1 /* schema.c - routines to enforce schema definitions */
12 static struct objclass *oc_find(char *ocname);
13 static char * oc_check_required(Entry *e, char *ocname);
14 static int oc_check_allowed(char *type, struct berval **ocl);
17 * oc_check - check that entry e conforms to the schema required by
18 * its object class(es). returns 0 if so, non-zero otherwise.
22 oc_schema_check( Entry *e )
28 /* find the object class attribute - could error out here */
29 if ( (aoc = attr_find( e->e_attrs, "objectclass" )) == NULL ) {
30 Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n",
35 /* check that the entry has required attrs for each oc */
36 for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
37 char *s = oc_check_required( e, aoc->a_vals[i]->bv_val );
40 Debug( LDAP_DEBUG_ANY,
41 "Entry (%s), oc \"%s\" requires attr \"%s\"\n",
42 e->e_dn, aoc->a_vals[i]->bv_val, s );
51 /* check that each attr in the entry is allowed by some oc */
52 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
53 if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) {
54 Debug( LDAP_DEBUG_ANY,
55 "Entry (%s), attr \"%s\" not allowed\n",
56 e->e_dn, a->a_type, 0 );
65 oc_check_required( Entry *e, char *ocname )
71 /* find global oc defn. it we don't know about it assume it's ok */
72 if ( (oc = oc_find( ocname )) == NULL ) {
76 /* check for empty oc_required */
77 if(oc->oc_required == NULL) {
81 /* for each required attribute */
82 for ( i = 0; oc->oc_required[i] != NULL; i++ ) {
83 /* see if it's in the entry */
84 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
85 if ( strcasecmp( a->a_type, oc->oc_required[i] )
91 /* not there => schema violation */
93 return oc->oc_required[i];
101 * check to see if attribute is 'operational' or not.
102 * this function should be externalized...
105 oc_check_operational( char *type )
107 return ( strcasecmp( type, "modifiersname" ) == 0 ||
108 strcasecmp( type, "modifytimestamp" ) == 0 ||
109 strcasecmp( type, "creatorsname" ) == 0 ||
110 strcasecmp( type, "createtimestamp" ) == 0 )
115 oc_check_allowed( char *type, struct berval **ocl )
120 /* always allow objectclass attribute */
121 if ( strcasecmp( type, "objectclass" ) == 0 ) {
125 if ( oc_check_operational( type ) ) {
129 /* check that the type appears as req or opt in at least one oc */
130 for ( i = 0; ocl[i] != NULL; i++ ) {
131 /* if we know about the oc */
132 if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) {
133 /* does it require the type? */
134 for ( j = 0; oc->oc_required != NULL &&
135 oc->oc_required[j] != NULL; j++ ) {
136 if ( strcasecmp( oc->oc_required[j], type )
141 /* does it allow the type? */
142 for ( j = 0; oc->oc_allowed != NULL &&
143 oc->oc_allowed[j] != NULL; j++ ) {
144 if ( strcasecmp( oc->oc_allowed[j], type )
145 == 0 || strcmp( oc->oc_allowed[j], "*" )
151 /* maybe the next oc allows it */
153 /* we don't know about the oc. assume it allows it */
159 /* not allowed by any oc */
163 static struct objclass *
164 oc_find( char *ocname )
168 for ( oc = global_oc; oc != NULL; oc = oc->oc_next ) {
169 if ( strcasecmp( oc->oc_name, ocname ) == 0 ) {
180 oc_print( struct objclass *oc )
184 printf( "objectclass %s\n", oc->oc_name );
185 if ( oc->oc_required != NULL ) {
186 printf( "\trequires %s", oc->oc_required[0] );
187 for ( i = 1; oc->oc_required[i] != NULL; i++ ) {
188 printf( ",%s", oc->oc_required[i] );
192 if ( oc->oc_allowed != NULL ) {
193 printf( "\tallows %s", oc->oc_allowed[0] );
194 for ( i = 1; oc->oc_allowed[i] != NULL; i++ ) {
195 printf( ",%s", oc->oc_allowed[i] );
projects / openldap / blob