X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema.c;h=d0dfa3021d2f7c4f52bc28278228429e2f132f08;hb=426ca14a868b6edb638b48e14593542a365fcc4b;hp=a5b0a0519b5183e3116dd0cf2677fd47e751aef3;hpb=7f357399cfc635c148789e9728087ee7472bc75b;p=openldap diff --git a/servers/slapd/schema.c b/servers/slapd/schema.c index a5b0a0519b..d0dfa3021d 100644 --- a/servers/slapd/schema.c +++ b/servers/slapd/schema.c @@ -1,482 +1,178 @@ -/* schema.c - routines to enforce schema definitions */ +/* schema.c - routines to manage schema definitions */ +/* $OpenLDAP$ */ +/* + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ #include "portable.h" #include +#include #include #include #include "slap.h" +#include "ldap_pvt.h" +#include "lutil.h" -static char * oc_check_required(Entry *e, char *ocname); -static int oc_check_allowed(char *type, struct berval **ocl); - -/* - * oc_check - check that entry e conforms to the schema required by - * its object class(es). returns 0 if so, non-zero otherwise. - */ int -oc_schema_check( Entry *e ) -{ - Attribute *a, *aoc; - int i; - int ret = 0; - - /* find the object class attribute - could error out here */ - if ( (aoc = attr_find( e->e_attrs, "objectclass" )) == NULL ) { - Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n", - e->e_dn, 0, 0 ); - return( 0 ); - } - - /* check that the entry has required attrs for each oc */ - for ( i = 0; aoc->a_vals[i] != NULL; i++ ) { - char *s = oc_check_required( e, aoc->a_vals[i]->bv_val ); - - if (s != NULL) { - Debug( LDAP_DEBUG_ANY, - "Entry (%s), oc \"%s\" requires attr \"%s\"\n", - e->e_dn, aoc->a_vals[i]->bv_val, s ); - ret = 1; - } - } - - if ( ret != 0 ) { - return( ret ); - } - - /* check that each attr in the entry is allowed by some oc */ - for ( a = e->e_attrs; a != NULL; a = a->a_next ) { - if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) { - Debug( LDAP_DEBUG_ANY, - "Entry (%s), attr \"%s\" not allowed\n", - e->e_dn, a->a_type, 0 ); - ret = 1; - } - } - - return( ret ); -} - -static char * -oc_check_required( Entry *e, char *ocname ) -{ - ObjectClass *oc; - AttributeType *at; - int i, j; - Attribute *a; - char **pp; - - Debug( LDAP_DEBUG_TRACE, - "oc_check_required entry (%s), objectclass \"%s\"\n", - e->e_dn, ocname, 0 ); - - /* find global oc defn. it we don't know about it assume it's ok */ - if ( (oc = oc_find( ocname )) == NULL ) { - return( 0 ); - } - - /* check for empty oc_required */ - if(oc->soc_required == NULL) { - return( 0 ); - } - - /* for each required attribute */ - for ( i = 0; oc->soc_required[i] != NULL; i++ ) { - at = oc->soc_required[i]; - /* see if it's in the entry */ - for ( a = e->e_attrs; a != NULL; a = a->a_next ) { - if ( at->sat_atype.at_oid && - strcmp( a->a_type, at->sat_atype.at_oid ) == 0 ) { - break; - } - pp = at->sat_atype.at_names; - if ( pp == NULL ) { - /* Empty name list => not found */ - a = NULL; - break; - } - while ( *pp ) { - if ( strcasecmp( a->a_type, *pp ) == 0 ) { - break; - } - pp++; - } - if ( *pp ) { - break; - } - } - /* not there => schema violation */ - if ( a == NULL ) { - if ( at->sat_atype.at_names && - at->sat_atype.at_names[0] ) { - return at->sat_atype.at_names[0]; - } else { - return at->sat_atype.at_oid; - } - } - } - - return( NULL ); -} - -/* - * check to see if attribute is 'operational' or not. - * this function should be externalized... - */ -static int -oc_check_operational( char *type ) +schema_info( Entry **entry, const char **text ) { - return ( strcasecmp( type, "modifiersname" ) == 0 || - strcasecmp( type, "modifytimestamp" ) == 0 || - strcasecmp( type, "creatorsname" ) == 0 || - strcasecmp( type, "createtimestamp" ) == 0 ) - ? 1 : 0; -} - -static int -oc_check_allowed( char *type, struct berval **ocl ) -{ - ObjectClass *oc; - AttributeType *at; - int i, j; - char **pp; - - Debug( LDAP_DEBUG_TRACE, - "oc_check_allowed type \"%s\"\n", type, 0, 0 ); - - /* always allow objectclass attribute */ - if ( strcasecmp( type, "objectclass" ) == 0 ) { - return( 0 ); - } - - if ( oc_check_operational( type ) ) { - return( 0 ); - } - - /* check that the type appears as req or opt in at least one oc */ - for ( i = 0; ocl[i] != NULL; i++ ) { - /* if we know about the oc */ - if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) { - /* does it require the type? */ - for ( j = 0; oc->soc_required != NULL && - oc->soc_required[j] != NULL; j++ ) { - at = oc->soc_required[j]; - if ( at->sat_atype.at_oid && - strcmp(at->sat_atype.at_oid, type ) == 0 ) { - return( 0 ); - } - pp = at->sat_atype.at_names; - if ( pp == NULL ) - continue; - while ( *pp ) { - if ( strcasecmp( *pp, type ) == 0 ) { - return( 0 ); - } - pp++; - } - } - /* does it allow the type? */ - for ( j = 0; oc->soc_allowed != NULL && - oc->soc_allowed[j] != NULL; j++ ) { - at = oc->soc_allowed[j]; - if ( at->sat_atype.at_oid && - strcmp(at->sat_atype.at_oid, type ) == 0 ) { - return( 0 ); - } - pp = at->sat_atype.at_names; - if ( pp == NULL ) - continue; - while ( *pp ) { - if ( strcasecmp( *pp, type ) == 0 || - strcmp( *pp, "*" ) == 0 ) { - return( 0 ); - } - pp++; - } - } - /* maybe the next oc allows it */ - - /* we don't know about the oc. assume it allows it */ - } else { - return( 0 ); + AttributeDescription *ad_structuralObjectClass + = slap_schema.si_ad_structuralObjectClass; + AttributeDescription *ad_objectClass + = slap_schema.si_ad_objectClass; + AttributeDescription *ad_createTimestamp + = slap_schema.si_ad_createTimestamp; + AttributeDescription *ad_modifyTimestamp + = slap_schema.si_ad_modifyTimestamp; + + Entry *e; + struct berval vals[5]; + struct berval nvals[5]; + + e = (Entry *) SLAP_CALLOC( 1, sizeof(Entry) ); + if( e == NULL ) { + /* Out of memory, do something about it */ +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, ERR, + "schema_info: SLAP_CALLOC failed - out of memory.\n", 0, 0,0 ); +#else + Debug( LDAP_DEBUG_ANY, + "schema_info: SLAP_CALLOC failed - out of memory.\n", 0, 0, 0 ); +#endif + *text = "out of memory"; + return LDAP_OTHER; + } + + e->e_attrs = NULL; + /* backend-specific schema info should be created by the + * backend itself + */ + ber_dupbv( &e->e_name, &global_schemadn ); + ber_dupbv( &e->e_nname, &global_schemandn ); + e->e_private = NULL; + + vals[0].bv_val = "subentry"; + vals[0].bv_len = sizeof("subentry")-1; + if( attr_merge_one( e, ad_structuralObjectClass, vals, vals ) ) + { + /* Out of memory, do something about it */ + entry_free( e ); + *text = "out of memory"; + return LDAP_OTHER; + } + + vals[0].bv_val = "top"; + vals[0].bv_len = sizeof("top")-1; + vals[1].bv_val = "subentry"; + vals[1].bv_len = sizeof("subentry")-1; + vals[2].bv_val = "subschema"; + vals[2].bv_len = sizeof("subschema")-1; + vals[3].bv_val = "extensibleObject"; + vals[3].bv_len = sizeof("extensibleObject")-1; + vals[4].bv_val = NULL; + if( attr_merge( e, ad_objectClass, vals, vals ) ) + { + /* Out of memory, do something about it */ + entry_free( e ); + *text = "out of memory"; + return LDAP_OTHER; + } + + { + int rc; + AttributeDescription *desc = NULL; + struct berval rdn = global_schemadn; + vals[0].bv_val = strchr( rdn.bv_val, '=' ); + + if( vals[0].bv_val == NULL ) { + *text = "improperly configured subschema subentry"; + return LDAP_OTHER; } - } - - /* not allowed by any oc */ - return( 1 ); -} - -struct oindexrec { - char *oir_name; - ObjectClass *oir_oc; -}; - -static Avlnode *oc_index = NULL; -static AttributeType *oc_list = NULL; - -static int -oc_index_cmp( - struct oindexrec *oir1, - struct oindexrec *oir2 -) -{ - return (strcasecmp( oir1->oir_name, oir2->oir_name )); -} -static int -oc_index_name_cmp( - char *type, - struct oindexrec *oir -) -{ - return (strcasecmp( type, oir->oir_name )); -} + vals[0].bv_val++; + vals[0].bv_len = rdn.bv_len - (vals[0].bv_val - rdn.bv_val); + rdn.bv_len -= vals[0].bv_len + 1; -ObjectClass * -oc_find( char *ocname ) -{ - struct oindexrec *oir = NULL; + rc = slap_bv2ad( &rdn, &desc, text ); - if ( (oir = (struct oindexrec *) avl_find( oc_index, ocname, - (AVL_CMP) oc_index_name_cmp )) != NULL ) { - return( oir->oir_oc ); - } - return( NULL ); -} - -static int -oc_create_required( - ObjectClass *soc, - char **attrs, - char **err -) -{ - char **attrs1; - int nattrs; - AttributeType *sat; - AttributeType **satp; - int i; - - if ( attrs ) { - attrs1 = attrs; - while ( *attrs1 ) { - sat = at_find(*attrs1); - if ( !sat ) { - *err = *attrs1; - return SLAP_SCHERR_ATTR_NOT_FOUND; - } - if ( at_find_in_list(sat, soc->soc_required) < 0) { - if ( at_append_to_list(sat, &soc->soc_required) ) { - *err = *attrs1; - return SLAP_SCHERR_OUTOFMEM; - } - } - attrs1++; - } - /* Now delete duplicates from the allowed list */ - for ( satp = soc->soc_required; *satp; satp++ ) { - i = at_find_in_list(*satp,soc->soc_allowed); - if ( i >= 0 ) { - at_delete_from_list(i, &soc->soc_allowed); - } + if( rc != LDAP_SUCCESS ) { + entry_free( e ); + *text = "improperly configured subschema subentry"; + return LDAP_OTHER; } - } - return 0; -} - -static int -oc_create_allowed( - ObjectClass *soc, - char **attrs, - char **err -) -{ - char **attrs1; - int nattrs; - AttributeType *sat; - AttributeType **satp; - int i; - if ( attrs ) { - attrs1 = attrs; - while ( *attrs1 ) { - sat = at_find(*attrs1); - if ( !sat ) { - *err = *attrs1; - return SLAP_SCHERR_ATTR_NOT_FOUND; - } - if ( at_find_in_list(sat, soc->soc_required) < 0 && - at_find_in_list(sat, soc->soc_allowed) < 0 ) { - if ( at_append_to_list(sat, &soc->soc_allowed) ) { - *err = *attrs1; - return SLAP_SCHERR_OUTOFMEM; - } - } - attrs1++; + nvals[0].bv_val = strchr( global_schemandn.bv_val, '=' ); + assert( nvals[0].bv_val ); + nvals[0].bv_val++; + nvals[0].bv_len = global_schemandn.bv_len - + (nvals[0].bv_val - global_schemandn.bv_val); + + if( attr_merge_one( e, desc, vals, nvals ) ) + { + /* Out of memory, do something about it */ + entry_free( e ); + *text = "out of memory"; + return LDAP_OTHER; } } - return 0; -} -static int -oc_add_sups( - ObjectClass *soc, - char **sups, - char **err -) -{ - int code; - ObjectClass *soc1; - int nsups; - char **sups1; - int add_sups = 0; + { + struct tm *ltm; + char timebuf[ LDAP_LUTIL_GENTIME_BUFSIZE ]; - if ( sups ) { - if ( !soc->soc_sups ) { - /* We are at the first recursive level */ - add_sups = 1; - nsups = 0; - sups1 = sups; - while ( *sups1 ) { - nsups++; - sups1++; - } - nsups++; - soc->soc_sups = (ObjectClass **)ch_calloc(1, - nsups*sizeof(ObjectClass *)); - } - nsups = 0; - sups1 = sups; - while ( *sups1 ) { - soc1 = oc_find(*sups1); - if ( !soc1 ) { - *err = *sups1; - return SLAP_SCHERR_CLASS_NOT_FOUND; - } + /* + * According to RFC 2251: - if ( add_sups ) - soc->soc_sups[nsups] = soc1; + Servers SHOULD provide the attributes createTimestamp and + modifyTimestamp in subschema entries, in order to allow clients to + maintain their caches of schema information. - code = oc_add_sups(soc,soc1->soc_oclass.oc_sup_oids, - err); - if ( code ) - return code; - - if ( code = oc_create_required(soc, - soc1->soc_oclass.oc_at_oids_must,err) ) - return code; - if ( code = oc_create_allowed(soc, - soc1->soc_oclass.oc_at_oids_may,err) ) - return code; - nsups++; - sups1++; - } - } - return 0; -} + * to be conservative, we declare schema created + * AND modified at server startup time ... + */ -static int -oc_insert( - ObjectClass *soc, - char **err -) -{ - ObjectClass **ocp; - struct oindexrec *oir; - char **names; + ldap_pvt_thread_mutex_lock( &gmtime_mutex ); + ltm = gmtime( &starttime ); + lutil_gentime( timebuf, sizeof(timebuf), ltm ); + ldap_pvt_thread_mutex_unlock( &gmtime_mutex ); - ocp = &global_oc; - while ( *ocp != NULL ) { - ocp = &(*ocp)->soc_next; - } - *ocp = soc; + vals[0].bv_val = timebuf; + vals[0].bv_len = strlen( timebuf ); - if ( soc->soc_oclass.oc_oid ) { - oir = (struct oindexrec *) - ch_calloc( 1, sizeof(struct oindexrec) ); - oir->oir_name = soc->soc_oclass.oc_oid; - oir->oir_oc = soc; - if ( avl_insert( &oc_index, (caddr_t) oir, - (AVL_CMP) oc_index_cmp, - (AVL_DUP) avl_dup_error ) ) { - *err = soc->soc_oclass.oc_oid; - ldap_memfree(oir); - return SLAP_SCHERR_DUP_CLASS; + if( attr_merge_one( e, ad_createTimestamp, vals, vals ) ) + { + /* Out of memory, do something about it */ + entry_free( e ); + *text = "out of memory"; + return LDAP_OTHER; } - /* FIX: temporal consistency check */ - oc_find(oir->oir_name); - } - if ( (names = soc->soc_oclass.oc_names) ) { - while ( *names ) { - oir = (struct oindexrec *) - ch_calloc( 1, sizeof(struct oindexrec) ); - oir->oir_name = ch_strdup(*names); - oir->oir_oc = soc; - if ( avl_insert( &oc_index, (caddr_t) oir, - (AVL_CMP) oc_index_cmp, - (AVL_DUP) avl_dup_error ) ) { - *err = *names; - ldap_memfree(oir); - return SLAP_SCHERR_DUP_CLASS; - } - /* FIX: temporal consistency check */ - oc_find(oir->oir_name); - names++; + if( attr_merge_one( e, ad_modifyTimestamp, vals, vals ) ) + { + /* Out of memory, do something about it */ + entry_free( e ); + *text = "out of memory"; + return LDAP_OTHER; } } - return 0; -} - -int -oc_add( - LDAP_OBJECT_CLASS *oc, - char **err -) -{ - ObjectClass *soc; - int code; - soc = (ObjectClass *) ch_calloc( 1, sizeof(ObjectClass) ); - memcpy( &soc->soc_oclass, oc, sizeof(LDAP_OBJECT_CLASS)); - if ( code = oc_add_sups(soc,soc->soc_oclass.oc_sup_oids,err) ) - return code; - if ( code = oc_create_required(soc,soc->soc_oclass.oc_at_oids_must,err) ) - return code; - if ( code = oc_create_allowed(soc,soc->soc_oclass.oc_at_oids_may,err) ) - return code; - code = oc_insert(soc,err); - return code; + if ( syn_schema_info( e ) + || mr_schema_info( e ) + || mru_schema_info( e ) + || at_schema_info( e ) + || oc_schema_info( e ) + || cr_schema_info( e ) ) + { + /* Out of memory, do something about it */ + entry_free( e ); + *text = "out of memory"; + return LDAP_OTHER; + } + + *entry = e; + return LDAP_SUCCESS; } - -#ifdef LDAP_DEBUG - -static void -oc_print( ObjectClass *oc ) -{ - int i; - - if ( oc->soc_oclass.oc_names && oc->soc_oclass.oc_names[0] ) { - printf( "objectclass %s\n", oc->soc_oclass.oc_names[0] ); - } else { - printf( "objectclass %s\n", oc->soc_oclass.oc_oid ); - } - if ( oc->soc_required != NULL ) { - printf( "\trequires %s", oc->soc_required[0] ); - for ( i = 1; oc->soc_required[i] != NULL; i++ ) { - printf( ",%s", oc->soc_required[i] ); - } - printf( "\n" ); - } - if ( oc->soc_allowed != NULL ) { - printf( "\tallows %s", oc->soc_allowed[0] ); - for ( i = 1; oc->soc_allowed[i] != NULL; i++ ) { - printf( ",%s", oc->soc_allowed[i] ); - } - printf( "\n" ); - } -} - -#endif