config_restrict(ConfigArgs *c) {
slap_mask_t restrictops = 0;
int i;
- slap_verbmasks restrictable_ops[] = {
- { BER_BVC("bind"), SLAP_RESTRICT_OP_BIND },
- { BER_BVC("add"), SLAP_RESTRICT_OP_ADD },
- { BER_BVC("modify"), SLAP_RESTRICT_OP_MODIFY },
- { BER_BVC("rename"), SLAP_RESTRICT_OP_RENAME },
- { BER_BVC("modrdn"), 0 },
- { BER_BVC("delete"), SLAP_RESTRICT_OP_DELETE },
- { BER_BVC("search"), SLAP_RESTRICT_OP_SEARCH },
- { BER_BVC("compare"), SLAP_RESTRICT_OP_COMPARE },
- { BER_BVC("read"), SLAP_RESTRICT_OP_READS },
- { BER_BVC("write"), SLAP_RESTRICT_OP_WRITES },
- { BER_BVC("extended"), SLAP_RESTRICT_OP_EXTENDED },
- { BER_BVC("extended=" LDAP_EXOP_START_TLS ), SLAP_RESTRICT_EXOP_START_TLS },
- { BER_BVC("extended=" LDAP_EXOP_MODIFY_PASSWD ), SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
- { BER_BVC("extended=" LDAP_EXOP_X_WHO_AM_I ), SLAP_RESTRICT_EXOP_WHOAMI },
- { BER_BVC("extended=" LDAP_EXOP_X_CANCEL ), SLAP_RESTRICT_EXOP_CANCEL },
- { BER_BVC("all"), SLAP_RESTRICT_OP_ALL },
- { BER_BVNULL, 0 }
- };
if (c->op == SLAP_CONFIG_EMIT) {
- return mask_to_verbs( restrictable_ops, c->be->be_restrictops,
+ return mask_to_verbs( slap_restrictable_ops, c->be->be_restrictops,
&c->rvalue_vals );
} else if ( c->op == LDAP_MOD_DELETE ) {
if ( !c->line ) {
c->be->be_restrictops = 0;
} else {
- i = verb_to_mask( c->line, restrictable_ops );
- c->be->be_restrictops &= ~restrictable_ops[i].mask;
+ i = verb_to_mask( c->line, slap_restrictable_ops );
+ c->be->be_restrictops &= ~slap_restrictable_ops[i].mask;
}
return 0;
}
- i = verbs_to_mask( c->argc, c->argv, restrictable_ops, &restrictops );
+ i = verbs_to_mask( c->argc, c->argv, slap_restrictable_ops, &restrictops );
if ( i ) {
snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> unknown operation", c->argv[0] );
Debug(LDAP_DEBUG_ANY, "%s: %s %s\n",
{ BER_BVNULL, 0 }
};
+static slap_verbmasks slap_ops_[] = {
+ { BER_BVC("bind"), SLAP_OP_BIND },
+ { BER_BVC("unbind"), SLAP_OP_UNBIND },
+ { BER_BVC("search"), SLAP_OP_SEARCH },
+ { BER_BVC("compare"), SLAP_OP_COMPARE },
+ { BER_BVC("modify"), SLAP_OP_MODIFY },
+ { BER_BVC("rename"), SLAP_OP_RENAME },
+ { BER_BVC("modrdn"), SLAP_OP_MODRDN },
+ { BER_BVC("add"), SLAP_OP_ADD },
+ { BER_BVC("delete"), SLAP_OP_DELETE },
+ { BER_BVC("abandon"), SLAP_OP_ABANDON },
+ { BER_BVC("extended"), SLAP_OP_EXTENDED },
+ { BER_BVNULL, SLAP_OP_LAST }
+};
+slap_verbmasks *slap_ops = slap_ops_;
+
+static slap_verbmasks slap_restrictable_ops_[] = {
+ { BER_BVC("all"), SLAP_RESTRICT_OP_ALL },
+ { BER_BVC("read"), SLAP_RESTRICT_OP_READS },
+ { BER_BVC("write"), SLAP_RESTRICT_OP_WRITES },
+ { BER_BVC("bind"), SLAP_RESTRICT_OP_BIND },
+ { BER_BVC("add"), SLAP_RESTRICT_OP_ADD },
+ { BER_BVC("modify"), SLAP_RESTRICT_OP_MODIFY },
+ { BER_BVC("rename"), SLAP_RESTRICT_OP_RENAME },
+ { BER_BVC("modrdn"), SLAP_RESTRICT_OP_MODRDN },
+ { BER_BVC("delete"), SLAP_RESTRICT_OP_DELETE },
+ { BER_BVC("search"), SLAP_RESTRICT_OP_SEARCH },
+ { BER_BVC("compare"), SLAP_RESTRICT_OP_COMPARE },
+ { BER_BVC("extended"), SLAP_RESTRICT_OP_EXTENDED },
+ { BER_BVC("extended=" LDAP_EXOP_START_TLS ), SLAP_RESTRICT_EXOP_START_TLS },
+ { BER_BVC("extended=" LDAP_EXOP_MODIFY_PASSWD ), SLAP_RESTRICT_EXOP_MODIFY_PASSWD },
+ { BER_BVC("extended=" LDAP_EXOP_X_WHO_AM_I ), SLAP_RESTRICT_EXOP_WHOAMI },
+ { BER_BVC("extended=" LDAP_EXOP_X_CANCEL ), SLAP_RESTRICT_EXOP_CANCEL },
+ { BER_BVNULL, 0 }
+};
+slap_verbmasks *slap_restrictable_ops = slap_restrictable_ops_;
+
int
slap_keepalive_parse(
struct berval *val,
LDAP_SLAPD_F (int) slap_keepalive_parse( struct berval *val, void *bc,
slap_cf_aux_table *tab0, const char *tabmsg, int unparse );
+LDAP_SLAPD_V (slap_verbmasks *) slap_ops;
+LDAP_SLAPD_V (slap_verbmasks *) slap_restrictable_ops;
+
#ifdef LDAP_SLAPI
LDAP_SLAPD_V (int) slapi_plugins_used;
#endif
ACL_STYLE_NONE
} slap_style_t;
+/*
+ * Operation indices
+ */
+typedef enum {
+ SLAP_OP_BIND = 0,
+ SLAP_OP_UNBIND,
+ SLAP_OP_SEARCH,
+ SLAP_OP_COMPARE,
+ SLAP_OP_MODIFY,
+ SLAP_OP_MODRDN,
+ SLAP_OP_RENAME = SLAP_OP_MODRDN,
+ SLAP_OP_ADD,
+ SLAP_OP_DELETE,
+ SLAP_OP_ABANDON,
+ SLAP_OP_EXTENDED,
+ SLAP_OP_LAST
+} slap_op_t;
+
+typedef enum {
+ SLAP_RESTRICT_OP_BIND = 1 << SLAP_OP_BIND,
+ SLAP_RESTRICT_OP_UNBIND = 1 << SLAP_OP_UNBIND,
+ SLAP_RESTRICT_OP_SEARCH = 1 << SLAP_OP_SEARCH,
+ SLAP_RESTRICT_OP_COMPARE = 1 << SLAP_OP_COMPARE,
+ SLAP_RESTRICT_OP_MODIFY = 1 << SLAP_OP_MODIFY,
+ SLAP_RESTRICT_OP_MODRDN = 1 << SLAP_OP_MODRDN,
+ SLAP_RESTRICT_OP_RENAME = SLAP_RESTRICT_OP_MODRDN,
+ SLAP_RESTRICT_OP_ADD = 1 << SLAP_OP_ADD,
+ SLAP_RESTRICT_OP_DELETE = 1 << SLAP_OP_DELETE,
+ SLAP_RESTRICT_OP_ABANDON = 1 << SLAP_OP_ABANDON,
+ SLAP_RESTRICT_OP_EXTENDED = 1 << SLAP_OP_EXTENDED,
+ SLAP_RESTRICT_OP_MASK = (1 << SLAP_OP_LAST) - 1,
+ /* Make sure 1 << SLAP_OP_LAST stays unused! */
+
+ SLAP_RESTRICT_OP_READS = (
+ SLAP_RESTRICT_OP_COMPARE |
+ SLAP_RESTRICT_OP_SEARCH ),
+ SLAP_RESTRICT_OP_WRITES = (
+ SLAP_RESTRICT_OP_ADD |
+ SLAP_RESTRICT_OP_DELETE |
+ SLAP_RESTRICT_OP_MODIFY |
+ SLAP_RESTRICT_OP_RENAME ),
+ SLAP_RESTRICT_OP_ALL = (
+ SLAP_RESTRICT_OP_READS |
+ SLAP_RESTRICT_OP_WRITES |
+ SLAP_RESTRICT_OP_BIND |
+ SLAP_RESTRICT_OP_EXTENDED ),
+
+ SLAP_RESTRICT_EXOP_START_TLS = 0x0100U,
+ SLAP_RESTRICT_EXOP_MODIFY_PASSWD = 0x0200U,
+ SLAP_RESTRICT_EXOP_WHOAMI = 0x0400U,
+ SLAP_RESTRICT_EXOP_CANCEL = 0x0800U,
+ SLAP_RESTRICT_EXOP_MASK = 0xFF00U,
+
+ SLAP_RESTRICT_READONLY = 0x80000000U,
+} slap_restrictop_t;
+#define SLAP_OP2RESTRICT(op) ((slap_restrictop_t)1U << (op))
+
+
typedef struct AuthorizationInformation {
ber_tag_t sai_method; /* LDAP_AUTH_* from <ldap.h> */
struct berval sai_mech; /* SASL Mechanism */
#define SLAP_SYNC_SUBENTRY(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_SYNC_SUBENTRY)
#define SLAP_LASTBIND_ASSERT(be) (SLAP_DBFLAGS(be) & SLAP_DBFLAG_LASTBIND_ASSERT)
- slap_mask_t be_restrictops; /* restriction operations */
-#define SLAP_RESTRICT_OP_ADD 0x0001U
-#define SLAP_RESTRICT_OP_BIND 0x0002U
-#define SLAP_RESTRICT_OP_COMPARE 0x0004U
-#define SLAP_RESTRICT_OP_DELETE 0x0008U
-#define SLAP_RESTRICT_OP_EXTENDED 0x0010U
-#define SLAP_RESTRICT_OP_MODIFY 0x0020U
-#define SLAP_RESTRICT_OP_RENAME 0x0040U
-#define SLAP_RESTRICT_OP_SEARCH 0x0080U
-#define SLAP_RESTRICT_OP_MASK 0x00FFU
-
-#define SLAP_RESTRICT_READONLY 0x80000000U
-
-#define SLAP_RESTRICT_EXOP_START_TLS 0x0100U
-#define SLAP_RESTRICT_EXOP_MODIFY_PASSWD 0x0200U
-#define SLAP_RESTRICT_EXOP_WHOAMI 0x0400U
-#define SLAP_RESTRICT_EXOP_CANCEL 0x0800U
-#define SLAP_RESTRICT_EXOP_MASK 0xFF00U
-
-#define SLAP_RESTRICT_OP_READS \
- ( SLAP_RESTRICT_OP_COMPARE \
- | SLAP_RESTRICT_OP_SEARCH )
-#define SLAP_RESTRICT_OP_WRITES \
- ( SLAP_RESTRICT_OP_ADD \
- | SLAP_RESTRICT_OP_DELETE \
- | SLAP_RESTRICT_OP_MODIFY \
- | SLAP_RESTRICT_OP_RENAME )
-#define SLAP_RESTRICT_OP_ALL \
- ( SLAP_RESTRICT_OP_READS \
- | SLAP_RESTRICT_OP_WRITES \
- | SLAP_RESTRICT_OP_BIND \
- | SLAP_RESTRICT_OP_EXTENDED )
+ slap_restrictop_t be_restrictops; /* restriction operations */
#define SLAP_ALLOW_BIND_V2 0x0001U /* LDAPv2 bind */
#define SLAP_ALLOW_BIND_ANON_CRED 0x0002U /* cred should be empty */
#endif
};
-/*
- * Operation indices
- */
-typedef enum {
- SLAP_OP_BIND = 0,
- SLAP_OP_UNBIND,
- SLAP_OP_SEARCH,
- SLAP_OP_COMPARE,
- SLAP_OP_MODIFY,
- SLAP_OP_MODRDN,
- SLAP_OP_ADD,
- SLAP_OP_DELETE,
- SLAP_OP_ABANDON,
- SLAP_OP_EXTENDED,
- SLAP_OP_LAST
-} slap_op_t;
-
typedef struct slap_counters_t {
struct slap_counters_t *sc_next;
ldap_pvt_thread_mutex_t sc_mutex;
projects / thirdparty / openldap.git / commitdiff
