X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_check.c;h=87ba819c1d35e1a44a2d361067fe720855245234;hb=0f30fb0d8f0adbbb7b41fd455c57aa56d64c9853;hp=0d54333a79db28c5322b8dfb71beda4e411cded6;hpb=693fb9424a17799192116e8ce007c4070798cdeb;p=openldap diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c index 0d54333a79..87ba819c1d 100644 --- a/servers/slapd/schema_check.c +++ b/servers/slapd/schema_check.c @@ -27,78 +27,139 @@ static char * oc_check_required(Entry *e, struct berval *ocname); int entry_schema_check( - Entry *e, Attribute *oldattrs, const char** text ) + Entry *e, Attribute *oldattrs, const char** text, + char *textbuf, size_t textlen ) { Attribute *a, *aoc; ObjectClass *oc; int i; - int ret; AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; int extensible = 0; + *text = textbuf; + + /* check single-valued attrs for multiple values */ + for ( a = e->e_attrs; a != NULL; a = a->a_next ) { + /* there should be at least one value */ + assert( a->a_vals ); + assert( a->a_vals[0] != NULL ); + + /* if single value type, check for multiple values */ + if( is_at_single_value( a->a_desc->ad_type ) && + a->a_vals[1] != NULL ) + { + char *type = a->a_desc->ad_cname.bv_val; + + snprintf( textbuf, textlen, + "attribute '%s' cannot have multiple values", + type ); + +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_INFO, + "entry_schema_check: dn=\"%s\" %s\n", + e->e_dn, textbuf )); +#else + Debug( LDAP_DEBUG_ANY, + "Entry (%s), %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_CONSTRAINT_VIOLATION; + } + } + if( !global_schemacheck ) return LDAP_SUCCESS; /* find the object class attribute - could error out here */ if ( (aoc = attr_find( e->e_attrs, ad_objectClass )) == NULL ) { - Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n", +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_INFO, + "entry_schema_check: No objectClass for entry (%s).\n", e->e_dn )); +#else + Debug( LDAP_DEBUG_ANY, "No objectClass for entry (%s)\n", e->e_dn, 0, 0 ); - *text = "no objectclass attribute"; - return oldattrs != NULL - ? LDAP_OBJECT_CLASS_VIOLATION - : LDAP_NO_OBJECT_CLASS_MODS; - } +#endif - ret = LDAP_SUCCESS; + *text = "no objectClass attribute"; + return LDAP_OBJECT_CLASS_VIOLATION; + } /* check that the entry has required attrs for each oc */ for ( i = 0; aoc->a_vals[i] != NULL; i++ ) { if ( (oc = oc_find( aoc->a_vals[i]->bv_val )) == NULL ) { + snprintf( textbuf, textlen, + "unrecognized objectClass '%s'", + aoc->a_vals[i]->bv_val ); + +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_INFO, + "entry_schema_check: dn (%s), %s\n", + e->e_dn, textbuf )); +#else Debug( LDAP_DEBUG_ANY, - "entry_check_schema(%s): objectclass \"%s\" not defined\n", - e->e_dn, aoc->a_vals[i]->bv_val, 0 ); + "entry_check_schema(%s): \"%s\" not recognized\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_OBJECT_CLASS_VIOLATION; } else { char *s = oc_check_required( e, aoc->a_vals[i] ); if (s != NULL) { + snprintf( textbuf, textlen, + "object class '%s' requires attribute '%s'", + aoc->a_vals[i]->bv_val, s ); + +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_INFO, + "entry_schema_check: dn=\"%s\" %s", + e->e_dn, textbuf )); +#else Debug( LDAP_DEBUG_ANY, - "Entry (%s), oc \"%s\" requires attr \"%s\"\n", - e->e_dn, aoc->a_vals[i]->bv_val, s ); - *text = "missing required attribute"; - ret = LDAP_OBJECT_CLASS_VIOLATION; - break; + "Entry (%s): %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_OBJECT_CLASS_VIOLATION; } - if( oc == slap_schema.si_oc_extensibleObject ) - { + if( oc == slap_schema.si_oc_extensibleObject ) { extensible=1; } } } - if ( ret != LDAP_SUCCESS ) { - return ret; - } - if( extensible ) { return LDAP_SUCCESS; } /* check that each attr in the entry is allowed by some oc */ for ( a = e->e_attrs; a != NULL; a = a->a_next ) { - ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals ); - if ( ret != 0 ) { - char *type = a->a_desc->ad_cname->bv_val; + int ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals ); + if ( ret != LDAP_SUCCESS ) { + char *type = a->a_desc->ad_cname.bv_val; + + snprintf( textbuf, textlen, + "attribute '%s' not allowed", + type ); + +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_INFO, + "entry_schema_check: dn=\"%s\" %s\n", + e->e_dn, textbuf )); +#else Debug( LDAP_DEBUG_ANY, - "Entry (%s), attr \"%s\" not allowed\n", - e->e_dn, type, 0 ); - *text = "attribute not allowed"; - break; + "Entry (%s), %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return ret; } } - return( ret ); + return LDAP_SUCCESS; } static char * @@ -109,9 +170,16 @@ oc_check_required( Entry *e, struct berval *ocname ) int i; Attribute *a; +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, + "oc_check_required: dn (%s), objectClass \"%s\"\n", + e->e_dn, ocname->bv_val )); +#else Debug( LDAP_DEBUG_TRACE, - "oc_check_required entry (%s), objectclass \"%s\"\n", + "oc_check_required entry (%s), objectClass \"%s\"\n", e->e_dn, ocname->bv_val, 0 ); +#endif + /* find global oc defn. it we don't know about it assume it's ok */ if ( (oc = oc_find( ocname->bv_val )) == NULL ) { @@ -134,7 +202,7 @@ oc_check_required( Entry *e, struct berval *ocname ) } /* not there => schema violation */ if ( a == NULL ) { - return at->sat_cname; + return at->sat_cname.bv_val; } } @@ -148,16 +216,20 @@ int oc_check_allowed( ObjectClass *oc; int i, j; +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, + "oc_check_allowed: type \"%s\"\n", at->sat_cname.bv_val )); +#else Debug( LDAP_DEBUG_TRACE, "oc_check_allowed type \"%s\"\n", - at->sat_cname, 0, 0 ); + at->sat_cname.bv_val, 0, 0 ); +#endif - /* always allow objectclass attribute */ - if ( strcasecmp( at->sat_cname, "objectclass" ) == 0 ) { + /* always allow objectClass attribute */ + if ( strcasecmp( at->sat_cname.bv_val, "objectClass" ) == 0 ) { return LDAP_SUCCESS; } - /* * All operational attributions are allowed by schema rules. */ @@ -186,18 +258,9 @@ int oc_check_allowed( } } /* maybe the next oc allows it */ - -#ifdef OC_UNDEFINED_IMPLES_EXTENSIBLE - /* we don't know about the oc. assume it allows it */ - } else { - if ( t != type ) - ldap_memfree( t ); - return LDAP_SUCCESS; -#endif } } - /* not allowed by any oc */ return LDAP_OBJECT_CLASS_VIOLATION; }