]> git.sur5r.net Git - openldap/blob - servers/slapd/cr.c
Add register_certificate_map_function() native plugin API for registering
[openldap] / servers / slapd / cr.c
1 /* cr.c - content rule routines */
2 /* $OpenLDAP$ */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4  *
5  * Copyright 1998-2004 The OpenLDAP Foundation.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted only as authorized by the OpenLDAP
10  * Public License.
11  *
12  * A copy of this license is available in the file LICENSE in the
13  * top-level directory of the distribution or, alternatively, at
14  * <http://www.OpenLDAP.org/license.html>.
15  */
16
17 #include "portable.h"
18
19 #include <stdio.h>
20
21 #include <ac/ctype.h>
22 #include <ac/string.h>
23 #include <ac/socket.h>
24
25 #include "slap.h"
26 #include "ldap_pvt.h"
27
28 struct cindexrec {
29         struct berval   cir_name;
30         ContentRule     *cir_cr;
31 };
32
33 static Avlnode  *cr_index = NULL;
34 static LDAP_SLIST_HEAD(CRList, slap_content_rule) cr_list
35         = LDAP_SLIST_HEAD_INITIALIZER(&cr_list);
36
37 static int
38 cr_index_cmp(
39     const void  *v_cir1,
40     const void  *v_cir2 )
41 {
42         const struct cindexrec  *cir1 = v_cir1;
43         const struct cindexrec  *cir2 = v_cir2;
44         int i = cir1->cir_name.bv_len - cir2->cir_name.bv_len;
45         if (i) return i;
46         return strcasecmp( cir1->cir_name.bv_val, cir2->cir_name.bv_val );
47 }
48
49 static int
50 cr_index_name_cmp(
51     const void  *v_name,
52     const void  *v_cir )
53 {
54         const struct berval    *name = v_name;
55         const struct cindexrec *cir  = v_cir;
56         int i = name->bv_len - cir->cir_name.bv_len;
57         if (i) return i;
58         return strncasecmp( name->bv_val, cir->cir_name.bv_val, name->bv_len );
59 }
60
61 ContentRule *
62 cr_find( const char *crname )
63 {
64         struct berval bv;
65
66         bv.bv_val = (char *)crname;
67         bv.bv_len = strlen( crname );
68
69         return( cr_bvfind( &bv ) );
70 }
71
72 ContentRule *
73 cr_bvfind( struct berval *crname )
74 {
75         struct cindexrec        *cir;
76
77         cir = avl_find( cr_index, crname, cr_index_name_cmp );
78
79         if ( cir != NULL ) {
80                 return( cir->cir_cr );
81         }
82
83         return( NULL );
84 }
85
86 static int
87 cr_destroy_one( ContentRule *c )
88 {
89         assert( c != NULL );
90
91         if (c->scr_auxiliaries) ldap_memfree(c->scr_auxiliaries);
92         if (c->scr_required) ldap_memfree(c->scr_required);
93         if (c->scr_allowed) ldap_memfree(c->scr_allowed);
94         if (c->scr_precluded) ldap_memfree(c->scr_precluded);
95         ldap_contentrule_free((LDAPContentRule *)c);
96
97         return 0;
98 }
99
100 void
101 cr_destroy( void )
102 {
103         ContentRule *c;
104
105         avl_free(cr_index, ldap_memfree);
106
107         while( !LDAP_SLIST_EMPTY(&cr_list) ) {
108                 c = LDAP_SLIST_FIRST(&cr_list);
109                 LDAP_SLIST_REMOVE_HEAD(&cr_list, scr_next);
110
111                 cr_destroy_one( c );
112         }
113 }
114
115 static int
116 cr_insert(
117     ContentRule         *scr,
118     const char          **err
119 )
120 {
121         struct cindexrec        *cir;
122         char                    **names;
123
124         LDAP_SLIST_NEXT( scr, scr_next ) = NULL;
125         LDAP_SLIST_INSERT_HEAD(&cr_list, scr, scr_next);
126
127         if ( scr->scr_oid ) {
128                 cir = (struct cindexrec *)
129                         ch_calloc( 1, sizeof(struct cindexrec) );
130                 cir->cir_name.bv_val = scr->scr_oid;
131                 cir->cir_name.bv_len = strlen( scr->scr_oid );
132                 cir->cir_cr = scr;
133
134                 assert( cir->cir_name.bv_val );
135                 assert( cir->cir_cr );
136
137                 if ( avl_insert( &cr_index, (caddr_t) cir,
138                                  cr_index_cmp, avl_dup_error ) )
139                 {
140                         *err = scr->scr_oid;
141                         ldap_memfree(cir);
142                         return SLAP_SCHERR_CR_DUP;
143                 }
144
145                 /* FIX: temporal consistency check */
146                 assert( cr_bvfind(&cir->cir_name) != NULL );
147         }
148
149         if ( (names = scr->scr_names) ) {
150                 while ( *names ) {
151                         cir = (struct cindexrec *)
152                                 ch_calloc( 1, sizeof(struct cindexrec) );
153                         cir->cir_name.bv_val = *names;
154                         cir->cir_name.bv_len = strlen( *names );
155                         cir->cir_cr = scr;
156
157                         assert( cir->cir_name.bv_val );
158                         assert( cir->cir_cr );
159
160                         if ( avl_insert( &cr_index, (caddr_t) cir,
161                                          cr_index_cmp, avl_dup_error ) )
162                         {
163                                 *err = *names;
164                                 ldap_memfree(cir);
165                                 return SLAP_SCHERR_CR_DUP;
166                         }
167
168                         /* FIX: temporal consistency check */
169                         assert( cr_bvfind(&cir->cir_name) != NULL );
170
171                         names++;
172                 }
173         }
174
175         return 0;
176 }
177
178 static int
179 cr_add_auxiliaries(
180     ContentRule         *scr,
181         int                     *op,
182     const char          **err )
183 {
184         int naux;
185
186         if( scr->scr_oc_oids_aux == NULL ) return 0;
187         
188         for( naux=0; scr->scr_oc_oids_aux[naux]; naux++ ) {
189                 /* count them */ ;
190         }
191
192         scr->scr_auxiliaries = ch_calloc( naux+1, sizeof(ObjectClass *));
193
194         for( naux=0; scr->scr_oc_oids_aux[naux]; naux++ ) {
195                 ObjectClass *soc = scr->scr_auxiliaries[naux]
196                         = oc_find(scr->scr_oc_oids_aux[naux]);
197                 if ( !soc ) {
198                         *err = scr->scr_oc_oids_aux[naux];
199                         return SLAP_SCHERR_CLASS_NOT_FOUND;
200                 }
201
202                 if( soc->soc_flags & SLAP_OC_OPERATIONAL &&
203                         soc != slap_schema.si_oc_extensibleObject )
204                 {
205                         (*op)++;
206                 }
207
208                 if( soc->soc_kind != LDAP_SCHEMA_AUXILIARY ) {
209                         *err = scr->scr_oc_oids_aux[naux];
210                         return SLAP_SCHERR_CR_BAD_AUX;
211                 }
212         }
213
214         scr->scr_auxiliaries[naux] = NULL;
215         return 0;
216 }
217
218 static int
219 cr_create_required(
220     ContentRule         *scr,
221         int                     *op,
222     const char          **err )
223 {
224     char                **attrs = scr->scr_at_oids_must;
225         char            **attrs1;
226         AttributeType   *sat;
227
228         if ( attrs ) {
229                 attrs1 = attrs;
230                 while ( *attrs1 ) {
231                         sat = at_find(*attrs1);
232                         if ( !sat ) {
233                                 *err = *attrs1;
234                                 return SLAP_SCHERR_ATTR_NOT_FOUND;
235                         }
236
237                         if( is_at_operational( sat )) (*op)++;
238
239                         if ( at_find_in_list(sat, scr->scr_required) < 0) {
240                                 if ( at_append_to_list(sat, &scr->scr_required) ) {
241                                         *err = *attrs1;
242                                         return SLAP_SCHERR_OUTOFMEM;
243                                 }
244                         } else {
245                                 *err = *attrs1;
246                                 return SLAP_SCHERR_CR_BAD_AT;
247                         }
248                         attrs1++;
249                 }
250         }
251         return 0;
252 }
253
254 static int
255 cr_create_allowed(
256     ContentRule         *scr,
257         int                     *op,
258     const char          **err )
259 {
260     char                **attrs = scr->scr_at_oids_may;
261         char            **attrs1;
262         AttributeType   *sat;
263
264         if ( attrs ) {
265                 attrs1 = attrs;
266                 while ( *attrs1 ) {
267                         sat = at_find(*attrs1);
268                         if ( !sat ) {
269                                 *err = *attrs1;
270                                 return SLAP_SCHERR_ATTR_NOT_FOUND;
271                         }
272
273                         if( is_at_operational( sat )) (*op)++;
274
275                         if ( at_find_in_list(sat, scr->scr_required) < 0 &&
276                                 at_find_in_list(sat, scr->scr_allowed) < 0 )
277                         {
278                                 if ( at_append_to_list(sat, &scr->scr_allowed) ) {
279                                         *err = *attrs1;
280                                         return SLAP_SCHERR_OUTOFMEM;
281                                 }
282                         } else {
283                                 *err = *attrs1;
284                                 return SLAP_SCHERR_CR_BAD_AT;
285                         }
286                         attrs1++;
287                 }
288         }
289         return 0;
290 }
291
292 static int
293 cr_create_precluded(
294     ContentRule         *scr,
295         int                     *op,
296     const char          **err )
297 {
298     char                **attrs = scr->scr_at_oids_not;
299         char            **attrs1;
300         AttributeType   *sat;
301
302         if ( attrs ) {
303                 attrs1 = attrs;
304                 while ( *attrs1 ) {
305                         sat = at_find(*attrs1);
306                         if ( !sat ) {
307                                 *err = *attrs1;
308                                 return SLAP_SCHERR_ATTR_NOT_FOUND;
309                         }
310
311                         if( is_at_operational( sat )) (*op)++;
312
313                         /* FIXME: should also make sure attribute type is not
314                                 a required attribute of the structural class or
315                                 any auxiliary class */
316                         if ( at_find_in_list(sat, scr->scr_required) < 0 &&
317                                 at_find_in_list(sat, scr->scr_allowed) < 0 &&
318                                 at_find_in_list(sat, scr->scr_precluded) < 0 )
319                         {
320                                 if ( at_append_to_list(sat, &scr->scr_precluded) ) {
321                                         *err = *attrs1;
322                                         return SLAP_SCHERR_OUTOFMEM;
323                                 }
324                         } else {
325                                 *err = *attrs1;
326                                 return SLAP_SCHERR_CR_BAD_AT;
327                         }
328                         attrs1++;
329                 }
330         }
331         return 0;
332 }
333
334 int
335 cr_add(
336     LDAPContentRule     *cr,
337         int user,
338     const char          **err
339 )
340 {
341         ContentRule     *scr;
342         int             code;
343         int             op = 0;
344
345         if ( cr->cr_names != NULL ) {
346                 int i;
347
348                 for( i=0; cr->cr_names[i]; i++ ) {
349                         if( !slap_valid_descr( cr->cr_names[i] ) ) {
350                                 return SLAP_SCHERR_BAD_DESCR;
351                         }
352                 }
353         }
354
355         if ( !OID_LEADCHAR( cr->cr_oid[0] )) {
356                 /* Expand OID macros */
357                 char *oid = oidm_find( cr->cr_oid );
358                 if ( !oid ) {
359                         *err = cr->cr_oid;
360                         return SLAP_SCHERR_OIDM;
361                 }
362                 if ( oid != cr->cr_oid ) {
363                         ldap_memfree( cr->cr_oid );
364                         cr->cr_oid = oid;
365                 }
366         }
367
368         scr = (ContentRule *) ch_calloc( 1, sizeof(ContentRule) );
369         AC_MEMCPY( &scr->scr_crule, cr, sizeof(LDAPContentRule) );
370
371         scr->scr_sclass = oc_find(cr->cr_oid);
372         if ( !scr->scr_sclass ) {
373                 *err = cr->cr_oid;
374                 return SLAP_SCHERR_CLASS_NOT_FOUND;
375         }
376
377         /* check object class usage */
378         if( scr->scr_sclass->soc_kind != LDAP_SCHEMA_STRUCTURAL )
379         {
380                 *err = cr->cr_oid;
381                 return SLAP_SCHERR_CR_BAD_STRUCT;
382         }
383
384         if( scr->scr_sclass->soc_flags & SLAP_OC_OPERATIONAL ) op++;
385
386         code = cr_add_auxiliaries( scr, &op, err );
387         if ( code != 0 ) return code;
388
389         code = cr_create_required( scr, &op, err );
390         if ( code != 0 ) return code;
391
392         code = cr_create_allowed( scr, &op, err );
393         if ( code != 0 ) return code;
394
395         code = cr_create_precluded( scr, &op, err );
396         if ( code != 0 ) return code;
397
398         if( user && op ) {
399                 return SLAP_SCHERR_CR_BAD_AUX;
400         }
401
402         code = cr_insert(scr,err);
403         return code;
404 }
405
406 int
407 cr_schema_info( Entry *e )
408 {
409         AttributeDescription *ad_ditContentRules
410                 = slap_schema.si_ad_ditContentRules;
411         ContentRule     *cr;
412
413         struct berval   val;
414         struct berval   nval;
415
416         LDAP_SLIST_FOREACH(cr, &cr_list, scr_next) {
417                 if ( ldap_contentrule2bv( &cr->scr_crule, &val ) == NULL ) {
418                         return -1;
419                 }
420
421 #if 0
422                 if( cr->scr_flags & SLAP_CR_HIDE ) continue;
423 #endif
424 #if 0
425                 Debug( LDAP_DEBUG_TRACE, "Merging cr [%ld] %s\n",
426                (long) val.bv_len, val.bv_val, 0 );
427 #endif
428
429                 nval.bv_val = cr->scr_oid;
430                 nval.bv_len = strlen(cr->scr_oid);
431
432                 if( attr_merge_one( e, ad_ditContentRules, &val, &nval ) )
433                 {
434                         return -1;
435                 }
436                 ldap_memfree( val.bv_val );
437         }
438         return 0;
439 }