1 /* schema.c - routines to enforce schema definitions */
4 * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
5 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
13 #include <ac/string.h>
14 #include <ac/socket.h>
19 static char * oc_check_required(Entry *e, char *ocname);
20 static int oc_check_allowed(char *type, struct berval **ocl);
23 * oc_check - check that entry e conforms to the schema required by
24 * its object class(es). returns 0 if so, non-zero otherwise.
28 oc_schema_check( Entry *e )
36 /* find the object class attribute - could error out here */
37 if ( (aoc = attr_find( e->e_attrs, "objectclass" )) == NULL ) {
38 Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n",
43 /* check that the entry has required attrs for each oc */
44 for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
45 if ( (oc = oc_find( aoc->a_vals[i]->bv_val )) == NULL ) {
46 Debug( LDAP_DEBUG_ANY,
47 "Objectclass \"%s\" not defined\n",
48 aoc->a_vals[i]->bv_val, 0, 0 );
52 char *s = oc_check_required( e, aoc->a_vals[i]->bv_val );
55 Debug( LDAP_DEBUG_ANY,
56 "Entry (%s), oc \"%s\" requires attr \"%s\"\n",
57 e->e_dn, aoc->a_vals[i]->bv_val, s );
67 /* check that each attr in the entry is allowed by some oc */
68 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
69 if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) {
70 Debug( LDAP_DEBUG_ANY,
71 "Entry (%s), attr \"%s\" not allowed\n",
72 e->e_dn, a->a_type, 0 );
81 oc_check_required( Entry *e, char *ocname )
89 Debug( LDAP_DEBUG_TRACE,
90 "oc_check_required entry (%s), objectclass \"%s\"\n",
93 /* find global oc defn. it we don't know about it assume it's ok */
94 if ( (oc = oc_find( ocname )) == NULL ) {
98 /* check for empty oc_required */
99 if(oc->soc_required == NULL) {
103 /* for each required attribute */
104 for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
105 at = oc->soc_required[i];
106 /* see if it's in the entry */
107 for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
109 strcmp( a->a_type, at->sat_oid ) == 0 ) {
114 /* Empty name list => not found */
119 if ( strcasecmp( a->a_type, *pp ) == 0 ) {
128 /* not there => schema violation */
130 if ( at->sat_names && at->sat_names[0] ) {
131 return at->sat_names[0];
141 static char *oc_usermod_attrs[] = {
143 * OpenLDAP doesn't support any user modification of
144 * operational attributes.
149 static char *oc_operational_attrs[] = {
151 * these are operational attributes
152 * most could be user modifiable
163 "supportedExtension",
165 "supportedSASLMechanisms",
166 "supportedLDAPversion",
167 "supportedACIMechanisms",
168 "subschemaSubentry", /* NO USER MOD */
173 /* this list should be extensible */
174 static char *oc_no_usermod_attrs[] = {
176 * Operational and 'no user modification' attributes
177 * which are STORED in the directory server.
191 * check to see if attribute is 'operational' or not.
194 oc_check_operational_attr( const char *type )
196 return charray_inlist( oc_operational_attrs, type )
197 || charray_inlist( oc_usermod_attrs, type )
198 || charray_inlist( oc_no_usermod_attrs, type );
202 * check to see if attribute can be user modified or not.
205 oc_check_usermod_attr( const char *type )
207 return charray_inlist( oc_usermod_attrs, type );
211 * check to see if attribute is 'no user modification' or not.
214 oc_check_no_usermod_attr( const char *type )
216 return charray_inlist( oc_no_usermod_attrs, type );
221 oc_check_allowed( char *type, struct berval **ocl )
229 Debug( LDAP_DEBUG_TRACE,
230 "oc_check_allowed type \"%s\"\n", type, 0, 0 );
232 /* always allow objectclass attribute */
233 if ( strcasecmp( type, "objectclass" ) == 0 ) {
238 * All operational attributions are allowed by schema rules.
239 * However, we only check attributions which are stored in the
240 * the directory regardless if they are user or non-user modified.
242 if ( oc_check_usermod_attr( type ) || oc_check_no_usermod_attr( type ) ) {
247 * The "type" we have received is actually an AttributeDescription.
248 * Let's find out the corresponding type.
250 p = strchr( type, ';' );
252 t = ch_malloc( p-type+1 );
253 strncpy( t, type, p-type );
255 Debug( LDAP_DEBUG_TRACE,
256 "oc_check_allowed type \"%s\" from \"%s\"\n",
263 /* check that the type appears as req or opt in at least one oc */
264 for ( i = 0; ocl[i] != NULL; i++ ) {
265 /* if we know about the oc */
266 if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) {
267 /* does it require the type? */
268 for ( j = 0; oc->soc_required != NULL &&
269 oc->soc_required[j] != NULL; j++ ) {
270 at = oc->soc_required[j];
272 strcmp(at->sat_oid, t ) == 0 ) {
281 if ( strcasecmp( *pp, t ) == 0 ) {
289 /* does it allow the type? */
290 for ( j = 0; oc->soc_allowed != NULL &&
291 oc->soc_allowed[j] != NULL; j++ ) {
292 at = oc->soc_allowed[j];
294 strcmp( at->sat_oid, t ) == 0 ) {
303 if ( strcasecmp( *pp, t ) == 0 ||
304 strcmp( *pp, "*" ) == 0 ) {
312 /* maybe the next oc allows it */
314 #ifdef OC_UNDEFINED_IMPLES_EXTENSIBLE
315 /* we don't know about the oc. assume it allows it */
326 /* not allowed by any oc */
335 static Avlnode *oc_index = NULL;
336 static ObjectClass *oc_list = NULL;
340 struct oindexrec *oir1,
341 struct oindexrec *oir2
344 return (strcasecmp( oir1->oir_name, oir2->oir_name ));
350 struct oindexrec *oir
353 return (strcasecmp( name, oir->oir_name ));
357 oc_find( const char *ocname )
359 struct oindexrec *oir = NULL;
361 if ( (oir = (struct oindexrec *) avl_find( oc_index, ocname,
362 (AVL_CMP) oc_index_name_cmp )) != NULL ) {
363 return( oir->oir_oc );
377 AttributeType **satp;
383 sat = at_find(*attrs1);
386 return SLAP_SCHERR_ATTR_NOT_FOUND;
388 if ( at_find_in_list(sat, soc->soc_required) < 0) {
389 if ( at_append_to_list(sat, &soc->soc_required) ) {
391 return SLAP_SCHERR_OUTOFMEM;
396 /* Now delete duplicates from the allowed list */
397 for ( satp = soc->soc_required; *satp; satp++ ) {
398 i = at_find_in_list(*satp,soc->soc_allowed);
400 at_delete_from_list(i, &soc->soc_allowed);
420 sat = at_find(*attrs1);
423 return SLAP_SCHERR_ATTR_NOT_FOUND;
425 if ( at_find_in_list(sat, soc->soc_required) < 0 &&
426 at_find_in_list(sat, soc->soc_allowed) < 0 ) {
427 if ( at_append_to_list(sat, &soc->soc_allowed) ) {
429 return SLAP_SCHERR_OUTOFMEM;
452 if ( !soc->soc_sups ) {
453 /* We are at the first recursive level */
462 soc->soc_sups = (ObjectClass **)ch_calloc(1,
463 nsups*sizeof(ObjectClass *));
468 soc1 = oc_find(*sups1);
471 return SLAP_SCHERR_CLASS_NOT_FOUND;
475 soc->soc_sups[nsups] = soc1;
477 code = oc_add_sups(soc,soc1->soc_sup_oids, err);
481 code = oc_create_required(soc,soc1->soc_at_oids_must,err);
484 code = oc_create_allowed(soc,soc1->soc_at_oids_may,err);
502 struct oindexrec *oir;
506 while ( *ocp != NULL ) {
507 ocp = &(*ocp)->soc_next;
511 if ( soc->soc_oid ) {
512 oir = (struct oindexrec *)
513 ch_calloc( 1, sizeof(struct oindexrec) );
514 oir->oir_name = soc->soc_oid;
516 if ( avl_insert( &oc_index, (caddr_t) oir,
517 (AVL_CMP) oc_index_cmp,
518 (AVL_DUP) avl_dup_error ) ) {
521 return SLAP_SCHERR_DUP_CLASS;
523 /* FIX: temporal consistency check */
524 oc_find(oir->oir_name);
526 if ( (names = soc->soc_names) ) {
528 oir = (struct oindexrec *)
529 ch_calloc( 1, sizeof(struct oindexrec) );
530 oir->oir_name = ch_strdup(*names);
532 if ( avl_insert( &oc_index, (caddr_t) oir,
533 (AVL_CMP) oc_index_cmp,
534 (AVL_DUP) avl_dup_error ) ) {
537 return SLAP_SCHERR_DUP_CLASS;
539 /* FIX: temporal consistency check */
540 oc_find(oir->oir_name);
549 LDAP_OBJECT_CLASS *oc,
556 soc = (ObjectClass *) ch_calloc( 1, sizeof(ObjectClass) );
557 memcpy( &soc->soc_oclass, oc, sizeof(LDAP_OBJECT_CLASS));
558 if ( (code = oc_add_sups(soc,soc->soc_sup_oids,err)) != 0 )
560 if ( (code = oc_create_required(soc,soc->soc_at_oids_must,err)) != 0 )
562 if ( (code = oc_create_allowed(soc,soc->soc_at_oids_may,err)) != 0 )
564 code = oc_insert(soc,err);
573 static Avlnode *syn_index = NULL;
574 static Syntax *syn_list = NULL;
578 struct sindexrec *sir1,
579 struct sindexrec *sir2
582 return (strcmp( sir1->sir_name, sir2->sir_name ));
588 struct sindexrec *sir
591 return (strcmp( name, sir->sir_name ));
595 syn_find( const char *synname )
597 struct sindexrec *sir = NULL;
599 if ( (sir = (struct sindexrec *) avl_find( syn_index, synname,
600 (AVL_CMP) syn_index_name_cmp )) != NULL ) {
601 return( sir->sir_syn );
607 syn_find_desc( const char *syndesc, int *len )
611 for (synp = syn_list; synp; synp = synp->ssyn_next)
612 if ((*len = dscompare( synp->ssyn_syn.syn_desc, syndesc, '{')))
624 struct sindexrec *sir;
627 while ( *synp != NULL ) {
628 synp = &(*synp)->ssyn_next;
632 if ( ssyn->ssyn_oid ) {
633 sir = (struct sindexrec *)
634 ch_calloc( 1, sizeof(struct sindexrec) );
635 sir->sir_name = ssyn->ssyn_oid;
637 if ( avl_insert( &syn_index, (caddr_t) sir,
638 (AVL_CMP) syn_index_cmp,
639 (AVL_DUP) avl_dup_error ) ) {
640 *err = ssyn->ssyn_oid;
642 return SLAP_SCHERR_DUP_SYNTAX;
644 /* FIX: temporal consistency check */
645 syn_find(sir->sir_name);
653 slap_syntax_validate_func *validate,
654 slap_syntax_transform_func *ber2str,
655 slap_syntax_transform_func *str2ber,
662 ssyn = (Syntax *) ch_calloc( 1, sizeof(Syntax) );
663 memcpy( &ssyn->ssyn_syn, syn, sizeof(LDAP_SYNTAX));
665 ssyn->ssyn_validate = validate;
666 ssyn->ssyn_ber2str = ber2str;
667 ssyn->ssyn_str2ber = str2ber;
669 code = syn_insert(ssyn,err);
675 MatchingRule *mir_mr;
678 static Avlnode *mr_index = NULL;
679 static MatchingRule *mr_list = NULL;
683 struct mindexrec *mir1,
684 struct mindexrec *mir2
687 return (strcmp( mir1->mir_name, mir2->mir_name ));
693 struct mindexrec *mir
696 return (strcmp( name, mir->mir_name ));
700 mr_find( const char *mrname )
702 struct mindexrec *mir = NULL;
704 if ( (mir = (struct mindexrec *) avl_find( mr_index, mrname,
705 (AVL_CMP) mr_index_name_cmp )) != NULL ) {
706 return( mir->mir_mr );
718 struct mindexrec *mir;
722 while ( *mrp != NULL ) {
723 mrp = &(*mrp)->smr_next;
727 if ( smr->smr_oid ) {
728 mir = (struct mindexrec *)
729 ch_calloc( 1, sizeof(struct mindexrec) );
730 mir->mir_name = smr->smr_oid;
732 if ( avl_insert( &mr_index, (caddr_t) mir,
733 (AVL_CMP) mr_index_cmp,
734 (AVL_DUP) avl_dup_error ) ) {
737 return SLAP_SCHERR_DUP_RULE;
739 /* FIX: temporal consistency check */
740 mr_find(mir->mir_name);
742 if ( (names = smr->smr_names) ) {
744 mir = (struct mindexrec *)
745 ch_calloc( 1, sizeof(struct mindexrec) );
746 mir->mir_name = ch_strdup(*names);
748 if ( avl_insert( &mr_index, (caddr_t) mir,
749 (AVL_CMP) mr_index_cmp,
750 (AVL_DUP) avl_dup_error ) ) {
753 return SLAP_SCHERR_DUP_RULE;
755 /* FIX: temporal consistency check */
756 mr_find(mir->mir_name);
765 LDAP_MATCHING_RULE *mr,
766 slap_mr_normalize_func *normalize,
767 slap_mr_match_func *match,
775 smr = (MatchingRule *) ch_calloc( 1, sizeof(MatchingRule) );
776 memcpy( &smr->smr_mrule, mr, sizeof(LDAP_MATCHING_RULE));
778 smr->smr_normalize = normalize;
779 smr->smr_match = match;
781 if ( smr->smr_syntax_oid ) {
782 if ( (syn = syn_find(smr->smr_syntax_oid)) ) {
783 smr->smr_syntax = syn;
785 *err = smr->smr_syntax_oid;
786 return SLAP_SCHERR_SYN_NOT_FOUND;
790 return SLAP_SCHERR_MR_INCOMPLETE;
792 code = mr_insert(smr,err);
801 /* any value allowed */
812 unsigned char *u = in->bv_val;
814 for( count = in->bv_len; count > 0; count+=len, u+=len ) {
815 /* get the length indicated by the first byte */
816 len = LDAP_UTF8_CHARLEN( u );
818 /* should not be zero */
819 if( len == 0 ) return -1;
821 /* make sure len corresponds with the offset
822 to the next character */
823 if( LDAP_UTF8_OFFSET( u ) != len ) return -1;
826 if( count != 0 ) return -1;
836 struct berval **normalized )
838 struct berval *newval;
841 newval = ch_malloc( sizeof( struct berval ) );
845 /* Ignore initial whitespace */
846 while ( ldap_utf8_isspace( p ) ) {
855 newval->bv_val = ch_strdup( p );
856 p = q = newval->bv_val;
862 if ( ldap_utf8_isspace( p ) ) {
863 len = LDAP_UTF8_COPY(q,p);
868 /* Ignore the extra whitespace */
869 while ( ldap_utf8_isspace( p ) ) {
873 len = LDAP_UTF8_COPY(q,p);
880 assert( *newval->bv_val );
881 assert( newval->bv_val < p );
884 /* cannot start with a space */
885 assert( !ldap_utf8_isspace(newval->bv_val) );
888 * If the string ended in space, backup the pointer one
889 * position. One is enough because the above loop collapsed
890 * all whitespace to a single space.
897 /* cannot end with a space */
898 assert( !ldap_utf8_isspace( LDAP_UTF8_PREV(q) ) );
903 newval->bv_len = q - newval->bv_val;
904 normalized = &newval;
916 for(i=0; i < val->bv_len; i++) {
917 if( !isascii(val->bv_val[i]) ) return -1;
928 struct berval **normalized )
930 struct berval *newval;
933 newval = ch_malloc( sizeof( struct berval ) );
937 /* Ignore initial whitespace */
938 while ( isspace( *p++ ) ) {
947 newval->bv_val = ch_strdup( p );
948 p = q = newval->bv_val;
951 if ( isspace( *p ) ) {
954 /* Ignore the extra whitespace */
955 while ( isspace( *p++ ) ) {
963 assert( *newval->bv_val );
964 assert( newval->bv_val < p );
967 /* cannot start with a space */
968 assert( !isspace(*newval->bv_val) );
971 * If the string ended in space, backup the pointer one
972 * position. One is enough because the above loop collapsed
973 * all whitespace to a single space.
976 if ( isspace( q[-1] ) ) {
980 /* cannot end with a space */
981 assert( !isspace( q[-1] ) );
986 newval->bv_len = q - newval->bv_val;
987 normalized = &newval;
996 struct berval *value,
997 struct berval *assertedValue )
999 return strcmp( value->bv_val, assertedValue->bv_val );
1006 struct berval *value,
1007 struct berval *assertedValue )
1009 return strcasecmp( value->bv_val, assertedValue->bv_val );
1015 slap_syntax_validate_func *validate,
1016 slap_syntax_transform_func *ber2str,
1017 slap_syntax_transform_func *str2ber )
1023 syn = ldap_str2syntax( desc, &code, &err);
1025 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s before %s in %s\n",
1026 ldap_scherr2str(code), err, desc );
1030 code = syn_add( syn, validate, ber2str, str2ber, &err );
1032 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s %s in %s\n",
1033 scherr2str(code), err, desc );
1041 register_matching_rule(
1043 slap_mr_normalize_func *normalize,
1044 slap_mr_match_func *match )
1046 LDAP_MATCHING_RULE *mr;
1050 mr = ldap_str2matchingrule( desc, &code, &err);
1052 Debug( LDAP_DEBUG_ANY, "Error in register_matching_rule: %s before %s in %s\n",
1053 ldap_scherr2str(code), err, desc );
1057 code = mr_add( mr, normalize, match, &err );
1059 Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s for %s in %s\n",
1060 scherr2str(code), err, desc );
1066 struct syntax_defs_rec {
1068 slap_syntax_validate_func *sd_validate;
1069 slap_syntax_transform_func *sd_ber2str;
1070 slap_syntax_transform_func *sd_str2ber;
1073 struct syntax_defs_rec syntax_defs[] = {
1074 {"( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'AttributeTypeDescription' )",
1076 {"( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' )",
1078 {"( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' )",
1080 {"( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'BitString' )",
1082 {"( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )",
1084 {"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' )",
1086 {"( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'CertificateList' )",
1088 {"( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'CertificatePair' )",
1090 {"( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )",
1092 {"( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'DeliveryMethod' )",
1094 {"( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'DirectoryString' )",
1095 UTF8StringValidate, NULL, NULL},
1096 {"( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DITContentRuleDescription' )",
1098 {"( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DITStructureRuleDescription' )",
1100 {"( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'EnhancedGuide' )",
1102 {"( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'FacsimileTelephoneNumber' )",
1104 {"( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'GeneralizedTime' )",
1106 {"( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )",
1108 {"( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5String' )",
1109 IA5StringValidate, NULL, NULL},
1110 {"( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )",
1112 {"( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' )",
1114 {"( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'MatchingRuleDescription' )",
1116 {"( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'MatchingRuleUseDescription' )",
1118 {"( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'MailPreference' )",
1120 {"( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'NameAndOptionalUID' )",
1122 {"( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'NameFormDescription' )",
1124 {"( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'NumericString' )",
1126 {"( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'ObjectClassDescription' )",
1128 {"( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )",
1130 {"( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'OtherMailbox' )",
1132 {"( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'OctetString' )",
1133 octetStringValidate, NULL, NULL},
1134 {"( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'PostalAddress' )",
1136 {"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'ProtocolInformation' )",
1138 {"( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'PresentationAddress' )",
1140 {"( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'PrintableString' )",
1142 {"( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'SupportedAlgorithm' )",
1144 {"( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'TelephoneNumber' )",
1146 {"( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'TeletexTerminalIdentifier' )",
1148 {"( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'TelexNumber' )",
1150 {"( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTCTime' )",
1152 {"( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAPSyntaxDescription' )",
1154 {"( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'SubstringAssertion' )",
1160 struct mrule_defs_rec {
1162 slap_mr_normalize_func *mrd_normalize;
1163 slap_mr_match_func *mrd_match;
1167 * Other matching rules in X.520 that we do not use:
1169 * 2.5.13.9 numericStringOrderingMatch
1170 * 2.5.13.12 caseIgnoreListSubstringsMatch
1171 * 2.5.13.13 booleanMatch
1172 * 2.5.13.15 integerOrderingMatch
1173 * 2.5.13.18 octetStringOrderingMatch
1174 * 2.5.13.19 octetStringSubstringsMatch
1175 * 2.5.13.25 uTCTimeMatch
1176 * 2.5.13.26 uTCTimeOrderingMatch
1177 * 2.5.13.31 directoryStringFirstComponentMatch
1178 * 2.5.13.32 wordMatch
1179 * 2.5.13.33 keywordMatch
1180 * 2.5.13.34 certificateExactMatch
1181 * 2.5.13.35 certificateMatch
1182 * 2.5.13.36 certificatePairExactMatch
1183 * 2.5.13.37 certificatePairMatch
1184 * 2.5.13.38 certificateListExactMatch
1185 * 2.5.13.39 certificateListMatch
1186 * 2.5.13.40 algorithmIdentifierMatch
1187 * 2.5.13.41 storedPrefixMatch
1188 * 2.5.13.42 attributeCertificateMatch
1189 * 2.5.13.43 readerAndKeyIDMatch
1190 * 2.5.13.44 attributeIntegrityMatch
1193 /* recycled matching functions */
1194 #define stringNormalize IA5StringNormalize
1195 #define caseIgnoreMatch caseIgnoreIA5Match
1196 #define caseExactMatch caseExactIA5Match
1198 /* unimplemented matching functions */
1199 #define objectIdentifierMatch NULL
1200 #define distinguishedNameMatch NULL
1201 #define caseIgnoreOrderingMatch NULL
1202 #define caseIgnoreSubstringsMatch NULL
1203 #define caseExactOrderingMatch NULL
1204 #define caseExactSubstringsMatch NULL
1205 #define numericStringMatch NULL
1206 #define numericStringSubstringsMatch NULL
1207 #define caseIgnoreListMatch NULL
1208 #define integerMatch NULL
1209 #define bitStringMatch NULL
1210 #define octetStringMatch NULL
1211 #define telephoneNumberMatch NULL
1212 #define telephoneNumberSubstringsMatch NULL
1213 #define presentationAddressMatch NULL
1214 #define uniqueMemberMatch NULL
1215 #define protocolInformationMatch NULL
1216 #define generalizedTimeMatch NULL
1217 #define generalizedTimeOrderingMatch NULL
1218 #define integerFirstComponentMatch NULL
1219 #define objectIdentifierFirstComponentMatch NULL
1220 #define caseIgnoreIA5SubstringsMatch NULL
1222 struct mrule_defs_rec mrule_defs[] = {
1223 {"( 2.5.13.0 NAME 'objectIdentifierMatch' "
1224 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
1225 NULL, objectIdentifierMatch},
1227 {"( 2.5.13.1 NAME 'distinguishedNameMatch' "
1228 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
1229 NULL, distinguishedNameMatch},
1231 {"( 2.5.13.2 NAME 'caseIgnoreMatch' "
1232 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1233 stringNormalize, caseIgnoreMatch},
1235 {"( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' "
1236 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1237 stringNormalize, caseIgnoreOrderingMatch},
1239 {"( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' "
1240 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1241 stringNormalize, caseIgnoreSubstringsMatch},
1243 /* Next three are not in the RFC's, but are needed for compatibility */
1244 {"( 2.5.13.5 NAME 'caseExactMatch' "
1245 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1246 stringNormalize, caseExactMatch},
1248 {"( 2.5.13.6 NAME 'caseExactOrderingMatch' "
1249 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )",
1250 stringNormalize, caseExactOrderingMatch},
1252 {"( 2.5.13.7 NAME 'caseExactSubstringsMatch' "
1253 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1254 stringNormalize, caseExactSubstringsMatch},
1256 {"( 2.5.13.8 NAME 'numericStringMatch' "
1257 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )",
1258 NULL, numericStringMatch},
1260 {"( 2.5.13.10 NAME 'numericStringSubstringsMatch' "
1261 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1262 NULL, numericStringSubstringsMatch},
1264 {"( 2.5.13.11 NAME 'caseIgnoreListMatch' "
1265 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )",
1266 NULL, caseIgnoreListMatch},
1268 {"( 2.5.13.14 NAME 'integerMatch' "
1269 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
1270 NULL, integerMatch},
1272 {"( 2.5.13.16 NAME 'bitStringMatch' "
1273 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )",
1274 NULL, bitStringMatch},
1276 {"( 2.5.13.17 NAME 'octetStringMatch' "
1277 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
1278 NULL, octetStringMatch},
1280 {"( 2.5.13.20 NAME 'telephoneNumberMatch' "
1281 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )",
1282 NULL, telephoneNumberMatch},
1284 {"( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' "
1285 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
1286 NULL, telephoneNumberSubstringsMatch},
1288 {"( 2.5.13.22 NAME 'presentationAddressMatch' "
1289 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 )",
1290 NULL, presentationAddressMatch},
1292 {"( 2.5.13.23 NAME 'uniqueMemberMatch' "
1293 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )",
1294 NULL, uniqueMemberMatch},
1296 {"( 2.5.13.24 NAME 'protocolInformationMatch' "
1297 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )",
1298 NULL, protocolInformationMatch},
1300 {"( 2.5.13.27 NAME 'generalizedTimeMatch' "
1301 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )",
1302 NULL, generalizedTimeMatch},
1304 {"( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' "
1305 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )",
1306 NULL, generalizedTimeOrderingMatch},
1308 {"( 2.5.13.29 NAME 'integerFirstComponentMatch' "
1309 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
1310 NULL, integerFirstComponentMatch},
1312 {"( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' "
1313 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
1314 NULL, objectIdentifierFirstComponentMatch},
1316 {"( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' "
1317 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1318 IA5StringNormalize, caseExactIA5Match},
1320 {"( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' "
1321 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1322 IA5StringNormalize, caseIgnoreIA5Match},
1324 {"( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' "
1325 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
1326 IA5StringNormalize, caseIgnoreIA5SubstringsMatch},
1336 static int schema_init_done = 0;
1338 /* We are called from read_config that is recursive */
1339 if ( schema_init_done )
1342 for ( i=0; syntax_defs[i].sd_desc != NULL; i++ ) {
1343 res = register_syntax( syntax_defs[i].sd_desc,
1344 syntax_defs[i].sd_validate,
1345 syntax_defs[i].sd_ber2str,
1346 syntax_defs[i].sd_str2ber );
1349 fprintf( stderr, "schema_init: Error registering syntax %s\n",
1350 syntax_defs[i].sd_desc );
1351 exit( EXIT_FAILURE );
1355 for ( i=0; mrule_defs[i].mrd_desc != NULL; i++ ) {
1356 res = register_matching_rule( mrule_defs[i].mrd_desc,
1357 mrule_defs[i].mrd_normalize,
1358 mrule_defs[i].mrd_match );
1361 fprintf( stderr, "schema_init: Error registering matching rule %s\n",
1362 mrule_defs[i].mrd_desc );
1363 exit( EXIT_FAILURE );
1366 schema_init_done = 1;
1370 #if defined( SLAPD_SCHEMA_DN )
1373 syn_schema_info( Entry *e )
1376 struct berval *vals[2];
1382 for ( syn = syn_list; syn; syn = syn->ssyn_next ) {
1383 val.bv_val = ldap_syntax2str( &syn->ssyn_syn );
1385 val.bv_len = strlen( val.bv_val );
1386 Debug( LDAP_DEBUG_TRACE, "Merging syn [%ld] %s\n",
1387 (long) val.bv_len, val.bv_val, 0 );
1388 attr_merge( e, "ldapSyntaxes", vals );
1389 ldap_memfree( val.bv_val );
1398 mr_schema_info( Entry *e )
1401 struct berval *vals[2];
1407 for ( mr = mr_list; mr; mr = mr->smr_next ) {
1408 val.bv_val = ldap_matchingrule2str( &mr->smr_mrule );
1410 val.bv_len = strlen( val.bv_val );
1411 Debug( LDAP_DEBUG_TRACE, "Merging mr [%ld] %s\n",
1412 (long) val.bv_len, val.bv_val, 0 );
1413 attr_merge( e, "matchingRules", vals );
1414 ldap_memfree( val.bv_val );
1423 oc_schema_info( Entry *e )
1426 struct berval *vals[2];
1432 for ( oc = oc_list; oc; oc = oc->soc_next ) {
1433 val.bv_val = ldap_objectclass2str( &oc->soc_oclass );
1435 val.bv_len = strlen( val.bv_val );
1436 Debug( LDAP_DEBUG_TRACE, "Merging oc [%ld] %s\n",
1437 (long) val.bv_len, val.bv_val, 0 );
1438 attr_merge( e, "objectClasses", vals );
1439 ldap_memfree( val.bv_val );
1448 schema_info( Connection *conn, Operation *op, char **attrs, int attrsonly )
1452 struct berval *vals[2];
1457 e = (Entry *) ch_calloc( 1, sizeof(Entry) );
1460 e->e_dn = ch_strdup( SLAPD_SCHEMA_DN );
1461 e->e_ndn = ch_strdup( SLAPD_SCHEMA_DN );
1462 (void) dn_normalize( e->e_ndn );
1463 e->e_private = NULL;
1466 char *rdn = ch_strdup( SLAPD_SCHEMA_DN );
1467 val.bv_val = strchr( rdn, '=' );
1469 if( val.bv_val != NULL ) {
1471 val.bv_len = strlen( ++val.bv_val );
1473 attr_merge( e, rdn, vals );
1479 if ( syn_schema_info( e ) ) {
1480 /* Out of memory, do something about it */
1484 if ( mr_schema_info( e ) ) {
1485 /* Out of memory, do something about it */
1489 if ( at_schema_info( e ) ) {
1490 /* Out of memory, do something about it */
1494 if ( oc_schema_info( e ) ) {
1495 /* Out of memory, do something about it */
1501 val.bv_len = sizeof("top")-1;
1502 attr_merge( e, "objectClass", vals );
1504 val.bv_val = "LDAPsubentry";
1505 val.bv_len = sizeof("LDAPsubentry")-1;
1506 attr_merge( e, "objectClass", vals );
1508 val.bv_val = "subschema";
1509 val.bv_len = sizeof("subschema")-1;
1510 attr_merge( e, "objectClass", vals );
1512 val.bv_val = "extensibleObject";
1513 val.bv_len = sizeof("extensibleObject")-1;
1514 attr_merge( e, "objectClass", vals );
1516 send_search_entry( &backends[0], conn, op,
1517 e, attrs, attrsonly, NULL );
1518 send_search_result( conn, op, LDAP_SUCCESS,
1519 NULL, NULL, NULL, NULL, 1 );
1528 oc_print( ObjectClass *oc )
1533 printf( "objectclass %s\n", ldap_objectclass2name( &oc->soc_oclass ) );
1534 if ( oc->soc_required != NULL ) {
1535 mid = "\trequires ";
1536 for ( i = 0; oc->soc_required[i] != NULL; i++, mid = "," )
1537 printf( "%s%s", mid,
1538 ldap_attributetype2name( &oc->soc_required[i]->sat_atype ) );
1541 if ( oc->soc_allowed != NULL ) {
1543 for ( i = 0; oc->soc_allowed[i] != NULL; i++, mid = "," )
1544 printf( "%s%s", mid,
1545 ldap_attributetype2name( &oc->soc_allowed[i]->sat_atype ) );
1553 int is_entry_objectclass(
1560 if( e == NULL || oc == NULL || *oc == '\0' )
1564 * find objectClass attribute
1566 attr = attr_find(e->e_attrs, "objectclass");
1568 if( attr == NULL ) {
1569 /* no objectClass attribute */
1573 bv.bv_val = (char *) oc;
1574 bv.bv_len = strlen( bv.bv_val );
1576 if( value_find(attr->a_vals, &bv, attr->a_syntax, 1) != 0) {
1577 /* entry is not of this objectclass */