1 /* schema.c - routines to enforce schema definitions */
3 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
12 #include <ac/string.h>
13 #include <ac/socket.h>
17 static char * oc_check_required(Entry *e, char *ocname);
18 static int oc_check_allowed(char *type, struct berval **ocl);
22 * oc_check - check that entry e conforms to the schema required by
23 * its object class(es). returns 0 if so, non-zero otherwise.
27 oc_schema_check( Entry *e )
35 /* find the object class attribute - could error out here */
36 if ( (aoc = attr_find( e->e_attrs, "objectclass" )) == NULL ) {
37 Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n",
42 /* check that the entry has required attrs for each oc */
43 for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
44 if ( (oc = oc_find( aoc->a_vals[i]->bv_val )) == NULL ) {
45 Debug( LDAP_DEBUG_ANY,
46 "Objectclass \"%s\" not defined",
47 aoc->a_vals[i]->bv_val, 0, 0 );
51 char *s = oc_check_required( e, aoc->a_vals[i]->bv_val );
54 Debug( LDAP_DEBUG_ANY,
55 "Entry (%s), oc \"%s\" requires attr \"%s\"\n",
56 e->e_dn, aoc->a_vals[i]->bv_val, s );
66 /* check that each attr in the entry is allowed by some oc */
67 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
68 if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) {
69 Debug( LDAP_DEBUG_ANY,
70 "Entry (%s), attr \"%s\" not allowed\n",
71 e->e_dn, a->a_type, 0 );
80 oc_check_required( Entry *e, char *ocname )
88 Debug( LDAP_DEBUG_TRACE,
89 "oc_check_required entry (%s), objectclass \"%s\"\n",
92 /* find global oc defn. it we don't know about it assume it's ok */
93 if ( (oc = oc_find( ocname )) == NULL ) {
97 /* check for empty oc_required */
98 if(oc->soc_required == NULL) {
102 /* for each required attribute */
103 for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
104 at = oc->soc_required[i];
105 /* see if it's in the entry */
106 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
108 strcmp( a->a_type, at->sat_oid ) == 0 ) {
113 /* Empty name list => not found */
118 if ( strcasecmp( a->a_type, *pp ) == 0 ) {
127 /* not there => schema violation */
129 if ( at->sat_names && at->sat_names[0] ) {
130 return at->sat_names[0];
140 static char *oc_usermod_attrs[] = {
142 * OpenLDAP doesn't support any user modification of
143 * operational attributes.
148 static char *oc_operational_attrs[] = {
150 * these are operational attributes
151 * most could be user modifiable
162 "supportedExtension",
164 "supportedSASLMechanisms",
165 "supportedLDAPversion",
166 "subschemaSubentry", /* NO USER MOD */
171 /* this list should be extensible */
172 static char *oc_no_usermod_attrs[] = {
174 * Operational and 'no user modification' attributes
175 * which are STORED in the directory server.
189 * check to see if attribute is 'operational' or not.
192 oc_check_operational_attr( const char *type )
194 return charray_inlist( oc_operational_attrs, type )
195 || charray_inlist( oc_usermod_attrs, type )
196 || charray_inlist( oc_no_usermod_attrs, type );
200 * check to see if attribute can be user modified or not.
203 oc_check_usermod_attr( const char *type )
205 return charray_inlist( oc_usermod_attrs, type );
209 * check to see if attribute is 'no user modification' or not.
212 oc_check_no_usermod_attr( const char *type )
214 return charray_inlist( oc_no_usermod_attrs, type );
219 oc_check_allowed( char *type, struct berval **ocl )
226 Debug( LDAP_DEBUG_TRACE,
227 "oc_check_allowed type \"%s\"\n", type, 0, 0 );
229 /* always allow objectclass attribute */
230 if ( strcasecmp( type, "objectclass" ) == 0 ) {
235 * All operational attributions are allowed by schema rules.
236 * However, we only check attributions which are stored in the
237 * the directory regardless if they are user or non-user modified.
239 if ( oc_check_usermod_attr( type ) || oc_check_no_usermod_attr( type ) ) {
243 /* check that the type appears as req or opt in at least one oc */
244 for ( i = 0; ocl[i] != NULL; i++ ) {
245 /* if we know about the oc */
246 if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) {
247 /* does it require the type? */
248 for ( j = 0; oc->soc_required != NULL &&
249 oc->soc_required[j] != NULL; j++ ) {
250 at = oc->soc_required[j];
252 strcmp(at->sat_oid, type ) == 0 ) {
259 if ( strcasecmp( *pp, type ) == 0 ) {
265 /* does it allow the type? */
266 for ( j = 0; oc->soc_allowed != NULL &&
267 oc->soc_allowed[j] != NULL; j++ ) {
268 at = oc->soc_allowed[j];
270 strcmp(at->sat_oid, type ) == 0 ) {
277 if ( strcasecmp( *pp, type ) == 0 ||
278 strcmp( *pp, "*" ) == 0 ) {
284 /* maybe the next oc allows it */
286 /* we don't know about the oc. assume it allows it */
292 /* not allowed by any oc */
301 static Avlnode *oc_index = NULL;
302 static ObjectClass *oc_list = NULL;
306 struct oindexrec *oir1,
307 struct oindexrec *oir2
310 return (strcasecmp( oir1->oir_name, oir2->oir_name ));
316 struct oindexrec *oir
319 return (strcasecmp( name, oir->oir_name ));
323 oc_find( const char *ocname )
325 struct oindexrec *oir = NULL;
327 if ( (oir = (struct oindexrec *) avl_find( oc_index, ocname,
328 (AVL_CMP) oc_index_name_cmp )) != NULL ) {
329 return( oir->oir_oc );
343 AttributeType **satp;
349 sat = at_find(*attrs1);
352 return SLAP_SCHERR_ATTR_NOT_FOUND;
354 if ( at_find_in_list(sat, soc->soc_required) < 0) {
355 if ( at_append_to_list(sat, &soc->soc_required) ) {
357 return SLAP_SCHERR_OUTOFMEM;
362 /* Now delete duplicates from the allowed list */
363 for ( satp = soc->soc_required; *satp; satp++ ) {
364 i = at_find_in_list(*satp,soc->soc_allowed);
366 at_delete_from_list(i, &soc->soc_allowed);
386 sat = at_find(*attrs1);
389 return SLAP_SCHERR_ATTR_NOT_FOUND;
391 if ( at_find_in_list(sat, soc->soc_required) < 0 &&
392 at_find_in_list(sat, soc->soc_allowed) < 0 ) {
393 if ( at_append_to_list(sat, &soc->soc_allowed) ) {
395 return SLAP_SCHERR_OUTOFMEM;
418 if ( !soc->soc_sups ) {
419 /* We are at the first recursive level */
428 soc->soc_sups = (ObjectClass **)ch_calloc(1,
429 nsups*sizeof(ObjectClass *));
434 soc1 = oc_find(*sups1);
437 return SLAP_SCHERR_CLASS_NOT_FOUND;
441 soc->soc_sups[nsups] = soc1;
443 code = oc_add_sups(soc,soc1->soc_sup_oids, err);
447 code = oc_create_required(soc,soc1->soc_at_oids_must,err);
450 code = oc_create_allowed(soc,soc1->soc_at_oids_may,err);
468 struct oindexrec *oir;
472 while ( *ocp != NULL ) {
473 ocp = &(*ocp)->soc_next;
477 if ( soc->soc_oid ) {
478 oir = (struct oindexrec *)
479 ch_calloc( 1, sizeof(struct oindexrec) );
480 oir->oir_name = soc->soc_oid;
482 if ( avl_insert( &oc_index, (caddr_t) oir,
483 (AVL_CMP) oc_index_cmp,
484 (AVL_DUP) avl_dup_error ) ) {
487 return SLAP_SCHERR_DUP_CLASS;
489 /* FIX: temporal consistency check */
490 oc_find(oir->oir_name);
492 if ( (names = soc->soc_names) ) {
494 oir = (struct oindexrec *)
495 ch_calloc( 1, sizeof(struct oindexrec) );
496 oir->oir_name = ch_strdup(*names);
498 if ( avl_insert( &oc_index, (caddr_t) oir,
499 (AVL_CMP) oc_index_cmp,
500 (AVL_DUP) avl_dup_error ) ) {
503 return SLAP_SCHERR_DUP_CLASS;
505 /* FIX: temporal consistency check */
506 oc_find(oir->oir_name);
515 LDAP_OBJECT_CLASS *oc,
522 soc = (ObjectClass *) ch_calloc( 1, sizeof(ObjectClass) );
523 memcpy( &soc->soc_oclass, oc, sizeof(LDAP_OBJECT_CLASS));
524 if ( (code = oc_add_sups(soc,soc->soc_sup_oids,err)) != 0 )
526 if ( (code = oc_create_required(soc,soc->soc_at_oids_must,err)) != 0 )
528 if ( (code = oc_create_allowed(soc,soc->soc_at_oids_may,err)) != 0 )
530 code = oc_insert(soc,err);
539 static Avlnode *syn_index = NULL;
540 static Syntax *syn_list = NULL;
544 struct sindexrec *sir1,
545 struct sindexrec *sir2
548 return (strcmp( sir1->sir_name, sir2->sir_name ));
554 struct sindexrec *sir
557 return (strcmp( name, sir->sir_name ));
561 syn_find( const char *synname )
563 struct sindexrec *sir = NULL;
565 if ( (sir = (struct sindexrec *) avl_find( syn_index, synname,
566 (AVL_CMP) syn_index_name_cmp )) != NULL ) {
567 return( sir->sir_syn );
573 syn_find_desc( const char *syndesc, int *len )
577 for (synp = syn_list; synp; synp = synp->ssyn_next)
578 if ((*len = dscompare( synp->ssyn_syn.syn_desc, syndesc, '{')))
590 struct sindexrec *sir;
593 while ( *synp != NULL ) {
594 synp = &(*synp)->ssyn_next;
598 if ( ssyn->ssyn_oid ) {
599 sir = (struct sindexrec *)
600 ch_calloc( 1, sizeof(struct sindexrec) );
601 sir->sir_name = ssyn->ssyn_oid;
603 if ( avl_insert( &syn_index, (caddr_t) sir,
604 (AVL_CMP) syn_index_cmp,
605 (AVL_DUP) avl_dup_error ) ) {
606 *err = ssyn->ssyn_oid;
608 return SLAP_SCHERR_DUP_SYNTAX;
610 /* FIX: temporal consistency check */
611 syn_find(sir->sir_name);
619 slap_syntax_check_func *check,
626 ssyn = (Syntax *) ch_calloc( 1, sizeof(Syntax) );
627 memcpy( &ssyn->ssyn_syn, syn, sizeof(LDAP_SYNTAX));
628 ssyn->ssyn_check = check;
629 code = syn_insert(ssyn,err);
635 MatchingRule *mir_mr;
638 static Avlnode *mr_index = NULL;
639 static MatchingRule *mr_list = NULL;
643 struct mindexrec *mir1,
644 struct mindexrec *mir2
647 return (strcmp( mir1->mir_name, mir2->mir_name ));
653 struct mindexrec *mir
656 return (strcmp( name, mir->mir_name ));
660 mr_find( const char *mrname )
662 struct mindexrec *mir = NULL;
664 if ( (mir = (struct mindexrec *) avl_find( mr_index, mrname,
665 (AVL_CMP) mr_index_name_cmp )) != NULL ) {
666 return( mir->mir_mr );
678 struct mindexrec *mir;
682 while ( *mrp != NULL ) {
683 mrp = &(*mrp)->smr_next;
687 if ( smr->smr_oid ) {
688 mir = (struct mindexrec *)
689 ch_calloc( 1, sizeof(struct mindexrec) );
690 mir->mir_name = smr->smr_oid;
692 if ( avl_insert( &mr_index, (caddr_t) mir,
693 (AVL_CMP) mr_index_cmp,
694 (AVL_DUP) avl_dup_error ) ) {
697 return SLAP_SCHERR_DUP_RULE;
699 /* FIX: temporal consistency check */
700 mr_find(mir->mir_name);
702 if ( (names = smr->smr_names) ) {
704 mir = (struct mindexrec *)
705 ch_calloc( 1, sizeof(struct mindexrec) );
706 mir->mir_name = ch_strdup(*names);
708 if ( avl_insert( &mr_index, (caddr_t) mir,
709 (AVL_CMP) mr_index_cmp,
710 (AVL_DUP) avl_dup_error ) ) {
713 return SLAP_SCHERR_DUP_RULE;
715 /* FIX: temporal consistency check */
716 mr_find(mir->mir_name);
725 LDAP_MATCHING_RULE *mr,
726 slap_mr_normalize_func *normalize,
727 slap_mr_compare_func *compare,
735 smr = (MatchingRule *) ch_calloc( 1, sizeof(MatchingRule) );
736 memcpy( &smr->smr_mrule, mr, sizeof(LDAP_MATCHING_RULE));
737 smr->smr_normalize = normalize;
738 smr->smr_compare = compare;
739 if ( smr->smr_syntax_oid ) {
740 if ( (syn = syn_find(smr->smr_syntax_oid)) ) {
741 smr->smr_syntax = syn;
743 *err = smr->smr_syntax_oid;
744 return SLAP_SCHERR_SYN_NOT_FOUND;
748 return SLAP_SCHERR_MR_INCOMPLETE;
750 code = mr_insert(smr,err);
755 case_exact_normalize(
757 struct berval **normalized
760 struct berval *newval;
763 newval = ber_bvdup( val );
764 p = q = newval->bv_val;
765 /* Ignore initial whitespace */
766 while ( isspace( *p++ ) )
769 if ( isspace( *p ) ) {
771 /* Ignore the extra whitespace */
772 while ( isspace(*p++) )
779 * If the string ended in space, backup the pointer one
780 * position. One is enough because the above loop collapsed
781 * all whitespace to a single space.
783 if ( p != newval->bv_val && isspace( *(p-1) ) ) {
786 newval->bv_len = strlen( newval->bv_val );
787 normalized = &newval;
798 return strcmp( val1->bv_val, val2->bv_val );
802 case_ignore_normalize(
804 struct berval **normalized
807 struct berval *newval;
810 newval = ber_bvdup( val );
811 p = q = newval->bv_val;
812 /* Ignore initial whitespace */
813 while ( isspace( *p++ ) )
816 if ( isspace( *p ) ) {
818 /* Ignore the extra whitespace */
819 while ( isspace(*p++) )
822 *q++ = TOUPPER( *p++ );
826 * If the string ended in space, backup the pointer one
827 * position. One is enough because the above loop collapsed
828 * all whitespace to a single space.
830 if ( p != newval->bv_val && isspace( *(p-1) ) ) {
833 newval->bv_len = strlen( newval->bv_val );
834 normalized = &newval;
845 return strcasecmp( val1->bv_val, val2->bv_val );
851 slap_syntax_check_func *check )
857 syn = ldap_str2syntax( desc, &code, &err);
859 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s before %s in %s\n",
860 ldap_scherr2str(code), err, desc );
863 code = syn_add( syn, check, &err );
865 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s %s in %s\n",
866 scherr2str(code), err, desc );
873 register_matching_rule(
875 slap_mr_normalize_func *normalize,
876 slap_mr_compare_func *compare )
878 LDAP_MATCHING_RULE *mr;
882 mr = ldap_str2matchingrule( desc, &code, &err);
884 Debug( LDAP_DEBUG_ANY, "Error in register_matching_rule: %s before %s in %s\n",
885 ldap_scherr2str(code), err, desc );
888 code = mr_add( mr, normalize, compare, &err );
890 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s for %s in %s\n",
891 scherr2str(code), err, desc );
897 struct syntax_defs_rec {
899 slap_syntax_check_func *sd_check;
902 struct syntax_defs_rec syntax_defs[] = {
903 {"( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'AttributeTypeDescription' )", NULL},
904 {"( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' )", NULL},
905 {"( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' )", NULL},
906 {"( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'BitString' )", NULL},
907 {"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' )", NULL},
908 {"( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'CertificateList' )", NULL},
909 {"( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'CertificatePair' )", NULL},
910 {"( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )", NULL},
911 {"( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'DeliveryMethod' )", NULL},
912 {"( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'DirectoryString' )", NULL},
913 {"( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DITContentRuleDescription' )", NULL},
914 {"( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DITStructureRuleDescription' )", NULL},
915 {"( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'EnhancedGuide' )", NULL},
916 {"( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'FacsimileTelephoneNumber' )", NULL},
917 {"( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'GeneralizedTime' )", NULL},
918 {"( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )", NULL},
919 {"( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5String' )", NULL},
920 {"( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )", NULL},
921 {"( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'MatchingRuleDescription' )", NULL},
922 {"( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'MatchingRuleUseDescription' )", NULL},
923 {"( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'MailPreference' )", NULL},
924 {"( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'NameAndOptionalUID' )", NULL},
925 {"( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'NameFormDescription' )", NULL},
926 {"( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'NumericString' )", NULL},
927 {"( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'ObjectClassDescription' )", NULL},
928 {"( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )", NULL},
929 {"( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'OtherMailbox' )", NULL},
930 {"( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'OctetString' )", NULL},
931 {"( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'PostalAddress' )", NULL},
932 {"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'ProtocolInformation' )", NULL},
933 {"( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'PresentationAddress' )", NULL},
934 {"( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'PrintableString' )", NULL},
935 {"( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'SupportedAlgorithm' )", NULL},
936 {"( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'TelephoneNumber' )", NULL},
937 {"( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'TeletexTerminalIdentifier' )", NULL},
938 {"( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'TelexNumber' )", NULL},
939 {"( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTCTime' )", NULL},
940 {"( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAPSyntaxDescription' )", NULL},
941 {"( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'SubstringAssertion' )", NULL},
942 {"( 1.3.6.1.1.1.0.0 DESC 'NISnetgrouptriple' )", NULL},
943 {"( 1.3.6.1.1.1.0.1 DESC 'Bootparameter' )", NULL},
947 struct mrule_defs_rec {
949 slap_mr_normalize_func *mrd_normalize;
950 slap_mr_compare_func *mrd_compare;
954 * Other matching rules in X.520 that we do not use:
956 * 2.5.13.9 numericStringOrderingMatch
957 * 2.5.13.12 caseIgnoreListSubstringsMatch
958 * 2.5.13.13 booleanMatch
959 * 2.5.13.15 integerOrderingMatch
960 * 2.5.13.18 octetStringOrderingMatch
961 * 2.5.13.19 octetStringSubstringsMatch
962 * 2.5.13.25 uTCTimeMatch
963 * 2.5.13.26 uTCTimeOrderingMatch
964 * 2.5.13.31 directoryStringFirstComponentMatch
965 * 2.5.13.32 wordMatch
966 * 2.5.13.33 keywordMatch
967 * 2.5.13.34 certificateExactMatch
968 * 2.5.13.35 certificateMatch
969 * 2.5.13.36 certificatePairExactMatch
970 * 2.5.13.37 certificatePairMatch
971 * 2.5.13.38 certificateListExactMatch
972 * 2.5.13.39 certificateListMatch
973 * 2.5.13.40 algorithmIdentifierMatch
974 * 2.5.13.41 storedPrefixMatch
975 * 2.5.13.42 attributeCertificateMatch
976 * 2.5.13.43 readerAndKeyIDMatch
977 * 2.5.13.44 attributeIntegrityMatch
980 struct mrule_defs_rec mrule_defs[] = {
981 {"( 2.5.13.0 NAME 'objectIdentifierMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", NULL, NULL},
982 {"( 2.5.13.1 NAME 'distinguishedNameMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", NULL, NULL},
983 {"( 2.5.13.2 NAME 'caseIgnoreMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
984 case_ignore_normalize, case_ignore_compare},
985 {"( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
986 case_ignore_normalize, case_ignore_compare},
987 {"( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
988 case_ignore_normalize, case_ignore_compare},
989 /* Next three are not in the RFC's, but are needed for compatibility */
990 {"( 2.5.13.5 NAME 'caseExactMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
991 case_exact_normalize, case_exact_compare},
992 {"( 2.5.13.6 NAME 'caseExactOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
993 case_exact_normalize, case_exact_compare},
994 {"( 2.5.13.7 NAME 'caseExactSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
995 case_exact_normalize, case_exact_compare},
996 {"( 2.5.13.8 NAME 'numericStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )", NULL, NULL},
997 {"( 2.5.13.10 NAME 'numericStringSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", NULL, NULL},
998 {"( 2.5.13.11 NAME 'caseIgnoreListMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )", NULL, NULL},
999 {"( 2.5.13.14 NAME 'integerMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", NULL, NULL},
1000 {"( 2.5.13.16 NAME 'bitStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )", NULL, NULL},
1001 {"( 2.5.13.17 NAME 'octetStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )", NULL, NULL},
1002 {"( 2.5.13.20 NAME 'telephoneNumberMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )", NULL, NULL},
1003 {"( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", NULL, NULL},
1004 {"( 2.5.13.22 NAME 'presentationAddressMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 )", NULL, NULL},
1005 {"( 2.5.13.23 NAME 'uniqueMemberMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )", NULL, NULL},
1006 {"( 2.5.13.24 NAME 'protocolInformationMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )", NULL, NULL},
1007 {"( 2.5.13.27 NAME 'generalizedTimeMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )", NULL, NULL},
1008 {"( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )", NULL, NULL},
1009 {"( 2.5.13.29 NAME 'integerFirstComponentMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", NULL, NULL},
1010 {"( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", NULL, NULL},
1011 {"( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1012 case_exact_normalize, case_exact_compare},
1013 {"( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1014 case_ignore_normalize, case_ignore_compare},
1023 static int schema_init_done = 0;
1025 /* We are called from read_config that is recursive */
1026 if ( schema_init_done )
1028 for ( i=0; syntax_defs[i].sd_desc != NULL; i++ ) {
1029 res = register_syntax( syntax_defs[i].sd_desc,
1030 syntax_defs[i].sd_check );
1032 fprintf( stderr, "schema_init: Error registering syntax %s\n",
1033 syntax_defs[i].sd_desc );
1034 exit( EXIT_FAILURE );
1037 for ( i=0; mrule_defs[i].mrd_desc != NULL; i++ ) {
1038 res = register_matching_rule( mrule_defs[i].mrd_desc,
1039 ( mrule_defs[i].mrd_normalize ?
1040 mrule_defs[i].mrd_normalize : case_ignore_normalize ),
1041 ( mrule_defs[i].mrd_compare ?
1042 mrule_defs[i].mrd_compare : case_ignore_compare ) );
1044 fprintf( stderr, "schema_init: Error registering matching rule %s\n",
1045 mrule_defs[i].mrd_desc );
1046 exit( EXIT_FAILURE );
1049 schema_init_done = 1;
1053 #if defined( SLAPD_SCHEMA_DN )
1056 syn_schema_info( Entry *e )
1059 struct berval *vals[2];
1065 for ( syn = syn_list; syn; syn = syn->ssyn_next ) {
1066 val.bv_val = ldap_syntax2str( &syn->ssyn_syn );
1068 val.bv_len = strlen( val.bv_val );
1069 Debug( LDAP_DEBUG_TRACE, "Merging syn [%ld] %s\n",
1070 (long) val.bv_len, val.bv_val, 0 );
1071 attr_merge( e, "ldapSyntaxes", vals );
1072 ldap_memfree( val.bv_val );
1081 mr_schema_info( Entry *e )
1084 struct berval *vals[2];
1090 for ( mr = mr_list; mr; mr = mr->smr_next ) {
1091 val.bv_val = ldap_matchingrule2str( &mr->smr_mrule );
1093 val.bv_len = strlen( val.bv_val );
1094 Debug( LDAP_DEBUG_TRACE, "Merging mr [%ld] %s\n",
1095 (long) val.bv_len, val.bv_val, 0 );
1096 attr_merge( e, "matchingRules", vals );
1097 ldap_memfree( val.bv_val );
1106 oc_schema_info( Entry *e )
1109 struct berval *vals[2];
1115 for ( oc = oc_list; oc; oc = oc->soc_next ) {
1116 val.bv_val = ldap_objectclass2str( &oc->soc_oclass );
1118 val.bv_len = strlen( val.bv_val );
1119 Debug( LDAP_DEBUG_TRACE, "Merging oc [%ld] %s\n",
1120 (long) val.bv_len, val.bv_val, 0 );
1121 attr_merge( e, "objectClasses", vals );
1122 ldap_memfree( val.bv_val );
1131 schema_info( Connection *conn, Operation *op, char **attrs, int attrsonly )
1135 struct berval *vals[2];
1140 e = (Entry *) ch_calloc( 1, sizeof(Entry) );
1143 e->e_dn = ch_strdup( SLAPD_SCHEMA_DN );
1144 e->e_ndn = ch_strdup( SLAPD_SCHEMA_DN );
1145 (void) dn_normalize_case( e->e_ndn );
1146 e->e_private = NULL;
1149 char *rdn = ch_strdup( SLAPD_SCHEMA_DN );
1150 val.bv_val = strchr( rdn, '=' );
1152 if( val.bv_val != NULL ) {
1154 val.bv_len = strlen( ++val.bv_val );
1156 attr_merge( e, rdn, vals );
1162 if ( syn_schema_info( e ) ) {
1163 /* Out of memory, do something about it */
1167 if ( mr_schema_info( e ) ) {
1168 /* Out of memory, do something about it */
1172 if ( at_schema_info( e ) ) {
1173 /* Out of memory, do something about it */
1177 if ( oc_schema_info( e ) ) {
1178 /* Out of memory, do something about it */
1184 val.bv_len = sizeof("top")-1;
1185 attr_merge( e, "objectClass", vals );
1187 val.bv_val = "LDAPsubentry";
1188 val.bv_len = sizeof("LDAPsubentry")-1;
1189 attr_merge( e, "objectClass", vals );
1191 val.bv_val = "subschema";
1192 val.bv_len = sizeof("subschema")-1;
1193 attr_merge( e, "objectClass", vals );
1195 val.bv_val = "extensibleObject";
1196 val.bv_len = sizeof("extensibleObject")-1;
1197 attr_merge( e, "objectClass", vals );
1199 send_search_entry( &backends[0], conn, op,
1200 e, attrs, attrsonly, NULL );
1201 send_search_result( conn, op, LDAP_SUCCESS,
1202 NULL, NULL, NULL, NULL, 1 );
1211 oc_print( ObjectClass *oc )
1216 printf( "objectclass %s\n", ldap_objectclass2name( &oc->soc_oclass ) );
1217 if ( oc->soc_required != NULL ) {
1218 mid = "\trequires ";
1219 for ( i = 0; oc->soc_required[i] != NULL; i++, mid = "," )
1220 printf( "%s%s", mid,
1221 ldap_attributetype2name( &oc->soc_required[i]->sat_atype ) );
1224 if ( oc->soc_allowed != NULL ) {
1226 for ( i = 0; oc->soc_allowed[i] != NULL; i++, mid = "," )
1227 printf( "%s%s", mid,
1228 ldap_attributetype2name( &oc->soc_allowed[i]->sat_atype ) );
1236 int is_entry_objectclass(
1243 if( e == NULL || oc == NULL || *oc == '\0' )
1247 * find objectClass attribute
1249 attr = attr_find(e->e_attrs, "objectclass");
1251 if( attr == NULL ) {
1252 /* no objectClass attribute */
1256 bv.bv_val = (char *) oc;
1257 bv.bv_len = strlen( bv.bv_val );
1259 if( value_find(attr->a_vals, &bv, attr->a_syntax, 1) != 0) {
1260 /* entry is not of this objectclass */