1 /* schema.c - routines to enforce schema definitions */
4 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
13 #include <ac/string.h>
14 #include <ac/socket.h>
19 static char * oc_check_required(Entry *e, char *ocname);
20 static int oc_check_allowed(char *type, struct berval **ocl);
23 * oc_check - check that entry e conforms to the schema required by
24 * its object class(es). returns 0 if so, non-zero otherwise.
28 oc_schema_check( Entry *e )
36 /* find the object class attribute - could error out here */
37 if ( (aoc = attr_find( e->e_attrs, "objectclass" )) == NULL ) {
38 Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n",
43 /* check that the entry has required attrs for each oc */
44 for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
45 if ( (oc = oc_find( aoc->a_vals[i]->bv_val )) == NULL ) {
46 Debug( LDAP_DEBUG_ANY,
47 "Objectclass \"%s\" not defined\n",
48 aoc->a_vals[i]->bv_val, 0, 0 );
52 char *s = oc_check_required( e, aoc->a_vals[i]->bv_val );
55 Debug( LDAP_DEBUG_ANY,
56 "Entry (%s), oc \"%s\" requires attr \"%s\"\n",
57 e->e_dn, aoc->a_vals[i]->bv_val, s );
67 /* check that each attr in the entry is allowed by some oc */
68 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
69 if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) {
70 Debug( LDAP_DEBUG_ANY,
71 "Entry (%s), attr \"%s\" not allowed\n",
72 e->e_dn, a->a_type, 0 );
81 oc_check_required( Entry *e, char *ocname )
89 Debug( LDAP_DEBUG_TRACE,
90 "oc_check_required entry (%s), objectclass \"%s\"\n",
93 /* find global oc defn. it we don't know about it assume it's ok */
94 if ( (oc = oc_find( ocname )) == NULL ) {
98 /* check for empty oc_required */
99 if(oc->soc_required == NULL) {
103 /* for each required attribute */
104 for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
105 at = oc->soc_required[i];
106 /* see if it's in the entry */
107 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
109 strcmp( a->a_type, at->sat_oid ) == 0 ) {
114 /* Empty name list => not found */
119 if ( strcasecmp( a->a_type, *pp ) == 0 ) {
128 /* not there => schema violation */
130 if ( at->sat_names && at->sat_names[0] ) {
131 return at->sat_names[0];
141 static char *oc_usermod_attrs[] = {
143 * OpenLDAP doesn't support any user modification of
144 * operational attributes.
149 static char *oc_operational_attrs[] = {
151 * these are operational attributes
152 * most could be user modifiable
163 "supportedExtension",
165 "supportedSASLMechanisms",
166 "supportedLDAPversion",
167 "supportedACIMechanisms",
168 "subschemaSubentry", /* NO USER MOD */
173 /* this list should be extensible */
174 static char *oc_no_usermod_attrs[] = {
176 * Operational and 'no user modification' attributes
177 * which are STORED in the directory server.
191 * check to see if attribute is 'operational' or not.
194 oc_check_operational_attr( const char *type )
196 return charray_inlist( oc_operational_attrs, type )
197 || charray_inlist( oc_usermod_attrs, type )
198 || charray_inlist( oc_no_usermod_attrs, type );
202 * check to see if attribute can be user modified or not.
205 oc_check_usermod_attr( const char *type )
207 return charray_inlist( oc_usermod_attrs, type );
211 * check to see if attribute is 'no user modification' or not.
214 oc_check_no_usermod_attr( const char *type )
216 return charray_inlist( oc_no_usermod_attrs, type );
221 oc_check_allowed( char *type, struct berval **ocl )
229 Debug( LDAP_DEBUG_TRACE,
230 "oc_check_allowed type \"%s\"\n", type, 0, 0 );
232 /* always allow objectclass attribute */
233 if ( strcasecmp( type, "objectclass" ) == 0 ) {
238 * All operational attributions are allowed by schema rules.
239 * However, we only check attributions which are stored in the
240 * the directory regardless if they are user or non-user modified.
242 if ( oc_check_usermod_attr( type ) || oc_check_no_usermod_attr( type ) ) {
247 * The "type" we have received is actually an AttributeDescription.
248 * Let's find out the corresponding type.
250 p = strchr( type, ';' );
252 t = ch_malloc( p-type+1 );
253 strncpy( t, type, p-type );
255 Debug( LDAP_DEBUG_TRACE,
256 "oc_check_allowed type \"%s\" from \"%s\"\n",
263 /* check that the type appears as req or opt in at least one oc */
264 for ( i = 0; ocl[i] != NULL; i++ ) {
265 /* if we know about the oc */
266 if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) {
267 /* does it require the type? */
268 for ( j = 0; oc->soc_required != NULL &&
269 oc->soc_required[j] != NULL; j++ ) {
270 at = oc->soc_required[j];
272 strcmp(at->sat_oid, t ) == 0 ) {
281 if ( strcasecmp( *pp, t ) == 0 ) {
289 /* does it allow the type? */
290 for ( j = 0; oc->soc_allowed != NULL &&
291 oc->soc_allowed[j] != NULL; j++ ) {
292 at = oc->soc_allowed[j];
294 strcmp( at->sat_oid, t ) == 0 ) {
303 if ( strcasecmp( *pp, t ) == 0 ||
304 strcmp( *pp, "*" ) == 0 ) {
312 /* maybe the next oc allows it */
314 #ifdef OC_UNDEFINED_IMPLES_EXTENSIBLE
315 /* we don't know about the oc. assume it allows it */
326 /* not allowed by any oc */
335 static Avlnode *oc_index = NULL;
336 static ObjectClass *oc_list = NULL;
340 struct oindexrec *oir1,
341 struct oindexrec *oir2
344 return (strcasecmp( oir1->oir_name, oir2->oir_name ));
350 struct oindexrec *oir
353 return (strcasecmp( name, oir->oir_name ));
357 oc_find( const char *ocname )
359 struct oindexrec *oir = NULL;
361 if ( (oir = (struct oindexrec *) avl_find( oc_index, ocname,
362 (AVL_CMP) oc_index_name_cmp )) != NULL ) {
363 return( oir->oir_oc );
377 AttributeType **satp;
383 sat = at_find(*attrs1);
386 return SLAP_SCHERR_ATTR_NOT_FOUND;
388 if ( at_find_in_list(sat, soc->soc_required) < 0) {
389 if ( at_append_to_list(sat, &soc->soc_required) ) {
391 return SLAP_SCHERR_OUTOFMEM;
396 /* Now delete duplicates from the allowed list */
397 for ( satp = soc->soc_required; *satp; satp++ ) {
398 i = at_find_in_list(*satp,soc->soc_allowed);
400 at_delete_from_list(i, &soc->soc_allowed);
420 sat = at_find(*attrs1);
423 return SLAP_SCHERR_ATTR_NOT_FOUND;
425 if ( at_find_in_list(sat, soc->soc_required) < 0 &&
426 at_find_in_list(sat, soc->soc_allowed) < 0 ) {
427 if ( at_append_to_list(sat, &soc->soc_allowed) ) {
429 return SLAP_SCHERR_OUTOFMEM;
452 if ( !soc->soc_sups ) {
453 /* We are at the first recursive level */
462 soc->soc_sups = (ObjectClass **)ch_calloc(1,
463 nsups*sizeof(ObjectClass *));
468 soc1 = oc_find(*sups1);
471 return SLAP_SCHERR_CLASS_NOT_FOUND;
475 soc->soc_sups[nsups] = soc1;
477 code = oc_add_sups(soc,soc1->soc_sup_oids, err);
481 code = oc_create_required(soc,soc1->soc_at_oids_must,err);
484 code = oc_create_allowed(soc,soc1->soc_at_oids_may,err);
502 struct oindexrec *oir;
506 while ( *ocp != NULL ) {
507 ocp = &(*ocp)->soc_next;
511 if ( soc->soc_oid ) {
512 oir = (struct oindexrec *)
513 ch_calloc( 1, sizeof(struct oindexrec) );
514 oir->oir_name = soc->soc_oid;
516 if ( avl_insert( &oc_index, (caddr_t) oir,
517 (AVL_CMP) oc_index_cmp,
518 (AVL_DUP) avl_dup_error ) ) {
521 return SLAP_SCHERR_DUP_CLASS;
523 /* FIX: temporal consistency check */
524 oc_find(oir->oir_name);
526 if ( (names = soc->soc_names) ) {
528 oir = (struct oindexrec *)
529 ch_calloc( 1, sizeof(struct oindexrec) );
530 oir->oir_name = ch_strdup(*names);
532 if ( avl_insert( &oc_index, (caddr_t) oir,
533 (AVL_CMP) oc_index_cmp,
534 (AVL_DUP) avl_dup_error ) ) {
537 return SLAP_SCHERR_DUP_CLASS;
539 /* FIX: temporal consistency check */
540 oc_find(oir->oir_name);
549 LDAP_OBJECT_CLASS *oc,
556 soc = (ObjectClass *) ch_calloc( 1, sizeof(ObjectClass) );
557 memcpy( &soc->soc_oclass, oc, sizeof(LDAP_OBJECT_CLASS));
558 if ( (code = oc_add_sups(soc,soc->soc_sup_oids,err)) != 0 )
560 if ( (code = oc_create_required(soc,soc->soc_at_oids_must,err)) != 0 )
562 if ( (code = oc_create_allowed(soc,soc->soc_at_oids_may,err)) != 0 )
564 code = oc_insert(soc,err);
573 static Avlnode *syn_index = NULL;
574 static Syntax *syn_list = NULL;
578 struct sindexrec *sir1,
579 struct sindexrec *sir2
582 return (strcmp( sir1->sir_name, sir2->sir_name ));
588 struct sindexrec *sir
591 return (strcmp( name, sir->sir_name ));
595 syn_find( const char *synname )
597 struct sindexrec *sir = NULL;
599 if ( (sir = (struct sindexrec *) avl_find( syn_index, synname,
600 (AVL_CMP) syn_index_name_cmp )) != NULL ) {
601 return( sir->sir_syn );
607 syn_find_desc( const char *syndesc, int *len )
611 for (synp = syn_list; synp; synp = synp->ssyn_next)
612 if ((*len = dscompare( synp->ssyn_syn.syn_desc, syndesc, '{')))
624 struct sindexrec *sir;
627 while ( *synp != NULL ) {
628 synp = &(*synp)->ssyn_next;
632 if ( ssyn->ssyn_oid ) {
633 sir = (struct sindexrec *)
634 ch_calloc( 1, sizeof(struct sindexrec) );
635 sir->sir_name = ssyn->ssyn_oid;
637 if ( avl_insert( &syn_index, (caddr_t) sir,
638 (AVL_CMP) syn_index_cmp,
639 (AVL_DUP) avl_dup_error ) ) {
640 *err = ssyn->ssyn_oid;
642 return SLAP_SCHERR_DUP_SYNTAX;
644 /* FIX: temporal consistency check */
645 syn_find(sir->sir_name);
653 slap_syntax_validate_func *validate,
654 slap_syntax_transform_func *ber2str,
655 slap_syntax_transform_func *str2ber,
662 ssyn = (Syntax *) ch_calloc( 1, sizeof(Syntax) );
663 memcpy( &ssyn->ssyn_syn, syn, sizeof(LDAP_SYNTAX));
665 ssyn->ssyn_validate = validate;
666 ssyn->ssyn_ber2str = ber2str;
667 ssyn->ssyn_str2ber = str2ber;
669 code = syn_insert(ssyn,err);
675 MatchingRule *mir_mr;
678 static Avlnode *mr_index = NULL;
679 static MatchingRule *mr_list = NULL;
683 struct mindexrec *mir1,
684 struct mindexrec *mir2
687 return (strcmp( mir1->mir_name, mir2->mir_name ));
693 struct mindexrec *mir
696 return (strcmp( name, mir->mir_name ));
700 mr_find( const char *mrname )
702 struct mindexrec *mir = NULL;
704 if ( (mir = (struct mindexrec *) avl_find( mr_index, mrname,
705 (AVL_CMP) mr_index_name_cmp )) != NULL ) {
706 return( mir->mir_mr );
718 struct mindexrec *mir;
722 while ( *mrp != NULL ) {
723 mrp = &(*mrp)->smr_next;
727 if ( smr->smr_oid ) {
728 mir = (struct mindexrec *)
729 ch_calloc( 1, sizeof(struct mindexrec) );
730 mir->mir_name = smr->smr_oid;
732 if ( avl_insert( &mr_index, (caddr_t) mir,
733 (AVL_CMP) mr_index_cmp,
734 (AVL_DUP) avl_dup_error ) ) {
737 return SLAP_SCHERR_DUP_RULE;
739 /* FIX: temporal consistency check */
740 mr_find(mir->mir_name);
742 if ( (names = smr->smr_names) ) {
744 mir = (struct mindexrec *)
745 ch_calloc( 1, sizeof(struct mindexrec) );
746 mir->mir_name = ch_strdup(*names);
748 if ( avl_insert( &mr_index, (caddr_t) mir,
749 (AVL_CMP) mr_index_cmp,
750 (AVL_DUP) avl_dup_error ) ) {
753 return SLAP_SCHERR_DUP_RULE;
755 /* FIX: temporal consistency check */
756 mr_find(mir->mir_name);
765 LDAP_MATCHING_RULE *mr,
766 slap_mr_convert_func *convert,
767 slap_mr_normalize_func *normalize,
768 slap_mr_match_func *match,
776 smr = (MatchingRule *) ch_calloc( 1, sizeof(MatchingRule) );
777 memcpy( &smr->smr_mrule, mr, sizeof(LDAP_MATCHING_RULE));
779 smr->smr_convert = convert;
780 smr->smr_normalize = normalize;
781 smr->smr_match = match;
783 if ( smr->smr_syntax_oid ) {
784 if ( (syn = syn_find(smr->smr_syntax_oid)) ) {
785 smr->smr_syntax = syn;
787 *err = smr->smr_syntax_oid;
788 return SLAP_SCHERR_SYN_NOT_FOUND;
792 return SLAP_SCHERR_MR_INCOMPLETE;
794 code = mr_insert(smr,err);
803 /* any value allowed */
814 unsigned char *u = in->bv_val;
816 for( count = in->bv_len; count > 0; count+=len, u+=len ) {
817 /* get the length indicated by the first byte */
818 len = LDAP_UTF8_CHARLEN( u );
820 /* should not be zero */
821 if( len == 0 ) return -1;
823 /* make sure len corresponds with the offset
824 to the next character */
825 if( LDAP_UTF8_OFFSET( u ) != len ) return -1;
828 if( count != 0 ) return -1;
838 struct berval **normalized )
840 struct berval *newval;
843 newval = ch_malloc( sizeof( struct berval ) );
847 /* Ignore initial whitespace */
848 while ( ldap_utf8_isspace( p ) ) {
857 newval->bv_val = ch_strdup( p );
858 p = q = newval->bv_val;
864 if ( ldap_utf8_isspace( p ) ) {
865 len = LDAP_UTF8_COPY(q,p);
870 /* Ignore the extra whitespace */
871 while ( ldap_utf8_isspace( p ) ) {
875 len = LDAP_UTF8_COPY(q,p);
882 assert( *newval->bv_val );
883 assert( newval->bv_val < p );
886 /* cannot start with a space */
887 assert( !ldap_utf8_isspace(newval->bv_val) );
890 * If the string ended in space, backup the pointer one
891 * position. One is enough because the above loop collapsed
892 * all whitespace to a single space.
899 /* cannot end with a space */
900 assert( !ldap_utf8_isspace( LDAP_UTF8_PREV(q) ) );
905 newval->bv_len = q - newval->bv_val;
906 normalized = &newval;
918 for(i=0; i < val->bv_len; i++) {
919 if( !isascii(val->bv_val[i]) ) return -1;
929 struct berval **out )
932 struct berval *bv = ch_malloc( sizeof(struct berval) );
933 bv->bv_len = (in->bv_len+1) * sizeof( ldap_unicode_t );
934 bv->bv_val = ch_malloc( bv->bv_len );
936 for(i=0; i < in->bv_len; i++ ) {
938 * IA5StringValidate should have been called to ensure
939 * input is limited to IA5.
941 bv->bv_val[i] = in->bv_val[i];
953 struct berval **normalized )
955 struct berval *newval;
958 newval = ch_malloc( sizeof( struct berval ) );
962 /* Ignore initial whitespace */
963 while ( isspace( *p++ ) ) {
972 newval->bv_val = ch_strdup( p );
973 p = q = newval->bv_val;
976 if ( isspace( *p ) ) {
979 /* Ignore the extra whitespace */
980 while ( isspace( *p++ ) ) {
988 assert( *newval->bv_val );
989 assert( newval->bv_val < p );
992 /* cannot start with a space */
993 assert( !isspace(*newval->bv_val) );
996 * If the string ended in space, backup the pointer one
997 * position. One is enough because the above loop collapsed
998 * all whitespace to a single space.
1001 if ( isspace( q[-1] ) ) {
1005 /* cannot end with a space */
1006 assert( !isspace( q[-1] ) );
1008 /* null terminate */
1011 newval->bv_len = q - newval->bv_val;
1012 normalized = &newval;
1021 struct berval *value,
1022 struct berval *assertedValue )
1024 return strcmp( value->bv_val, assertedValue->bv_val );
1031 struct berval *value,
1032 struct berval *assertedValue )
1034 return strcasecmp( value->bv_val, assertedValue->bv_val );
1040 slap_syntax_validate_func *validate,
1041 slap_syntax_transform_func *ber2str,
1042 slap_syntax_transform_func *str2ber )
1048 syn = ldap_str2syntax( desc, &code, &err);
1050 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s before %s in %s\n",
1051 ldap_scherr2str(code), err, desc );
1055 code = syn_add( syn, validate, ber2str, str2ber, &err );
1057 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s %s in %s\n",
1058 scherr2str(code), err, desc );
1066 register_matching_rule(
1068 slap_mr_convert_func *convert,
1069 slap_mr_normalize_func *normalize,
1070 slap_mr_match_func *match )
1072 LDAP_MATCHING_RULE *mr;
1076 mr = ldap_str2matchingrule( desc, &code, &err);
1078 Debug( LDAP_DEBUG_ANY, "Error in register_matching_rule: %s before %s in %s\n",
1079 ldap_scherr2str(code), err, desc );
1083 code = mr_add( mr, convert, normalize, match, &err );
1085 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s for %s in %s\n",
1086 scherr2str(code), err, desc );
1092 struct syntax_defs_rec {
1094 slap_syntax_validate_func *sd_validate;
1095 slap_syntax_transform_func *sd_ber2str;
1096 slap_syntax_transform_func *sd_str2ber;
1099 struct syntax_defs_rec syntax_defs[] = {
1100 {"( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'AttributeTypeDescription' )",
1102 {"( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' )",
1104 {"( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' )",
1106 {"( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'BitString' )",
1108 {"( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )",
1110 {"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' )",
1112 {"( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'CertificateList' )",
1114 {"( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'CertificatePair' )",
1116 {"( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )",
1118 {"( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'DeliveryMethod' )",
1120 {"( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'DirectoryString' )",
1121 UTF8StringValidate, NULL, NULL},
1122 {"( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DITContentRuleDescription' )",
1124 {"( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DITStructureRuleDescription' )",
1126 {"( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'EnhancedGuide' )",
1128 {"( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'FacsimileTelephoneNumber' )",
1130 {"( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'GeneralizedTime' )",
1132 {"( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )",
1134 {"( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5String' )",
1135 IA5StringValidate, NULL, NULL},
1136 {"( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )",
1138 {"( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' )",
1140 {"( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'MatchingRuleDescription' )",
1142 {"( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'MatchingRuleUseDescription' )",
1144 {"( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'MailPreference' )",
1146 {"( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'NameAndOptionalUID' )",
1148 {"( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'NameFormDescription' )",
1150 {"( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'NumericString' )",
1152 {"( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'ObjectClassDescription' )",
1154 {"( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )",
1156 {"( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'OtherMailbox' )",
1158 {"( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'OctetString' )",
1159 octetStringValidate, NULL, NULL},
1160 {"( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'PostalAddress' )",
1162 {"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'ProtocolInformation' )",
1164 {"( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'PresentationAddress' )",
1166 {"( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'PrintableString' )",
1168 {"( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'SupportedAlgorithm' )",
1170 {"( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'TelephoneNumber' )",
1172 {"( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'TeletexTerminalIdentifier' )",
1174 {"( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'TelexNumber' )",
1176 {"( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTCTime' )",
1178 {"( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAPSyntaxDescription' )",
1180 {"( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'SubstringAssertion' )",
1186 struct mrule_defs_rec {
1188 slap_mr_convert_func *mrd_convert;
1189 slap_mr_normalize_func *mrd_normalize;
1190 slap_mr_match_func *mrd_match;
1194 * Other matching rules in X.520 that we do not use:
1196 * 2.5.13.9 numericStringOrderingMatch
1197 * 2.5.13.12 caseIgnoreListSubstringsMatch
1198 * 2.5.13.13 booleanMatch
1199 * 2.5.13.15 integerOrderingMatch
1200 * 2.5.13.18 octetStringOrderingMatch
1201 * 2.5.13.19 octetStringSubstringsMatch
1202 * 2.5.13.25 uTCTimeMatch
1203 * 2.5.13.26 uTCTimeOrderingMatch
1204 * 2.5.13.31 directoryStringFirstComponentMatch
1205 * 2.5.13.32 wordMatch
1206 * 2.5.13.33 keywordMatch
1207 * 2.5.13.34 certificateExactMatch
1208 * 2.5.13.35 certificateMatch
1209 * 2.5.13.36 certificatePairExactMatch
1210 * 2.5.13.37 certificatePairMatch
1211 * 2.5.13.38 certificateListExactMatch
1212 * 2.5.13.39 certificateListMatch
1213 * 2.5.13.40 algorithmIdentifierMatch
1214 * 2.5.13.41 storedPrefixMatch
1215 * 2.5.13.42 attributeCertificateMatch
1216 * 2.5.13.43 readerAndKeyIDMatch
1217 * 2.5.13.44 attributeIntegrityMatch
1220 /* recycled matching functions */
1221 #define caseIgnoreMatch caseIgnoreIA5Match
1222 #define caseExactMatch caseExactIA5Match
1224 /* unimplemented matching functions */
1225 #define objectIdentifierMatch NULL
1226 #define distinguishedNameMatch NULL
1227 #define caseIgnoreOrderingMatch NULL
1228 #define caseIgnoreSubstringsMatch NULL
1229 #define caseExactOrderingMatch NULL
1230 #define caseExactSubstringsMatch NULL
1231 #define numericStringMatch NULL
1232 #define numericStringSubstringsMatch NULL
1233 #define caseIgnoreListMatch NULL
1234 #define integerMatch NULL
1235 #define bitStringMatch NULL
1236 #define octetStringMatch NULL
1237 #define telephoneNumberMatch NULL
1238 #define telephoneNumberSubstringsMatch NULL
1239 #define presentationAddressMatch NULL
1240 #define uniqueMemberMatch NULL
1241 #define protocolInformationMatch NULL
1242 #define generalizedTimeMatch NULL
1243 #define generalizedTimeOrderingMatch NULL
1244 #define integerFirstComponentMatch NULL
1245 #define objectIdentifierFirstComponentMatch NULL
1246 #define caseIgnoreIA5SubstringsMatch NULL
1248 struct mrule_defs_rec mrule_defs[] = {
1249 {"( 2.5.13.0 NAME 'objectIdentifierMatch' "
1250 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
1251 NULL, NULL, objectIdentifierMatch},
1253 {"( 2.5.13.1 NAME 'distinguishedNameMatch' "
1254 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
1255 NULL, NULL, distinguishedNameMatch},
1257 {"( 2.5.13.2 NAME 'caseIgnoreMatch' "
1258 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1259 NULL, UTF8StringNormalize, caseIgnoreMatch},
1261 {"( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' "
1262 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1263 NULL, UTF8StringNormalize, caseIgnoreOrderingMatch},
1265 {"( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' "
1266 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1267 NULL, UTF8StringNormalize, caseIgnoreSubstringsMatch},
1269 /* Next three are not in the RFC's, but are needed for compatibility */
1270 {"( 2.5.13.5 NAME 'caseExactMatch' "
1271 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1272 NULL, UTF8StringNormalize, caseExactMatch},
1274 {"( 2.5.13.6 NAME 'caseExactOrderingMatch' "
1275 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1276 NULL, UTF8StringNormalize, caseExactOrderingMatch},
1278 {"( 2.5.13.7 NAME 'caseExactSubstringsMatch' "
1279 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1280 NULL, UTF8StringNormalize, caseExactSubstringsMatch},
1282 {"( 2.5.13.8 NAME 'numericStringMatch' "
1283 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )",
1284 NULL, NULL, numericStringMatch},
1286 {"( 2.5.13.10 NAME 'numericStringSubstringsMatch' "
1287 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1288 NULL, NULL, numericStringSubstringsMatch},
1290 {"( 2.5.13.11 NAME 'caseIgnoreListMatch' "
1291 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )",
1292 NULL, NULL, caseIgnoreListMatch},
1294 {"( 2.5.13.14 NAME 'integerMatch' "
1295 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
1296 NULL, NULL, integerMatch},
1298 {"( 2.5.13.16 NAME 'bitStringMatch' "
1299 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )",
1300 NULL, NULL, bitStringMatch},
1302 {"( 2.5.13.17 NAME 'octetStringMatch' "
1303 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
1304 NULL, NULL, octetStringMatch},
1306 {"( 2.5.13.20 NAME 'telephoneNumberMatch' "
1307 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )",
1308 NULL, NULL, telephoneNumberMatch},
1310 {"( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' "
1311 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1312 NULL, NULL, telephoneNumberSubstringsMatch},
1314 {"( 2.5.13.22 NAME 'presentationAddressMatch' "
1315 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 )",
1316 NULL, NULL, presentationAddressMatch},
1318 {"( 2.5.13.23 NAME 'uniqueMemberMatch' "
1319 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )",
1320 NULL, NULL, uniqueMemberMatch},
1322 {"( 2.5.13.24 NAME 'protocolInformationMatch' "
1323 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )",
1324 NULL, NULL, protocolInformationMatch},
1326 {"( 2.5.13.27 NAME 'generalizedTimeMatch' "
1327 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )",
1328 NULL, NULL, generalizedTimeMatch},
1330 {"( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' "
1331 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )",
1332 NULL, NULL, generalizedTimeOrderingMatch},
1334 {"( 2.5.13.29 NAME 'integerFirstComponentMatch' "
1335 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
1336 NULL, NULL, integerFirstComponentMatch},
1338 {"( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' "
1339 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
1340 NULL, NULL, objectIdentifierFirstComponentMatch},
1342 {"( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' "
1343 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1344 NULL, IA5StringNormalize, caseExactIA5Match},
1346 {"( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' "
1347 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1348 NULL, IA5StringNormalize, caseIgnoreIA5Match},
1350 {"( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' "
1351 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1352 NULL, IA5StringNormalize, caseIgnoreIA5SubstringsMatch},
1354 {NULL, NULL, NULL, NULL}
1362 static int schema_init_done = 0;
1364 /* We are called from read_config that is recursive */
1365 if ( schema_init_done )
1368 for ( i=0; syntax_defs[i].sd_desc != NULL; i++ ) {
1369 res = register_syntax( syntax_defs[i].sd_desc,
1370 syntax_defs[i].sd_validate,
1371 syntax_defs[i].sd_ber2str,
1372 syntax_defs[i].sd_str2ber );
1375 fprintf( stderr, "schema_init: Error registering syntax %s\n",
1376 syntax_defs[i].sd_desc );
1377 exit( EXIT_FAILURE );
1381 for ( i=0; mrule_defs[i].mrd_desc != NULL; i++ ) {
1382 res = register_matching_rule(
1383 mrule_defs[i].mrd_desc,
1384 mrule_defs[i].mrd_convert,
1385 mrule_defs[i].mrd_normalize,
1386 mrule_defs[i].mrd_match );
1390 "schema_init: Error registering matching rule %s\n",
1391 mrule_defs[i].mrd_desc );
1392 exit( EXIT_FAILURE );
1395 schema_init_done = 1;
1399 #if defined( SLAPD_SCHEMA_DN )
1402 syn_schema_info( Entry *e )
1405 struct berval *vals[2];
1411 for ( syn = syn_list; syn; syn = syn->ssyn_next ) {
1412 val.bv_val = ldap_syntax2str( &syn->ssyn_syn );
1414 val.bv_len = strlen( val.bv_val );
1415 Debug( LDAP_DEBUG_TRACE, "Merging syn [%ld] %s\n",
1416 (long) val.bv_len, val.bv_val, 0 );
1417 attr_merge( e, "ldapSyntaxes", vals );
1418 ldap_memfree( val.bv_val );
1427 mr_schema_info( Entry *e )
1430 struct berval *vals[2];
1436 for ( mr = mr_list; mr; mr = mr->smr_next ) {
1437 val.bv_val = ldap_matchingrule2str( &mr->smr_mrule );
1439 val.bv_len = strlen( val.bv_val );
1440 Debug( LDAP_DEBUG_TRACE, "Merging mr [%ld] %s\n",
1441 (long) val.bv_len, val.bv_val, 0 );
1442 attr_merge( e, "matchingRules", vals );
1443 ldap_memfree( val.bv_val );
1452 oc_schema_info( Entry *e )
1455 struct berval *vals[2];
1461 for ( oc = oc_list; oc; oc = oc->soc_next ) {
1462 val.bv_val = ldap_objectclass2str( &oc->soc_oclass );
1464 val.bv_len = strlen( val.bv_val );
1465 Debug( LDAP_DEBUG_TRACE, "Merging oc [%ld] %s\n",
1466 (long) val.bv_len, val.bv_val, 0 );
1467 attr_merge( e, "objectClasses", vals );
1468 ldap_memfree( val.bv_val );
1477 schema_info( Connection *conn, Operation *op, char **attrs, int attrsonly )
1481 struct berval *vals[2];
1486 e = (Entry *) ch_calloc( 1, sizeof(Entry) );
1489 e->e_dn = ch_strdup( SLAPD_SCHEMA_DN );
1490 e->e_ndn = ch_strdup( SLAPD_SCHEMA_DN );
1491 (void) dn_normalize( e->e_ndn );
1492 e->e_private = NULL;
1495 char *rdn = ch_strdup( SLAPD_SCHEMA_DN );
1496 val.bv_val = strchr( rdn, '=' );
1498 if( val.bv_val != NULL ) {
1500 val.bv_len = strlen( ++val.bv_val );
1502 attr_merge( e, rdn, vals );
1508 if ( syn_schema_info( e ) ) {
1509 /* Out of memory, do something about it */
1513 if ( mr_schema_info( e ) ) {
1514 /* Out of memory, do something about it */
1518 if ( at_schema_info( e ) ) {
1519 /* Out of memory, do something about it */
1523 if ( oc_schema_info( e ) ) {
1524 /* Out of memory, do something about it */
1530 val.bv_len = sizeof("top")-1;
1531 attr_merge( e, "objectClass", vals );
1533 val.bv_val = "LDAPsubentry";
1534 val.bv_len = sizeof("LDAPsubentry")-1;
1535 attr_merge( e, "objectClass", vals );
1537 val.bv_val = "subschema";
1538 val.bv_len = sizeof("subschema")-1;
1539 attr_merge( e, "objectClass", vals );
1541 val.bv_val = "extensibleObject";
1542 val.bv_len = sizeof("extensibleObject")-1;
1543 attr_merge( e, "objectClass", vals );
1545 send_search_entry( &backends[0], conn, op,
1546 e, attrs, attrsonly, NULL );
1547 send_search_result( conn, op, LDAP_SUCCESS,
1548 NULL, NULL, NULL, NULL, 1 );
1557 oc_print( ObjectClass *oc )
1562 printf( "objectclass %s\n", ldap_objectclass2name( &oc->soc_oclass ) );
1563 if ( oc->soc_required != NULL ) {
1564 mid = "\trequires ";
1565 for ( i = 0; oc->soc_required[i] != NULL; i++, mid = "," )
1566 printf( "%s%s", mid,
1567 ldap_attributetype2name( &oc->soc_required[i]->sat_atype ) );
1570 if ( oc->soc_allowed != NULL ) {
1572 for ( i = 0; oc->soc_allowed[i] != NULL; i++, mid = "," )
1573 printf( "%s%s", mid,
1574 ldap_attributetype2name( &oc->soc_allowed[i]->sat_atype ) );
1582 int is_entry_objectclass(
1589 if( e == NULL || oc == NULL || *oc == '\0' )
1593 * find objectClass attribute
1595 attr = attr_find(e->e_attrs, "objectclass");
1597 if( attr == NULL ) {
1598 /* no objectClass attribute */
1602 bv.bv_val = (char *) oc;
1603 bv.bv_len = strlen( bv.bv_val );
1605 if( value_find(attr->a_vals, &bv, attr->a_syntax, 1) != 0) {
1606 /* entry is not of this objectclass */