X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_check.c;h=536211b4e8d24f7a22457b11ab23ed897c403502;hb=0445405299ebc97d0f11585031fb1abef031caf9;hp=6aad6a2bea766b33c4e15f79b7170491af4fa2e6;hpb=4540262cf56f90840df0cd8c4e0c302046422994;p=openldap diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c index 6aad6a2bea..536211b4e8 100644 --- a/servers/slapd/schema_check.c +++ b/servers/slapd/schema_check.c @@ -16,13 +16,6 @@ #include "slap.h" #include "ldap_pvt.h" -#ifdef SLAPD_SCHEMA_NOT_COMPAT -static int oc_check_allowed( - AttributeType *type, - struct berval **oclist ); -#else -static int oc_check_allowed(char *type, struct berval **oclist); -#endif static char * oc_check_required(Entry *e, struct berval *ocname); /* @@ -40,69 +33,88 @@ entry_schema_check( ObjectClass *oc; int i; int ret; -#ifdef SLAPD_SCHEMA_NOT_COMPAT AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; -#else - static const char *ad_objectClass = "objectclass"; -#endif + int extensible = 0; if( !global_schemacheck ) return LDAP_SUCCESS; /* find the object class attribute - could error out here */ if ( (aoc = attr_find( e->e_attrs, ad_objectClass )) == NULL ) { - Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n", +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_INFO, + "entry_schema_check: No objectClass for entry (%s).\n", e->e_dn )); +#else + Debug( LDAP_DEBUG_ANY, "No objectClass for entry (%s)\n", e->e_dn, 0, 0 ); - assert(0); +#endif - *text = "no objectclass attribute"; - return oldattrs != NULL - ? LDAP_OBJECT_CLASS_VIOLATION - : LDAP_NO_OBJECT_CLASS_MODS; + *text = "no objectClass attribute"; + return LDAP_OBJECT_CLASS_VIOLATION; } - ret = LDAP_SUCCESS; - /* check that the entry has required attrs for each oc */ for ( i = 0; aoc->a_vals[i] != NULL; i++ ) { if ( (oc = oc_find( aoc->a_vals[i]->bv_val )) == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_INFO, + "entry_schema_check: dn (%s), objectClass \"%s\" not recognized\n", + e->e_dn, aoc->a_vals[i]->bv_val )); +#else Debug( LDAP_DEBUG_ANY, - "Objectclass \"%s\" not defined\n", - aoc->a_vals[i]->bv_val, 0, 0 ); + "entry_check_schema(%s): objectClass \"%s\" not recognized\n", + e->e_dn, aoc->a_vals[i]->bv_val, 0 ); +#endif + + *text = "unrecognized object class"; + return LDAP_OBJECT_CLASS_VIOLATION; } else { char *s = oc_check_required( e, aoc->a_vals[i] ); if (s != NULL) { +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_INFO, + "entry_schema_check: dn (%s) oc \"%s\" requires att \"%s\"\n", + e->e_dn, aoc->a_vals[i]->bv_val, s )); +#else Debug( LDAP_DEBUG_ANY, "Entry (%s), oc \"%s\" requires attr \"%s\"\n", e->e_dn, aoc->a_vals[i]->bv_val, s ); +#endif + *text = "missing required attribute"; - ret = LDAP_OBJECT_CLASS_VIOLATION; - break; + return LDAP_OBJECT_CLASS_VIOLATION; } + + if( oc == slap_schema.si_oc_extensibleObject ) { + extensible=1; + } + } } - if ( ret != LDAP_SUCCESS ) { - return ret; + if( extensible ) { + return LDAP_SUCCESS; } + /* optimistic */ + ret = LDAP_SUCCESS; + /* check that each attr in the entry is allowed by some oc */ for ( a = e->e_attrs; a != NULL; a = a->a_next ) { -#ifdef SLAPD_SCHEMA_NOT_COMPAT ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals ); -#else - ret = oc_check_allowed( a->a_type, aoc->a_vals ); -#endif if ( ret != 0 ) { -#ifdef SLAPD_SCHEMA_NOT_COMPAT char *type = a->a_desc->ad_cname->bv_val; +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_INFO, + "entry_schema_check: Entry (%s) attr \"%s\" not allowed.\n", + e->e_dn, type )); #else - char *type = a->a_type; -#endif Debug( LDAP_DEBUG_ANY, "Entry (%s), attr \"%s\" not allowed\n", e->e_dn, type, 0 ); +#endif + *text = "attribute not allowed"; break; } @@ -119,9 +131,16 @@ oc_check_required( Entry *e, struct berval *ocname ) int i; Attribute *a; +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, + "oc_check_required: dn (%s), objectClass \"%s\"\n", + e->e_dn, ocname->bv_val )); +#else Debug( LDAP_DEBUG_TRACE, - "oc_check_required entry (%s), objectclass \"%s\"\n", + "oc_check_required entry (%s), objectClass \"%s\"\n", e->e_dn, ocname->bv_val, 0 ); +#endif + /* find global oc defn. it we don't know about it assume it's ok */ if ( (oc = oc_find( ocname->bv_val )) == NULL ) { @@ -138,121 +157,48 @@ oc_check_required( Entry *e, struct berval *ocname ) at = oc->soc_required[i]; /* see if it's in the entry */ for ( a = e->e_attrs; a != NULL; a = a->a_next ) { -#ifdef SLAPD_SCHEMA_NOT_COMPAT if( a->a_desc->ad_type == at ) { break; } -#else - char **pp; - - if ( at->sat_oid && - strcmp( a->a_type, at->sat_oid ) == 0 ) { - break; - } - pp = at->sat_names; - if ( pp == NULL ) { - /* Empty name list => not found */ - a = NULL; - break; - } - while ( *pp ) { - if ( strcasecmp( a->a_type, *pp ) == 0 ) { - break; - } - pp++; - } - if ( *pp ) { - break; - } -#endif } /* not there => schema violation */ if ( a == NULL ) { -#ifdef SLAPD_SCHEMA_NOT_COMPAT return at->sat_cname; -#else - if ( at->sat_names && at->sat_names[0] ) { - return at->sat_names[0]; - } else { - return at->sat_oid; - } -#endif } } return( NULL ); } -static int -oc_check_allowed( -#ifdef SLAPD_SCHEMA_NOT_COMPAT +int oc_check_allowed( AttributeType *at, -#else - char *type, -#endif struct berval **ocl ) { ObjectClass *oc; int i, j; -#ifdef SLAPD_SCHEMA_NOT_COMPAT +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, + "oc_check_allowed: type \"%s\"\n", at->sat_cname )); +#else Debug( LDAP_DEBUG_TRACE, "oc_check_allowed type \"%s\"\n", at->sat_cname, 0, 0 ); +#endif - /* always allow objectclass attribute */ - if ( strcasecmp( at->sat_cname, "objectclass" ) == 0 ) { - return LDAP_SUCCESS; - } - -#else - AttributeType *at; - char **pp; - char *p; - char *t; - - Debug( LDAP_DEBUG_TRACE, - "oc_check_allowed type \"%s\"\n", type, 0, 0 ); - /* always allow objectclass attribute */ - if ( strcasecmp( type, "objectclass" ) == 0 ) { + /* always allow objectClass attribute */ + if ( strcasecmp( at->sat_cname, "objectClass" ) == 0 ) { return LDAP_SUCCESS; } -#endif -#ifdef SLAPD_SCHEMA_NOT_COMPAT - /* - * All operational attributions are allowed by schema rules. - */ - if( is_at_operational(at) ) { - return LDAP_SUCCESS; - } -#else - /* - * The "type" we have received is actually an AttributeDescription. - * Let's find out the corresponding type. - */ - p = strchr( type, ';' ); - if ( p ) { - t = ch_malloc( p-type+1 ); - strncpy( t, type, p-type ); - t[p-type] = '\0'; - Debug( LDAP_DEBUG_TRACE, - "oc_check_allowed type \"%s\" from \"%s\"\n", - t, type, 0 ); - - } else - { - t = type; - } /* * All operational attributions are allowed by schema rules. */ - if ( oc_check_op_attr( t ) ) { + if( is_at_operational(at) ) { return LDAP_SUCCESS; } -#endif /* check that the type appears as req or opt in at least one oc */ for ( i = 0; ocl[i] != NULL; i++ ) { @@ -262,60 +208,17 @@ oc_check_allowed( for ( j = 0; oc->soc_required != NULL && oc->soc_required[j] != NULL; j++ ) { -#ifdef SLAPD_SCHEMA_NOT_COMPAT if( at == oc->soc_required[j] ) { return LDAP_SUCCESS; } -#else - at = oc->soc_required[j]; - if ( at->sat_oid && - strcmp(at->sat_oid, t ) == 0 ) { - if ( t != type ) - ldap_memfree( t ); - return LDAP_SUCCESS; - } - pp = at->sat_names; - if ( pp == NULL ) - continue; - while ( *pp ) { - if ( strcasecmp( *pp, t ) == 0 ) { - if ( t != type ) - ldap_memfree( t ); - return LDAP_SUCCESS; - } - pp++; - } -#endif } /* does it allow the type? */ for ( j = 0; oc->soc_allowed != NULL && oc->soc_allowed[j] != NULL; j++ ) { -#ifdef SLAPD_SCHEMA_NOT_COMPAT if( at == oc->soc_allowed[j] ) { return LDAP_SUCCESS; } -#else - at = oc->soc_allowed[j]; - if ( at->sat_oid && - strcmp( at->sat_oid, t ) == 0 ) { - if ( t != type ) - ldap_memfree( t ); - return LDAP_SUCCESS; - } - pp = at->sat_names; - if ( pp == NULL ) - continue; - while ( *pp ) { - if ( strcasecmp( *pp, t ) == 0 || - strcmp( *pp, "*" ) == 0 ) { - if ( t != type ) - ldap_memfree( t ); - return LDAP_SUCCESS; - } - pp++; - } -#endif } /* maybe the next oc allows it */ @@ -329,10 +232,6 @@ oc_check_allowed( } } -#ifndef SLAPD_SCHEMA_NOT_COMPAT - if ( t != type ) - ldap_memfree( t ); -#endif /* not allowed by any oc */ return LDAP_OBJECT_CLASS_VIOLATION;