1 /* schema.c - routines to enforce schema definitions */
6 #include <sys/socket.h>
9 extern Attribute *attr_find();
10 extern char **str2charray();
11 extern void charray_merge();
13 extern struct objclass *global_oc;
14 extern int global_schemacheck;
16 static struct objclass *oc_find();
17 static int oc_check_required();
18 static int oc_check_allowed();
21 * oc_check - check that entry e conforms to the schema required by
22 * its object class(es). returns 0 if so, non-zero otherwise.
26 oc_schema_check( Entry *e )
33 /* find the object class attribute - could error out here */
34 if ( (aoc = attr_find( e->e_attrs, "objectclass" )) == NULL ) {
35 Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n",
40 /* check that the entry has required attrs for each oc */
41 for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
42 if ( oc_check_required( e, aoc->a_vals[i]->bv_val ) != 0 ) {
43 Debug( LDAP_DEBUG_ANY,
44 "Entry (%s), required attr (%s) missing\n",
45 e->e_dn, aoc->a_vals[i]->bv_val, 0 );
54 /* check that each attr in the entry is allowed by some oc */
55 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
56 if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) {
57 Debug( LDAP_DEBUG_ANY,
58 "Entry (%s), attr (%s) not allowed\n",
59 e->e_dn, a->a_type, 0 );
68 oc_check_required( Entry *e, char *ocname )
74 /* find global oc defn. it we don't know about it assume it's ok */
75 if ( (oc = oc_find( ocname )) == NULL ) {
79 /* for each required attribute */
80 for ( i = 0; oc->oc_required[i] != NULL; i++ ) {
81 /* see if it's in the entry */
82 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
83 if ( strcasecmp( a->a_type, oc->oc_required[i] )
89 /* not there => schema violation */
99 oc_check_allowed( char *type, struct berval **ocl )
104 /* always allow objectclass attribute */
105 if ( strcasecmp( type, "objectclass" ) == 0 ) {
109 /* check that the type appears as req or opt in at least one oc */
110 for ( i = 0; ocl[i] != NULL; i++ ) {
111 /* if we know about the oc */
112 if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) {
113 /* does it require the type? */
114 for ( j = 0; oc->oc_required[j] != NULL; j++ ) {
115 if ( strcasecmp( oc->oc_required[j], type )
120 /* does it allow the type? */
121 for ( j = 0; oc->oc_allowed[j] != NULL; j++ ) {
122 if ( strcasecmp( oc->oc_allowed[j], type )
123 == 0 || strcmp( oc->oc_allowed[j], "*" )
129 /* maybe the next oc allows it */
131 /* we don't know about the oc. assume it allows it */
137 /* not allowed by any oc */
141 static struct objclass *
142 oc_find( char *ocname )
146 for ( oc = global_oc; oc != NULL; oc = oc->oc_next ) {
147 if ( strcasecmp( oc->oc_name, ocname ) == 0 ) {
158 oc_print( struct objclass *oc )
162 printf( "objectclass %s\n", oc->oc_name );
163 if ( oc->oc_required != NULL ) {
164 printf( "\trequires %s", oc->oc_required[0] );
165 for ( i = 1; oc->oc_required[i] != NULL; i++ ) {
166 printf( ",%s", oc->oc_required[i] );
170 if ( oc->oc_allowed != NULL ) {
171 printf( "\tallows %s", oc->oc_allowed[0] );
172 for ( i = 1; oc->oc_allowed[i] != NULL; i++ ) {
173 printf( ",%s", oc->oc_allowed[i] );
projects / openldap / blob