X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_check.c;h=ac1986161be24c37062bf8e0da17fdc7770a7446;hb=1aa829922f823f0463d7ce362e884f8adf72ff64;hp=34cd46f15484124e49c28528faaa369cb1b2d7ee;hpb=abb0797358a050e08c0e0777eebd7fa660a36777;p=openldap diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c index 34cd46f154..ac1986161b 100644 --- a/servers/slapd/schema_check.c +++ b/servers/slapd/schema_check.c @@ -1,7 +1,7 @@ /* schema_check.c - routines to enforce schema definitions */ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -16,7 +16,10 @@ #include "slap.h" #include "ldap_pvt.h" -static char * oc_check_required(Entry *e, struct berval *ocname); +static char * oc_check_required( + Entry *e, + ObjectClass *oc, + struct berval *ocname ); /* * entry_schema_check - check that entry e conforms to the schema required @@ -27,24 +30,146 @@ static char * oc_check_required(Entry *e, struct berval *ocname); int entry_schema_check( - Entry *e, Attribute *oldattrs, const char** text ) + Backend *be, + Entry *e, + Attribute *oldattrs, + const char** text, + char *textbuf, size_t textlen ) { - Attribute *a, *aoc; - ObjectClass *oc; - int i; - int ret; - AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass; + Attribute *a, *asc, *aoc; + ObjectClass *sc, *oc; +#ifdef SLAP_EXTENDED_SCHEMA + AttributeType *at; + ContentRule *cr; +#endif + int rc, i; + struct berval nsc; + AttributeDescription *ad_structuralObjectClass + = slap_schema.si_ad_structuralObjectClass; + AttributeDescription *ad_objectClass + = slap_schema.si_ad_objectClass; int extensible = 0; + int subentry = is_entry_subentry( e ); + int collectiveSubentry = 0; + if( subentry ) { + collectiveSubentry = is_entry_collectiveAttributeSubentry( e ); + } + + *text = textbuf; + + /* misc attribute checks */ + for ( a = e->e_attrs; a != NULL; a = a->a_next ) { + const char *type = a->a_desc->ad_cname.bv_val; + + /* there should be at least one value */ + assert( a->a_vals ); + assert( a->a_vals[0].bv_val != NULL ); + + if( a->a_desc->ad_type->sat_check ) { + int rc = (a->a_desc->ad_type->sat_check)( + be, e, a, text, textbuf, textlen ); + if( rc != LDAP_SUCCESS ) { + return rc; + } + } + + if( !collectiveSubentry && is_at_collective( a->a_desc->ad_type ) ) { + snprintf( textbuf, textlen, + "'%s' can only appear in collectiveAttributeSubentry", + type ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + /* if single value type, check for multiple values */ + if( is_at_single_value( a->a_desc->ad_type ) && + a->a_vals[1].bv_val != NULL ) + { + snprintf( textbuf, textlen, + "attribute '%s' cannot have multiple values", + type ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn=\"%s\" %s\n", e->e_dn, textbuf, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "Entry (%s), %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_CONSTRAINT_VIOLATION; + } + } + + /* it's a REALLY bad idea to disable schema checks */ if( !global_schemacheck ) return LDAP_SUCCESS; - /* find the object class attribute - could error out here */ - if ( (aoc = attr_find( e->e_attrs, ad_objectClass )) == NULL ) { + /* find the structural object class attribute */ + asc = attr_find( e->e_attrs, ad_structuralObjectClass ); + if ( asc == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: No structuralObjectClass for entry (%s)\n", + e->e_dn, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "No structuralObjectClass for entry (%s)\n", + e->e_dn, 0, 0 ); +#endif + + *text = "no structuralObjectClass operational attribute"; + return LDAP_OTHER; + } + + assert( asc->a_vals != NULL ); + assert( asc->a_vals[0].bv_val != NULL ); + assert( asc->a_vals[1].bv_val == NULL ); + + sc = oc_bvfind( &asc->a_vals[0] ); + if( sc == NULL ) { + snprintf( textbuf, textlen, + "unrecognized structuralObjectClass '%s'", + asc->a_vals[0].bv_val ); + #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_INFO, - "entry_schema_check: No object class for entry (%s).\n", e->e_dn )); + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn (%s), %s\n", e->e_dn, textbuf, 0 ); #else - Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n", + Debug( LDAP_DEBUG_ANY, + "entry_check_schema(%s): %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( sc->soc_kind != LDAP_SCHEMA_STRUCTURAL ) { + snprintf( textbuf, textlen, + "structuralObjectClass '%s' is not STRUCTURAL", + asc->a_vals[0].bv_val ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn (%s), %s\n", e->e_dn, textbuf, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "entry_check_schema(%s): %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_OTHER; + } + + /* find the object class attribute */ + aoc = attr_find( e->e_attrs, ad_objectClass ); + if ( aoc == NULL ) { +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: No objectClass for entry (%s).\n", + e->e_dn, 0, 0 ); +#else + Debug( LDAP_DEBUG_ANY, "No objectClass for entry (%s)\n", e->e_dn, 0, 0 ); #endif @@ -52,44 +177,250 @@ entry_schema_check( return LDAP_OBJECT_CLASS_VIOLATION; } + assert( aoc->a_vals != NULL ); + assert( aoc->a_vals[0].bv_val != NULL ); + + rc = structural_class( aoc->a_vals, &nsc, &oc, text, textbuf, textlen ); + if( rc != LDAP_SUCCESS ) { + return rc; + } + + *text = textbuf; + + if ( oc == NULL ) { + snprintf( textbuf, textlen, + "unrecognized objectClass '%s'", + aoc->a_vals[0].bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + + } else if ( sc != oc ) { + snprintf( textbuf, textlen, + "structural object class modification from '%s' to '%s' not allowed", + asc->a_vals[0].bv_val, nsc.bv_val ); + return LDAP_NO_OBJECT_CLASS_MODS; + } + +#ifdef SLAP_EXTENDED_SCHEMA + /* find the content rule for the structural class */ + cr = cr_find( sc->soc_oid ); + + /* the cr must be same as the structural class */ + assert( !cr || !strcmp( cr->scr_oid, sc->soc_oid ) ); + + /* check that the entry has required attrs of the content rule */ + if( cr && cr->scr_required ) { + for( i=0; cr->scr_required[i]; i++ ) { + at = cr->scr_required[i]; + + for ( a = e->e_attrs; a != NULL; a = a->a_next ) { + if( a->a_desc->ad_type == at ) { + break; + } + } + + /* not there => schema violation */ + if ( a == NULL ) { + snprintf( textbuf, textlen, + "content rule '%s' requires attribute '%s'", + ldap_contentrule2name( &cr->scr_crule ), + at->sat_cname.bv_val ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn=\"%s\" %s", e->e_dn, textbuf, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "Entry (%s): %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_OBJECT_CLASS_VIOLATION; + } + } + } + + if( cr && cr->scr_precluded ) { + for( i=0; cr->scr_precluded[i]; i++ ) { + at = cr->scr_precluded[i]; + + for ( a = e->e_attrs; a != NULL; a = a->a_next ) { + if( a->a_desc->ad_type == at ) { + break; + } + } + + /* there => schema violation */ + if ( a != NULL ) { + snprintf( textbuf, textlen, + "content rule '%s' precluded attribute '%s'", + ldap_contentrule2name( &cr->scr_crule ), + at->sat_cname.bv_val ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn=\"%s\" %s", e->e_dn, textbuf, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "Entry (%s): %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_OBJECT_CLASS_VIOLATION; + } + } + } +#endif /* SLAP_EXTENDED_SCHEMA */ + /* check that the entry has required attrs for each oc */ - for ( i = 0; aoc->a_vals[i] != NULL; i++ ) { - if ( (oc = oc_find( aoc->a_vals[i]->bv_val )) == NULL ) { + for ( i = 0; aoc->a_vals[i].bv_val != NULL; i++ ) { + if ( (oc = oc_bvfind( &aoc->a_vals[i] )) == NULL ) { + snprintf( textbuf, textlen, + "unrecognized objectClass '%s'", + aoc->a_vals[i].bv_val ); + #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_INFO, - "entry_schema_check: dn (%s), objectclass \"%s\" not recognized\n", - e->e_dn, aoc->a_vals[i]->bv_val )); + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn (%s), %s\n", e->e_dn, textbuf, 0 ); #else Debug( LDAP_DEBUG_ANY, - "entry_check_schema(%s): objectclass \"%s\" not recognized\n", - e->e_dn, aoc->a_vals[i]->bv_val, 0 ); + "entry_check_schema(%s): %s\n", + e->e_dn, textbuf, 0 ); #endif - *text = "unrecognized object class"; return LDAP_OBJECT_CLASS_VIOLATION; + } + + if ( oc->soc_check ) { + int rc = (oc->soc_check)( be, e, oc, + text, textbuf, textlen ); + if( rc != LDAP_SUCCESS ) { + return rc; + } + } + + if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) { + /* object class is abstract */ + if ( oc != slap_schema.si_oc_top && + !is_object_subclass( oc, sc )) + { + int j; + ObjectClass *xc = NULL; + for( j=0; aoc->a_vals[j].bv_val; j++ ) { + if( i != j ) { + xc = oc_bvfind( &aoc->a_vals[i] ); + if( xc == NULL ) { + snprintf( textbuf, textlen, + "unrecognized objectClass '%s'", + aoc->a_vals[i].bv_val ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn (%s), %s\n", + e->e_dn, textbuf, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "entry_check_schema(%s): %s\n", + e->e_dn, textbuf, 0 ); +#endif - } else { - char *s = oc_check_required( e, aoc->a_vals[i] ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + /* since we previous check against the + * structural object of this entry, the + * abstract class must be a (direct or indirect) + * superclass of one of the auxiliary classes of + * the entry. + */ + if ( xc->soc_kind == LDAP_SCHEMA_AUXILIARY && + is_object_subclass( oc, xc ) ) + { + xc = NULL; + break; + } + } + } + if( xc == NULL ) { + snprintf( textbuf, textlen, "instanstantiation of " + "abstract objectClass '%s' not allowed", + aoc->a_vals[i].bv_val ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn (%s), %s\n", + e->e_dn, textbuf, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "entry_check_schema(%s): %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_OBJECT_CLASS_VIOLATION; + } + } + + } else if ( oc->soc_kind != LDAP_SCHEMA_STRUCTURAL || oc == sc ) { + char *s; + +#ifdef SLAP_EXTENDED_SCHEMA + if( oc->soc_kind == LDAP_SCHEMA_AUXILIARY ) { + int k=0; + if( cr ) { + if( cr->scr_auxiliaries ) { + for( ; cr->scr_auxiliaries[k]; k++ ) { + if( cr->scr_auxiliaries[k] == oc ) { + k=-1; + break; + } + } + } + } else if ( global_disallows & SLAP_DISALLOW_AUX_WO_CR ) { + k=-1; + } + + if( k == -1 ) { + snprintf( textbuf, textlen, + "content rule '%s' does not allow class '%s'", + ldap_contentrule2name( &cr->scr_crule ), + oc->soc_cname.bv_val ); + +#ifdef NEW_LOGGING + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn=\"%s\" %s", + e->e_dn, textbuf, 0 ); +#else + Debug( LDAP_DEBUG_ANY, + "Entry (%s): %s\n", + e->e_dn, textbuf, 0 ); +#endif + + return LDAP_OBJECT_CLASS_VIOLATION; + } + } +#endif /* SLAP_EXTENDED_SCHEMA */ + + s = oc_check_required( e, oc, &aoc->a_vals[i] ); if (s != NULL) { + snprintf( textbuf, textlen, + "object class '%s' requires attribute '%s'", + aoc->a_vals[i].bv_val, s ); + #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_INFO, - "entry_schema_check: dn (%s) oc \"%s\" requires att \"%s\"\n", - e->e_dn, aoc->a_vals[i]->bv_val, s )); + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn=\"%s\" %s", e->e_dn, textbuf, 0 ); #else Debug( LDAP_DEBUG_ANY, - "Entry (%s), oc \"%s\" requires attr \"%s\"\n", - e->e_dn, aoc->a_vals[i]->bv_val, s ); + "Entry (%s): %s\n", + e->e_dn, textbuf, 0 ); #endif - *text = "missing required attribute"; return LDAP_OBJECT_CLASS_VIOLATION; } if( oc == slap_schema.si_oc_extensibleObject ) { extensible=1; } - } } @@ -97,56 +428,81 @@ entry_schema_check( return LDAP_SUCCESS; } - /* optimistic */ - ret = LDAP_SUCCESS; - /* check that each attr in the entry is allowed by some oc */ for ( a = e->e_attrs; a != NULL; a = a->a_next ) { - ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals ); - if ( ret != 0 ) { - char *type = a->a_desc->ad_cname->bv_val; + int ret; + +#ifdef SLAP_EXTENDED_SCHEMA + ret = LDAP_OBJECT_CLASS_VIOLATION; + + if( cr && cr->scr_required ) { + for( i=0; cr->scr_required[i]; i++ ) { + if( cr->scr_required[i] == a->a_desc->ad_type ) { + ret = LDAP_SUCCESS; + break; + } + } + } + + if( ret != LDAP_SUCCESS && cr && cr->scr_allowed ) { + for( i=0; cr->scr_allowed[i]; i++ ) { + if( cr->scr_allowed[i] == a->a_desc->ad_type ) { + ret = LDAP_SUCCESS; + break; + } + } + } + + if( ret != LDAP_SUCCESS ) +#endif /* SLAP_EXTENDED_SCHEMA */ + { + ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals, sc ); + } + + if ( ret != LDAP_SUCCESS ) { + char *type = a->a_desc->ad_cname.bv_val; + + snprintf( textbuf, textlen, + "attribute '%s' not allowed", + type ); + #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_INFO, - "entry_schema_check: Entry (%s) attr \"%s\" not allowed.\n", - e->e_dn, type )); + LDAP_LOG( OPERATION, INFO, + "entry_schema_check: dn=\"%s\" %s\n", e->e_dn, textbuf, 0); #else Debug( LDAP_DEBUG_ANY, - "Entry (%s), attr \"%s\" not allowed\n", - e->e_dn, type, 0 ); + "Entry (%s), %s\n", + e->e_dn, textbuf, 0 ); #endif - *text = "attribute not allowed"; - break; + return ret; } } - return( ret ); + return LDAP_SUCCESS; } static char * -oc_check_required( Entry *e, struct berval *ocname ) +oc_check_required( + Entry *e, + ObjectClass *oc, + struct berval *ocname ) { - ObjectClass *oc; AttributeType *at; int i; Attribute *a; #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "oc_check_required: dn (%s), objectclass \"%s\"\n", - e->e_dn, ocname->bv_val )); + LDAP_LOG( OPERATION, ENTRY, + "oc_check_required: dn (%s), objectClass \"%s\"\n", + e->e_dn, ocname->bv_val, 0 ); #else Debug( LDAP_DEBUG_TRACE, - "oc_check_required entry (%s), objectclass \"%s\"\n", - e->e_dn, ocname->bv_val, 0 ); + "oc_check_required entry (%s), objectClass \"%s\"\n", + e->e_dn, ocname->bv_val, 0 ); #endif - /* find global oc defn. it we don't know about it assume it's ok */ - if ( (oc = oc_find( ocname->bv_val )) == NULL ) { - return NULL; - } - /* check for empty oc_required */ if(oc->soc_required == NULL) { return NULL; @@ -163,7 +519,7 @@ oc_check_required( Entry *e, struct berval *ocname ) } /* not there => schema violation */ if ( a == NULL ) { - return at->sat_cname; + return at->sat_cname.bv_val; } } @@ -172,27 +528,25 @@ oc_check_required( Entry *e, struct berval *ocname ) int oc_check_allowed( AttributeType *at, - struct berval **ocl ) + BerVarray ocl, + ObjectClass *sc ) { - ObjectClass *oc; int i, j; #ifdef NEW_LOGGING - LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "oc_check_allowed: type \"%s\"\n", at->sat_cname )); + LDAP_LOG( OPERATION, ENTRY, + "oc_check_allowed: type \"%s\"\n", at->sat_cname.bv_val, 0, 0 ); #else Debug( LDAP_DEBUG_TRACE, "oc_check_allowed type \"%s\"\n", - at->sat_cname, 0, 0 ); + at->sat_cname.bv_val, 0, 0 ); #endif - - /* always allow objectclass attribute */ - if ( strcasecmp( at->sat_cname, "objectclass" ) == 0 ) { + /* always allow objectClass attribute */ + if ( strcasecmp( at->sat_cname.bv_val, "objectClass" ) == 0 ) { return LDAP_SUCCESS; } - /* * All operational attributions are allowed by schema rules. */ @@ -200,10 +554,34 @@ int oc_check_allowed( return LDAP_SUCCESS; } + /* check to see if its allowed by the structuralObjectClass */ + if( sc ) { + /* does it require the type? */ + for ( j = 0; sc->soc_required != NULL && + sc->soc_required[j] != NULL; j++ ) + { + if( at == sc->soc_required[j] ) { + return LDAP_SUCCESS; + } + } + + /* does it allow the type? */ + for ( j = 0; sc->soc_allowed != NULL && + sc->soc_allowed[j] != NULL; j++ ) + { + if( at == sc->soc_allowed[j] ) { + return LDAP_SUCCESS; + } + } + } + /* check that the type appears as req or opt in at least one oc */ - for ( i = 0; ocl[i] != NULL; i++ ) { + for ( i = 0; ocl[i].bv_val != NULL; i++ ) { /* if we know about the oc */ - if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) { + ObjectClass *oc = oc_bvfind( &ocl[i] ); + if ( oc != NULL && oc->soc_kind != LDAP_SCHEMA_ABSTRACT && + ( sc == NULL || oc->soc_kind == LDAP_SCHEMA_AUXILIARY )) + { /* does it require the type? */ for ( j = 0; oc->soc_required != NULL && oc->soc_required[j] != NULL; j++ ) @@ -220,19 +598,145 @@ int oc_check_allowed( return LDAP_SUCCESS; } } - /* maybe the next oc allows it */ - -#ifdef OC_UNDEFINED_IMPLES_EXTENSIBLE - /* we don't know about the oc. assume it allows it */ - } else { - if ( t != type ) - ldap_memfree( t ); - return LDAP_SUCCESS; -#endif } } - /* not allowed by any oc */ return LDAP_OBJECT_CLASS_VIOLATION; } + +/* + * Determine the structural object class from a set of OIDs + */ +int structural_class( + BerVarray ocs, + struct berval *scbv, + ObjectClass **scp, + const char **text, + char *textbuf, size_t textlen ) +{ + int i; + ObjectClass *oc; + ObjectClass *sc = NULL; + int scn = -1; + + *text = "structural_class: internal error"; + scbv->bv_len = 0; + + for( i=0; ocs[i].bv_val; i++ ) { + oc = oc_bvfind( &ocs[i] ); + + if( oc == NULL ) { + snprintf( textbuf, textlen, + "unrecognized objectClass '%s'", + ocs[i].bv_val ); + *text = textbuf; + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( oc->soc_kind == LDAP_SCHEMA_STRUCTURAL ) { + if( sc == NULL || is_object_subclass( sc, oc ) ) { + sc = oc; + scn = i; + + } else if ( !is_object_subclass( oc, sc ) ) { + int j; + ObjectClass *xc = NULL; + + /* find common superior */ + for( j=i+1; ocs[j].bv_val; j++ ) { + xc = oc_bvfind( &ocs[j] ); + + if( xc == NULL ) { + snprintf( textbuf, textlen, + "unrecognized objectClass '%s'", + ocs[i].bv_val ); + *text = textbuf; + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( xc->soc_kind != LDAP_SCHEMA_STRUCTURAL ) { + xc = NULL; + continue; + } + + if( is_object_subclass( sc, xc ) && + is_object_subclass( oc, xc ) ) + { + /* found common subclass */ + break; + } + + xc = NULL; + } + + if( xc == NULL ) { + /* no common subclass */ + snprintf( textbuf, textlen, + "invalid structural object class chain (%s/%s)", + ocs[scn].bv_val, ocs[i].bv_val ); + *text = textbuf; + return LDAP_OBJECT_CLASS_VIOLATION; + } + } + } + } + + if( scp ) { + *scp = sc; + } + + if( sc == NULL ) { + *text = "no structural object classes provided"; + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( scn < 0 ) { + *text = "invalid structural object class"; + return LDAP_OBJECT_CLASS_VIOLATION; + } + + *scbv = ocs[scn]; + + if( scbv->bv_len == 0 ) { + *text = "invalid structural object class"; + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +/* + * Return structural object class from list of modifications + */ +int mods_structural_class( + Modifications *mods, + struct berval *sc, + const char **text, + char *textbuf, size_t textlen ) +{ + Modifications *ocmod = NULL; + + for( ; mods != NULL; mods = mods->sml_next ) { + if( mods->sml_desc == slap_schema.si_ad_objectClass ) { + if( ocmod != NULL ) { + *text = "entry has multiple objectClass attributes"; + return LDAP_OBJECT_CLASS_VIOLATION; + } + ocmod = mods; + } + } + + if( ocmod == NULL ) { + *text = "entry has no objectClass attribute"; + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( ocmod->sml_bvalues == NULL || ocmod->sml_bvalues[0].bv_val == NULL ) { + *text = "objectClass attribute has no values"; + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return structural_class( ocmod->sml_bvalues, sc, NULL, + text, textbuf, textlen ); +}