Newer
Older
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* Portions Copyright (c) 1995 Regents of the University of Michigan.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that this notice is preserved and that due credit is given
* to the University of Michigan at Ann Arbor. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission. This software
* is provided ``as is'' without express or implied warranty.
#include "ldap_defaults.h"
#include <sys/types.h>
#include <ac/syslog.h>
#include <ac/regex.h>
#include <ac/param.h>
#ifndef ldap_debug
#define ldap_debug slap_debug
#endif
#include "ldap_log.h"
#include <ldap.h>
#include <ldap_schema.h>
/*
* SLAPD Memory allocation macros
*
* Unlike ch_*() routines, these routines do not assert() upon
* allocation error. They are intended to be used instead of
* ch_*() routines where the caller has implemented proper
* checking for and handling of allocation errors.
*
* Patches to convert ch_*() calls to SLAP_*() calls welcomed.
*/
#define SLAP_MALLOC(s) ber_memalloc((s))
#define SLAP_CALLOC(n,s) ber_memcalloc((n),(s))
#define SLAP_REALLOC(p,s) ber_memrealloc((p),(s))
#define SLAP_FREE(p) ber_memfree((p))
#define SLAP_VFREE(v) ber_memvfree((void**)(v))
#define SLAP_STRDUP(s) ber_strdup((s))
#define SLAP_STRNDUP(s,l) ber_strndup((s),(l))
#ifdef f_next
#undef f_next /* name conflict between sys/file.h on SCO and struct filter */
#endif
#define SERVICE_NAME OPENLDAP_PACKAGE "-slapd"
#define SLAPD_ANONYMOUS "cn=anonymous"
/* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h!
* This is a value used internally by the backends. It is needed to allow
* adding values that already exist without getting an error as required by
* modrdn when the new rdn was already an attribute value itself.
*/
#define SLAP_MOD_SOFTADD 0x1000
Pierangelo Masarati
committed
#define MAXREMATCHES (100)
#define SLAP_MAX_WORKER_THREADS (16)
#define SLAP_MAX_SYNCREPL_THREADS (8)
#define SLAP_SB_MAX_INCOMING_DEFAULT ((1<<18) - 1)
#define SLAP_SB_MAX_INCOMING_AUTH ((1<<24) - 1)
#define SLAP_CONN_MAX_PENDING_DEFAULT 100
#define SLAP_CONN_MAX_PENDING_AUTH 1000
#define SLAP_TEXT_BUFLEN (256)
/* psuedo error code indicating abandoned operation */
/* psuedo error code indicating disconnect */
/* unknown config file directive */
/* We assume "C" locale, that is US-ASCII */
#define ASCII_SPACE(c) ( (c) == ' ' )
#define ASCII_LOWER(c) ( (c) >= 'a' && (c) <= 'z' )
#define ASCII_UPPER(c) ( (c) >= 'A' && (c) <= 'Z' )
#define ASCII_ALPHA(c) ( ASCII_LOWER(c) || ASCII_UPPER(c) )
#define ASCII_DIGIT(c) ( (c) >= '0' && (c) <= '9' )
#define ASCII_HEXLOWER(c) ( (c) >= 'a' && (c) <= 'f' )
#define ASCII_HEXUPPER(c) ( (c) >= 'A' && (c) <= 'F' )
#define ASCII_HEX(c) ( ASCII_DIGIT(c) || \
ASCII_HEXLOWER(c) || ASCII_HEXUPPER(c) )
#define ASCII_ALNUM(c) ( ASCII_ALPHA(c) || ASCII_DIGIT(c) )
#define ASCII_PRINTABLE(c) ( (c) >= ' ' && (c) <= '~' )
#define SLAP_NIBBLE(c) ((c)&0x0f)
#define SLAP_ESCAPE_CHAR ('\\')
#define SLAP_ESCAPE_LO(c) ( "0123456789ABCDEF"[SLAP_NIBBLE(c)] )
#define SLAP_ESCAPE_HI(c) ( SLAP_ESCAPE_LO((c)>>4) )
#define FILTER_ESCAPE(c) ( (c) == '*' || (c) == '\\' \
|| (c) == '(' || (c) == ')' || !ASCII_PRINTABLE(c) )
Pierangelo Masarati
committed
#define DN_ESCAPE(c) ((c) == SLAP_ESCAPE_CHAR)
/* NOTE: for consistency, this macro must only operate
* on normalized/pretty DN, such that ';' is never used
* as RDN separator, and all occurrences of ';' must be escaped */
#define DN_SEPARATOR(c) ((c) == ',')
#define RDN_ATTRTYPEANDVALUE_SEPARATOR(c) ((c) == '+') /* RFC 2253 */
#define RDN_SEPARATOR(c) (DN_SEPARATOR(c) || RDN_ATTRTYPEANDVALUE_SEPARATOR(c))
#define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"')
#define DESC_LEADCHAR(c) ( ASCII_ALPHA(c) )
#define DESC_CHAR(c) ( ASCII_ALNUM(c) || (c) == '-' )
#define OID_LEADCHAR(c) ( ASCII_DIGIT(c) )
#define OID_SEPARATOR(c) ( (c) == '.' )
#define OID_CHAR(c) ( OID_LEADCHAR(c) || OID_SEPARATOR(c) )
#define ATTR_LEADCHAR(c) ( DESC_LEADCHAR(c) || OID_LEADCHAR(c) )
#define ATTR_CHAR(c) ( DESC_CHAR((c)) || OID_SEPARATOR(c) )
#define AD_LEADCHAR(c) ( ATTR_LEADCHAR(c) )
#define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' )
#define SLAP_NUMERIC(c) ( ASCII_DIGIT(c) || ASCII_SPACE(c) )
#define SLAP_PRINTABLE(c) ( ASCII_ALNUM(c) || (c) == '\'' || \
(c) == '(' || (c) == ')' || (c) == '+' || (c) == ',' || \
(c) == '-' || (c) == '.' || (c) == '/' || (c) == ':' || \
(c) == '?' || (c) == ' ' || (c) == '=' )
#define SLAP_PRINTABLES(c) ( SLAP_PRINTABLE(c) || (c) == '$' )
/* must match in schema_init.c */
#define SLAPD_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
#define SLAPD_NAMEUID_SYNTAX "1.3.6.1.4.1.1466.115.121.1.34"
#define SLAPD_INTEGER_SYNTAX "1.3.6.1.4.1.1466.115.121.1.27"
#define SLAPD_GROUP_ATTR "member"
#define SLAPD_GROUP_CLASS "groupOfNames"
#define SLAPD_ROLE_ATTR "roleOccupant"
#define SLAPD_ROLE_CLASS "organizationalRole"
#define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1"
/* change this to "OpenLDAPset" */
#define SLAPD_ACI_SET_ATTR "template"
typedef unsigned long slap_mask_t;
/* Security Strength Factor */
typedef unsigned slap_ssf_t;
typedef struct slap_ssf_set {
slap_ssf_t sss_ssf;
slap_ssf_t sss_transport;
slap_ssf_t sss_tls;
slap_ssf_t sss_sasl;
slap_ssf_t sss_update_ssf;
slap_ssf_t sss_update_transport;
slap_ssf_t sss_update_tls;
slap_ssf_t sss_update_sasl;
} slap_ssf_set_t;
/* Flags for telling slap_sasl_getdn() what type of identity is being passed */
#define SLAP_GETDN_AUTHCID 2
#define SLAP_GETDN_AUTHZID 4
/*
* Index types
*/
#define SLAP_INDEX_TYPE 0x00FFUL
#define SLAP_INDEX_UNDEFINED 0x0001UL
#define SLAP_INDEX_PRESENT 0x0002UL
#define SLAP_INDEX_EQUALITY 0x0004UL
#define SLAP_INDEX_APPROX 0x0008UL
#define SLAP_INDEX_SUBSTR 0x0010UL
#define SLAP_INDEX_EXTENDED 0x0020UL
#define SLAP_INDEX_DEFAULT SLAP_INDEX_EQUALITY
#define IS_SLAP_INDEX(mask, type) (((mask) & (type)) == (type))
#define SLAP_INDEX_SUBSTR_TYPE 0x0F00UL
#define SLAP_INDEX_SUBSTR_INITIAL ( SLAP_INDEX_SUBSTR | 0x0100UL )
#define SLAP_INDEX_SUBSTR_ANY ( SLAP_INDEX_SUBSTR | 0x0200UL )
#define SLAP_INDEX_SUBSTR_FINAL ( SLAP_INDEX_SUBSTR | 0x0400UL )
#define SLAP_INDEX_SUBSTR_DEFAULT \
( SLAP_INDEX_SUBSTR \
| SLAP_INDEX_SUBSTR_INITIAL \
| SLAP_INDEX_SUBSTR_ANY \
| SLAP_INDEX_SUBSTR_FINAL )
/* constants for initial/final substrings indices */
#ifndef SLAP_INDEX_SUBSTR_IF_MINLEN
# define SLAP_INDEX_SUBSTR_IF_MINLEN 2
#endif
#ifndef SLAP_INDEX_SUBSTR_IF_MAXLEN
# define SLAP_INDEX_SUBSTR_IF_MAXLEN 4
#endif
/* constants for any substrings indices */
#ifndef SLAP_INDEX_SUBSTR_ANY_LEN
# define SLAP_INDEX_SUBSTR_ANY_LEN 4
#endif
#ifndef SLAP_INDEX_SUBSTR_ANY_STEP
# define SLAP_INDEX_SUBSTR_ANY_STEP 2
#endif
#define SLAP_INDEX_FLAGS 0xF000UL
#define SLAP_INDEX_NOSUBTYPES 0x1000UL /* don't use index w/ subtypes */
Hallvard Furuseth
committed
#define SLAP_INDEX_NOTAGS 0x2000UL /* don't use index w/ tags */
/*
* there is a single index for each attribute. these prefixes ensure
* that there is no collision among keys.
*/
#define SLAP_INDEX_EQUALITY_PREFIX '=' /* prefix for equality keys */
#define SLAP_INDEX_APPROX_PREFIX '~' /* prefix for approx keys */
#define SLAP_INDEX_SUBSTR_PREFIX '*' /* prefix for substring keys */
#define SLAP_INDEX_SUBSTR_INITIAL_PREFIX '^'
#define SLAP_INDEX_SUBSTR_FINAL_PREFIX '$'
#define SLAP_INDEX_CONT_PREFIX '.' /* prefix for continuation keys */
#define SLAP_SYNTAX_MATCHINGRULES_OID "1.3.6.1.4.1.1466.115.121.1.30"
#define SLAP_SYNTAX_ATTRIBUTETYPES_OID "1.3.6.1.4.1.1466.115.121.1.3"
#define SLAP_SYNTAX_OBJECTCLASSES_OID "1.3.6.1.4.1.1466.115.121.1.37"
#define SLAP_SYNTAX_MATCHINGRULEUSES_OID "1.3.6.1.4.1.1466.115.121.1.31"
#define SLAP_SYNTAX_CONTENTRULE_OID "1.3.6.1.4.1.1466.115.121.1.16"
/*
* represents schema information for a database
*/
#define SLAP_SCHERR_OUTOFMEM 1
#define SLAP_SCHERR_CLASS_NOT_FOUND 2
#define SLAP_SCHERR_CLASS_BAD_USAGE 3
#define SLAP_SCHERR_CLASS_BAD_SUP 4
#define SLAP_SCHERR_CLASS_DUP 5
#define SLAP_SCHERR_ATTR_NOT_FOUND 6
#define SLAP_SCHERR_ATTR_BAD_MR 7
#define SLAP_SCHERR_ATTR_BAD_USAGE 8
#define SLAP_SCHERR_ATTR_BAD_SUP 9
#define SLAP_SCHERR_ATTR_INCOMPLETE 10
#define SLAP_SCHERR_ATTR_DUP 11
#define SLAP_SCHERR_MR_NOT_FOUND 12
#define SLAP_SCHERR_MR_INCOMPLETE 13
#define SLAP_SCHERR_MR_DUP 14
#define SLAP_SCHERR_SYN_NOT_FOUND 15
#define SLAP_SCHERR_SYN_DUP 16
#define SLAP_SCHERR_NO_NAME 17
#define SLAP_SCHERR_NOT_SUPPORTED 18
#define SLAP_SCHERR_BAD_DESCR 19
#define SLAP_SCHERR_OIDM 20
#define SLAP_SCHERR_CR_DUP 21
#define SLAP_SCHERR_CR_BAD_STRUCT 22
#define SLAP_SCHERR_CR_BAD_AUX 23
#define SLAP_SCHERR_CR_BAD_AT 24
#define SLAP_SCHERR_LAST SLAP_SCHERR_CR_BAD_AT
typedef union slap_sockaddr {
struct sockaddr sa_addr;
struct sockaddr_in sa_in_addr;
#ifdef LDAP_PF_INET6
struct sockaddr_in6 sa_in6_addr;
#endif
#ifdef LDAP_PF_LOCAL
struct sockaddr_un sa_un_addr;
#endif
} Sockaddr;
#ifdef LDAP_PF_INET6
extern int slap_inet4or6;
#endif
typedef struct slap_oid_macro {
struct berval som_oid;
char **som_names;
LDAP_SLIST_ENTRY(slap_oid_macro) som_next;
} OidMacro;
/* forward declarations */
struct slap_syntax;
struct slap_matching_rule;
typedef int slap_syntax_validate_func LDAP_P((
struct berval * in));
typedef int slap_syntax_transform_func LDAP_P((
struct slap_syntax *syntax,
struct berval * in,
typedef struct slap_syntax {
#define ssyn_oid ssyn_syn.syn_oid
#define ssyn_desc ssyn_syn.syn_desc
Pierangelo Masarati
committed
/*
* Note: the former
Pierangelo Masarati
committed
* has been replaced by a struct berval that uses the value
* provided by ssyn_syn.syn_oid; a macro that expands to
* the bv_len field of the berval is provided for backward
* compatibility. CAUTION: NEVER FREE THE BERVAL
*/
struct berval ssyn_bvoid;
#define ssyn_oidlen ssyn_bvoid.bv_len
unsigned int ssyn_flags;
#define SLAP_SYNTAX_NONE 0x0000U
#define SLAP_SYNTAX_BLOB 0x0001U /* syntax treated as blob (audio) */
#define SLAP_SYNTAX_BINARY 0x0002U /* binary transfer required (certificate) */
#define SLAP_SYNTAX_BER 0x0004U /* stored in BER encoding (certificate) */
#ifdef LDAP_DEVEL
#define SLAP_SYNTAX_HIDE 0x0000U /* publish everything */
#else
#define SLAP_SYNTAX_HIDE 0x8000U /* hide (do not publish) */
slap_syntax_validate_func *ssyn_validate;
slap_syntax_transform_func *ssyn_pretty;
#ifdef SLAPD_BINARY_CONVERSION
/* convert to and from binary */
slap_syntax_transform_func *ssyn_ber2str;
slap_syntax_transform_func *ssyn_str2ber;
#endif
LDAP_SLIST_ENTRY(slap_syntax) ssyn_next;
} Syntax;
#define slap_syntax_is_flag(s,flag) ((int)((s)->ssyn_flags & (flag)) ? 1 : 0)
#define slap_syntax_is_blob(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BLOB)
#define slap_syntax_is_binary(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BINARY)
#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
typedef struct slap_syntax_defs_rec {
char *sd_desc;
int sd_flags;
slap_syntax_validate_func *sd_validate;
slap_syntax_transform_func *sd_pretty;
#ifdef SLAPD_BINARY_CONVERSION
slap_syntax_transform_func *sd_ber2str;
slap_syntax_transform_func *sd_str2ber;
#endif
} slap_syntax_defs_rec;
typedef int slap_mr_convert_func LDAP_P((
struct berval * in,
/* Normalizer */
typedef int slap_mr_normalize_func LDAP_P((
struct slap_syntax *syntax, /* NULL if in is asserted value */
struct slap_matching_rule *mr,
struct berval * in,
typedef int slap_mr_match_func LDAP_P((
struct slap_syntax *syntax, /* syntax of stored value */
struct slap_matching_rule *mr,
struct berval * value,
void * assertValue ));
/* Index generation function */
typedef int slap_mr_indexer_func LDAP_P((
slap_mask_t use,
slap_mask_t mask,
struct slap_syntax *syntax, /* syntax of stored value */
struct slap_matching_rule *mr,
struct berval *prefix,
BerVarray values,
/* Filter index function */
typedef int slap_mr_filter_func LDAP_P((
slap_mask_t use,
slap_mask_t mask,
struct slap_syntax *syntax, /* syntax of stored value */
struct slap_matching_rule *mr,
struct berval *prefix,
void * assertValue,
Pierangelo Masarati
committed
typedef struct slap_matching_rule_use MatchingRuleUse;
typedef struct slap_matching_rule {
LDAPMatchingRule smr_mrule;
Pierangelo Masarati
committed
MatchingRuleUse *smr_mru;
/* RFC2252 string representation */
struct berval smr_str;
/*
* Note: the former
* ber_len_t smr_oidlen;
Pierangelo Masarati
committed
* has been replaced by a struct berval that uses the value
* provided by smr_mrule.mr_oid; a macro that expands to
* the bv_len field of the berval is provided for backward
* compatibility. CAUTION: NEVER FREE THE BERVAL
*/
struct berval smr_bvoid;
#define smr_oidlen smr_bvoid.bv_len
slap_mask_t smr_usage;
#ifdef LDAP_DEVEL
#define SLAP_MR_HIDE 0x0000U
#else
#define SLAP_MR_HIDE 0x8000U
#define SLAP_MR_TYPE_MASK 0x0F00U
#define SLAP_MR_SUBTYPE_MASK 0x00F0U
#define SLAP_MR_USAGE 0x000FU
#define SLAP_MR_NONE 0x0000U
#define SLAP_MR_EQUALITY 0x0100U
#define SLAP_MR_ORDERING 0x0200U
#define SLAP_MR_SUBSTR 0x0400U
#define SLAP_MR_EXT 0x0800U /* implicitly extensible */
#define SLAP_MR_EQUALITY_APPROX ( SLAP_MR_EQUALITY | 0x0010U )
Kurt Zeilenga
committed
#define SLAP_MR_SUBSTR_INITIAL ( SLAP_MR_SUBSTR | 0x0010U )
#define SLAP_MR_SUBSTR_ANY ( SLAP_MR_SUBSTR | 0x0020U )
#define SLAP_MR_SUBSTR_FINAL ( SLAP_MR_SUBSTR | 0x0040U )
/*
* The asserted value, depending on the particular usage,
* is expected to conform to either the assertion syntax
* or the attribute syntax. In some cases, the syntax of
* the value is known. If so, these flags indicate which
* syntax the value is expected to conform to. If not,
* neither of these flags is set (until the syntax of the
* provided value is determined). If the value is of the
* attribute syntax, the flag is changed once a value of
* the assertion syntax is derived from the provided value.
*/
#define SLAP_MR_VALUE_OF_ASSERTION_SYNTAX 0x0001U
#define SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX 0x0002U
#define SLAP_MR_VALUE_OF_SYNTAX 0x0003U
#define SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX( usage ) \
((usage) & SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX )
#define SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX( usage ) \
((usage) & SLAP_MR_VALUE_OF_ASSERTION_SYNTAX )
#ifdef LDAP_DEBUG
#define SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) \
((usage) & SLAP_MR_VALUE_OF_SYNTAX)
#else
#define SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) (1)
#endif
/* either or both the asserted value or attribute value
* may be provided in normalized form
*/
#define SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH 0x0004U
#define SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH 0x0008U
#define SLAP_IS_MR_ASSERTION_SYNTAX_MATCH( usage ) \
(!((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_MATCH))
#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_MATCH( usage ) \
((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_MATCH)
#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH( usage ) \
(((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH) \
== SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH)
#define SLAP_IS_MR_ATTRIBUTE_SYNTAX_NONCONVERTED_MATCH( usage ) \
(((usage) & SLAP_MR_ATTRIBUTE_SYNTAX_CONVERTED_MATCH) \
== SLAP_MR_ATTRIBUTE_SYNTAX_MATCH)
#define SLAP_IS_MR_ASSERTED_VALUE_NORMALIZED_MATCH( usage ) \
((usage) & SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH )
#define SLAP_IS_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH( usage ) \
((usage) & SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH )
Syntax *smr_syntax;
slap_mr_convert_func *smr_convert;
slap_mr_match_func *smr_match;
slap_mr_indexer_func *smr_indexer;
slap_mr_filter_func *smr_filter;
* null terminated array of syntaxes compatible with this syntax
* note: when MS_EXT is set, this MUST NOT contain the assertion
* syntax of the rule. When MS_EXT is not set, it MAY.
*/
Syntax **smr_compat_syntaxes;
/*
* For equality rules, refers to an associated approximate rule.
* For non-equality rules, refers to an associated equality rule.
*/
struct slap_matching_rule *smr_associated;
#define SLAP_MR_ASSOCIATED(mr,amr) \
(((mr) == (amr)) || ((mr)->smr_associated == (amr)))
Pierangelo Masarati
committed
LDAP_SLIST_ENTRY(slap_matching_rule)smr_next;
#define smr_oid smr_mrule.mr_oid
#define smr_names smr_mrule.mr_names
#define smr_desc smr_mrule.mr_desc
#define smr_obsolete smr_mrule.mr_obsolete
#define smr_syntax_oid smr_mrule.mr_syntax_oid
#define smr_extensions smr_mrule.mr_extensions
} MatchingRule;
Pierangelo Masarati
committed
struct slap_matching_rule_use {
LDAPMatchingRuleUse smru_mruleuse;
MatchingRule *smru_mr;
/* RFC2252 string representation */
struct berval smru_str;
LDAP_SLIST_ENTRY(slap_matching_rule_use) smru_next;
Pierangelo Masarati
committed
#define smru_oid smru_mruleuse.mru_oid
#define smru_names smru_mruleuse.mru_names
#define smru_desc smru_mruleuse.mru_desc
#define smru_obsolete smru_mruleuse.mru_obsolete
#define smru_applies_oids smru_mruleuse.mru_applies_oids
#define smru_usage smru_mr->smr_usage
} /* MatchingRuleUse */ ;
typedef struct slap_mrule_defs_rec {
char * mrd_desc;
slap_mask_t mrd_usage;
char ** mrd_compat_syntaxes;
slap_mr_convert_func * mrd_convert;
slap_mr_normalize_func * mrd_normalize;
slap_mr_match_func * mrd_match;
slap_mr_indexer_func * mrd_indexer;
slap_mr_filter_func * mrd_filter;
/* For equality rule, this may refer to an associated approximate rule */
/* For non-equality rule, this may refer to an associated equality rule */
char * mrd_associated;
} slap_mrule_defs_rec;
typedef int (AttributeTypeSchemaCheckFN)(
struct slap_entry *e,
struct slap_attr *attr,
const char** text,
char *textbuf, size_t textlen );
typedef struct slap_attribute_type {
LDAPAttributeType sat_atype;
struct berval sat_cname;
struct slap_attribute_type *sat_sup;
struct slap_attribute_type **sat_subtypes;
MatchingRule *sat_equality;
MatchingRule *sat_approx;
MatchingRule *sat_ordering;
MatchingRule *sat_substr;
AttributeTypeSchemaCheckFN *sat_check;
#define SLAP_AT_NONE 0x0000U
#define SLAP_AT_ABSTRACT 0x0100U /* cannot be instantiated */
#define SLAP_AT_FINAL 0x0200U /* cannot be subtyped */
#ifdef LDAP_DEVEL
#define SLAP_AT_HIDE 0x0000U /* publish everything */
#else
#define SLAP_AT_HIDE 0x8000U /* hide attribute */
LDAP_SLIST_ENTRY(slap_attribute_type) sat_next;
#define sat_oid sat_atype.at_oid
#define sat_names sat_atype.at_names
#define sat_desc sat_atype.at_desc
#define sat_obsolete sat_atype.at_obsolete
#define sat_sup_oid sat_atype.at_sup_oid
#define sat_equality_oid sat_atype.at_equality_oid
#define sat_ordering_oid sat_atype.at_ordering_oid
#define sat_substr_oid sat_atype.at_substr_oid
#define sat_syntax_oid sat_atype.at_syntax_oid
#define sat_single_value sat_atype.at_single_value
#define sat_collective sat_atype.at_collective
#define sat_no_user_mod sat_atype.at_no_user_mod
#define sat_usage sat_atype.at_usage
#define sat_extensions sat_atype.at_extensions
struct slap_attr_desc *sat_ad;
ldap_pvt_thread_mutex_t sat_ad_mutex;
} AttributeType;
#define is_at_operational(at) ((at)->sat_usage)
#define is_at_single_value(at) ((at)->sat_single_value)
#define is_at_collective(at) ((at)->sat_collective)
#define is_at_obsolete(at) ((at)->sat_obsolete)
#define is_at_no_user_mod(at) ((at)->sat_no_user_mod)
typedef int (ObjectClassSchemaCheckFN)(
struct slap_entry *e,
struct slap_object_class *oc,
const char** text,
char *textbuf, size_t textlen );
typedef struct slap_object_class {
LDAPObjectClass soc_oclass;
struct berval soc_cname;
struct slap_object_class **soc_sups;
AttributeType **soc_required;
AttributeType **soc_allowed;
ObjectClassSchemaCheckFN *soc_check;
slap_mask_t soc_flags;
#define soc_oid soc_oclass.oc_oid
#define soc_names soc_oclass.oc_names
#define soc_desc soc_oclass.oc_desc
#define soc_obsolete soc_oclass.oc_obsolete
#define soc_sup_oids soc_oclass.oc_sup_oids
#define soc_at_oids_must soc_oclass.oc_at_oids_must
#define soc_at_oids_may soc_oclass.oc_at_oids_may
#define soc_extensions soc_oclass.oc_extensions
LDAP_SLIST_ENTRY(slap_object_class) soc_next;
} ObjectClass;
#define SLAP_OC_ALIAS 0x0001
#define SLAP_OC_REFERRAL 0x0002
#define SLAP_OC_SUBENTRY 0x0004
#define SLAP_OC_DYNAMICOBJECT 0x0008
#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x0010
#define SLAP_OC_GLUE 0x0020
#define SLAP_OC_SYNCPROVIDERSUBENTRY 0x0040
#define SLAP_OC_SYNCCONSUMERSUBENTRY 0x0080
#define SLAP_OC__MASK 0x00FF
#define SLAP_OC__END 0x0100
#define SLAP_OC_OPERATIONAL 0x4000
#ifdef LDAP_DEVEL
#define SLAP_OC_HIDE 0x0000
#else
#define SLAP_OC_HIDE 0x8000
/*
* DIT content rule
*/
typedef struct slap_content_rule {
LDAPContentRule scr_crule;
ObjectClass *scr_sclass;
ObjectClass **scr_auxiliaries; /* optional */
AttributeType **scr_required; /* optional */
AttributeType **scr_allowed; /* optional */
AttributeType **scr_precluded; /* optional */
#define scr_oid scr_crule.cr_oid
#define scr_names scr_crule.cr_names
#define scr_desc scr_crule.cr_desc
#define scr_obsolete scr_crule.cr_obsolete
#define scr_oc_oids_aux scr_crule.cr_oc_oids_aux
#define scr_at_oids_must scr_crule.cr_at_oids_must
#define scr_at_oids_may scr_crule.cr_at_oids_may
#define scr_at_oids_not scr_crule.cr_at_oids_not
LDAP_SLIST_ENTRY( slap_content_rule ) scr_next;
Hallvard Furuseth
committed
/* Represents a recognized attribute description ( type + options ). */
typedef struct slap_attr_desc {
struct slap_attr_desc *ad_next;
AttributeType *ad_type; /* attribute type, must be specified */
struct berval ad_cname; /* canonical name, must be specified */
Hallvard Furuseth
committed
struct berval ad_tags; /* empty if no tagging options */
unsigned ad_flags;
#define SLAP_DESC_NONE 0x00U
#define SLAP_DESC_BINARY 0x01U
Hallvard Furuseth
committed
#define SLAP_DESC_TAG_RANGE 0x80U
} AttributeDescription;
typedef struct slap_attr_name {
struct berval an_name;
AttributeDescription *an_desc;
Pierangelo Masarati
committed
int an_oc_exclude;
ObjectClass *an_oc;
} AttributeName;
Hallvard Furuseth
committed
#define slap_ad_is_tagged(ad) ( (ad)->ad_tags.bv_len != 0 )
#define slap_ad_is_tag_range(ad) \
( ((ad)->ad_flags & SLAP_DESC_TAG_RANGE) ? 1 : 0 )
( ((ad)->ad_flags & SLAP_DESC_BINARY) ? 1 : 0 )
/*
* pointers to schema elements used internally
*/
struct slap_internal_schema {
/* objectClass */
ObjectClass *si_oc_alias;
ObjectClass *si_oc_referral;
ObjectClass *si_oc_subentry;
ObjectClass *si_oc_subschema;
ObjectClass *si_oc_collectiveAttributeSubentry;
ObjectClass *si_oc_dynamicObject;
ObjectClass *si_oc_glue;
ObjectClass *si_oc_syncConsumerSubentry;
ObjectClass *si_oc_syncProviderSubentry;
/* objectClass attribute descriptions */
AttributeDescription *si_ad_objectClass;
/* operational attribute descriptions */
Kurt Zeilenga
committed
AttributeDescription *si_ad_structuralObjectClass;
AttributeDescription *si_ad_creatorsName;
AttributeDescription *si_ad_createTimestamp;
AttributeDescription *si_ad_modifiersName;
AttributeDescription *si_ad_modifyTimestamp;
Pierangelo Masarati
committed
AttributeDescription *si_ad_hasSubordinates;
AttributeDescription *si_ad_subschemaSubentry;
AttributeDescription *si_ad_collectiveSubentries;
AttributeDescription *si_ad_collectiveExclusions;
AttributeDescription *si_ad_entryUUID;
AttributeDescription *si_ad_entryCSN;
AttributeDescription *si_ad_superiorUUID;
AttributeDescription *si_ad_dseType;
AttributeDescription *si_ad_syncreplCookie;
/* root DSE attribute descriptions */
AttributeDescription *si_ad_altServer;
AttributeDescription *si_ad_namingContexts;
AttributeDescription *si_ad_supportedControl;
AttributeDescription *si_ad_supportedExtension;
AttributeDescription *si_ad_supportedLDAPVersion;
AttributeDescription *si_ad_supportedSASLMechanisms;
AttributeDescription *si_ad_supportedFeatures;
AttributeDescription *si_ad_monitorContext;
AttributeDescription *si_ad_vendorName;
AttributeDescription *si_ad_vendorVersion;
/* subentry attribute descriptions */
AttributeDescription *si_ad_administrativeRole;
AttributeDescription *si_ad_subtreeSpecification;
/* subschema subentry attribute descriptions */
AttributeDescription *si_ad_attributeTypes;
AttributeDescription *si_ad_ditContentRules;
AttributeDescription *si_ad_ditStructureRules;
AttributeDescription *si_ad_ldapSyntaxes;
AttributeDescription *si_ad_matchingRules;
AttributeDescription *si_ad_matchingRuleUse;
AttributeDescription *si_ad_nameForms;
AttributeDescription *si_ad_objectClasses;
/* Aliases & Referrals */
AttributeDescription *si_ad_aliasedObjectName;
AttributeDescription *si_ad_ref;
AttributeDescription *si_ad_entry;
AttributeDescription *si_ad_children;
AttributeDescription *si_ad_saslAuthzTo;
AttributeDescription *si_ad_saslAuthzFrom;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *si_ad_aci;
#endif
/* dynamic entries */
AttributeDescription *si_ad_entryTtl;
AttributeDescription *si_ad_dynamicSubtrees;
/* Other attributes descriptions */
AttributeDescription *si_ad_distinguishedName;
AttributeDescription *si_ad_name;
AttributeDescription *si_ad_cn;
AttributeDescription *si_ad_userPassword;
AttributeDescription *si_ad_authPassword;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
AttributeDescription *si_ad_krbName;
#endif
/* Undefined Attribute Type */
AttributeType *si_at_undefined;
Julio Sánchez Fernández
committed
/* Matching Rules */
MatchingRule *si_mr_distinguishedNameMatch;
MatchingRule *si_mr_caseExactMatch;
MatchingRule *si_mr_caseExactSubstringsMatch;
MatchingRule *si_mr_caseExactIA5Match;
Julio Sánchez Fernández
committed
MatchingRule *si_mr_integerMatch;
MatchingRule *si_mr_integerFirstComponentMatch;
MatchingRule *si_mr_objectIdentifierFirstComponentMatch;
Julio Sánchez Fernández
committed
/* Syntaxes */
Syntax *si_syn_directoryString;
Julio Sánchez Fernández
committed
Syntax *si_syn_distinguishedName;
Syntax *si_syn_integer;
Syntax *si_syn_octetString;
/* Schema Syntaxes */
Syntax *si_syn_attributeTypeDesc;
Syntax *si_syn_ditContentRuleDesc;
Syntax *si_syn_ditStructureRuleDesc;
Syntax *si_syn_ldapSyntaxDesc;
Syntax *si_syn_matchingRuleDesc;
Syntax *si_syn_matchingRuleUseDesc;
Syntax *si_syn_nameFormDesc;
Syntax *si_syn_objectClassDesc;
typedef struct slap_attr_assertion {
AttributeDescription *aa_desc;
struct berval aa_value;
} AttributeAssertion;
typedef struct slap_ss_assertion {
AttributeDescription *sa_desc;
struct berval sa_initial;
struct berval *sa_any;
struct berval sa_final;
typedef struct slap_mr_assertion {
MatchingRule *ma_rule; /* optional */
struct berval ma_rule_text; /* optional */
AttributeDescription *ma_desc; /* optional */
int ma_dnattrs; /* boolean */
struct berval ma_value; /* required */
} MatchingRuleAssertion;
ber_tag_t f_choice; /* values taken from ldap.h, plus: */
#define SLAPD_FILTER_COMPUTED ((ber_tag_t) -1)
#define SLAPD_FILTER_DN_ONE ((ber_tag_t) -2)
#define SLAPD_FILTER_DN_SUBTREE ((ber_tag_t) -3)
/* precomputed result */
ber_int_t f_un_result;
/* present */
AttributeDescription *f_un_desc;
/* simple value assertion */
AttributeAssertion *f_un_ava;
/* substring assertion */
/* matching rule assertion */
MatchingRuleAssertion *f_un_mra;
#define f_dn f_un.f_un_dn
#define f_desc f_un.f_un_desc
#define f_ava f_un.f_un_ava
#define f_av_desc f_un.f_un_ava->aa_desc
#define f_av_value f_un.f_un_ava->aa_value
#define f_sub f_un.f_un_ssa
#define f_sub_desc f_un.f_un_ssa->sa_desc
#define f_sub_initial f_un.f_un_ssa->sa_initial
#define f_sub_any f_un.f_un_ssa->sa_any
#define f_sub_final f_un.f_un_ssa->sa_final
#define f_mra f_un.f_un_mra
#define f_mr_rule f_un.f_un_mra->ma_rule
#define f_mr_desc f_un.f_un_mra->ma_desc
#define f_mr_value f_un.f_un_mra->ma_value
#define f_mr_dnattrs f_un.f_un_mra->ma_dnattrs
/* and, or, not */
struct slap_filter *f_un_complex;
#define f_result f_un.f_un_result
#define f_and f_un.f_un_complex
#define f_or f_un.f_un_complex
#define f_not f_un.f_un_complex
#define f_list f_un.f_un_complex
/* compare routines can return undefined */
typedef struct slap_valuesreturnfilter {
ber_tag_t vrf_choice;
union vrf_un_u {
/* precomputed result */
ber_int_t vrf_un_result;
/* DN */
char *vrf_un_dn;
/* present */
AttributeDescription *vrf_un_desc;
/* simple value assertion */
AttributeAssertion *vrf_un_ava;
/* substring assertion */
SubstringsAssertion *vrf_un_ssa;
/* matching rule assertion */
MatchingRuleAssertion *vrf_un_mra;
#define vrf_result vrf_un.vrf_un_result
#define vrf_dn vrf_un.vrf_un_dn
#define vrf_desc vrf_un.vrf_un_desc
#define vrf_ava vrf_un.vrf_un_ava
#define vrf_av_desc vrf_un.vrf_un_ava->aa_desc
#define vrf_av_value vrf_un.vrf_un_ava->aa_value
#define vrf_ssa vrf_un.vrf_un_ssa
#define vrf_sub vrf_un.vrf_un_ssa
#define vrf_sub_desc vrf_un.vrf_un_ssa->sa_desc
#define vrf_sub_initial vrf_un.vrf_un_ssa->sa_initial
#define vrf_sub_any vrf_un.vrf_un_ssa->sa_any
#define vrf_sub_final vrf_un.vrf_un_ssa->sa_final
#define vrf_mra vrf_un.vrf_un_mra
#define vrf_mr_rule vrf_un.vrf_un_mra->ma_rule
#define vrf_mr_rule_text vrf_un.vrf_un_mra->ma_rule_text
#define vrf_mr_desc vrf_un.vrf_un_mra->ma_desc
#define vrf_mr_value vrf_un.vrf_un_mra->ma_value
#define vrf_mr_dnattrs vrf_un.vrf_un_mra->ma_dnattrs