1 /* schema.c - routines to enforce schema definitions */
4 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
13 #include <ac/string.h>
14 #include <ac/socket.h>
19 static char * oc_check_required(Entry *e, char *ocname);
20 static int oc_check_allowed(char *type, struct berval **ocl);
23 * oc_check - check that entry e conforms to the schema required by
24 * its object class(es). returns 0 if so, non-zero otherwise.
28 oc_schema_check( Entry *e )
36 /* find the object class attribute - could error out here */
37 if ( (aoc = attr_find( e->e_attrs, "objectclass" )) == NULL ) {
38 Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n",
43 /* check that the entry has required attrs for each oc */
44 for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
45 if ( (oc = oc_find( aoc->a_vals[i]->bv_val )) == NULL ) {
46 Debug( LDAP_DEBUG_ANY,
47 "Objectclass \"%s\" not defined\n",
48 aoc->a_vals[i]->bv_val, 0, 0 );
52 char *s = oc_check_required( e, aoc->a_vals[i]->bv_val );
55 Debug( LDAP_DEBUG_ANY,
56 "Entry (%s), oc \"%s\" requires attr \"%s\"\n",
57 e->e_dn, aoc->a_vals[i]->bv_val, s );
67 /* check that each attr in the entry is allowed by some oc */
68 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
69 if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) {
70 Debug( LDAP_DEBUG_ANY,
71 "Entry (%s), attr \"%s\" not allowed\n",
72 e->e_dn, a->a_type, 0 );
81 oc_check_required( Entry *e, char *ocname )
89 Debug( LDAP_DEBUG_TRACE,
90 "oc_check_required entry (%s), objectclass \"%s\"\n",
93 /* find global oc defn. it we don't know about it assume it's ok */
94 if ( (oc = oc_find( ocname )) == NULL ) {
98 /* check for empty oc_required */
99 if(oc->soc_required == NULL) {
103 /* for each required attribute */
104 for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
105 at = oc->soc_required[i];
106 /* see if it's in the entry */
107 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
109 strcmp( a->a_type, at->sat_oid ) == 0 ) {
114 /* Empty name list => not found */
119 if ( strcasecmp( a->a_type, *pp ) == 0 ) {
128 /* not there => schema violation */
130 if ( at->sat_names && at->sat_names[0] ) {
131 return at->sat_names[0];
141 static char *oc_usermod_attrs[] = {
143 * OpenLDAP doesn't support any user modification of
144 * operational attributes.
149 static char *oc_operational_attrs[] = {
151 * these are operational attributes
152 * most could be user modifiable
163 "supportedExtension",
165 "supportedSASLMechanisms",
166 "supportedLDAPversion",
167 "supportedACIMechanisms",
168 "subschemaSubentry", /* NO USER MOD */
173 /* this list should be extensible */
174 static char *oc_no_usermod_attrs[] = {
176 * Operational and 'no user modification' attributes
177 * which are STORED in the directory server.
191 * check to see if attribute is 'operational' or not.
194 oc_check_operational_attr( const char *type )
196 return charray_inlist( oc_operational_attrs, type )
197 || charray_inlist( oc_usermod_attrs, type )
198 || charray_inlist( oc_no_usermod_attrs, type );
202 * check to see if attribute can be user modified or not.
205 oc_check_usermod_attr( const char *type )
207 return charray_inlist( oc_usermod_attrs, type );
211 * check to see if attribute is 'no user modification' or not.
214 oc_check_no_usermod_attr( const char *type )
216 return charray_inlist( oc_no_usermod_attrs, type );
221 oc_check_allowed( char *type, struct berval **ocl )
229 Debug( LDAP_DEBUG_TRACE,
230 "oc_check_allowed type \"%s\"\n", type, 0, 0 );
232 /* always allow objectclass attribute */
233 if ( strcasecmp( type, "objectclass" ) == 0 ) {
238 * All operational attributions are allowed by schema rules.
239 * However, we only check attributions which are stored in the
240 * the directory regardless if they are user or non-user modified.
242 if ( oc_check_usermod_attr( type ) || oc_check_no_usermod_attr( type ) ) {
247 * The "type" we have received is actually an AttributeDescription.
248 * Let's find out the corresponding type.
250 p = strchr( type, ';' );
252 t = ch_malloc( p-type+1 );
253 strncpy( t, type, p-type );
255 Debug( LDAP_DEBUG_TRACE,
256 "oc_check_allowed type \"%s\" from \"%s\"\n",
263 /* check that the type appears as req or opt in at least one oc */
264 for ( i = 0; ocl[i] != NULL; i++ ) {
265 /* if we know about the oc */
266 if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) {
267 /* does it require the type? */
268 for ( j = 0; oc->soc_required != NULL &&
269 oc->soc_required[j] != NULL; j++ ) {
270 at = oc->soc_required[j];
272 strcmp(at->sat_oid, t ) == 0 ) {
281 if ( strcasecmp( *pp, t ) == 0 ) {
289 /* does it allow the type? */
290 for ( j = 0; oc->soc_allowed != NULL &&
291 oc->soc_allowed[j] != NULL; j++ ) {
292 at = oc->soc_allowed[j];
294 strcmp( at->sat_oid, t ) == 0 ) {
303 if ( strcasecmp( *pp, t ) == 0 ||
304 strcmp( *pp, "*" ) == 0 ) {
312 /* maybe the next oc allows it */
314 #ifdef OC_UNDEFINED_IMPLES_EXTENSIBLE
315 /* we don't know about the oc. assume it allows it */
326 /* not allowed by any oc */
335 static Avlnode *oc_index = NULL;
336 static ObjectClass *oc_list = NULL;
340 struct oindexrec *oir1,
341 struct oindexrec *oir2
344 return (strcasecmp( oir1->oir_name, oir2->oir_name ));
350 struct oindexrec *oir
353 return (strcasecmp( name, oir->oir_name ));
357 oc_find( const char *ocname )
359 struct oindexrec *oir = NULL;
361 if ( (oir = (struct oindexrec *) avl_find( oc_index, ocname,
362 (AVL_CMP) oc_index_name_cmp )) != NULL ) {
363 return( oir->oir_oc );
377 AttributeType **satp;
383 sat = at_find(*attrs1);
386 return SLAP_SCHERR_ATTR_NOT_FOUND;
388 if ( at_find_in_list(sat, soc->soc_required) < 0) {
389 if ( at_append_to_list(sat, &soc->soc_required) ) {
391 return SLAP_SCHERR_OUTOFMEM;
396 /* Now delete duplicates from the allowed list */
397 for ( satp = soc->soc_required; *satp; satp++ ) {
398 i = at_find_in_list(*satp,soc->soc_allowed);
400 at_delete_from_list(i, &soc->soc_allowed);
420 sat = at_find(*attrs1);
423 return SLAP_SCHERR_ATTR_NOT_FOUND;
425 if ( at_find_in_list(sat, soc->soc_required) < 0 &&
426 at_find_in_list(sat, soc->soc_allowed) < 0 ) {
427 if ( at_append_to_list(sat, &soc->soc_allowed) ) {
429 return SLAP_SCHERR_OUTOFMEM;
452 if ( !soc->soc_sups ) {
453 /* We are at the first recursive level */
462 soc->soc_sups = (ObjectClass **)ch_calloc(1,
463 nsups*sizeof(ObjectClass *));
468 soc1 = oc_find(*sups1);
471 return SLAP_SCHERR_CLASS_NOT_FOUND;
475 soc->soc_sups[nsups] = soc1;
477 code = oc_add_sups(soc,soc1->soc_sup_oids, err);
481 code = oc_create_required(soc,soc1->soc_at_oids_must,err);
484 code = oc_create_allowed(soc,soc1->soc_at_oids_may,err);
502 struct oindexrec *oir;
506 while ( *ocp != NULL ) {
507 ocp = &(*ocp)->soc_next;
511 if ( soc->soc_oid ) {
512 oir = (struct oindexrec *)
513 ch_calloc( 1, sizeof(struct oindexrec) );
514 oir->oir_name = soc->soc_oid;
516 if ( avl_insert( &oc_index, (caddr_t) oir,
517 (AVL_CMP) oc_index_cmp,
518 (AVL_DUP) avl_dup_error ) ) {
521 return SLAP_SCHERR_DUP_CLASS;
523 /* FIX: temporal consistency check */
524 oc_find(oir->oir_name);
526 if ( (names = soc->soc_names) ) {
528 oir = (struct oindexrec *)
529 ch_calloc( 1, sizeof(struct oindexrec) );
530 oir->oir_name = ch_strdup(*names);
532 if ( avl_insert( &oc_index, (caddr_t) oir,
533 (AVL_CMP) oc_index_cmp,
534 (AVL_DUP) avl_dup_error ) ) {
537 return SLAP_SCHERR_DUP_CLASS;
539 /* FIX: temporal consistency check */
540 oc_find(oir->oir_name);
549 LDAP_OBJECT_CLASS *oc,
556 soc = (ObjectClass *) ch_calloc( 1, sizeof(ObjectClass) );
557 memcpy( &soc->soc_oclass, oc, sizeof(LDAP_OBJECT_CLASS));
558 if ( (code = oc_add_sups(soc,soc->soc_sup_oids,err)) != 0 )
560 if ( (code = oc_create_required(soc,soc->soc_at_oids_must,err)) != 0 )
562 if ( (code = oc_create_allowed(soc,soc->soc_at_oids_may,err)) != 0 )
564 code = oc_insert(soc,err);
573 static Avlnode *syn_index = NULL;
574 static Syntax *syn_list = NULL;
578 struct sindexrec *sir1,
579 struct sindexrec *sir2
582 return (strcmp( sir1->sir_name, sir2->sir_name ));
588 struct sindexrec *sir
591 return (strcmp( name, sir->sir_name ));
595 syn_find( const char *synname )
597 struct sindexrec *sir = NULL;
599 if ( (sir = (struct sindexrec *) avl_find( syn_index, synname,
600 (AVL_CMP) syn_index_name_cmp )) != NULL ) {
601 return( sir->sir_syn );
607 syn_find_desc( const char *syndesc, int *len )
611 for (synp = syn_list; synp; synp = synp->ssyn_next)
612 if ((*len = dscompare( synp->ssyn_syn.syn_desc, syndesc, '{')))
624 struct sindexrec *sir;
627 while ( *synp != NULL ) {
628 synp = &(*synp)->ssyn_next;
632 if ( ssyn->ssyn_oid ) {
633 sir = (struct sindexrec *)
634 ch_calloc( 1, sizeof(struct sindexrec) );
635 sir->sir_name = ssyn->ssyn_oid;
637 if ( avl_insert( &syn_index, (caddr_t) sir,
638 (AVL_CMP) syn_index_cmp,
639 (AVL_DUP) avl_dup_error ) ) {
640 *err = ssyn->ssyn_oid;
642 return SLAP_SCHERR_DUP_SYNTAX;
644 /* FIX: temporal consistency check */
645 syn_find(sir->sir_name);
653 slap_syntax_validate_func *validate,
654 slap_syntax_transform_func *ber2str,
655 slap_syntax_transform_func *str2ber,
662 ssyn = (Syntax *) ch_calloc( 1, sizeof(Syntax) );
663 memcpy( &ssyn->ssyn_syn, syn, sizeof(LDAP_SYNTAX));
665 ssyn->ssyn_validate = validate;
666 ssyn->ssyn_ber2str = ber2str;
667 ssyn->ssyn_str2ber = str2ber;
669 code = syn_insert(ssyn,err);
675 MatchingRule *mir_mr;
678 static Avlnode *mr_index = NULL;
679 static MatchingRule *mr_list = NULL;
683 struct mindexrec *mir1,
684 struct mindexrec *mir2
687 return (strcmp( mir1->mir_name, mir2->mir_name ));
693 struct mindexrec *mir
696 return (strcmp( name, mir->mir_name ));
700 mr_find( const char *mrname )
702 struct mindexrec *mir = NULL;
704 if ( (mir = (struct mindexrec *) avl_find( mr_index, mrname,
705 (AVL_CMP) mr_index_name_cmp )) != NULL ) {
706 return( mir->mir_mr );
718 struct mindexrec *mir;
722 while ( *mrp != NULL ) {
723 mrp = &(*mrp)->smr_next;
727 if ( smr->smr_oid ) {
728 mir = (struct mindexrec *)
729 ch_calloc( 1, sizeof(struct mindexrec) );
730 mir->mir_name = smr->smr_oid;
732 if ( avl_insert( &mr_index, (caddr_t) mir,
733 (AVL_CMP) mr_index_cmp,
734 (AVL_DUP) avl_dup_error ) ) {
737 return SLAP_SCHERR_DUP_RULE;
739 /* FIX: temporal consistency check */
740 mr_find(mir->mir_name);
742 if ( (names = smr->smr_names) ) {
744 mir = (struct mindexrec *)
745 ch_calloc( 1, sizeof(struct mindexrec) );
746 mir->mir_name = ch_strdup(*names);
748 if ( avl_insert( &mr_index, (caddr_t) mir,
749 (AVL_CMP) mr_index_cmp,
750 (AVL_DUP) avl_dup_error ) ) {
753 return SLAP_SCHERR_DUP_RULE;
755 /* FIX: temporal consistency check */
756 mr_find(mir->mir_name);
765 LDAP_MATCHING_RULE *mr,
766 slap_mr_convert_func *convert,
767 slap_mr_normalize_func *normalize,
768 slap_mr_match_func *match,
776 smr = (MatchingRule *) ch_calloc( 1, sizeof(MatchingRule) );
777 memcpy( &smr->smr_mrule, mr, sizeof(LDAP_MATCHING_RULE));
779 smr->smr_convert = convert;
780 smr->smr_normalize = normalize;
781 smr->smr_match = match;
783 if ( smr->smr_syntax_oid ) {
784 if ( (syn = syn_find(smr->smr_syntax_oid)) ) {
785 smr->smr_syntax = syn;
787 *err = smr->smr_syntax_oid;
788 return SLAP_SCHERR_SYN_NOT_FOUND;
792 return SLAP_SCHERR_MR_INCOMPLETE;
794 code = mr_insert(smr,err);
803 /* any value allowed */
814 unsigned char *u = in->bv_val;
816 for( count = in->bv_len; count > 0; count+=len, u+=len ) {
817 /* get the length indicated by the first byte */
818 len = LDAP_UTF8_CHARLEN( u );
820 /* should not be zero */
821 if( len == 0 ) return -1;
823 /* make sure len corresponds with the offset
824 to the next character */
825 if( LDAP_UTF8_OFFSET( u ) != len ) return -1;
828 if( count != 0 ) return -1;
838 struct berval **normalized )
840 struct berval *newval;
843 newval = ch_malloc( sizeof( struct berval ) );
847 /* Ignore initial whitespace */
848 while ( ldap_utf8_isspace( p ) ) {
857 newval->bv_val = ch_strdup( p );
858 p = q = newval->bv_val;
864 if ( ldap_utf8_isspace( p ) ) {
865 len = LDAP_UTF8_COPY(q,p);
870 /* Ignore the extra whitespace */
871 while ( ldap_utf8_isspace( p ) ) {
875 len = LDAP_UTF8_COPY(q,p);
882 assert( *newval->bv_val );
883 assert( newval->bv_val < p );
886 /* cannot start with a space */
887 assert( !ldap_utf8_isspace(newval->bv_val) );
890 * If the string ended in space, backup the pointer one
891 * position. One is enough because the above loop collapsed
892 * all whitespace to a single space.
899 /* cannot end with a space */
900 assert( !ldap_utf8_isspace( LDAP_UTF8_PREV(q) ) );
905 newval->bv_len = q - newval->bv_val;
906 normalized = &newval;
918 for(i=0; i < val->bv_len; i++) {
919 if( !isascii(val->bv_val[i]) ) return -1;
930 struct berval **normalized )
932 struct berval *newval;
935 newval = ch_malloc( sizeof( struct berval ) );
939 /* Ignore initial whitespace */
940 while ( isspace( *p++ ) ) {
949 newval->bv_val = ch_strdup( p );
950 p = q = newval->bv_val;
953 if ( isspace( *p ) ) {
956 /* Ignore the extra whitespace */
957 while ( isspace( *p++ ) ) {
965 assert( *newval->bv_val );
966 assert( newval->bv_val < p );
969 /* cannot start with a space */
970 assert( !isspace(*newval->bv_val) );
973 * If the string ended in space, backup the pointer one
974 * position. One is enough because the above loop collapsed
975 * all whitespace to a single space.
978 if ( isspace( q[-1] ) ) {
982 /* cannot end with a space */
983 assert( !isspace( q[-1] ) );
988 newval->bv_len = q - newval->bv_val;
989 normalized = &newval;
998 struct berval *value,
999 struct berval *assertedValue )
1001 return strcmp( value->bv_val, assertedValue->bv_val );
1008 struct berval *value,
1009 struct berval *assertedValue )
1011 return strcasecmp( value->bv_val, assertedValue->bv_val );
1017 slap_syntax_validate_func *validate,
1018 slap_syntax_transform_func *ber2str,
1019 slap_syntax_transform_func *str2ber )
1025 syn = ldap_str2syntax( desc, &code, &err);
1027 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s before %s in %s\n",
1028 ldap_scherr2str(code), err, desc );
1032 code = syn_add( syn, validate, ber2str, str2ber, &err );
1034 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s %s in %s\n",
1035 scherr2str(code), err, desc );
1043 register_matching_rule(
1045 slap_mr_convert_func *convert,
1046 slap_mr_normalize_func *normalize,
1047 slap_mr_match_func *match )
1049 LDAP_MATCHING_RULE *mr;
1053 mr = ldap_str2matchingrule( desc, &code, &err);
1055 Debug( LDAP_DEBUG_ANY, "Error in register_matching_rule: %s before %s in %s\n",
1056 ldap_scherr2str(code), err, desc );
1060 code = mr_add( mr, convert, normalize, match, &err );
1062 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s for %s in %s\n",
1063 scherr2str(code), err, desc );
1069 struct syntax_defs_rec {
1071 slap_syntax_validate_func *sd_validate;
1072 slap_syntax_transform_func *sd_ber2str;
1073 slap_syntax_transform_func *sd_str2ber;
1076 struct syntax_defs_rec syntax_defs[] = {
1077 {"( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'AttributeTypeDescription' )",
1079 {"( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' )",
1081 {"( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' )",
1083 {"( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'BitString' )",
1085 {"( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )",
1087 {"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' )",
1089 {"( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'CertificateList' )",
1091 {"( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'CertificatePair' )",
1093 {"( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )",
1095 {"( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'DeliveryMethod' )",
1097 {"( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'DirectoryString' )",
1098 UTF8StringValidate, NULL, NULL},
1099 {"( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DITContentRuleDescription' )",
1101 {"( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DITStructureRuleDescription' )",
1103 {"( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'EnhancedGuide' )",
1105 {"( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'FacsimileTelephoneNumber' )",
1107 {"( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'GeneralizedTime' )",
1109 {"( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )",
1111 {"( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5String' )",
1112 IA5StringValidate, NULL, NULL},
1113 {"( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )",
1115 {"( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' )",
1117 {"( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'MatchingRuleDescription' )",
1119 {"( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'MatchingRuleUseDescription' )",
1121 {"( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'MailPreference' )",
1123 {"( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'NameAndOptionalUID' )",
1125 {"( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'NameFormDescription' )",
1127 {"( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'NumericString' )",
1129 {"( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'ObjectClassDescription' )",
1131 {"( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )",
1133 {"( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'OtherMailbox' )",
1135 {"( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'OctetString' )",
1136 octetStringValidate, NULL, NULL},
1137 {"( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'PostalAddress' )",
1139 {"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'ProtocolInformation' )",
1141 {"( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'PresentationAddress' )",
1143 {"( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'PrintableString' )",
1145 {"( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'SupportedAlgorithm' )",
1147 {"( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'TelephoneNumber' )",
1149 {"( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'TeletexTerminalIdentifier' )",
1151 {"( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'TelexNumber' )",
1153 {"( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTCTime' )",
1155 {"( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAPSyntaxDescription' )",
1157 {"( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'SubstringAssertion' )",
1163 struct mrule_defs_rec {
1165 slap_mr_convert_func *mrd_convert;
1166 slap_mr_normalize_func *mrd_normalize;
1167 slap_mr_match_func *mrd_match;
1171 * Other matching rules in X.520 that we do not use:
1173 * 2.5.13.9 numericStringOrderingMatch
1174 * 2.5.13.12 caseIgnoreListSubstringsMatch
1175 * 2.5.13.13 booleanMatch
1176 * 2.5.13.15 integerOrderingMatch
1177 * 2.5.13.18 octetStringOrderingMatch
1178 * 2.5.13.19 octetStringSubstringsMatch
1179 * 2.5.13.25 uTCTimeMatch
1180 * 2.5.13.26 uTCTimeOrderingMatch
1181 * 2.5.13.31 directoryStringFirstComponentMatch
1182 * 2.5.13.32 wordMatch
1183 * 2.5.13.33 keywordMatch
1184 * 2.5.13.34 certificateExactMatch
1185 * 2.5.13.35 certificateMatch
1186 * 2.5.13.36 certificatePairExactMatch
1187 * 2.5.13.37 certificatePairMatch
1188 * 2.5.13.38 certificateListExactMatch
1189 * 2.5.13.39 certificateListMatch
1190 * 2.5.13.40 algorithmIdentifierMatch
1191 * 2.5.13.41 storedPrefixMatch
1192 * 2.5.13.42 attributeCertificateMatch
1193 * 2.5.13.43 readerAndKeyIDMatch
1194 * 2.5.13.44 attributeIntegrityMatch
1197 /* recycled matching functions */
1198 #define caseIgnoreMatch caseIgnoreIA5Match
1199 #define caseExactMatch caseExactIA5Match
1201 /* unimplemented matching functions */
1202 #define objectIdentifierMatch NULL
1203 #define distinguishedNameMatch NULL
1204 #define caseIgnoreOrderingMatch NULL
1205 #define caseIgnoreSubstringsMatch NULL
1206 #define caseExactOrderingMatch NULL
1207 #define caseExactSubstringsMatch NULL
1208 #define numericStringMatch NULL
1209 #define numericStringSubstringsMatch NULL
1210 #define caseIgnoreListMatch NULL
1211 #define integerMatch NULL
1212 #define bitStringMatch NULL
1213 #define octetStringMatch NULL
1214 #define telephoneNumberMatch NULL
1215 #define telephoneNumberSubstringsMatch NULL
1216 #define presentationAddressMatch NULL
1217 #define uniqueMemberMatch NULL
1218 #define protocolInformationMatch NULL
1219 #define generalizedTimeMatch NULL
1220 #define generalizedTimeOrderingMatch NULL
1221 #define integerFirstComponentMatch NULL
1222 #define objectIdentifierFirstComponentMatch NULL
1223 #define caseIgnoreIA5SubstringsMatch NULL
1225 struct mrule_defs_rec mrule_defs[] = {
1226 {"( 2.5.13.0 NAME 'objectIdentifierMatch' "
1227 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
1228 NULL, NULL, objectIdentifierMatch},
1230 {"( 2.5.13.1 NAME 'distinguishedNameMatch' "
1231 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
1232 NULL, NULL, distinguishedNameMatch},
1234 {"( 2.5.13.2 NAME 'caseIgnoreMatch' "
1235 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1236 NULL, UTF8StringNormalize, caseIgnoreMatch},
1238 {"( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' "
1239 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1240 NULL, UTF8StringNormalize, caseIgnoreOrderingMatch},
1242 {"( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' "
1243 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1244 NULL, UTF8StringNormalize, caseIgnoreSubstringsMatch},
1246 /* Next three are not in the RFC's, but are needed for compatibility */
1247 {"( 2.5.13.5 NAME 'caseExactMatch' "
1248 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1249 NULL, UTF8StringNormalize, caseExactMatch},
1251 {"( 2.5.13.6 NAME 'caseExactOrderingMatch' "
1252 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1253 NULL, UTF8StringNormalize, caseExactOrderingMatch},
1255 {"( 2.5.13.7 NAME 'caseExactSubstringsMatch' "
1256 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1257 NULL, UTF8StringNormalize, caseExactSubstringsMatch},
1259 {"( 2.5.13.8 NAME 'numericStringMatch' "
1260 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )",
1261 NULL, NULL, numericStringMatch},
1263 {"( 2.5.13.10 NAME 'numericStringSubstringsMatch' "
1264 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1265 NULL, NULL, numericStringSubstringsMatch},
1267 {"( 2.5.13.11 NAME 'caseIgnoreListMatch' "
1268 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )",
1269 NULL, NULL, caseIgnoreListMatch},
1271 {"( 2.5.13.14 NAME 'integerMatch' "
1272 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
1273 NULL, NULL, integerMatch},
1275 {"( 2.5.13.16 NAME 'bitStringMatch' "
1276 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )",
1277 NULL, NULL, bitStringMatch},
1279 {"( 2.5.13.17 NAME 'octetStringMatch' "
1280 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
1281 NULL, NULL, octetStringMatch},
1283 {"( 2.5.13.20 NAME 'telephoneNumberMatch' "
1284 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )",
1285 NULL, NULL, telephoneNumberMatch},
1287 {"( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' "
1288 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1289 NULL, NULL, telephoneNumberSubstringsMatch},
1291 {"( 2.5.13.22 NAME 'presentationAddressMatch' "
1292 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 )",
1293 NULL, NULL, presentationAddressMatch},
1295 {"( 2.5.13.23 NAME 'uniqueMemberMatch' "
1296 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )",
1297 NULL, NULL, uniqueMemberMatch},
1299 {"( 2.5.13.24 NAME 'protocolInformationMatch' "
1300 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )",
1301 NULL, NULL, protocolInformationMatch},
1303 {"( 2.5.13.27 NAME 'generalizedTimeMatch' "
1304 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )",
1305 NULL, NULL, generalizedTimeMatch},
1307 {"( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' "
1308 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )",
1309 NULL, NULL, generalizedTimeOrderingMatch},
1311 {"( 2.5.13.29 NAME 'integerFirstComponentMatch' "
1312 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
1313 NULL, NULL, integerFirstComponentMatch},
1315 {"( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' "
1316 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
1317 NULL, NULL, objectIdentifierFirstComponentMatch},
1319 {"( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' "
1320 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1321 NULL, IA5StringNormalize, caseExactIA5Match},
1323 {"( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' "
1324 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1325 NULL, IA5StringNormalize, caseIgnoreIA5Match},
1327 {"( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' "
1328 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1329 NULL, IA5StringNormalize, caseIgnoreIA5SubstringsMatch},
1331 {NULL, NULL, NULL, NULL}
1339 static int schema_init_done = 0;
1341 /* We are called from read_config that is recursive */
1342 if ( schema_init_done )
1345 for ( i=0; syntax_defs[i].sd_desc != NULL; i++ ) {
1346 res = register_syntax( syntax_defs[i].sd_desc,
1347 syntax_defs[i].sd_validate,
1348 syntax_defs[i].sd_ber2str,
1349 syntax_defs[i].sd_str2ber );
1352 fprintf( stderr, "schema_init: Error registering syntax %s\n",
1353 syntax_defs[i].sd_desc );
1354 exit( EXIT_FAILURE );
1358 for ( i=0; mrule_defs[i].mrd_desc != NULL; i++ ) {
1359 res = register_matching_rule(
1360 mrule_defs[i].mrd_desc,
1361 mrule_defs[i].mrd_convert,
1362 mrule_defs[i].mrd_normalize,
1363 mrule_defs[i].mrd_match );
1367 "schema_init: Error registering matching rule %s\n",
1368 mrule_defs[i].mrd_desc );
1369 exit( EXIT_FAILURE );
1372 schema_init_done = 1;
1376 #if defined( SLAPD_SCHEMA_DN )
1379 syn_schema_info( Entry *e )
1382 struct berval *vals[2];
1388 for ( syn = syn_list; syn; syn = syn->ssyn_next ) {
1389 val.bv_val = ldap_syntax2str( &syn->ssyn_syn );
1391 val.bv_len = strlen( val.bv_val );
1392 Debug( LDAP_DEBUG_TRACE, "Merging syn [%ld] %s\n",
1393 (long) val.bv_len, val.bv_val, 0 );
1394 attr_merge( e, "ldapSyntaxes", vals );
1395 ldap_memfree( val.bv_val );
1404 mr_schema_info( Entry *e )
1407 struct berval *vals[2];
1413 for ( mr = mr_list; mr; mr = mr->smr_next ) {
1414 val.bv_val = ldap_matchingrule2str( &mr->smr_mrule );
1416 val.bv_len = strlen( val.bv_val );
1417 Debug( LDAP_DEBUG_TRACE, "Merging mr [%ld] %s\n",
1418 (long) val.bv_len, val.bv_val, 0 );
1419 attr_merge( e, "matchingRules", vals );
1420 ldap_memfree( val.bv_val );
1429 oc_schema_info( Entry *e )
1432 struct berval *vals[2];
1438 for ( oc = oc_list; oc; oc = oc->soc_next ) {
1439 val.bv_val = ldap_objectclass2str( &oc->soc_oclass );
1441 val.bv_len = strlen( val.bv_val );
1442 Debug( LDAP_DEBUG_TRACE, "Merging oc [%ld] %s\n",
1443 (long) val.bv_len, val.bv_val, 0 );
1444 attr_merge( e, "objectClasses", vals );
1445 ldap_memfree( val.bv_val );
1454 schema_info( Connection *conn, Operation *op, char **attrs, int attrsonly )
1458 struct berval *vals[2];
1463 e = (Entry *) ch_calloc( 1, sizeof(Entry) );
1466 e->e_dn = ch_strdup( SLAPD_SCHEMA_DN );
1467 e->e_ndn = ch_strdup( SLAPD_SCHEMA_DN );
1468 (void) dn_normalize( e->e_ndn );
1469 e->e_private = NULL;
1472 char *rdn = ch_strdup( SLAPD_SCHEMA_DN );
1473 val.bv_val = strchr( rdn, '=' );
1475 if( val.bv_val != NULL ) {
1477 val.bv_len = strlen( ++val.bv_val );
1479 attr_merge( e, rdn, vals );
1485 if ( syn_schema_info( e ) ) {
1486 /* Out of memory, do something about it */
1490 if ( mr_schema_info( e ) ) {
1491 /* Out of memory, do something about it */
1495 if ( at_schema_info( e ) ) {
1496 /* Out of memory, do something about it */
1500 if ( oc_schema_info( e ) ) {
1501 /* Out of memory, do something about it */
1507 val.bv_len = sizeof("top")-1;
1508 attr_merge( e, "objectClass", vals );
1510 val.bv_val = "LDAPsubentry";
1511 val.bv_len = sizeof("LDAPsubentry")-1;
1512 attr_merge( e, "objectClass", vals );
1514 val.bv_val = "subschema";
1515 val.bv_len = sizeof("subschema")-1;
1516 attr_merge( e, "objectClass", vals );
1518 val.bv_val = "extensibleObject";
1519 val.bv_len = sizeof("extensibleObject")-1;
1520 attr_merge( e, "objectClass", vals );
1522 send_search_entry( &backends[0], conn, op,
1523 e, attrs, attrsonly, NULL );
1524 send_search_result( conn, op, LDAP_SUCCESS,
1525 NULL, NULL, NULL, NULL, 1 );
1534 oc_print( ObjectClass *oc )
1539 printf( "objectclass %s\n", ldap_objectclass2name( &oc->soc_oclass ) );
1540 if ( oc->soc_required != NULL ) {
1541 mid = "\trequires ";
1542 for ( i = 0; oc->soc_required[i] != NULL; i++, mid = "," )
1543 printf( "%s%s", mid,
1544 ldap_attributetype2name( &oc->soc_required[i]->sat_atype ) );
1547 if ( oc->soc_allowed != NULL ) {
1549 for ( i = 0; oc->soc_allowed[i] != NULL; i++, mid = "," )
1550 printf( "%s%s", mid,
1551 ldap_attributetype2name( &oc->soc_allowed[i]->sat_atype ) );
1559 int is_entry_objectclass(
1566 if( e == NULL || oc == NULL || *oc == '\0' )
1570 * find objectClass attribute
1572 attr = attr_find(e->e_attrs, "objectclass");
1574 if( attr == NULL ) {
1575 /* no objectClass attribute */
1579 bv.bv_val = (char *) oc;
1580 bv.bv_len = strlen( bv.bv_val );
1582 if( value_find(attr->a_vals, &bv, attr->a_syntax, 1) != 0) {
1583 /* entry is not of this objectclass */