]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/schema_check.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add another safety check
[openldap] / servers / slapd / schema_check.c
diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c
index b72517903a4baf0e43d6039ea72caee6c98f6e8a..0412bb4f2028bd2ebefec86835c42cca688d9a97 100644 (file)
--- a/servers/slapd/schema_check.c
+++ b/servers/slapd/schema_check.c
@@ -1,7 +1,7 @@
 /* schema_check.c - routines to enforce schema definitions */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -30,7 +30,9 @@ static char * oc_check_required(
 
 int
 entry_schema_check( 
-       Entry *e, Attribute *oldattrs,
+       Backend *be,
+       Entry *e,
+       Attribute *oldattrs,
        const char** text,
        char *textbuf, size_t textlen )
 {
@@ -43,29 +45,47 @@ entry_schema_check(
        AttributeDescription *ad_objectClass
                = slap_schema.si_ad_objectClass;
        int extensible = 0;
+       int subentry = is_entry_subentry( e );
+       int collectiveSubentry = 0;
+
+       if( subentry) collectiveSubentry = is_entry_collectiveAttributeSubentry( e );
 
        *text = textbuf;
 
-       /* check single-valued attrs for multiple values */
+       /* misc attribute checks */
        for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+               const char *type = a->a_desc->ad_cname.bv_val;
+
                /* there should be at least one value */
                assert( a->a_vals );
                assert( a->a_vals[0].bv_val != NULL ); 
 
+               if( a->a_desc->ad_type->sat_check ) {
+                       int rc = (a->a_desc->ad_type->sat_check)(
+                               be, e, a, text, textbuf, textlen );
+                       if( rc != LDAP_SUCCESS ) {
+                               return rc;
+                       }
+               }
+
+               if( !collectiveSubentry && is_at_collective( a->a_desc->ad_type ) ) {
+                       snprintf( textbuf, textlen,
+                               "'%s' can only appear in collectiveAttributeSubentry",
+                               type );
+                       return LDAP_OBJECT_CLASS_VIOLATION;
+               }
+
                /* if single value type, check for multiple values */
                if( is_at_single_value( a->a_desc->ad_type ) &&
                        a->a_vals[1].bv_val != NULL )
                {
-                       char *type = a->a_desc->ad_cname.bv_val;
-
                        snprintf( textbuf, textlen, 
                                "attribute '%s' cannot have multiple values",
                                type );
 
 #ifdef NEW_LOGGING
-                       LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-                               "entry_schema_check: dn=\"%s\" %s\n",
-                               e->e_dn, textbuf ));
+                       LDAP_LOG( OPERATION, INFO, 
+                               "entry_schema_check: dn=\"%s\" %s\n", e->e_dn, textbuf, 0 );
 #else
                        Debug( LDAP_DEBUG_ANY,
                            "Entry (%s), %s\n",
@@ -79,13 +99,13 @@ entry_schema_check(
        /* it's a REALLY bad idea to disable schema checks */
        if( !global_schemacheck ) return LDAP_SUCCESS;
 
-       /* find the object class attribute - could error out here */
+       /* find the structural object class attribute */
        asc = attr_find( e->e_attrs, ad_structuralObjectClass );
        if ( asc == NULL ) {
 #ifdef NEW_LOGGING
-               LDAP_LOG(( "schema", LDAP_LEVEL_INFO, "entry_schema_check: "
-                       "No structuralObjectClass for entry (%s)\n",
-                       e->e_dn ));
+               LDAP_LOG( OPERATION, INFO, 
+                       "entry_schema_check: No structuralObjectClass for entry (%s)\n", 
+                       e->e_dn, 0, 0 );
 #else
                Debug( LDAP_DEBUG_ANY,
                        "No structuralObjectClass for entry (%s)\n",
@@ -93,7 +113,7 @@ entry_schema_check(
 #endif
 
                *text = "no structuralObjectClass operational attribute";
-               return LDAP_OBJECT_CLASS_VIOLATION;
+               return LDAP_OTHER;
        }
 
        assert( asc->a_vals != NULL );
@@ -104,12 +124,11 @@ entry_schema_check(
        if( sc == NULL ) {
                snprintf( textbuf, textlen, 
                        "unrecognized structuralObjectClass '%s'",
-                       aoc->a_vals[0].bv_val );
+                       asc->a_vals[0].bv_val );
 
 #ifdef NEW_LOGGING
-               LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-                       "entry_schema_check: dn (%s), %s\n",
-                       e->e_dn, textbuf ));
+               LDAP_LOG( OPERATION, INFO, 
+                       "entry_schema_check: dn (%s), %s\n", e->e_dn, textbuf, 0 );
 #else
                Debug( LDAP_DEBUG_ANY,
                        "entry_check_schema(%s): %s\n",
@@ -122,28 +141,27 @@ entry_schema_check(
        if( sc->soc_kind != LDAP_SCHEMA_STRUCTURAL ) {
                snprintf( textbuf, textlen, 
                        "structuralObjectClass '%s' is not STRUCTURAL",
-                       aoc->a_vals[0].bv_val );
+                       asc->a_vals[0].bv_val );
 
 #ifdef NEW_LOGGING
-               LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-                       "entry_schema_check: dn (%s), %s\n",
-                       e->e_dn, textbuf ));
+               LDAP_LOG( OPERATION, INFO, 
+                       "entry_schema_check: dn (%s), %s\n", e->e_dn, textbuf, 0 );
 #else
                Debug( LDAP_DEBUG_ANY,
                        "entry_check_schema(%s): %s\n",
                        e->e_dn, textbuf, 0 );
 #endif
 
-               return LDAP_OBJECT_CLASS_VIOLATION;
+               return LDAP_OTHER;
        }
 
        /* find the object class attribute */
        aoc = attr_find( e->e_attrs, ad_objectClass );
        if ( aoc == NULL ) {
 #ifdef NEW_LOGGING
-               LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-                       "entry_schema_check: No objectClass for entry (%s).\n"
-                       e->e_dn ));
+               LDAP_LOG( OPERATION, INFO, 
+                       "entry_schema_check: No objectClass for entry (%s).\n"
+                       e->e_dn, 0, 0 );
 #else
                Debug( LDAP_DEBUG_ANY, "No objectClass for entry (%s)\n",
                    e->e_dn, 0, 0 );
@@ -156,25 +174,22 @@ entry_schema_check(
        assert( aoc->a_vals != NULL );
        assert( aoc->a_vals[0].bv_val != NULL );
 
-       rc = structural_class( aoc->a_vals, &nsc, text, textbuf, textlen );
+       rc = structural_class( aoc->a_vals, &nsc, &oc, text, textbuf, textlen );
        if( rc != LDAP_SUCCESS ) {
                return rc;
-       } else if ( nsc.bv_len == 0 ) {
-               return LDAP_OBJECT_CLASS_VIOLATION;
        }
 
        *text = textbuf;
 
-       oc = oc_bvfind( &nsc );
        if ( oc == NULL ) {
                snprintf( textbuf, textlen, 
                        "unrecognized objectClass '%s'",
-                       aoc->a_vals[i].bv_val );
+                       aoc->a_vals[0].bv_val );
                return LDAP_OBJECT_CLASS_VIOLATION;
 
        } else if ( sc != oc ) {
                snprintf( textbuf, textlen, 
-                       "structuralObjectClass modification from '%s' to '%s' not allowed",
+                       "structural object class modification from '%s' to '%s' not allowed",
                        asc->a_vals[0].bv_val, nsc.bv_val );
                return LDAP_NO_OBJECT_CLASS_MODS;
        }
@@ -187,9 +202,8 @@ entry_schema_check(
                                aoc->a_vals[i].bv_val );
 
 #ifdef NEW_LOGGING
-                       LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-                               "entry_schema_check: dn (%s), %s\n",
-                               e->e_dn, textbuf ));
+                       LDAP_LOG( OPERATION, INFO, 
+                               "entry_schema_check: dn (%s), %s\n", e->e_dn, textbuf, 0 );
 #else
                        Debug( LDAP_DEBUG_ANY,
                                "entry_check_schema(%s): %s\n",
@@ -197,8 +211,17 @@ entry_schema_check(
 #endif
 
                        return LDAP_OBJECT_CLASS_VIOLATION;
+               }
 
-               } else if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) {
+               if ( oc->soc_check ) {
+                       int rc = (oc->soc_check)( be, e, oc,
+                               text, textbuf, textlen );
+                       if( rc != LDAP_SUCCESS ) {
+                               return rc;
+                       }
+               }
+
+               if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) {
                        /* object class is abstract */
                        if ( oc != slap_schema.si_oc_top &&
                                !is_object_subclass( oc, sc ))
@@ -214,9 +237,9 @@ entry_schema_check(
                                                                aoc->a_vals[i].bv_val );
 
 #ifdef NEW_LOGGING
-                                                       LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
+                                                       LDAP_LOG( OPERATION, INFO, 
                                                                "entry_schema_check: dn (%s), %s\n",
-                                                               e->e_dn, textbuf ));
+                                                               e->e_dn, textbuf, 0 );
 #else
                                                        Debug( LDAP_DEBUG_ANY,
                                                                "entry_check_schema(%s): %s\n",
@@ -235,10 +258,9 @@ entry_schema_check(
                                                if ( xc->soc_kind == LDAP_SCHEMA_AUXILIARY &&
                                                        is_object_subclass( oc, xc ) )
                                                {
-                                                       break;;
+                                                       xc = NULL;
+                                                       break;
                                                }
-
-                                               xc = NULL;
                                        }
                                }
 
@@ -248,9 +270,9 @@ entry_schema_check(
                                                aoc->a_vals[i].bv_val );
 
 #ifdef NEW_LOGGING
-                                       LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-                                               "entry_schema_check: dn (%s), %s\n",
-                                               e->e_dn, textbuf ));
+                                       LDAP_LOG( OPERATION, INFO, 
+                                               "entry_schema_check: dn (%s), %s\n", 
+                                               e->e_dn, textbuf, 0 );
 #else
                                        Debug( LDAP_DEBUG_ANY,
                                                "entry_check_schema(%s): %s\n",
@@ -270,9 +292,8 @@ entry_schema_check(
                                        aoc->a_vals[i].bv_val, s );
 
 #ifdef NEW_LOGGING
-                               LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-                                       "entry_schema_check: dn=\"%s\" %s",
-                                       e->e_dn, textbuf ));
+                               LDAP_LOG( OPERATION, INFO, 
+                                       "entry_schema_check: dn=\"%s\" %s", e->e_dn, textbuf, 0 );
 #else
                                Debug( LDAP_DEBUG_ANY,
                                        "Entry (%s): %s\n",
@@ -303,9 +324,8 @@ entry_schema_check(
                                type );
 
 #ifdef NEW_LOGGING
-                       LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
-                               "entry_schema_check: dn=\"%s\" %s\n",
-                               e->e_dn, textbuf ));
+                       LDAP_LOG( OPERATION, INFO, 
+                               "entry_schema_check: dn=\"%s\" %s\n", e->e_dn, textbuf, 0);
 #else
                        Debug( LDAP_DEBUG_ANY,
                            "Entry (%s), %s\n",
@@ -330,9 +350,9 @@ oc_check_required(
        Attribute       *a;
 
 #ifdef NEW_LOGGING
-       LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
-               "oc_check_required: dn (%s), objectClass \"%s\"\n",
-       e->e_dn, ocname->bv_val ));
+       LDAP_LOG( OPERATION, ENTRY, 
+               "oc_check_required: dn (%s), objectClass \"%s\"\n", 
+               e->e_dn, ocname->bv_val, 0 );
 #else
        Debug( LDAP_DEBUG_TRACE,
                "oc_check_required entry (%s), objectClass \"%s\"\n",
@@ -365,14 +385,14 @@ oc_check_required(
 
 int oc_check_allowed(
        AttributeType *at,
-       BVarray ocl,
+       BerVarray ocl,
        ObjectClass *sc )
 {
        int             i, j;
 
 #ifdef NEW_LOGGING
-       LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
-               "oc_check_allowed: type \"%s\"\n", at->sat_cname.bv_val ));
+       LDAP_LOG( OPERATION, ENTRY, 
+               "oc_check_allowed: type \"%s\"\n", at->sat_cname.bv_val, 0, 0 );
 #else
        Debug( LDAP_DEBUG_TRACE,
                "oc_check_allowed type \"%s\"\n",
@@ -446,8 +466,9 @@ int oc_check_allowed(
  * Determine the structural object class from a set of OIDs
  */
 int structural_class(
-       BVarray ocs,
+       BerVarray ocs,
        struct berval *scbv,
+       ObjectClass **scp,
        const char **text,
        char *textbuf, size_t textlen )
 {
@@ -464,7 +485,7 @@ int structural_class(
 
                if( oc == NULL ) {
                        snprintf( textbuf, textlen,
-                               "unrecongized objectClass '%s'",
+                               "unrecognized objectClass '%s'",
                                ocs[i].bv_val );
                        *text = textbuf;
                        return LDAP_OBJECT_CLASS_VIOLATION;
@@ -485,7 +506,7 @@ int structural_class(
 
                                        if( xc == NULL ) {
                                                snprintf( textbuf, textlen,
-                                                       "unrecongized objectClass '%s'",
+                                                       "unrecognized objectClass '%s'",
                                                        ocs[i].bv_val );
                                                *text = textbuf;
                                                return LDAP_OBJECT_CLASS_VIOLATION;
@@ -518,12 +539,27 @@ int structural_class(
                }
        }
 
+       if( scp ) {
+               *scp = sc;
+       }
+
        if( sc == NULL ) {
                *text = "no structural object classes provided";
                return LDAP_OBJECT_CLASS_VIOLATION;
        }
 
+       if( scn < 0 ) {
+               *text = "invalid structural object class";
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+
        *scbv = ocs[scn];
+
+       if( scbv->bv_len == 0 ) {
+               *text = "invalid structural object class";
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+
        return LDAP_SUCCESS;
 }
 
@@ -558,6 +594,6 @@ int mods_structural_class(
                return LDAP_OBJECT_CLASS_VIOLATION;
        }
 
-       return structural_class( ocmod->sml_bvalues, sc,
+       return structural_class( ocmod->sml_bvalues, sc, NULL,
                text, textbuf, textlen );
 }
Cloned from git://git.openldap.org/openldap.git