1 /* schema.c - routines to enforce schema definitions */
6 #include <sys/socket.h>
9 extern Attribute *attr_find();
10 extern char **str2charray();
11 extern void charray_merge();
13 extern struct objclass *global_oc;
14 extern int global_schemacheck;
16 static struct objclass *oc_find();
17 static int oc_check_required();
18 static int oc_check_allowed();
21 * oc_check - check that entry e conforms to the schema required by
22 * its object class(es). returns 0 if so, non-zero otherwise.
26 oc_schema_check( Entry *e )
33 /* find the object class attribute - could error out here */
34 if ( (aoc = attr_find( e->e_attrs, "objectclass" )) == NULL ) {
35 Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n",
40 /* check that the entry has required attrs for each oc */
41 for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
42 if ( oc_check_required( e, aoc->a_vals[i]->bv_val ) != 0 ) {
43 Debug( LDAP_DEBUG_ANY,
44 "Entry (%s), required attr (%s) missing\n",
45 e->e_dn, aoc->a_vals[i]->bv_val, 0 );
54 /* check that each attr in the entry is allowed by some oc */
55 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
56 if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) {
57 Debug( LDAP_DEBUG_ANY,
58 "Entry (%s), attr (%s) not allowed\n",
59 e->e_dn, a->a_type, 0 );
68 oc_check_required( Entry *e, char *ocname )
74 /* find global oc defn. it we don't know about it assume it's ok */
75 if ( (oc = oc_find( ocname )) == NULL ) {
79 /* check for empty oc_required */
80 if(oc->oc_required == NULL) {
84 /* for each required attribute */
85 for ( i = 0; oc->oc_required[i] != NULL; i++ ) {
86 /* see if it's in the entry */
87 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
88 if ( strcasecmp( a->a_type, oc->oc_required[i] )
94 /* not there => schema violation */
104 oc_check_allowed( char *type, struct berval **ocl )
109 /* always allow objectclass attribute */
110 if ( strcasecmp( type, "objectclass" ) == 0 ) {
114 /* check that the type appears as req or opt in at least one oc */
115 for ( i = 0; ocl[i] != NULL; i++ ) {
116 /* if we know about the oc */
117 if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) {
118 /* does it require the type? */
119 for ( j = 0; oc->oc_required != NULL &&
120 oc->oc_required[j] != NULL; j++ ) {
121 if ( strcasecmp( oc->oc_required[j], type )
126 /* does it allow the type? */
127 for ( j = 0; oc->oc_allowed != NULL &&
128 oc->oc_allowed[j] != NULL; j++ ) {
129 if ( strcasecmp( oc->oc_allowed[j], type )
130 == 0 || strcmp( oc->oc_allowed[j], "*" )
136 /* maybe the next oc allows it */
138 /* we don't know about the oc. assume it allows it */
144 /* not allowed by any oc */
148 static struct objclass *
149 oc_find( char *ocname )
153 for ( oc = global_oc; oc != NULL; oc = oc->oc_next ) {
154 if ( strcasecmp( oc->oc_name, ocname ) == 0 ) {
165 oc_print( struct objclass *oc )
169 printf( "objectclass %s\n", oc->oc_name );
170 if ( oc->oc_required != NULL ) {
171 printf( "\trequires %s", oc->oc_required[0] );
172 for ( i = 1; oc->oc_required[i] != NULL; i++ ) {
173 printf( ",%s", oc->oc_required[i] );
177 if ( oc->oc_allowed != NULL ) {
178 printf( "\tallows %s", oc->oc_allowed[0] );
179 for ( i = 1; oc->oc_allowed[i] != NULL; i++ ) {
180 printf( ",%s", oc->oc_allowed[i] );
projects / openldap / blob