- /* check for empty oc_required */
- if(oc->soc_required == NULL) {
- return( 0 );
- }
-
- /* for each required attribute */
- for ( i = 0; oc->soc_required[i] != NULL; i++ ) {
- at = oc->soc_required[i];
- /* see if it's in the entry */
- for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
- if ( at->sat_oid &&
- strcmp( a->a_type, at->sat_oid ) == 0 ) {
- break;
- }
- pp = at->sat_names;
- if ( pp == NULL ) {
- /* Empty name list => not found */
- a = NULL;
- break;
- }
- while ( *pp ) {
- if ( strcasecmp( a->a_type, *pp ) == 0 ) {
- break;
- }
- pp++;
- }
- if ( *pp ) {
- break;
- }
- }
- /* not there => schema violation */
- if ( a == NULL ) {
- if ( at->sat_names && at->sat_names[0] ) {
- return at->sat_names[0];
- } else {
- return at->sat_oid;
- }
- }
- }
-
- return( NULL );
-}
-
-#ifdef SLAPD_SCHEMA_COMPAT
- /* these shouldn't be hardcoded */
-
-static char *oc_op_usermod_attrs[] = {
- /*
- * these are operational attributes which are
- * not defined as NO-USER_MODIFICATION and
- * which slapd supports modification of.
- *
- * Currently none.
- * Likely candidate, "aci"
- */
- NULL
-};
-
-static char *oc_op_attrs[] = {
- /*
- * these are operational attributes
- * most could be user modifiable
- */
- "objectClasses",
- "attributeTypes",
- "matchingRules",
- "matchingRuleUse",
- "dITStructureRules",
- "dITContentRules",
- "nameForms",
- "ldapSyntaxes",
- "namingContexts",
- "supportedExtension",
- "supportedControl",
- "supportedSASLMechanisms",
- "supportedLDAPversion",
- "supportedACIMechanisms",
- "subschemaSubentry", /* NO USER MOD */
- NULL
-
-};
-
-/* this list should be extensible */
-static char *oc_op_no_usermod_attrs[] = {
- /*
- * Operational and 'no user modification' attributes
- * which are STORED in the directory server.
- */
-
- /* RFC2252, 3.2.1 */
- "creatorsName",
- "createTimestamp",
- "modifiersName",
- "modifyTimestamp",
-
- NULL
-};
-#endif
-
-
-/*
- * check to see if attribute is 'operational' or not.
- */
-int
-oc_check_op_attr( const char *type )
-{
-#ifndef SLAPD_SCHEMA_NOT_COMPAT
- return charray_inlist( oc_op_attrs, type )
- || charray_inlist( oc_op_usermod_attrs, type )
- || charray_inlist( oc_op_no_usermod_attrs, type );
-#else
- AttributeType *at = at_find( type );
-
- if( at == NULL ) return 0;
-
- return at->sat_usage != LDAP_SCHEMA_USER_APPLICATIONS;
-#endif
-}
-
-/*
- * check to see if attribute can be user modified or not.
- */
-int
-oc_check_op_usermod_attr( const char *type )
-{
-#ifdef SLAPD_SCHEMA_COMPAT
- return charray_inlist( oc_op_usermod_attrs, type );
-#else
- /* not (yet) in schema */
- return 0;
-#endif
-}
-
-/*
- * check to see if attribute is 'no user modification' or not.
- */
-int
-oc_check_op_no_usermod_attr( const char *type )
-{
-#ifdef SLAPD_SCHEMA_COMPAT
- return charray_inlist( oc_op_no_usermod_attrs, type );
-#else
- AttributeType *at = at_find( type );
-
- if( at == NULL ) return 0;
-
- return at->sat_no_user_mod;
-#endif
-}
-
-
-static int
-oc_check_allowed( char *type, struct berval **ocl )
-{
- ObjectClass *oc;
- AttributeType *at;
- int i, j;
- char **pp;
- char *p, *t;
-
- Debug( LDAP_DEBUG_TRACE,
- "oc_check_allowed type \"%s\"\n", type, 0, 0 );
-
- /* always allow objectclass attribute */
- if ( strcasecmp( type, "objectclass" ) == 0 ) {
- return( 0 );
- }
-
-#ifdef SLAPD_SCHEMA_COMPAT
- /* Treat any attribute type with option as an unknown attribute type */
- /*
- * The "type" we have received is actually an AttributeDescription.
- * Let's find out the corresponding type.
- */
- p = strchr( type, ';' );
- if ( p ) {
- t = ch_malloc( p-type+1 );
- strncpy( t, type, p-type );
- t[p-type] = '\0';
- Debug( LDAP_DEBUG_TRACE,
- "oc_check_allowed type \"%s\" from \"%s\"\n",
- t, type, 0 );