define SLAP_PRINTABLE(c) ( ASCII_ALNUM(c) || (c) == '\'' || \
(c) == '(' || (c) == ')' || (c) == '+' || (c) == ',' || \
(c) == '-' || (c) == '.' || (c) == '/' || (c) == ':' || \
(c) == '?' || (c) == ' ' || (c) == '=' )
#define SLAP_PRINTABLES(c) ( SLAP_PRINTABLE(c) || (c) == '$' )
/* must match in schema_init.c */
#define SLAPD_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
#define SLAPD_NAMEUID_SYNTAX "1.3.6.1.4.1.1466.115.121.1.34"
#define SLAPD_INTEGER_SYNTAX "1.3.6.1.4.1.1466.115.121.1.27"
#define SLAPD_GROUP_ATTR "member"
#define SLAPD_GROUP_CLASS "groupOfNames"
#define SLAPD_ROLE_ATTR "roleOccupant"
#define SLAPD_ROLE_CLASS "organizationalRole"
typedef unsigned long slap_mask_t;
/* Security Strength Factor */
typedef unsigned slap_ssf_t;
typedef struct slap_ssf_set {
slap_ssf_t sss_ssf;
slap_ssf_t sss_transport;
slap_ssf_t sss_tls;
slap_ssf_t sss_sasl;
slap_ssf_t sss_update_ssf;
slap_ssf_t sss_update_transport;
slap_ssf_t sss_update_tls;
slap_ssf_t sss_update_sasl;
} slap_ssf_set_t;
/* Flags for telling slap_sasl_getdn() what type of identity is being passed */
#define SLAP_GETDN_AUTHCID 2
#define SLAP_GETDN_AUTHZID 4
/*
* Index types
*/
#define SLAP_INDEX_TYPE 0x00FFUL
#define SLAP_INDEX_UNDEFINED 0x0001UL
#define SLAP_INDEX_PRESENT 0x0002UL
#define SLAP_INDEX_EQUALITY 0x0004UL
#define SLAP_INDEX_APPROX 0x0008UL
#define SLAP_INDEX_SUBSTR 0x0010UL
#define SLAP_INDEX_EXTENDED 0x0020UL
#define SLAP_INDEX_DEFAULT SLAP_INDEX_EQUALITY
#define IS_SLAP_INDEX(mask, type) (((mask) & (type)) == (type))
#define SLAP_INDEX_SUBSTR_TYPE 0x0F00UL
#define SLAP_INDEX_SUBSTR_INITIAL ( SLAP_INDEX_SUBSTR | 0x0100UL )
#define SLAP_INDEX_SUBSTR_ANY ( SLAP_INDEX_SUBSTR | 0x0200UL )
#define SLAP_INDEX_SUBSTR_FINAL ( SLAP_INDEX_SUBSTR | 0x0400UL )
#define SLAP_INDEX_SUBSTR_DEFAULT \
( SLAP_INDEX_SUBSTR \
| SLAP_INDEX_SUBSTR_INITIAL \
| SLAP_INDEX_SUBSTR_ANY \
| SLAP_INDEX_SUBSTR_FINAL )
/* defaults for initial/final substring indices */
#define SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT 2
#define SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT 4
/* defaults for any substring indices */
#define SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT 4
#define SLAP_INDEX_SUBSTR_ANY_STEP_DEFAULT 2
/* default for ordered integer index keys */
#define SLAP_INDEX_INTLEN_DEFAULT 4
#define SLAP_INDEX_FLAGS 0xF000UL
#define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */
Hallvard Furuseth
committed
#define SLAP_INDEX_NOTAGS 0x2000UL /* don't use index w/ tags */
/*
* there is a single index for each attribute. these prefixes ensure
* that there is no collision among keys.
*/
#define SLAP_INDEX_EQUALITY_PREFIX '=' /* prefix for equality keys */
#define SLAP_INDEX_APPROX_PREFIX '~' /* prefix for approx keys */
#define SLAP_INDEX_SUBSTR_PREFIX '*' /* prefix for substring keys */
#define SLAP_INDEX_SUBSTR_INITIAL_PREFIX '^'
#define SLAP_INDEX_SUBSTR_FINAL_PREFIX '$'
#define SLAP_INDEX_CONT_PREFIX '.' /* prefix for continuation keys */
#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
#define SLAP_SYNTAX_MATCHINGRULEUSES_OID "1.3.6.1.4.1.1466.115.121.1.31"
#define SLAP_SYNTAX_CONTENTRULE_OID "1.3.6.1.4.1.1466.115.121.1.16"
/*
* represents schema information for a database
*/
enum {
SLAP_SCHERR_OUTOFMEM = 1,
SLAP_SCHERR_CLASS_NOT_FOUND,
SLAP_SCHERR_CLASS_BAD_USAGE,
SLAP_SCHERR_CLASS_BAD_SUP,
SLAP_SCHERR_CLASS_DUP,
SLAP_SCHERR_CLASS_INCONSISTENT,
SLAP_SCHERR_ATTR_NOT_FOUND,
SLAP_SCHERR_ATTR_BAD_MR,
SLAP_SCHERR_ATTR_BAD_USAGE,
SLAP_SCHERR_ATTR_BAD_SUP,
SLAP_SCHERR_ATTR_INCOMPLETE,
SLAP_SCHERR_ATTR_DUP,
SLAP_SCHERR_ATTR_INCONSISTENT,
SLAP_SCHERR_MR_NOT_FOUND,
SLAP_SCHERR_MR_INCOMPLETE,
SLAP_SCHERR_MR_DUP,
SLAP_SCHERR_SYN_NOT_FOUND,
SLAP_SCHERR_SYN_DUP,
SLAP_SCHERR_SYN_SUBST_NOT_SPECIFIED,
SLAP_SCHERR_SYN_SUBST_NOT_FOUND,
SLAP_SCHERR_NO_NAME,
SLAP_SCHERR_NOT_SUPPORTED,
SLAP_SCHERR_BAD_DESCR,
SLAP_SCHERR_OIDM,
SLAP_SCHERR_CR_DUP,
SLAP_SCHERR_CR_BAD_STRUCT,
SLAP_SCHERR_CR_BAD_AUX,
SLAP_SCHERR_CR_BAD_AT,
SLAP_SCHERR_LAST
};
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
/* forward declarations */
typedef struct Syntax Syntax;
typedef struct MatchingRule MatchingRule;
typedef struct MatchingRuleUse MatchingRuleUse;
typedef struct MatchingRuleAssertion MatchingRuleAssertion;
typedef struct OidMacro OidMacro;
typedef struct ObjectClass ObjectClass;
typedef struct AttributeType AttributeType;
typedef struct AttributeDescription AttributeDescription;
typedef struct AttributeName AttributeName;
typedef struct ContentRule ContentRule;
typedef struct AttributeAssertion AttributeAssertion;
typedef struct SubstringsAssertion SubstringsAssertion;
typedef struct Filter Filter;
typedef struct ValuesReturnFilter ValuesReturnFilter;
typedef struct Attribute Attribute;
#ifdef LDAP_COMP_MATCH
typedef struct ComponentData ComponentData;
typedef struct ComponentFilter ComponentFilter;
#endif
typedef struct Entry Entry;
typedef struct Modification Modification;
typedef struct Modifications Modifications;
typedef struct LDAPModList LDAPModList;
typedef struct BackendInfo BackendInfo; /* per backend type */
typedef struct BackendDB BackendDB; /* per backend database */
typedef struct Connection Connection;
typedef struct Operation Operation;
typedef struct SlapReply SlapReply;
/* end of forward declarations */
typedef union Sockaddr {
struct sockaddr sa_addr;
struct sockaddr_in sa_in_addr;
#ifdef LDAP_PF_INET6
struct sockaddr_in6 sa_in6_addr;
#endif
#ifdef LDAP_PF_LOCAL
struct sockaddr_un sa_un_addr;
#endif
} Sockaddr;
#ifdef LDAP_PF_INET6
extern int slap_inet4or6;
#endif
struct berval som_oid;
#define SLAP_OM_HARDCODE 0x10000U /* This is hardcoded schema */
int som_flags;
LDAP_STAILQ_ENTRY(OidMacro) som_next;
};
typedef int slap_syntax_validate_func LDAP_P((
struct berval * in));
typedef int slap_syntax_transform_func LDAP_P((
struct berval * in,
#ifdef LDAP_COMP_MATCH
typedef void* slap_component_transform_func LDAP_P((
struct berval * in ));
struct ComponentDesc;
#endif
#define ssyn_oid ssyn_syn.syn_oid
#define ssyn_desc ssyn_syn.syn_desc
Pierangelo Masarati
committed
/*
* Note: the former
Pierangelo Masarati
committed
* has been replaced by a struct berval that uses the value
* provided by ssyn_syn.syn_oid; a macro that expands to
* the bv_len field of the berval is provided for backward
* compatibility. CAUTION: NEVER FREE THE BERVAL
*/
struct berval ssyn_bvoid;
#define ssyn_oidlen ssyn_bvoid.bv_len
unsigned int ssyn_flags;
#define SLAP_SYNTAX_NONE 0x0000U
#define SLAP_SYNTAX_BLOB 0x0001U /* syntax treated as blob (audio) */
#define SLAP_SYNTAX_BINARY 0x0002U /* binary transfer required (certificate) */
#define SLAP_SYNTAX_BER 0x0004U /* stored in BER encoding (certificate) */
#define SLAP_SYNTAX_HIDE 0x0000U /* publish everything */
#else
#define SLAP_SYNTAX_HIDE 0x8000U /* hide (do not publish) */
#define SLAP_SYNTAX_HARDCODE 0x10000U /* This is hardcoded schema */
#define SLAP_SYNTAX_DN 0x20000U /* Treat like a DN */
slap_syntax_validate_func *ssyn_validate;
slap_syntax_transform_func *ssyn_pretty;
#ifdef SLAPD_BINARY_CONVERSION
/* convert to and from binary */
slap_syntax_transform_func *ssyn_ber2str;
slap_syntax_transform_func *ssyn_str2ber;
#endif
#ifdef LDAP_COMP_MATCH
slap_component_transform_func *ssyn_attr2comp;
#endif
#define slap_syntax_is_flag(s,flag) ((int)((s)->ssyn_flags & (flag)) ? 1 : 0)
#define slap_syntax_is_blob(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BLOB)
#define slap_syntax_is_binary(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BINARY)
#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
typedef struct slap_syntax_defs_rec {
char *sd_desc;
int sd_flags;
slap_syntax_validate_func *sd_validate;
slap_syntax_transform_func *sd_pretty;
#ifdef SLAPD_BINARY_CONVERSION
slap_syntax_transform_func *sd_ber2str;
slap_syntax_transform_func *sd_str2ber;
#endif
} slap_syntax_defs_rec;
typedef int slap_mr_convert_func LDAP_P((
struct berval * in,
/* Normalizer */
typedef int slap_mr_normalize_func LDAP_P((
Syntax *syntax, /* NULL if in is asserted value */
MatchingRule *mr,
struct berval *in,
struct berval *out,
typedef int slap_mr_match_func LDAP_P((
Syntax *syntax, /* syntax of stored value */
MatchingRule *mr,
struct berval *value,
void *assertValue ));
/* Index generation function */
typedef int slap_mr_indexer_func LDAP_P((
slap_mask_t use,
slap_mask_t mask,
Syntax *syntax, /* syntax of stored value */
MatchingRule *mr,
struct berval *prefix,
BerVarray values,
/* Filter index function */
typedef int slap_mr_filter_func LDAP_P((
slap_mask_t use,
slap_mask_t mask,
Syntax *syntax, /* syntax of stored value */
MatchingRule *mr,
struct berval *prefix,
LDAPMatchingRule smr_mrule;
Pierangelo Masarati
committed
MatchingRuleUse *smr_mru;
Pierangelo Masarati
committed
struct berval smr_str;
/*
* Note: the former
* ber_len_t smr_oidlen;
Pierangelo Masarati
committed
* has been replaced by a struct berval that uses the value
* provided by smr_mrule.mr_oid; a macro that expands to
* the bv_len field of the berval is provided for backward
* compatibility. CAUTION: NEVER FREE THE BERVAL
*/
struct berval smr_bvoid;
#define smr_oidlen smr_bvoid.bv_len
#define SLAP_MR_HIDE 0x0000U
#else
#define SLAP_MR_HIDE 0x8000U
#define SLAP_MR_MUTATION_NORMALIZER 0x4000U
#define SLAP_MR_NONE 0x0000U
#define SLAP_MR_EQUALITY 0x0100U
#define SLAP_MR_ORDERING 0x0200U
#define SLAP_MR_SUBSTR 0x0400U
#define SLAP_MR_EXT 0x0800U /* implicitly extensible */
#define SLAP_MR_ORDERED_INDEX 0x1000U
#ifdef LDAP_COMP_MATCH
#define SLAP_MR_COMPONENT 0x2000U
#endif
#define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U )
Kurt Zeilenga
committed
#define SLAP_MR_SUBSTR_INITIAL ( SLAP_MR_SUBSTR | 0x0010U )
#define SLAP_MR_SUBSTR_ANY ( SLAP_MR_SUBSTR | 0x0020U )
#define SLAP_MR_SUBSTR_FINAL ( SLAP_MR_SUBSTR | 0x0040U )
/*
* The asserted value, depending on the particular usage,
* is expected to conform to either the assertion syntax
* or the attribute syntax. In some cases, the syntax of
* the value is known. If so, these flags indicate which
* syntax the value is expected to conform to. If not,
* neither of these flags is set (until the syntax of the
* provided value is determined). If the value is of the
* attribute syntax, the flag is changed once a value of
* the assertion syntax is derived from the provided value.
*/
#define SLAP_MR_VALUE_OF_ASSERTION_SYNTAX 0x0001U
#define SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX 0x0002U
#define SLAP_MR_VALUE_OF_SYNTAX (SLAP_MR_VALUE_OF_ASSERTION_SYNTAX|SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX)
#define SLAP_MR_DENORMALIZE (SLAP_MR_MUTATION_NORMALIZER)
#define SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX( usage ) \
((usage) & SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX )
#define SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX( usage ) \
((usage) & SLAP_MR_VALUE_OF_ASSERTION_SYNTAX )
#ifdef LDAP_DEBUG
#define SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) \
((usage) & SLAP_MR_VALUE_OF_SYNTAX)
#else
#define SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) (1)
#endif
#define SLAP_MR_IS_DENORMALIZE( usage ) \
((usage) & SLAP_MR_DENORMALIZE )
/* either or both the asserted value or attribute value
* may be provided in normalized form
*/
#define SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH 0x0004U
#define SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH 0x0008U
#define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \
(!((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_MATCH))
#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_MATCH( usage ) \
((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_MATCH)
#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH( usage ) \
(((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH) \
== SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH)
#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_NONCONVERTED_MATCH( usage ) \
(((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH) \
== SLAP_MR_ATTRIBUTE_SYNTAX_MATCH)
#define SLAP_IS_MR_ASSERTED_VALUE_NORMALIZED_MATCH( usage ) \
((usage) & SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH )
#define SLAP_IS_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH( usage ) \
((usage) & SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH )
slap_mr_convert_func *smr_convert;
slap_mr_indexer_func *smr_indexer;
* null terminated array of syntaxes compatible with this syntax
* note: when MS_EXT is set, this MUST NOT contain the assertion
* syntax of the rule. When MS_EXT is not set, it MAY.
/*
* For equality rules, refers to an associated approximate rule.
* For non-equality rules, refers to an associated equality rule.
*/
#define SLAP_MR_ASSOCIATED(mr,amr) \
(((mr) == (amr)) || ((mr)->smr_associated == (amr)))
Pierangelo Masarati
committed
LDAP_SLIST_ENTRY(MatchingRule) smr_next;
#define smr_oid smr_mrule.mr_oid
#define smr_names smr_mrule.mr_names
#define smr_desc smr_mrule.mr_desc
#define smr_obsolete smr_mrule.mr_obsolete
#define smr_syntax_oid smr_mrule.mr_syntax_oid
#define smr_extensions smr_mrule.mr_extensions
Pierangelo Masarati
committed
LDAPMatchingRuleUse smru_mruleuse;
MatchingRule *smru_mr;
Pierangelo Masarati
committed
struct berval smru_str;
LDAP_SLIST_ENTRY(MatchingRuleUse) smru_next;
Pierangelo Masarati
committed
#define smru_oid smru_mruleuse.mru_oid
#define smru_names smru_mruleuse.mru_names
#define smru_desc smru_mruleuse.mru_desc
#define smru_obsolete smru_mruleuse.mru_obsolete
#define smru_applies_oids smru_mruleuse.mru_applies_oids
#define smru_usage smru_mr->smr_usage
} /* MatchingRuleUse */ ;
typedef struct slap_mrule_defs_rec {
char * mrd_desc;
slap_mask_t mrd_usage;
char ** mrd_compat_syntaxes;
slap_mr_convert_func * mrd_convert;
slap_mr_normalize_func * mrd_normalize;
slap_mr_match_func * mrd_match;
slap_mr_indexer_func * mrd_indexer;
slap_mr_filter_func * mrd_filter;
/* For equality rule, this may refer to an associated approximate rule */
/* For non-equality rule, this may refer to an associated equality rule */
char * mrd_associated;
} slap_mrule_defs_rec;
typedef int (AttributeTypeSchemaCheckFN)(
BackendDB *be,
Entry *e,
Attribute *attr,
const char** text,
char *textbuf, size_t textlen );
LDAPAttributeType sat_atype;
struct berval sat_cname;
AttributeType *sat_sup;
AttributeType **sat_subtypes;
MatchingRule *sat_equality;
MatchingRule *sat_approx;
MatchingRule *sat_ordering;
MatchingRule *sat_substr;
AttributeTypeSchemaCheckFN *sat_check;
char *sat_oidmacro; /* attribute OID */
char *sat_soidmacro; /* syntax OID */
#define SLAP_AT_NONE 0x0000U
#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */
#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */
#define SLAP_AT_HIDE 0x0000U /* publish everything */
#define SLAP_AT_HIDE 0x8000U /* hide attribute */
#define SLAP_AT_DYNAMIC 0x0400U /* dynamically generated */
#define SLAP_AT_MANAGEABLE 0x0800U /* no-user-mod can be by-passed */
/* Note: ORDERED values have an ordering specifically set by the
* user, denoted by the {x} ordering prefix on the values.
*
* SORTED values are simply sorted by memcmp. SORTED values can
* be efficiently located by binary search. ORDERED values have no
* such advantage. An attribute cannot have both properties.
*/
#define SLAP_AT_ORDERED_VAL 0x0001U /* values are ordered */
#define SLAP_AT_ORDERED_SIB 0x0002U /* siblings are ordered */
#define SLAP_AT_ORDERED 0x0003U /* value has order index */
#define SLAP_AT_SORTED_VAL 0x0010U /* values should be sorted */
#define SLAP_AT_HARDCODE 0x10000U /* hardcoded schema */
#define SLAP_AT_DELETED 0x20000U
LDAP_STAILQ_ENTRY(AttributeType) sat_next;
#define sat_oid sat_atype.at_oid
#define sat_names sat_atype.at_names
#define sat_desc sat_atype.at_desc
#define sat_obsolete sat_atype.at_obsolete
#define sat_sup_oid sat_atype.at_sup_oid
#define sat_equality_oid sat_atype.at_equality_oid
#define sat_ordering_oid sat_atype.at_ordering_oid
#define sat_substr_oid sat_atype.at_substr_oid
#define sat_syntax_oid sat_atype.at_syntax_oid
#define sat_single_value sat_atype.at_single_value
#define sat_collective sat_atype.at_collective
#define sat_no_user_mod sat_atype.at_no_user_mod
#define sat_usage sat_atype.at_usage
#define sat_extensions sat_atype.at_extensions
#define is_at_operational(at) ((at)->sat_usage)
#define is_at_single_value(at) ((at)->sat_single_value)
#define is_at_collective(at) ((at)->sat_collective)
#define is_at_obsolete(at) ((at)->sat_obsolete)
#define is_at_no_user_mod(at) ((at)->sat_no_user_mod)
typedef int (ObjectClassSchemaCheckFN)(
BackendDB *be,
Entry *e,
ObjectClass *oc,
const char** text,
char *textbuf, size_t textlen );
LDAPObjectClass soc_oclass;
struct berval soc_cname;
ObjectClass **soc_sups;
AttributeType **soc_required;
AttributeType **soc_allowed;
ObjectClassSchemaCheckFN *soc_check;
char *soc_oidmacro;
slap_mask_t soc_flags;
#define soc_oid soc_oclass.oc_oid
#define soc_names soc_oclass.oc_names
#define soc_desc soc_oclass.oc_desc
#define soc_obsolete soc_oclass.oc_obsolete
#define soc_sup_oids soc_oclass.oc_sup_oids
#define soc_at_oids_must soc_oclass.oc_at_oids_must
#define soc_at_oids_may soc_oclass.oc_at_oids_may
#define soc_extensions soc_oclass.oc_extensions
LDAP_STAILQ_ENTRY(ObjectClass) soc_next;
};
#define SLAP_OCF_SET_FLAGS 0x1
#define SLAP_OCF_CHECK_SUP 0x2
#define SLAP_OCF_MASK (SLAP_OCF_SET_FLAGS|SLAP_OCF_CHECK_SUP)
#define SLAP_OC_ALIAS 0x0001
#define SLAP_OC_REFERRAL 0x0002
#define SLAP_OC_SUBENTRY 0x0004
#define SLAP_OC_DYNAMICOBJECT 0x0008
#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x0010
#define SLAP_OC_GLUE 0x0020
#define SLAP_OC_SYNCPROVIDERSUBENTRY 0x0040
#define SLAP_OC_SYNCCONSUMERSUBENTRY 0x0080
#define SLAP_OC__MASK 0x00FF
#define SLAP_OC__END 0x0100
#define SLAP_OC_OPERATIONAL 0x4000
#define SLAP_OC_HIDE 0x0000
#else
#define SLAP_OC_HIDE 0x8000
#define SLAP_OC_HARDCODE 0x10000U /* This is hardcoded schema */
#define SLAP_OC_DELETED 0x20000U
/*
* DIT content rule
*/
LDAPContentRule scr_crule;
ObjectClass *scr_sclass;
ObjectClass **scr_auxiliaries; /* optional */
AttributeType **scr_required; /* optional */
AttributeType **scr_allowed; /* optional */
AttributeType **scr_precluded; /* optional */
#define scr_oid scr_crule.cr_oid
#define scr_names scr_crule.cr_names
#define scr_desc scr_crule.cr_desc
#define scr_obsolete scr_crule.cr_obsolete
#define scr_oc_oids_aux scr_crule.cr_oc_oids_aux
#define scr_at_oids_must scr_crule.cr_at_oids_must
#define scr_at_oids_may scr_crule.cr_at_oids_may
#define scr_at_oids_not scr_crule.cr_at_oids_not
char *scr_oidmacro;
#define SLAP_CR_HARDCODE 0x10000U
int scr_flags;
LDAP_STAILQ_ENTRY( ContentRule ) scr_next;
};
Hallvard Furuseth
committed
/* Represents a recognized attribute description ( type + options ). */
struct AttributeDescription {
AttributeDescription *ad_next;
AttributeType *ad_type; /* attribute type, must be specified */
struct berval ad_cname; /* canonical name, must be specified */
struct berval ad_tags; /* empty if no tagging options */
unsigned ad_flags;
#define SLAP_DESC_NONE 0x00U
#define SLAP_DESC_BINARY 0x01U
#define SLAP_DESC_TAG_RANGE 0x80U
#define SLAP_DESC_TEMPORARY 0x1000U
};
/* flags to slap_*2undef_ad to register undefined (0, the default)
* or proxied (SLAP_AD_PROXIED) AttributeDescriptions; the additional
* SLAP_AD_NOINSERT is to lookup without insert */
#define SLAP_AD_UNDEF 0x00U
#define SLAP_AD_PROXIED 0x01U
#define SLAP_AD_NOINSERT 0x02U
#define SLAP_AN_OCEXCLUDE 0x01
#define SLAP_AN_OCINITED 0x02
struct AttributeName {
struct berval an_name;
AttributeDescription *an_desc;
int an_flags;
Hallvard Furuseth
committed
#define slap_ad_is_tagged(ad) ( (ad)->ad_tags.bv_len != 0 )
#define slap_ad_is_tag_range(ad) \
( ((ad)->ad_flags & SLAP_DESC_TAG_RANGE) ? 1 : 0 )
( ((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
/*
* pointers to schema elements used internally
*/
struct slap_internal_schema {
/* objectClass */
ObjectClass *si_oc_alias;
ObjectClass *si_oc_referral;
ObjectClass *si_oc_subentry;
ObjectClass *si_oc_subschema;
ObjectClass *si_oc_collectiveAttributeSubentry;
ObjectClass *si_oc_dynamicObject;
ObjectClass *si_oc_glue;
ObjectClass *si_oc_syncConsumerSubentry;
ObjectClass *si_oc_syncProviderSubentry;
/* objectClass attribute descriptions */
AttributeDescription *si_ad_objectClass;
/* operational attribute descriptions */
Kurt Zeilenga
committed
AttributeDescription *si_ad_structuralObjectClass;
AttributeDescription *si_ad_creatorsName;
AttributeDescription *si_ad_createTimestamp;
AttributeDescription *si_ad_modifiersName;
AttributeDescription *si_ad_modifyTimestamp;
Pierangelo Masarati
committed
AttributeDescription *si_ad_hasSubordinates;
AttributeDescription *si_ad_subschemaSubentry;
AttributeDescription *si_ad_collectiveSubentries;
AttributeDescription *si_ad_collectiveExclusions;
AttributeDescription *si_ad_entryUUID;
AttributeDescription *si_ad_entryCSN;
AttributeDescription *si_ad_dseType;
AttributeDescription *si_ad_syncreplCookie;
/* root DSE attribute descriptions */
AttributeDescription *si_ad_altServer;
AttributeDescription *si_ad_namingContexts;
AttributeDescription *si_ad_supportedControl;
AttributeDescription *si_ad_supportedExtension;
AttributeDescription *si_ad_supportedLDAPVersion;
AttributeDescription *si_ad_supportedSASLMechanisms;
AttributeDescription *si_ad_supportedFeatures;
AttributeDescription *si_ad_monitorContext;
AttributeDescription *si_ad_vendorName;
AttributeDescription *si_ad_vendorVersion;
AttributeDescription *si_ad_configContext;
/* subentry attribute descriptions */
AttributeDescription *si_ad_administrativeRole;
AttributeDescription *si_ad_subtreeSpecification;
/* subschema subentry attribute descriptions */
AttributeDescription *si_ad_attributeTypes;
AttributeDescription *si_ad_ditContentRules;
AttributeDescription *si_ad_ditStructureRules;
AttributeDescription *si_ad_ldapSyntaxes;
AttributeDescription *si_ad_matchingRules;
AttributeDescription *si_ad_matchingRuleUse;
AttributeDescription *si_ad_nameForms;
AttributeDescription *si_ad_objectClasses;
/* Aliases & Referrals */
AttributeDescription *si_ad_aliasedObjectName;
AttributeDescription *si_ad_ref;
AttributeDescription *si_ad_entry;
AttributeDescription *si_ad_children;
AttributeDescription *si_ad_saslAuthzTo;
AttributeDescription *si_ad_saslAuthzFrom;
/* dynamic entries */
AttributeDescription *si_ad_entryTtl;
AttributeDescription *si_ad_dynamicSubtrees;
/* Other attributes descriptions */
AttributeDescription *si_ad_distinguishedName;
AttributeDescription *si_ad_name;
AttributeDescription *si_ad_cn;
AttributeDescription *si_ad_uid;
AttributeDescription *si_ad_uidNumber;
AttributeDescription *si_ad_gidNumber;
AttributeDescription *si_ad_userPassword;
AttributeDescription *si_ad_authPassword;
AttributeDescription *si_ad_authPasswordSchemes;
#endif
AttributeDescription *si_ad_description;
AttributeDescription *si_ad_seeAlso;
/* Undefined Attribute Type */
AttributeType *si_at_undefined;
Julio Sánchez Fernández
committed
/* "Proxied" Attribute Type */
AttributeType *si_at_proxied;
Julio Sánchez Fernández
committed
/* Matching Rules */
MatchingRule *si_mr_distinguishedNameMatch;
MatchingRule *si_mr_dnSubtreeMatch;
MatchingRule *si_mr_dnOneLevelMatch;
MatchingRule *si_mr_dnSubordinateMatch;
MatchingRule *si_mr_dnSuperiorMatch;
MatchingRule *si_mr_caseExactMatch;
MatchingRule *si_mr_caseExactSubstringsMatch;
MatchingRule *si_mr_caseExactIA5Match;
Julio Sánchez Fernández
committed
MatchingRule *si_mr_integerMatch;
MatchingRule *si_mr_integerFirstComponentMatch;
MatchingRule *si_mr_objectIdentifierFirstComponentMatch;
MatchingRule *si_mr_caseIgnoreMatch;
MatchingRule *si_mr_caseIgnoreListMatch;
Julio Sánchez Fernández
committed
/* Syntaxes */
Syntax *si_syn_directoryString;
Julio Sánchez Fernández
committed
Syntax *si_syn_distinguishedName;