slap.h 27.4 KB
Newer Older
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1
/* slap.h - stand alone ldap server include file */
2
/* $OpenLDAP$ */
3
4
5
6
/*
 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
7
8
9
10

#ifndef _SLDAPD_H_
#define _SLDAPD_H_

11
#ifndef SLAPD_SCHEMA_NOT_COMPAT
12
#define SLAPD_SCHEMA_COMPAT 1
13
#endif
14

15
16
#include "ldap_defaults.h"

Kurt Zeilenga's avatar
Kurt Zeilenga committed
17
#include <ac/stdlib.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
18

19
#include <sys/types.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
20
21
#include <ac/syslog.h>
#include <ac/regex.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
22
#include <ac/socket.h>
23
#include <ac/time.h>
24
#include <ac/param.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
25

26
27
28
29
#ifdef HAVE_CYRUS_SASL
#include <sasl.h>
#endif

Kurt Zeilenga's avatar
Kurt Zeilenga committed
30
#include "avl.h"
31
32
33
34
35

#ifndef ldap_debug
#define ldap_debug slap_debug
#endif

36

37
38
#include "ldap_log.h"

Kurt Zeilenga's avatar
Kurt Zeilenga committed
39
40
#include <ldap.h>
#include <ldap_schema.h>
41

42
#include "ldap_pvt_thread.h"
Kurt Zeilenga's avatar
Kurt Zeilenga committed
43
#include "ldif.h"
44
45
46

LDAP_BEGIN_DECL

Hallvard Furuseth's avatar
Hallvard Furuseth committed
47
48
49
#ifdef f_next
#undef f_next /* name conflict between sys/file.h on SCO and struct filter */
#endif
Kurt Zeilenga's avatar
Kurt Zeilenga committed
50

51
52
#define SERVICE_NAME  OPENLDAP_PACKAGE "-slapd"

Juan Gomez's avatar
Juan Gomez committed
53
54
55
56
57
58
59
/* LDAPMod.mod_op value ===> Must be kept in sync with ldap.h!
 *
 * This is a value used internally by the backends. It is needed to allow
 * adding values that already exist without getting an error as required by
 * modrdn when the new rdn was already an attribute value itself.
 * JCG 05/1999 (gomez@engr.sgi.com)
 */
60
#define LDAP_MOD_SOFTADD	0x1000
Juan Gomez's avatar
Juan Gomez committed
61

Kurt Zeilenga's avatar
Kurt Zeilenga committed
62
63
#define ON	1
#define OFF	(-1)
64
#define UNDEFINED 0
Kurt Zeilenga's avatar
Kurt Zeilenga committed
65

66
67
#define MAXREMATCHES 10

68
69
70
/* psuedo error code to indicating abandoned operation */
#define SLAPD_ABANDON -1

71
/* XXYYZ: these macros assume 'x' is an ASCII x */
72
73
74
#define DNSEPARATOR(c)	((c) == ',' || (c) == ';')
#define SEPARATOR(c)	((c) == ',' || (c) == ';' || (c) == '+')
#define SPACE(c)	((c) == ' ' || (c) == '\n')
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

#define ASCII_LOWER(c)	( (c) >= 'a' && (c) <= 'z' )
#define ASCII_UPPER(c)	( (c) >= 'A' && (c) <= 'Z' )
#define ASCII_ALPHA(c)	( ASCII_LOWER(c) || ASCII_UPPER(c) )
#define ASCII_DIGIT(c)	( (c) >= '0' && (c) <= '9' )
#define ASCII_ALNUM(c)	( ASCII_ALPHA(c) || ASCII_DIGIT(c) )

#define LEADKEYCHAR(c)	( ASCII_ALPHA(c) )
#define KEYCHAR(c)	( ASCII_ALNUM(c) || (c) == '-' )
#define LEADOIDCHAR(c)	( ASCII_DIGIT(c) )
#define OIDCHAR(c)	( ASCII_DIGIT(c) || (c) == '.' )

#define LEADATTRCHAR(c)	( LEADKEYCHAR(c) || LEADOIDCHAR(c) )
#define ATTRCHAR(c)	( KEYCHAR((c)) || (c) == '.' )

90
91
#define NEEDSESCAPE(c)	((c) == '\\' || (c) == '"')

92
93
#define SLAPD_ACI_DEFAULT_ATTR		"aci"

94
95
96
/* schema needed by slapd */
#define SLAPD_OID_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"

97
98
LIBSLAPD_F (int) slap_debug;

99
100
101
102
103
104
105
106
107
108
/*
 * Index types
 */
#define SLAP_INDEX_PRESENCE      0x0001U
#define SLAP_INDEX_EQUALITY      0x0002U
#define SLAP_INDEX_APPROX        0x0004U
#define SLAP_INDEX_SUB           0x0008U
#define SLAP_INDEX_UNKNOWN       0x0010U
#define SLAP_INDEX_FROMINIT      0x8000U	/* psuedo type */

109
110
111
112

/*
 * represents schema information for a database
 */
Julio Sánchez Fernández's avatar
   
Julio Sánchez Fernández committed
113
114
115
116
117
#define SLAP_SCHERR_OUTOFMEM		1
#define SLAP_SCHERR_CLASS_NOT_FOUND	2
#define SLAP_SCHERR_ATTR_NOT_FOUND	3
#define SLAP_SCHERR_DUP_CLASS		4
#define SLAP_SCHERR_DUP_ATTR		5
Julio Sánchez Fernández's avatar
   
Julio Sánchez Fernández committed
118
119
120
121
122
123
#define SLAP_SCHERR_DUP_SYNTAX		6
#define SLAP_SCHERR_DUP_RULE		7
#define SLAP_SCHERR_NO_NAME		8
#define SLAP_SCHERR_ATTR_INCOMPLETE	9
#define SLAP_SCHERR_MR_NOT_FOUND	10
#define SLAP_SCHERR_SYN_NOT_FOUND	11
124
#define SLAP_SCHERR_MR_INCOMPLETE	12
Julio Sánchez Fernández's avatar
   
Julio Sánchez Fernández committed
125

126
typedef struct slap_oid_macro {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
127
128
129
130
	char *som_name;
	char *som_oid;
	int som_oidlen;
	struct slap_oid_macro *som_next;
131
132
} OidMacro;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
133
134
135
136
137
/* forward declarations */
struct slap_syntax;
struct slap_matching_rule;


138
typedef int slap_syntax_validate_func LDAP_P((
Kurt Zeilenga's avatar
Kurt Zeilenga committed
139
	struct slap_syntax *syntax,
140
141
	struct berval * in));

Kurt Zeilenga's avatar
Kurt Zeilenga committed
142
143
typedef int slap_syntax_transform_func LDAP_P((
	struct slap_syntax *syntax,
144
145
146
147
148
	struct berval * in,
	struct berval ** out));

typedef struct slap_syntax {
	LDAP_SYNTAX			ssyn_syn;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
149
150
	int	ssyn_flags;

151
152
153
#define SLAP_SYNTAX_NONE	0
#define SLAP_SYNTAX_BINARY	1

154
	slap_syntax_validate_func	*ssyn_validate;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
155
156
157
158
159

	/* convert to and from binary */
	slap_syntax_transform_func	*ssyn_ber2str;
	slap_syntax_transform_func	*ssyn_str2ber;

160
161
162
163
164
	struct slap_syntax		*ssyn_next;
#define ssyn_oid			ssyn_syn.syn_oid
#define ssyn_desc			ssyn_syn.syn_desc
} Syntax;

165
166
167
168
/* XXX -> UCS-2 Converter */
typedef int slap_mr_convert_func LDAP_P((
	struct berval * in,
	struct berval ** out ));
Kurt Zeilenga's avatar
Kurt Zeilenga committed
169
170
171
172
173
174
175
176
177

/* Normalizer */
typedef int slap_mr_normalize_func LDAP_P((
	struct slap_syntax *syntax, /* NULL if in is asserted value */
	struct slap_matching_rule *mr,
	struct berval * in,
	struct berval ** out ));

/* Match (compare) function */
178
typedef int slap_mr_match_func LDAP_P((
Kurt Zeilenga's avatar
Kurt Zeilenga committed
179
180
181
182
	struct slap_syntax *syntax,	/* syntax of stored value */
	struct slap_matching_rule *mr,
	struct berval * value,
	struct berval * assertValue ));
183

184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
/* Index generation function */
typedef int slap_mr_indexer_func LDAP_P((
	struct slap_syntax *syntax,	/* syntax of stored value */
	struct slap_matching_rule *mr,
	struct berval **values,
	struct berval **keys ));

struct slap_filter; 	/* forward declaration */
/* Filter index function */
typedef int slap_mr_filter_func LDAP_P((
	struct slap_syntax *syntax,	/* syntax of stored value */
	struct slap_matching_rule *mr,
	struct slap_filter *filter,
	struct berval **keys ));

199
200
typedef struct slap_matching_rule {
	LDAP_MATCHING_RULE		smr_mrule;
201
	Syntax					*smr_syntax;
202
	slap_mr_convert_func	*smr_convert;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
203
	slap_mr_normalize_func	*smr_normalize;
204
	slap_mr_match_func		*smr_match;
205
206
	slap_mr_indexer_func	*smr_indexer;
	slap_mr_filter_func		*smr_filter;
207
208
209
210
	struct slap_matching_rule	*smr_next;
#define smr_oid				smr_mrule.mr_oid
#define smr_names			smr_mrule.mr_names
#define smr_desc			smr_mrule.mr_desc
Kurt Zeilenga's avatar
Kurt Zeilenga committed
211
212
#define smr_obsolete		smr_mrule.mr_obsolete
#define smr_syntax_oid		smr_mrule.mr_syntax_oid
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
} MatchingRule;

typedef struct slap_attribute_type {
	LDAP_ATTRIBUTE_TYPE		sat_atype;
	struct slap_attribute_type	*sat_sup;
	struct slap_attribute_type	**sat_subtypes;
	MatchingRule			*sat_equality;
	MatchingRule			*sat_ordering;
	MatchingRule			*sat_substr;
	Syntax				*sat_syntax;
	/* The next one is created to help in the transition */
	int				sat_syntax_compat;
	struct slap_attribute_type	*sat_next;
#define sat_oid			sat_atype.at_oid
#define sat_names		sat_atype.at_names
#define sat_desc		sat_atype.at_desc
#define sat_obsolete		sat_atype.at_obsolete
#define sat_sup_oid		sat_atype.at_sup_oid
#define sat_equality_oid	sat_atype.at_equality_oid
#define sat_ordering_oid	sat_atype.at_ordering_oid
#define sat_substr_oid		sat_atype.at_substr_oid
#define sat_syntax_oid		sat_atype.at_syntax_oid
#define sat_single_value	sat_atype.at_single_value
#define sat_collective		sat_atype.at_collective
237
#define sat_no_user_mod		sat_atype.at_no_user_mod
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
#define sat_usage		sat_atype.at_usage
} AttributeType;

typedef struct slap_object_class {
	LDAP_OBJECT_CLASS		soc_oclass;
	struct slap_object_class	**soc_sups;
	AttributeType			**soc_required;
	AttributeType			**soc_allowed;
	struct slap_object_class	*soc_next;
#define soc_oid			soc_oclass.oc_oid
#define soc_names		soc_oclass.oc_names
#define soc_desc		soc_oclass.oc_desc
#define soc_obsolete		soc_oclass.oc_obsolete
#define soc_sup_oids		soc_oclass.oc_sup_oids
#define soc_kind		soc_oclass.oc_kind
#define soc_at_oids_must	soc_oclass.oc_at_oids_must
#define soc_at_oids_may		soc_oclass.oc_at_oids_may
} ObjectClass;
256

257

258
259
struct slap_op;
struct slap_conn;
260

Kurt Zeilenga's avatar
Kurt Zeilenga committed
261
262
263
264
265
266
struct replog_moddn {
	char *newrdn;
	int	deloldrdn;
	char *newsup;
};

Kurt Zeilenga's avatar
Kurt Zeilenga committed
267
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
268
 * represents an attribute value assertion (i.e., attr;option=value)
Kurt Zeilenga's avatar
Kurt Zeilenga committed
269
 */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
270
typedef struct slap_ava {
271
	char		*ava_type;	/* attribute description */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
272
273
274
	struct berval	ava_value;
} Ava;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
275
276
277
/*
 * represents an matching rule assertion
 */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
278
typedef struct slap_mra {
279
280
	char	*mra_rule;	/* optional */
	char	*mra_type;	/* attribute description -- optional */
281
	int		mra_dnattrs;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
282
	struct berval	*mra_value;
283
284
} Mra;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
285
286
287
/*
 * represents a search filter
 */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
288
typedef struct slap_filter {
289
	ber_tag_t	f_choice;	/* values taken from ldap.h */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
290

Kurt Zeilenga's avatar
Kurt Zeilenga committed
291
	union f_un_u {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
292
293
294
295
296
297
		/* present */
		char		*f_un_type;

		/* equality, lessorequal, greaterorequal, approx */
		Ava		f_un_ava;

298
299
300
		/* extensible */
		Mra		f_un_fra;	

Kurt Zeilenga's avatar
Kurt Zeilenga committed
301
		/* and, or, not */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
302
		struct slap_filter	*f_un_complex;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
303
304
305
306

		/* substrings */
		struct sub {
			char	*f_un_sub_type;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
307
308
309
310

			struct berval	*f_un_sub_initial;
			struct berval	**f_un_sub_any;
			struct berval	*f_un_sub_final;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
311
312
		} f_un_sub;
	} f_un;
313
314

#define f_dn		f_un.f_un_type  /* used for DN indices */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
315
316
317
318
#define f_type		f_un.f_un_type
#define f_ava		f_un.f_un_ava
#define f_avtype	f_un.f_un_ava.ava_type
#define f_avvalue	f_un.f_un_ava.ava_value
319
320
321
322
#define f_mra		f_un.f_un_mra
#define f_mrtype	f_un.f_un_mra.mra_type
#define f_mrvalue	f_un.f_un_mra.mra_value
#define	f_mrdnaddrs	f_un.f_un_mra.mra_dnattrs
Kurt Zeilenga's avatar
Kurt Zeilenga committed
323
324
325
326
327
328
329
330
331
332
#define f_and		f_un.f_un_complex
#define f_or		f_un.f_un_complex
#define f_not		f_un.f_un_complex
#define f_list		f_un.f_un_complex
#define f_sub		f_un.f_un_sub
#define f_sub_type	f_un.f_un_sub.f_un_sub_type
#define f_sub_initial	f_un.f_un_sub.f_un_sub_initial
#define f_sub_any	f_un.f_un_sub.f_un_sub_any
#define f_sub_final	f_un.f_un_sub.f_un_sub_final

Kurt Zeilenga's avatar
Kurt Zeilenga committed
333
	struct slap_filter	*f_next;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
334
335
336
337
338
} Filter;

/*
 * represents an attribute (type + values + syntax)
 */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
339
typedef struct slap_attr {
340
	char		*a_type;	/* description */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
341
	struct berval	**a_vals;
342
343
344
#ifdef SLAPD_SCHEMA_NOT_COMPAT
	AttributeType	*a_at;	/* attribute type */
#else
Kurt Zeilenga's avatar
Kurt Zeilenga committed
345
	int		a_syntax;
346
#endif
Kurt Zeilenga's avatar
Kurt Zeilenga committed
347
	struct slap_attr	*a_next;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
348
349
} Attribute;

350
#ifdef SLAPD_SCHEMA_COMPAT
Kurt Zeilenga's avatar
Kurt Zeilenga committed
351
352
353
354
355
356
357
358
359
/*
 * the attr_syntax() routine returns one of these values
 * telling what kind of syntax an attribute supports.
 */
#define SYNTAX_CIS	0x01	/* case insensitive string		*/
#define SYNTAX_CES	0x02	/* case sensitive string		*/
#define SYNTAX_BIN	0x04	/* binary data 				*/
#define SYNTAX_TEL	0x08	/* telephone number string		*/
#define SYNTAX_DN	0x10	/* dn string				*/
360
#endif
Kurt Zeilenga's avatar
Kurt Zeilenga committed
361
362
363
364
365

/*
 * the id used in the indexes to refer to an entry
 */
typedef unsigned long	ID;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
366
#define NOID	((ID)~0)
Kurt Zeilenga's avatar
Kurt Zeilenga committed
367
368
369
370

/*
 * represents an entry in core
 */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
371
typedef struct slap_entry {
372
373
374
375
376
	/*
	 * The ID field should only be changed before entry is
	 * inserted into a cache.  The ID value is backend
	 * specific.
	 */
377
	ID		e_id;
378

379
380
381
	char		*e_dn;		/* DN of this entry */
	char		*e_ndn;		/* normalized DN of this entry */
	Attribute	*e_attrs;	/* list of attributes + values */
382

383
384
	/* for use by the backend for any purpose */
	void*	e_private;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
385
386
387
388
389
390
} Entry;

/*
 * represents an access control list
 */

391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
typedef enum slap_access_e {
	ACL_INVALID_ACCESS = -1,
	ACL_NONE = 0,
	ACL_AUTH,
	ACL_COMPARE,
	ACL_SEARCH,
	ACL_READ,
	ACL_WRITE
} slap_access_t;

typedef enum slap_control_e {
	ACL_INVALID_CONTROL	= 0,
	ACL_STOP,
	ACL_CONTINUE,
	ACL_BREAK
} slap_control_t;

typedef unsigned long slap_access_mask_t;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
410
/* the "by" part */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
411
typedef struct slap_access {
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
	slap_control_t a_type;

#define ACL_ACCESS2PRIV(access)	(0x01U << (access))

#define ACL_PRIV_NONE			ACL_ACCESS2PRIV( ACL_NONE )
#define ACL_PRIV_AUTH			ACL_ACCESS2PRIV( ACL_AUTH )
#define ACL_PRIV_COMPARE		ACL_ACCESS2PRIV( ACL_COMPARE )
#define ACL_PRIV_SEARCH			ACL_ACCESS2PRIV( ACL_SEARCH )
#define ACL_PRIV_READ			ACL_ACCESS2PRIV( ACL_READ )
#define ACL_PRIV_WRITE			ACL_ACCESS2PRIV( ACL_WRITE )

#define ACL_PRIV_MASK			0x00ffUL

/* priv flags */
#define ACL_PRIV_LEVEL			0x1000UL
#define ACL_PRIV_ADDITIVE		0x2000UL
#define ACL_PRIV_SUBSTRACTIVE	0x4000UL

/* invalid privs */
#define ACL_PRIV_INVALID		0x0UL

#define ACL_PRIV_ISSET(m,p)		(((m) & (p)) == (p))
#define ACL_PRIV_ASSIGN(m,p)	do { (m)  =  (p); } while(0)
#define ACL_PRIV_SET(m,p)		do { (m) |=  (p); } while(0)
#define ACL_PRIV_CLR(m,p)		do { (m) &= ~(p); } while(0)

#define ACL_INIT(m)				ACL_PRIV_ASSIGN(m, ACL_PRIV_NONE)
#define ACL_INVALIDATE(m)		ACL_PRIV_ASSIGN(m, ACL_PRIV_INVALID)

#define ACL_GRANT(m,a)			ACL_PRIV_ISSET((m),ACL_ACCESS2PRIV(a))

#define ACL_IS_INVALID(m)		((m) == ACL_PRIV_INVALID)

#define ACL_IS_LEVEL(m)			ACL_PRIV_ISSET((m),ACL_PRIV_LEVEL)
#define ACL_IS_ADDITIVE(m)		ACL_PRIV_ISSET((m),ACL_PRIV_ADDITIVE)
#define ACL_IS_SUBTRACTIVE(m)	ACL_PRIV_ISSET((m),ACL_PRIV_SUBSTRACTIVE)

#define ACL_LVL_NONE			(ACL_PRIV_NONE|ACL_PRIV_LEVEL)
#define ACL_LVL_AUTH			(ACL_PRIV_AUTH|ACL_LVL_NONE)
#define ACL_LVL_COMPARE			(ACL_PRIV_COMPARE|ACL_LVL_AUTH)
#define ACL_LVL_SEARCH			(ACL_PRIV_SEARCH|ACL_LVL_COMPARE)
#define ACL_LVL_READ			(ACL_PRIV_READ|ACL_LVL_SEARCH)
#define ACL_LVL_WRITE			(ACL_PRIV_WRITE|ACL_LVL_READ)

#define ACL_LVL(m,l)			(((m)&ACL_PRIV_MASK) == ((l)&ACL_PRIV_MASK))
#define ACL_LVL_IS_NONE(m)		ACL_LVL((m),ACL_LVL_NONE)
#define ACL_LVL_IS_AUTH(m)		ACL_LVL((m),ACL_LVL_AUTH)
#define ACL_LVL_IS_COMPARE(m)	ACL_LVL((m),ACL_LVL_COMPARE)
#define ACL_LVL_IS_SEARCH(m)	ACL_LVL((m),ACL_LVL_SEARCH)
#define ACL_LVL_IS_READ(m)		ACL_LVL((m),ACL_LVL_READ)
#define ACL_LVL_IS_WRITE(m)		ACL_LVL((m),ACL_LVL_WRITE)

#define ACL_LVL_ASSIGN_NONE(m)		ACL_PRIV_ASSIGN((m),ACL_LVL_NONE)
#define ACL_LVL_ASSIGN_AUTH(m)		ACL_PRIV_ASSIGN((m),ACL_LVL_AUTH)
#define ACL_LVL_ASSIGN_COMPARE(m)	ACL_PRIV_ASSIGN((m),ACL_LVL_COMPARE)
#define ACL_LVL_ASSIGN_SEARCH(m)	ACL_PRIV_ASSIGN((m),ACL_LVL_SEARCH)
#define ACL_LVL_ASSIGN_READ(m)		ACL_PRIV_ASSIGN((m),ACL_LVL_READ)
#define ACL_LVL_ASSIGN_WRITE(m)		ACL_PRIV_ASSIGN((m),ACL_LVL_WRITE)
470

471
	slap_access_mask_t	a_mask;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
472

Kurt Zeilenga's avatar
Kurt Zeilenga committed
473
	char		*a_dn_pat;
474
#ifdef SLAPD_SCHEMA_COMPAT
Kurt Zeilenga's avatar
Kurt Zeilenga committed
475
	char		*a_dn_at;
476
477
478
#else
	AttributeType	*a_dn_at;
#endif
479
	int			a_dn_self;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
480
481
482
483
484

	char		*a_peername_pat;
	char		*a_sockname_pat;

	char		*a_domain_pat;
485
	char		*a_sockurl_pat;
486

487
#ifdef SLAPD_ACI_ENABLED
488
#ifdef SLAPD_SCHEMA_COMPAT
489
	char		*a_aci_at;
490
491
492
#else
	AttributeType	*a_aci_at;
#endif
493
494
#endif

495
	/* ACL Groups */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
496
	char		*a_group_pat;
497
	char		*a_group_oc;
498
#ifdef SLAPD_SCHEMA_COMPAT
499
	char		*a_group_at;
500
501
502
#else
	AttributeType	*a_group_at;
#endif
503

Kurt Zeilenga's avatar
Kurt Zeilenga committed
504
505
	struct slap_access	*a_next;
} Access;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
506
507

/* the "to" part */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
508
typedef struct slap_acl {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
509
510
	/* "to" part: the entries this acl applies to */
	Filter		*acl_filter;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
511
512
	regex_t		acl_dn_re;
	char		*acl_dn_pat;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
513
514
515
	char		**acl_attrs;

	/* "by" part: list of who has what access to the entries */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
516
	Access	*acl_access;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
517

Kurt Zeilenga's avatar
Kurt Zeilenga committed
518
519
	struct slap_acl	*acl_next;
} AccessControl;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
520

Kurt Zeilenga's avatar
Kurt Zeilenga committed
521
522
523
524
525
526
527
528
529
530
531
532
/*
 * A list of LDAPMods
 */
typedef struct ldapmodlist {
	struct ldapmod ml_mod;
	struct ldapmodlist *ml_next;
#define ml_op		ml_mod.mod_op
#define ml_type		ml_mod.mod_type
#define ml_values	ml_mod.mod_values
#define ml_bvalues	ml_mod.mod_bvalues
} LDAPModList;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
533
/*
534
535
 * Backend-info
 * represents a backend 
Kurt Zeilenga's avatar
Kurt Zeilenga committed
536
537
 */

Kurt Zeilenga's avatar
Kurt Zeilenga committed
538
539
typedef struct slap_backend_info BackendInfo;	/* per backend type */
typedef struct slap_backend_db BackendDB;		/* per backend database */
540

Howard Chu's avatar
Howard Chu committed
541
542
543
544
LIBSLAPD_F (int) nBackendInfo;
LIBSLAPD_F (int) nBackendDB;
LIBSLAPD_F (BackendInfo	*) backendInfo;
LIBSLAPD_F (BackendDB *) backendDB;
545

Howard Chu's avatar
Howard Chu committed
546
LIBSLAPD_F (int) slapMode;	
547
548
549
550
551
552
#define SLAP_UNDEFINED_MODE	0x0000
#define SLAP_SERVER_MODE	0x0001
#define SLAP_TOOL_MODE		0x0002
#define SLAP_MODE			0x0003

#define SLAP_TRUNCATE_MODE	0x0100
553
#ifdef SLAPD_BDB2
554
#define SLAP_TIMED_MODE		0x1000
555
#endif
556
#define SLAP_TOOLID_MODE    4
557
558
559
560
561
562

/* temporary aliases */
typedef BackendDB Backend;
#define nbackends nBackendDB
#define backends backendDB

Kurt Zeilenga's avatar
Kurt Zeilenga committed
563
struct slap_backend_db {
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
	BackendInfo	*bd_info;	/* pointer to shared backend info */

	/* BackendInfo accessors */
#define		be_config	bd_info->bi_db_config
#define		be_type		bd_info->bi_type

#define		be_bind		bd_info->bi_op_bind
#define		be_unbind	bd_info->bi_op_unbind
#define		be_add		bd_info->bi_op_add
#define		be_compare	bd_info->bi_op_compare
#define		be_delete	bd_info->bi_op_delete
#define		be_modify	bd_info->bi_op_modify
#define		be_modrdn	bd_info->bi_op_modrdn
#define		be_search	bd_info->bi_op_search

579
580
#define		be_extended	bd_info->bi_extended

581
#define		be_release	bd_info->bi_entry_release_rw
582
583
#define		be_group	bd_info->bi_acl_group

584
585
#define		be_controls	bd_info->bi_controls

586
587
588
#define		be_connection_init	bd_info->bi_connection_init
#define		be_connection_destroy	bd_info->bi_connection_destroy

589
590
591
592
593
594
595
596
597
598
#ifdef SLAPD_TOOLS
#define		be_entry_open bd_info->bi_tool_entry_open
#define		be_entry_close bd_info->bi_tool_entry_close
#define		be_entry_first bd_info->bi_tool_entry_first
#define		be_entry_next bd_info->bi_tool_entry_next
#define		be_entry_get bd_info->bi_tool_entry_get
#define		be_entry_put bd_info->bi_tool_entry_put
#define		be_index_attr bd_info->bi_tool_index_attr
#define		be_index_change bd_info->bi_tool_index_change
#define		be_sync bd_info->bi_tool_sync
599
600
601
602
603
604
#endif

#ifdef HAVE_CYRUS_SASL
#define		be_sasl_authorize bd_info->bi_sasl_authorize
#define		be_sasl_getsecret bd_info->bi_sasl_getsecret
#define		be_sasl_putsecret bd_info->bi_sasl_putsecret
605
#endif
606

607
	/* these should be renamed from be_ to bd_ */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
608
	char	**be_suffix;	/* the DN suffixes of data in this backend */
609
	char	**be_nsuffix;	/* the normalized DN suffixes in this backend */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
610
	char	**be_suffixAlias; /* pairs of DN suffix aliases and deref values */
611
612
	char	*be_root_dn;	/* the magic "root" dn for this db 	*/
	char	*be_root_ndn;	/* the magic "root" normalized dn for this db	*/
613
	struct berval be_root_pw;	/* the magic "root" password for this db	*/
Kurt Zeilenga's avatar
Kurt Zeilenga committed
614
	int	be_readonly;	/* 1 => db is in "read only" mode	   */
615
	unsigned int be_max_deref_depth;       /* limit for depth of an alias deref  */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
616
617
	int	be_sizelimit;	/* size limit for this backend   	   */
	int	be_timelimit;	/* time limit for this backend       	   */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
618
	AccessControl *be_acl;	/* access control list for this backend	   */
619
	slap_access_t	be_dfltaccess;	/* access given if no acl matches	   */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
620
621
	char	**be_replica;	/* replicas of this backend (in master)	   */
	char	*be_replogfile;	/* replication log file (in master)	   */
622
	char	*be_update_ndn;	/* allowed to make changes (in replicas) */
623
	struct berval **be_update_refs;	/* where to refer modifying clients to */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
624
625
	int	be_lastmod;	/* keep track of lastmodified{by,time}	   */

626
627
	char	*be_realm;

628
	void	*be_private;	/* anything the backend database needs 	   */
629
630
};

631
632
633
634
typedef int (*SLAP_EXTENDED_FN) LDAP_P((
    Backend		*be,
    struct slap_conn		*conn,
    struct slap_op		*op,
635
	char		*reqoid,
636
    struct berval * reqdata,
637
	char		**rspoid,
638
    struct berval ** rspdata,
639
640
641
	LDAPControl *** rspctrls,
	char **	text,
	struct berval *** refs ));
642

Kurt Zeilenga's avatar
Kurt Zeilenga committed
643
struct slap_backend_info {
644
	char	*bi_type;	/* type of backend */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
645

646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
	/*
	 * per backend type routines:
	 * bi_init: called to allocate a backend_info structure,
	 *		called once BEFORE configuration file is read.
	 *		bi_init() initializes this structure hence is
	 *		called directly from be_initialize()
	 * bi_config: called per 'backend' specific option
	 *		all such options must before any 'database' options
	 *		bi_config() is called only from read_config()
	 * bi_open: called to open each database, called
	 *		once AFTER configuration file is read but
	 *		BEFORE any bi_db_open() calls.
	 *		bi_open() is called from backend_startup()
	 * bi_close: called to close each database, called
	 *		once during shutdown after all bi_db_close calls.
	 *		bi_close() is called from backend_shutdown()
	 * bi_destroy: called to destroy each database, called
	 *		once during shutdown after all bi_db_destroy calls.
	 *		bi_destory() is called from backend_destroy()
	 */
	int (*bi_init)	LDAP_P((BackendInfo *bi));
	int	(*bi_config) LDAP_P((BackendInfo *bi,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
668
		const char *fname, int lineno, int argc, char **argv ));
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
	int (*bi_open) LDAP_P((BackendInfo *bi));
	int (*bi_close) LDAP_P((BackendInfo *bi));
	int (*bi_destroy) LDAP_P((BackendInfo *bi));

	/*
	 * per database routines:
	 * bi_db_init: called to initialize each database,
	 *	called upon reading 'database <type>' 
	 *	called only from backend_db_init()
	 * bi_db_config: called to configure each database,
	 *  called per database to handle per database options
	 *	called only from read_config()
	 * bi_db_open: called to open each database
	 *	called once per database immediately AFTER bi_open()
	 *	calls but before daemon startup.
	 *  called only by backend_startup()
	 * bi_db_close: called to close each database
	 *	called once per database during shutdown but BEFORE
	 *  any bi_close call.
	 *  called only by backend_shutdown()
	 * bi_db_destroy: called to destroy each database
	 *  called once per database during shutdown AFTER all
	 *  bi_close calls but before bi_destory calls.
	 *  called only by backend_destory()
	 */
	int (*bi_db_init) LDAP_P((Backend *bd));
	int	(*bi_db_config) LDAP_P((Backend *bd,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
696
		const char *fname, int lineno, int argc, char **argv ));
697
698
699
700
701
702
	int (*bi_db_open) LDAP_P((Backend *bd));
	int (*bi_db_close) LDAP_P((Backend *bd));
	int (*bi_db_destroy) LDAP_P((Backend *db));

	/* LDAP Operations Handling Routines */
	int	(*bi_op_bind)  LDAP_P(( BackendDB *bd,
703
		struct slap_conn *c, struct slap_op *o,
704
		char *dn, char *ndn, int method, char* mechanism,
705
		struct berval *cred, char** edn ));
706
	int (*bi_op_unbind) LDAP_P((BackendDB *bd,
707
		struct slap_conn *c, struct slap_op *o ));
708
	int	(*bi_op_search) LDAP_P((BackendDB *bd,
709
		struct slap_conn *c, struct slap_op *o,
710
		char *base, char *nbase, int scope, int deref,
711
712
713
		int slimit, int tlimit,
		Filter *f, char *filterstr, char **attrs,
		int attrsonly));
714
	int	(*bi_op_compare)LDAP_P((BackendDB *bd,
715
		struct slap_conn *c, struct slap_op *o,
716
		char *dn, char *ndn, Ava *ava));
717
	int	(*bi_op_modify) LDAP_P((BackendDB *bd,
718
		struct slap_conn *c, struct slap_op *o,
719
		char *dn, char *ndn, LDAPModList *m));
720
	int	(*bi_op_modrdn) LDAP_P((BackendDB *bd,
721
		struct slap_conn *c, struct slap_op *o,
722
		char *dn, char *ndn, char *newrdn, int deleteoldrdn,
723
		char *newSuperior));
724
	int	(*bi_op_add)    LDAP_P((BackendDB *bd,
725
726
		struct slap_conn *c, struct slap_op *o,
		Entry *e));
727
	int	(*bi_op_delete) LDAP_P((BackendDB *bd,
728
		struct slap_conn *c, struct slap_op *o,
729
		char *dn, char *ndn));
730
	int	(*bi_op_abandon) LDAP_P((BackendDB *bd,
731
		struct slap_conn *c, struct slap_op *o,
732
		ber_int_t msgid));
733

734
735
736
	/* Extended Operations Helper */
	SLAP_EXTENDED_FN bi_extended;

737
	/* Auxilary Functions */
738
	int	(*bi_entry_release_rw) LDAP_P((BackendDB *bd, Entry *e, int rw));
739

740
#ifdef SLAPD_SCHEMA_NOT_COMPAT
741
	int	(*bi_acl_group)  LDAP_P((Backend *bd,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
742
		Entry *e, const char *bdn, const char *edn,
743
744
		const char *objectclassValue,
		AttributeType *group_at ));
745
746
747
748
749
750
#else
	int	(*bi_acl_group)  LDAP_P((Backend *bd,
		Entry *e, const char *bdn, const char *edn,
		const char *objectclassValue,
		const char *group_at ));
#endif
751

752
753
754
755
756
	int	(*bi_connection_init) LDAP_P((BackendDB *bd,
		struct slap_conn *c));
	int	(*bi_connection_destroy) LDAP_P((BackendDB *bd,
		struct slap_conn *c));

757
758
759
760
761
762
763
764
765
766
767
768
	/* hooks for slap tools */
	int (*bi_tool_entry_open) LDAP_P(( BackendDB *be, int mode ));
	int (*bi_tool_entry_close) LDAP_P(( BackendDB *be ));
	ID (*bi_tool_entry_first) LDAP_P(( BackendDB *be ));
	ID (*bi_tool_entry_next) LDAP_P(( BackendDB *be ));
	Entry* (*bi_tool_entry_get) LDAP_P(( BackendDB *be, ID id ));
	ID (*bi_tool_entry_put) LDAP_P(( BackendDB *be, Entry *e ));
	int (*bi_tool_index_attr) LDAP_P(( BackendDB *be, char* type ));
	int (*bi_tool_index_change) LDAP_P(( BackendDB *be, char* type,
		struct berval **bv, ID id, int op ));
	int (*bi_tool_sync) LDAP_P(( BackendDB *be ));

769
770
771
772
773
774
775
776
777
778
779
780
#ifdef HAVE_CYRUS_SASL
	int (*bi_sasl_authorize) LDAP_P(( BackendDB *be,
		const char *authnid, const char *authzid,
		const char **canon_authzid, const char **errstr ));
	int (*bi_sasl_getsecret) LDAP_P(( BackendDB *be,
		const char *mechanism, const char *authzid,
		const char *realm, sasl_secret_t **secret ));
	int (*bi_sasl_putsecret) LDAP_P(( BackendDB *be,
		const char *mechanism, const char *auth_identity,
		const char *realm, const sasl_secret_t *secret ));
#endif /* HAVE_CYRUS_SASL */

781
782
#define SLAP_INDEX_ADD_OP		0x0001
#define SLAP_INDEX_DELETE_OP	0x0002
783

784
785
	char **bi_controls;		/* supported controls */

786
	unsigned int bi_nDB;	/* number of databases of this type */
787
	void	*bi_private;	/* anything the backend type needs */
788
};
Kurt Zeilenga's avatar
Kurt Zeilenga committed
789
790
791
792
793

/*
 * represents an operation pending from an ldap client
 */

794
typedef struct slap_op {
795
796
	ber_int_t	o_opid;		/* id of this operation		  */
	ber_int_t	o_msgid;	/* msgid of the request		  */
797
798
799

	ldap_pvt_thread_t	o_tid;		/* thread handling this op	  */

Kurt Zeilenga's avatar
Kurt Zeilenga committed
800
	BerElement	*o_ber;		/* ber of the request		  */
801

802
	ber_tag_t	o_tag;		/* tag of the request		  */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
803
	time_t		o_time;		/* time op was initiated	  */
804

Kurt Zeilenga's avatar
Kurt Zeilenga committed
805
	int		o_bind_in_progress;	/* multi-step bind in progress */
806
807
808
809
810
811
812
#ifdef SLAP_AUTHZID
	/* should only be used for reporting purposes */
	char	*o_authc_dn;	/* authentication DN */

	/* should be used as the DN of the User */
	char	*o_authz_dn;	/* authorization DN */
	char	*o_authz_ndn;	/* authorizaiton NDN */
813

814
#else
Kurt Zeilenga's avatar
Kurt Zeilenga committed
815
	char		*o_dn;		/* dn bound when op was initiated */
816
	char		*o_ndn;		/* normalized dn bound when op was initiated */
817
818
#endif

819
	ber_int_t	o_protocol;	/* version of the LDAP protocol used by client */
820
	ber_tag_t	o_authtype;	/* auth method used to bind dn	  */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
821
822
					/* values taken from ldap.h	  */
					/* LDAP_AUTH_*			  */
823
824
825
	char		*o_authmech; /* SASL mechanism used to bind dn */

	LDAPControl	**o_ctrls;	 /* controls */
826

827
	unsigned long	o_connid; /* id of conn initiating this op  */
828

Kurt Zeilenga's avatar
Kurt Zeilenga committed
829
#ifdef LDAP_CONNECTIONLESS
Kurt Zeilenga's avatar
Kurt Zeilenga committed
830
831
832
833
834
	int		o_cldap;	/* != 0 if this came in via CLDAP */
	struct sockaddr	o_clientaddr;	/* client address if via CLDAP	  */
	char		o_searchbase;	/* search base if via CLDAP	  */
#endif

835
836
837
838
	ldap_pvt_thread_mutex_t	o_abandonmutex; /* protects o_abandon  */
	int		o_abandon;	/* abandon flag */

	struct slap_op	*o_next;	/* next operation in list	  */
839
	void	*o_private;	/* anything the backend needs	  */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
840
841
842
843
844
845
} Operation;

/*
 * represents a connection from an ldap client
 */

846
typedef struct slap_conn {
847
848
849
850
	int			c_struct_state; /* structure management state */
	int			c_conn_state;	/* connection state */

	ldap_pvt_thread_mutex_t	c_mutex; /* protect the connection */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
851
	Sockbuf		*c_sb;			/* ber connection stuff		  */
852
853
854

	/* only can be changed by connect_init */
	time_t		c_starttime;	/* when the connection was opened */
855
	time_t		c_activitytime;	/* when the connection was last used */
856
	unsigned long		c_connid;	/* id of this connection for stats*/
Kurt Zeilenga's avatar
Kurt Zeilenga committed
857
858
859
860
861

	char		*c_listener_url;	/* listener URL */
	char		*c_peer_domain;	/* DNS name of client */
	char		*c_peer_name;	/* peer name (trans=addr:port) */
	char		*c_sock_name;	/* sock name (trans=addr:port) */
862

863
864
	/* only can be changed by binding thread */
	int		c_bind_in_progress;	/* multi-op bind in progress */
865
866
867
#ifdef HAVE_CYRUS_SASL
	sasl_conn_t	*c_sasl_context;
#endif
868
	void	*c_authstate;	/* SASL state data */
869

870
871
872
873
	Backend *c_authc_backend;

	/* authorization backend */
	Backend *c_authz_backend;
874

875
876
877
878
879
880
881
882
883
884
#ifdef SLAP_AUTHZID
	/* authentication backend */
	/* should only be used for reporting purposes */
	char	*c_authc_dn;	/* authentication DN */

	/* should be used as the DN of the User */
	char	*c_authz_dn;	/* authorization DN */
	char	*c_authz_ndn;	/* authorization NDN */

#else
885
886
	char	*c_cdn;		/* DN provided by the client */
	char	*c_dn;		/* DN bound to this conn  */
887
888
#endif

889
	ber_int_t	c_protocol;	/* version of the LDAP protocol used by client */
890
	ber_tag_t	c_authtype;/* auth method used to bind c_dn  */
891
	char	*c_authmech;	/* SASL mechanism used to bind c_dn */
892

893
894
895
	Operation	*c_ops;			/* list of operations being processed */
	Operation	*c_pending_ops;	/* list of pending operations */

896
897
	ldap_pvt_thread_mutex_t	c_write_mutex;	/* only one pdu written at a time */
	ldap_pvt_thread_cond_t	c_write_cv;		/* used to wait for sd write-ready*/
898

899
900
901
	BerElement	*c_currentber;	/* ber we're attempting to read */
	int		c_writewaiter;	/* true if writer is waiting */

Kurt Zeilenga's avatar
Kurt Zeilenga committed
902
#ifdef HAVE_TLS
903
904
	int	c_is_tls;		/* true if this LDAP over raw TLS */
	int	c_needs_tls_accept;	/* true if SSL_accept should be called */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
905
#endif
906

907
908
909
910
	long	c_n_ops_received;		/* num of ops received (next op_id) */
	long	c_n_ops_executing;	/* num of ops currently executing */
	long	c_n_ops_pending;		/* num of ops pending execution */
	long	c_n_ops_completed;	/* num of ops completed */
911
912
913
914

	long	c_n_get;		/* num of get calls */
	long	c_n_read;		/* num of read calls */
	long	c_n_write;		/* num of write calls */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
915
916
917
918
} Connection;

#if defined(LDAP_SYSLOG) && defined(LDAP_DEBUG)
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )	\
919
	do { \
920
921
922
923
924
		if ( ldap_debug & (level) ) \
			fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
		if ( ldap_syslog & (level) ) \
			syslog( ldap_syslog_level, (fmt), (connid), (opid), (arg1), \
			        (arg2), (arg3) ); \
925
	} while (0)
Kurt Zeilenga's avatar
Kurt Zeilenga committed
926
927
928
929
#else
#define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )
#endif

Kurt Zeilenga's avatar
Kurt Zeilenga committed
930
LDAP_END_DECL
Kurt Zeilenga's avatar
Kurt Zeilenga committed
931

932
933
#include "proto-slap.h"

Kurt Zeilenga's avatar
Kurt Zeilenga committed
934
#endif /* _slap_h_ */