/* schema_check.c - routines to enforce schema definitions */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
int
entry_schema_check(
- Entry *e, Attribute *oldattrs,
+ Backend *be,
+ Entry *e,
+ Attribute *oldattrs,
const char** text,
char *textbuf, size_t textlen )
{
AttributeDescription *ad_objectClass
= slap_schema.si_ad_objectClass;
int extensible = 0;
+ int subentry = is_entry_subentry( e );
+ int collectiveSubentry = 0;
+
+ if( subentry) collectiveSubentry = is_entry_collectiveAttributeSubentry( e );
*text = textbuf;
- /* check single-valued attrs for multiple values */
+ /* misc attribute checks */
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ const char *type = a->a_desc->ad_cname.bv_val;
+
/* there should be at least one value */
assert( a->a_vals );
- assert( a->a_vals[0] != NULL );
+ assert( a->a_vals[0].bv_val != NULL );
+
+ if( a->a_desc->ad_type->sat_check ) {
+ int rc = (a->a_desc->ad_type->sat_check)(
+ be, e, a, text, textbuf, textlen );
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+
+ if( !collectiveSubentry && is_at_collective( a->a_desc->ad_type ) ) {
+ snprintf( textbuf, textlen,
+ "'%s' can only appear in collectiveAttributeSubentry",
+ type );
+ return LDAP_OBJECT_CLASS_VIOLATION;
+ }
/* if single value type, check for multiple values */
if( is_at_single_value( a->a_desc->ad_type ) &&
- a->a_vals[1] != NULL )
+ a->a_vals[1].bv_val != NULL )
{
- char *type = a->a_desc->ad_cname.bv_val;
-
snprintf( textbuf, textlen,
"attribute '%s' cannot have multiple values",
type );
}
assert( asc->a_vals != NULL );
- assert( asc->a_vals[0] != NULL );
- assert( asc->a_vals[1] == NULL );
+ assert( asc->a_vals[0].bv_val != NULL );
+ assert( asc->a_vals[1].bv_val == NULL );
- sc = oc_bvfind( asc->a_vals[0] );
+ sc = oc_bvfind( &asc->a_vals[0] );
if( sc == NULL ) {
snprintf( textbuf, textlen,
"unrecognized structuralObjectClass '%s'",
- aoc->a_vals[0]->bv_val );
+ asc->a_vals[0].bv_val );
#ifdef NEW_LOGGING
LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
if( sc->soc_kind != LDAP_SCHEMA_STRUCTURAL ) {
snprintf( textbuf, textlen,
"structuralObjectClass '%s' is not STRUCTURAL",
- aoc->a_vals[0]->bv_val );
+ asc->a_vals[0].bv_val );
#ifdef NEW_LOGGING
LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
}
assert( aoc->a_vals != NULL );
- assert( aoc->a_vals[0] != NULL );
+ assert( aoc->a_vals[0].bv_val != NULL );
- rc = structural_class( aoc->a_vals, &nsc, text, textbuf, textlen );
+ rc = structural_class( aoc->a_vals, &nsc, &oc, text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
return rc;
} else if ( nsc.bv_len == 0 ) {
*text = textbuf;
- oc = oc_bvfind( &nsc );
if ( oc == NULL ) {
snprintf( textbuf, textlen,
"unrecognized objectClass '%s'",
- aoc->a_vals[i]->bv_val );
+ aoc->a_vals[0].bv_val );
return LDAP_OBJECT_CLASS_VIOLATION;
} else if ( sc != oc ) {
snprintf( textbuf, textlen,
"structuralObjectClass modification from '%s' to '%s' not allowed",
- asc->a_vals[0]->bv_val, nsc.bv_val );
+ asc->a_vals[0].bv_val, nsc.bv_val );
return LDAP_NO_OBJECT_CLASS_MODS;
}
/* check that the entry has required attrs for each oc */
- for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
- if ( (oc = oc_bvfind( aoc->a_vals[i] )) == NULL ) {
+ for ( i = 0; aoc->a_vals[i].bv_val != NULL; i++ ) {
+ if ( (oc = oc_bvfind( &aoc->a_vals[i] )) == NULL ) {
snprintf( textbuf, textlen,
"unrecognized objectClass '%s'",
- aoc->a_vals[i]->bv_val );
+ aoc->a_vals[i].bv_val );
#ifdef NEW_LOGGING
LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
#endif
return LDAP_OBJECT_CLASS_VIOLATION;
+ }
- } else if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) {
+ if ( oc->soc_check ) {
+ int rc = (oc->soc_check)( be, e, oc,
+ text, textbuf, textlen );
+ if( rc != LDAP_SUCCESS ) {
+ return rc;
+ }
+ }
+
+ if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) {
/* object class is abstract */
if ( oc != slap_schema.si_oc_top &&
!is_object_subclass( oc, sc ))
{
int j;
ObjectClass *xc = NULL;
- for( j=0; aoc->a_vals[j]; j++ ) {
+ for( j=0; aoc->a_vals[j].bv_val; j++ ) {
if( i != j ) {
- xc = oc_bvfind( aoc->a_vals[i] );
+ xc = oc_bvfind( &aoc->a_vals[i] );
if( xc == NULL ) {
snprintf( textbuf, textlen,
"unrecognized objectClass '%s'",
- aoc->a_vals[i]->bv_val );
+ aoc->a_vals[i].bv_val );
#ifdef NEW_LOGGING
LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
if( xc == NULL ) {
snprintf( textbuf, textlen, "instanstantiation of "
"abstract objectClass '%s' not allowed",
- aoc->a_vals[i]->bv_val );
+ aoc->a_vals[i].bv_val );
#ifdef NEW_LOGGING
LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
}
} else if ( oc->soc_kind != LDAP_SCHEMA_STRUCTURAL || oc == sc ) {
- char *s = oc_check_required( e, oc, aoc->a_vals[i] );
+ char *s = oc_check_required( e, oc, &aoc->a_vals[i] );
if (s != NULL) {
snprintf( textbuf, textlen,
"object class '%s' requires attribute '%s'",
- aoc->a_vals[i]->bv_val, s );
+ aoc->a_vals[i].bv_val, s );
#ifdef NEW_LOGGING
LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
int oc_check_allowed(
AttributeType *at,
- struct berval **ocl,
+ BerVarray ocl,
ObjectClass *sc )
{
int i, j;
}
/* check that the type appears as req or opt in at least one oc */
- for ( i = 0; ocl[i] != NULL; i++ ) {
+ for ( i = 0; ocl[i].bv_val != NULL; i++ ) {
/* if we know about the oc */
- ObjectClass *oc = oc_bvfind( ocl[i] );
+ ObjectClass *oc = oc_bvfind( &ocl[i] );
if ( oc != NULL && oc->soc_kind != LDAP_SCHEMA_ABSTRACT &&
( sc == NULL || oc->soc_kind == LDAP_SCHEMA_AUXILIARY ))
{
* Determine the structural object class from a set of OIDs
*/
int structural_class(
- struct berval **ocs,
+ BerVarray ocs,
struct berval *scbv,
+ ObjectClass **scp,
const char **text,
char *textbuf, size_t textlen )
{
*text = "structural_class: internal error";
scbv->bv_len = 0;
- for( i=0; ocs[i]; i++ ) {
- oc = oc_bvfind( ocs[i] );
+ for( i=0; ocs[i].bv_val; i++ ) {
+ oc = oc_bvfind( &ocs[i] );
if( oc == NULL ) {
snprintf( textbuf, textlen,
"unrecongized objectClass '%s'",
- ocs[i]->bv_val );
+ ocs[i].bv_val );
*text = textbuf;
return LDAP_OBJECT_CLASS_VIOLATION;
}
ObjectClass *xc = NULL;
/* find common superior */
- for( j=i+1; ocs[j]; j++ ) {
- xc = oc_bvfind( ocs[j] );
+ for( j=i+1; ocs[j].bv_val; j++ ) {
+ xc = oc_bvfind( &ocs[j] );
if( xc == NULL ) {
snprintf( textbuf, textlen,
"unrecongized objectClass '%s'",
- ocs[i]->bv_val );
+ ocs[i].bv_val );
*text = textbuf;
return LDAP_OBJECT_CLASS_VIOLATION;
}
/* no common subclass */
snprintf( textbuf, textlen,
"invalid structural object class chain (%s/%s)",
- ocs[scn]->bv_val, ocs[i]->bv_val );
+ ocs[scn].bv_val, ocs[i].bv_val );
*text = textbuf;
return LDAP_OBJECT_CLASS_VIOLATION;
}
}
}
+ if( scp )
+ *scp = sc;
+
if( sc == NULL ) {
*text = "no structural object classes provided";
return LDAP_OBJECT_CLASS_VIOLATION;
}
- *scbv = *ocs[scn];
+ *scbv = ocs[scn];
return LDAP_SUCCESS;
}
return LDAP_OBJECT_CLASS_VIOLATION;
}
- if( ocmod->sml_bvalues == NULL || ocmod->sml_bvalues[0] == NULL ) {
+ if( ocmod->sml_bvalues == NULL || ocmod->sml_bvalues[0].bv_val == NULL ) {
*text = "objectClass attribute has no values";
return LDAP_OBJECT_CLASS_VIOLATION;
}
- return structural_class( ocmod->sml_bvalues, sc,
+ return structural_class( ocmod->sml_bvalues, sc, NULL,
text, textbuf, textlen );
}