X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema.c;h=c2f0970ff9b1615a0e4381909ee6a11f99b1979e;hb=46fab059977aed107f53c96ced0f35cfff8c7836;hp=f4fab6022c3403ff5e94d6b2a5c05cf38754ba2e;hpb=cfa450d078d2595b01b2d2a83555932dc788ad1c;p=openldap

diff --git a/servers/slapd/schema.c b/servers/slapd/schema.c
index f4fab6022c..c2f0970ff9 100644
--- a/servers/slapd/schema.c
+++ b/servers/slapd/schema.c
@@ -1,202 +1,167 @@
-/* schema.c - routines to enforce schema definitions */
+/* schema.c - routines to manage schema definitions */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2005 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
 
 #include "portable.h"
 
 #include <stdio.h>
 
+#include <ac/ctype.h>
 #include <ac/string.h>
 #include <ac/socket.h>
 
 #include "slap.h"
+#include "lutil.h"
 
-static struct objclass	*oc_find(char *ocname);
-static char *	oc_check_required(Entry *e, char *ocname);
-static int		oc_check_allowed(char *type, struct berval **ocl);
-
-/*
- * oc_check - check that entry e conforms to the schema required by
- * its object class(es). returns 0 if so, non-zero otherwise.
- */
 
 int
-oc_schema_check( Entry *e )
+schema_info( Entry **entry, const char **text )
 {
-	Attribute	*a, *aoc;
-	struct objclass	*oc;
-	int		i;
-	int		ret = 0;
-
-	/* find the object class attribute - could error out here */
-	if ( (aoc = attr_find( e->e_attrs, "objectclass" )) == NULL ) {
-		Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n",
-		    e->e_dn, 0, 0 );
-		return( 0 );
+	AttributeDescription *ad_structuralObjectClass
+		= slap_schema.si_ad_structuralObjectClass;
+	AttributeDescription *ad_objectClass
+		= slap_schema.si_ad_objectClass;
+	AttributeDescription *ad_createTimestamp
+		= slap_schema.si_ad_createTimestamp;
+	AttributeDescription *ad_modifyTimestamp
+		= slap_schema.si_ad_modifyTimestamp;
+
+	Entry		*e;
+	struct berval	vals[5];
+	struct berval	nvals[5];
+
+	e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) );
+	if( e == NULL ) {
+		/* Out of memory, do something about it */
+		Debug( LDAP_DEBUG_ANY, 
+			"schema_info: SLAP_CALLOC failed - out of memory.\n", 0, 0, 0 );
+		*text = "out of memory";
+		return LDAP_OTHER;
 	}
 
-	/* check that the entry has required attrs for each oc */
-	for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
-		char *s = oc_check_required( e, aoc->a_vals[i]->bv_val );
-
-		if (s != NULL) {
-			Debug( LDAP_DEBUG_ANY,
-			    "Entry (%s), oc \"%s\" requires attr \"%s\"\n",
-			    e->e_dn, aoc->a_vals[i]->bv_val, s );
-			ret = 1;
-		}
+	e->e_attrs = NULL;
+	/* backend-specific schema info should be created by the
+	 * backend itself
+	 */
+	ber_dupbv( &e->e_name, &frontendDB->be_schemadn );
+	ber_dupbv( &e->e_nname, &frontendDB->be_schemandn );
+	e->e_private = NULL;
+
+	BER_BVSTR( &vals[0], "subentry" );
+	if( attr_merge_one( e, ad_structuralObjectClass, vals, NULL ) ) {
+		/* Out of memory, do something about it */
+		entry_free( e );
+		*text = "out of memory";
+		return LDAP_OTHER;
 	}
 
-	if ( ret != 0 ) {
-	    return( ret );
+	BER_BVSTR( &vals[0], "top" );
+	BER_BVSTR( &vals[1], "subentry" );
+	BER_BVSTR( &vals[2], "subschema" );
+	BER_BVSTR( &vals[3], "extensibleObject" );
+	BER_BVZERO( &vals[4] );
+	if ( attr_merge( e, ad_objectClass, vals, NULL ) ) {
+		/* Out of memory, do something about it */
+		entry_free( e );
+		*text = "out of memory";
+		return LDAP_OTHER;
 	}
 
-	/* check that each attr in the entry is allowed by some oc */
-	for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
-		if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) {
-			Debug( LDAP_DEBUG_ANY,
-			    "Entry (%s), attr \"%s\" not allowed\n",
-			    e->e_dn, a->a_type, 0 );
-			ret = 1;
-		}
-	}
-
-	return( ret );
-}
+	{
+		int rc;
+		AttributeDescription *desc = NULL;
+		struct berval rdn = frontendDB->be_schemadn;
+		vals[0].bv_val = strchr( rdn.bv_val, '=' );
 
-static char *
-oc_check_required( Entry *e, char *ocname )
-{
-	struct objclass	*oc;
-	int		i;
-	Attribute	*a;
+		if( vals[0].bv_val == NULL ) {
+			*text = "improperly configured subschema subentry";
+			return LDAP_OTHER;
+		}
 
-	/* find global oc defn. it we don't know about it assume it's ok */
-	if ( (oc = oc_find( ocname )) == NULL ) {
-		return( 0 );
-	}
+		vals[0].bv_val++;
+		vals[0].bv_len = rdn.bv_len - (vals[0].bv_val - rdn.bv_val);
+		rdn.bv_len -= vals[0].bv_len + 1;
 
-	/* check for empty oc_required */
-	if(oc->oc_required == NULL) {
-		return( 0 );
-	}
+		rc = slap_bv2ad( &rdn, &desc, text );
 
-	/* for each required attribute */
-	for ( i = 0; oc->oc_required[i] != NULL; i++ ) {
-		/* see if it's in the entry */
-		for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
-			if ( strcasecmp( a->a_type, oc->oc_required[i] )
-			    == 0 ) {
-				break;
-			}
+		if( rc != LDAP_SUCCESS ) {
+			entry_free( e );
+			*text = "improperly configured subschema subentry";
+			return LDAP_OTHER;
 		}
 
-		/* not there => schema violation */
-		if ( a == NULL ) {
-			return oc->oc_required[i];
+		nvals[0].bv_val = strchr( frontendDB->be_schemandn.bv_val, '=' );
+		assert( nvals[0].bv_val );
+		nvals[0].bv_val++;
+		nvals[0].bv_len = frontendDB->be_schemandn.bv_len -
+			(nvals[0].bv_val - frontendDB->be_schemandn.bv_val);
+
+		if ( attr_merge_one( e, desc, vals, nvals ) ) {
+			/* Out of memory, do something about it */
+			entry_free( e );
+			*text = "out of memory";
+			return LDAP_OTHER;
 		}
 	}
 
-	return( NULL );
-}
-
-/*
- * check to see if attribute is 'operational' or not.
- * this function should be externalized...
- */
-static int
-oc_check_operational( char *type )
-{
-	return ( strcasecmp( type, "modifiersname" ) == 0 ||
-		strcasecmp( type, "modifytimestamp" ) == 0 ||
-		strcasecmp( type, "creatorsname" ) == 0 ||
-		strcasecmp( type, "createtimestamp" ) == 0 )
-		? 1 : 0;
-}
-
-static int
-oc_check_allowed( char *type, struct berval **ocl )
-{
-	struct objclass	*oc;
-	int		i, j;
+	{
+		char		timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
 
-	/* always allow objectclass attribute */
-	if ( strcasecmp( type, "objectclass" ) == 0 ) {
-		return( 0 );
-	}
+		/*
+		 * According to RFC 2251:
 
-	if ( oc_check_operational( type ) ) {
-		return( 0 );
-	}
+   Servers SHOULD provide the attributes createTimestamp and
+   modifyTimestamp in subschema entries, in order to allow clients to
+   maintain their caches of schema information.
 
-	/* check that the type appears as req or opt in at least one oc */
-	for ( i = 0; ocl[i] != NULL; i++ ) {
-		/* if we know about the oc */
-		if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) {
-			/* does it require the type? */
-			for ( j = 0; oc->oc_required != NULL && 
-				oc->oc_required[j] != NULL; j++ ) {
-				if ( strcasecmp( oc->oc_required[j], type )
-				    == 0 ) {
-					return( 0 );
-				}
-			}
-			/* does it allow the type? */
-			for ( j = 0; oc->oc_allowed != NULL && 
-				oc->oc_allowed[j] != NULL; j++ ) {
-				if ( strcasecmp( oc->oc_allowed[j], type )
-				    == 0 || strcmp( oc->oc_allowed[j], "*" )
-				    == 0 )
-				{
-					return( 0 );
-				}
-			}
-			/* maybe the next oc allows it */
-
-		/* we don't know about the oc. assume it allows it */
-		} else {
-			return( 0 );
-		}
-	}
+		 * to be conservative, we declare schema created 
+		 * AND modified at server startup time ...
+		 */
 
-	/* not allowed by any oc */
-	return( 1 );
-}
+		vals[0].bv_val = timebuf;
+		vals[0].bv_len = sizeof( timebuf );
 
-static struct objclass *
-oc_find( char *ocname )
-{
-	struct objclass	*oc;
+		slap_timestamp( &starttime, vals );
 
-	for ( oc = global_oc; oc != NULL; oc = oc->oc_next ) {
-		if ( strcasecmp( oc->oc_name, ocname ) == 0 ) {
-			return( oc );
+		if( attr_merge_one( e, ad_createTimestamp, vals, NULL ) ) {
+			/* Out of memory, do something about it */
+			entry_free( e );
+			*text = "out of memory";
+			return LDAP_OTHER;
 		}
-	}
-
-	return( NULL );
-}
-
-#ifdef LDAP_DEBUG
-
-static void
-oc_print( struct objclass *oc )
-{
-	int	i;
-
-	printf( "objectclass %s\n", oc->oc_name );
-	if ( oc->oc_required != NULL ) {
-		printf( "\trequires %s", oc->oc_required[0] );
-		for ( i = 1; oc->oc_required[i] != NULL; i++ ) {
-			printf( ",%s", oc->oc_required[i] );
+		if( attr_merge_one( e, ad_modifyTimestamp, vals, NULL ) ) {
+			/* Out of memory, do something about it */
+			entry_free( e );
+			*text = "out of memory";
+			return LDAP_OTHER;
 		}
-		printf( "\n" );
 	}
-	if ( oc->oc_allowed != NULL ) {
-		printf( "\tallows %s", oc->oc_allowed[0] );
-		for ( i = 1; oc->oc_allowed[i] != NULL; i++ ) {
-			printf( ",%s", oc->oc_allowed[i] );
-		}
-		printf( "\n" );
+
+	if ( syn_schema_info( e ) 
+		|| mr_schema_info( e )
+		|| mru_schema_info( e )
+		|| at_schema_info( e )
+		|| oc_schema_info( e )
+		|| cr_schema_info( e ) )
+	{
+		/* Out of memory, do something about it */
+		entry_free( e );
+		*text = "out of memory";
+		return LDAP_OTHER;
 	}
+	
+	*entry = e;
+	return LDAP_SUCCESS;
 }
-
-#endif