X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_prep.c;h=43c2871bf38808f3edd32fb183b96a9541ca2036;hb=f89308915aabff352eb390a1e58a71127b7ebd26;hp=143d167498fb2d33c5a6412344451460cf20608a;hpb=58a72b915a265e25f3542eac4871e417c4612c60;p=openldap diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index 143d167498..43c2871bf3 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -115,62 +115,88 @@ structuralObjectClassMatch( return LDAP_SUCCESS; } +static ObjectClassSchemaCheckFN rootDseObjectClass; +static ObjectClassSchemaCheckFN aliasObjectClass; +static ObjectClassSchemaCheckFN referralObjectClass; +static ObjectClassSchemaCheckFN subentryObjectClass; +static ObjectClassSchemaCheckFN dynamicObjectClass; + static struct slap_schema_oc_map { char *ssom_name; char *ssom_defn; ObjectClassSchemaCheckFN *ssom_check; + slap_mask_t ssom_flags; size_t ssom_offset; } oc_map[] = { { "top", "( 2.5.6.0 NAME 'top' " "DESC 'top of the superclass chain' " "ABSTRACT MUST objectClass )", - 0, offsetof(struct slap_internal_schema, si_oc_top) }, + 0, 0, offsetof(struct slap_internal_schema, si_oc_top) }, { "extensibleObject", "( 1.3.6.1.4.1.1466.101.120.111 " "NAME 'extensibleObject' " "DESC 'RFC2252: extensible object' " "SUP top AUXILIARY )", - 0, offsetof(struct slap_internal_schema, si_oc_extensibleObject) }, + 0, 0, offsetof(struct slap_internal_schema, si_oc_extensibleObject) }, { "alias", "( 2.5.6.1 NAME 'alias' " "DESC 'RFC2256: an alias' " "SUP top STRUCTURAL " "MUST aliasedObjectName )", - 0, offsetof(struct slap_internal_schema, si_oc_alias) }, + aliasObjectClass, 0, + offsetof(struct slap_internal_schema, si_oc_alias) }, { "referral", "( 2.16.840.1.113730.3.2.6 NAME 'referral' " "DESC 'namedref: named subordinate referral' " "SUP top STRUCTURAL MUST ref )", - 0, offsetof(struct slap_internal_schema, si_oc_referral) }, + referralObjectClass, 0, + offsetof(struct slap_internal_schema, si_oc_referral) }, { "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 " "NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) " "DESC 'OpenLDAP Root DSE object' " "SUP top STRUCTURAL MAY cn )", - 0, offsetof(struct slap_internal_schema, si_oc_rootdse) }, + rootDseObjectClass, 0, + offsetof(struct slap_internal_schema, si_oc_rootdse) }, { "subentry", "( 2.5.20.0 NAME 'subentry' " "SUP top STRUCTURAL " "MUST ( cn $ subtreeSpecification ) )", - 0, offsetof(struct slap_internal_schema, si_oc_subentry) }, + subentryObjectClass, 0, + offsetof(struct slap_internal_schema, si_oc_subentry) }, { "subschema", "( 2.5.20.1 NAME 'subschema' " "DESC 'RFC2252: controlling subschema (sub)entry' " - "AUXILIARY" + "AUXILIARY " "MAY ( dITStructureRules $ nameForms $ ditContentRules $ " "objectClasses $ attributeTypes $ matchingRules $ " "matchingRuleUse ) )", - 0, offsetof(struct slap_internal_schema, si_oc_subschema) }, + subentryObjectClass, 0, + offsetof(struct slap_internal_schema, si_oc_subschema) }, + { "monitor", "( 1.3.6.1.4.1.4203.666.3.2 NAME 'monitor' " + "DESC 'OpenLDAP system monitoring' " + "STRUCTURAL " + "MUST cn )", + 0, 0, offsetof(struct slap_internal_schema, si_oc_monitor) }, { "collectiveAttributes", "( 2.5.20.2 " "NAME 'collectiveAttributes' " "AUXILIARY )", - 0, + subentryObjectClass, 0, offsetof(struct slap_internal_schema, si_oc_collectiveAttributes) }, - { NULL, 0 } + { "dynamicObject", "( 1.3.6.1.4.1.1466.101.119.2 " + "NAME 'dynamicObject' " + "DESC 'RFC2589: Dynamic Object' " + "SUP top AUXILIARY )", + dynamicObjectClass, 0, + offsetof(struct slap_internal_schema, si_oc_dynamicObject) }, + { NULL, NULL, NULL, 0, 0 } }; static AttributeTypeSchemaCheckFN rootDseAttribute; -static AttributeTypeSchemaCheckFN subentryAttribute; +static AttributeTypeSchemaCheckFN aliasAttribute; static AttributeTypeSchemaCheckFN referralAttribute; +static AttributeTypeSchemaCheckFN subentryAttribute; +static AttributeTypeSchemaCheckFN dynamicAttribute; static struct slap_schema_ad_map { char *ssam_name; char *ssam_defn; AttributeTypeSchemaCheckFN *ssam_check; + slap_mask_t ssam_flags; slap_mr_match_func *ssam_match; slap_mr_indexer_func *ssam_indexer; slap_mr_filter_func *ssam_filter; @@ -180,7 +206,7 @@ static struct slap_schema_ad_map { "DESC 'RFC2256: object classes of the entity' " "EQUALITY objectIdentifierMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", - NULL, + NULL, 0, objectClassMatch, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_objectClass) }, @@ -190,8 +216,7 @@ static struct slap_schema_ad_map { "EQUALITY objectIdentifierMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " "NO-USER-MODIFICATION SINGLE-VALUE USAGE directoryOperation )", - NULL, - structuralObjectClassMatch, NULL, NULL, + NULL, 0, structuralObjectClassMatch, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_structuralObjectClass) }, { "createTimestamp", "( 2.5.18.1 NAME 'createTimestamp' " "DESC 'RFC2252: time which object was created' " @@ -199,7 +224,7 @@ static struct slap_schema_ad_map { "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_createTimestamp) }, { "modifyTimestamp", "( 2.5.18.2 NAME 'modifyTimestamp' " "DESC 'RFC2252: time which object was last modified' " @@ -207,48 +232,48 @@ static struct slap_schema_ad_map { "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) }, { "creatorsName", "( 2.5.18.3 NAME 'creatorsName' " "DESC 'RFC2252: name of creator' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_creatorsName) }, { "modifiersName", "( 2.5.18.4 NAME 'modifiersName' " "DESC 'RFC2252: name of last modifier' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_modifiersName) }, { "hasSubordinates", "( 2.5.18.9 NAME 'hasSubordinates' " "DESC 'X.501: entry has children' " "EQUALITY booleanMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_hasSubordinates) }, { "subschemaSubentry", "( 2.5.18.10 NAME 'subschemaSubentry' " "DESC 'RFC2252: name of controlling subschema entry' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION " "SINGLE-VALUE USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) }, { "collectiveAttributeSubentry", "( 2.5.18.12 " "NAME 'collectiveAttributeSubentry' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " "USAGE directoryOperation NO-USER-MODIFICATION )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_collectiveSubentry) }, { "collectiveExclusions", "( 2.5.18.7 NAME 'collectiveExclusions' " "EQUALITY objectIdentifierMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " "USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_collectiveExclusions) }, { "entryUUID", "( 1.3.6.1.4.1.4203.666.1.6 NAME 'entryUUID' " @@ -256,51 +281,51 @@ static struct slap_schema_ad_map { "EQUALITY octetStringMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_entryUUID) }, { "entryCSN", "( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' " "DESC 'LCUP/LDUP: change sequence number' " "EQUALITY octetStringMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_entryCSN) }, /* root DSE attributes */ { "altServer", "( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' " "DESC 'RFC2252: alternative servers' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_altServer) }, { "namingContexts", "( 1.3.6.1.4.1.1466.101.120.5 " "NAME 'namingContexts' " "DESC 'RFC2252: naming contexts' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_namingContexts) }, { "supportedControl", "( 1.3.6.1.4.1.1466.101.120.13 " "NAME 'supportedControl' " "DESC 'RFC2252: supported controls' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_supportedControl) }, { "supportedExtension", "( 1.3.6.1.4.1.1466.101.120.7 " "NAME 'supportedExtension' " "DESC 'RFC2252: supported extended operations' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_supportedExtension) }, { "supportedLDAPVersion", "( 1.3.6.1.4.1.1466.101.120.15 " "NAME 'supportedLDAPVersion' " "DESC 'RFC2252: supported LDAP versions' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) }, { "supportedSASLMechanisms", "( 1.3.6.1.4.1.1466.101.120.14 " "NAME 'supportedSASLMechanisms' " "DESC 'RFC2252: supported SASL mechanisms'" "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) }, { "supportedFeatures", "( 1.3.6.1.4.1.4203.1.3.5 " "NAME 'supportedFeatures' " @@ -308,7 +333,7 @@ static struct slap_schema_ad_map { "EQUALITY objectIdentifierMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " "USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_supportedFeatures) }, { "vendorName", "( 1.3.6.1.1.4 NAME 'vendorName' " "DESC 'RFC3045: name of implementation vendor' " @@ -316,7 +341,7 @@ static struct slap_schema_ad_map { "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " "SINGLE-VALUE NO-USER-MODIFICATION " "USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_vendorName) }, { "vendorVersion", "( 1.3.6.1.1.5 NAME 'vendorVersion' " "DESC 'RFC3045: version of implementation' " @@ -324,7 +349,7 @@ static struct slap_schema_ad_map { "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " "SINGLE-VALUE NO-USER-MODIFICATION " "USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_vendorVersion) }, /* subentry attributes */ @@ -332,13 +357,13 @@ static struct slap_schema_ad_map { "EQUALITY objectIdentifierMatch " "USAGE directoryOperation " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_administrativeRole) }, { "subtreeSpecification", "( 2.5.18.6 NAME 'subtreeSpecification' " "SINGLE-VALUE " "USAGE directoryOperation " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_subtreeSpecification) }, /* subschema subentry attributes */ @@ -347,50 +372,50 @@ static struct slap_schema_ad_map { "EQUALITY integerFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 " "USAGE directoryOperation ) ", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_ditStructureRules) }, { "ditContentRules", "( 2.5.21.2 NAME 'dITContentRules' " "DESC 'RFC2252: DIT content rules' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_ditContentRules) }, { "matchingRules", "( 2.5.21.4 NAME 'matchingRules' " "DESC 'RFC2252: matching rules' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_matchingRules) }, { "attributeTypes", "( 2.5.21.5 NAME 'attributeTypes' " "DESC 'RFC2252: attribute types' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_attributeTypes) }, { "objectClasses", "( 2.5.21.6 NAME 'objectClasses' " "DESC 'RFC2252: object classes' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_objectClasses) }, { "nameForms", "( 2.5.21.7 NAME 'nameForms' " "DESC 'RFC2252: name forms ' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_nameForms) }, { "matchingRuleUse", "( 2.5.21.8 NAME 'matchingRuleUse' " "DESC 'RFC2252: matching rule uses' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_matchingRuleUse) }, { "ldapSyntaxes", "( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' " "DESC 'RFC2252: LDAP syntaxes' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_ldapSyntaxes) }, /* knowledge information */ @@ -399,14 +424,14 @@ static struct slap_schema_ad_map { "DESC 'RFC2256: name of aliased object' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", - NULL, NULL, NULL, NULL, + aliasAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) }, { "ref", "( 2.16.840.1.113730.3.1.34 NAME 'ref' " "DESC 'namedref: subordinate referral URL' " "EQUALITY caseExactMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " "USAGE distributedOperation )", - referralAttribute, NULL, NULL, NULL, + referralAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_ref) }, /* access control internals */ @@ -415,14 +440,14 @@ static struct slap_schema_ad_map { "DESC 'OpenLDAP ACL entry pseudo-attribute' " "SYNTAX 1.3.6.1.4.1.4203.1.1.1 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_entry) }, { "children", "( 1.3.6.1.4.1.4203.1.3.2 " "NAME 'children' " "DESC 'OpenLDAP ACL children pseudo-attribute' " "SYNTAX 1.3.6.1.4.1.4203.1.1.1 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_children) }, #ifdef SLAPD_ACI_ENABLED { "OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 " @@ -431,7 +456,7 @@ static struct slap_schema_ad_map { "EQUALITY OpenLDAPaciMatch " "SYNTAX 1.3.6.1.4.1.4203.666.2.1 " "USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_aci) }, #endif @@ -439,41 +464,40 @@ static struct slap_schema_ad_map { "DESC 'RFC2589: entry time-to-live' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE " "NO-USER-MODIFICATION USAGE dSAOperation )", - NULL, NULL, NULL, NULL, + dynamicAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_entryTtl) }, { "dynamicSubtrees", "( 1.3.6.1.4.1.1466.101.119.4 " "NAME 'dynamicSubtrees' " "DESC 'RFC2589: dynamic subtrees' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION " "USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_dynamicSubtrees) }, - /* userApplication attributes */ + /* userApplication attributes (which system schema depends upon) */ { "distinguishedName", "( 2.5.4.49 NAME 'distinguishedName' " "DESC 'RFC2256: common supertype of DN attributes' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_distinguishedName) }, { "name", "( 2.5.4.41 NAME 'name' " "DESC 'RFC2256: common supertype of name attributes' " "EQUALITY caseIgnoreMatch " "SUBSTR caseIgnoreSubstringsMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_name) }, { "cn", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) " "DESC 'RFC2256: common name(s) for which the entity is known by' " "SUP name )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_cn) }, - { "userPassword", "( 2.5.4.35 NAME 'userPassword' " "DESC 'RFC2256/2307: password of user' " "EQUALITY octetStringMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_userPassword) }, #ifdef SLAPD_AUTHPASSWD @@ -482,7 +506,8 @@ static struct slap_schema_ad_map { "DESC 'RFC3112: authentication password attribute' " "EQUALITY 1.3.6.1.4.1.4203.1.2.2 " "SYNTAX 1.3.6.1.4.1.4203.1.1.2 )", - NULL, NULL, NULL, NULL, + NULL, 0, + NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_authPassword) }, { "supportedAuthPasswordSchemes", "( 1.3.6.1.4.1.4203.1.3.3 " "NAME 'supportedAuthPasswordSchemes' " @@ -490,16 +515,16 @@ static struct slap_schema_ad_map { "EQUALITY caseExactIA5Match " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} " "USAGE dSAOperation )", - subschemaAttribute, NULL, NULL, NULL, + subschemaAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_authPassword) }, #endif #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND { "krbName", NULL, - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_krbName) }, #endif - { NULL, NULL, NULL, NULL, NULL, NULL, 0 } + { NULL, NULL, NULL, 0, NULL, NULL, NULL, 0 } }; static AttributeType slap_at_undefined = { @@ -511,9 +536,9 @@ static AttributeType slap_at_undefined = { NULL, /* subtypes */ NULL, NULL, NULL, NULL, /* matching rules */ NULL, /* syntax (this may need to be defined) */ - (AttributeTypeSchemaCheckFN *) 0, /* schema check function */ - NULL, /* attribute description */ - NULL /* next */ + (AttributeTypeSchemaCheckFN *) 0, 0, /* schema check function/mask */ + NULL, /* next */ + NULL /* attribute description */ /* mutex (don't know how to initialize it :) */ }; @@ -577,36 +602,37 @@ slap_schema_load( void ) } for( i=0; oc_map[i].ssom_name; i++ ) { - LDAPObjectClass *oc; - int code; - const char *err; - - oc = ldap_str2objectclass( oc_map[i].ssom_defn, &code, &err, - LDAP_SCHEMA_ALLOW_ALL ); - if ( !oc ) { - fprintf( stderr, "slap_schema_load: " - "%s: %s before %s\n", - oc_map[i].ssom_name, ldap_scherr2str(code), err ); - return code; - } + if( oc_map[i].ssom_defn != NULL ) { + LDAPObjectClass *oc; + int code; + const char *err; - if ( oc->oc_oid == NULL ) { - fprintf( stderr, "slap_schema_load: " - "%s: objectclass has no OID\n", - oc_map[i].ssom_name ); - return LDAP_OTHER; - } + oc = ldap_str2objectclass( oc_map[i].ssom_defn, &code, &err, + LDAP_SCHEMA_ALLOW_ALL ); + if ( !oc ) { + fprintf( stderr, "slap_schema_load: " + "%s: %s before %s\n", + oc_map[i].ssom_name, ldap_scherr2str(code), err ); + return code; + } - code = oc_add(oc,&err); - if ( code ) { - fprintf( stderr, "slap_schema_load: " - "%s: %s: \"%s\"\n", - oc_map[i].ssom_name, scherr2str(code), err); - return code; - } + if ( oc->oc_oid == NULL ) { + fprintf( stderr, "slap_schema_load: " + "%s: objectclass has no OID\n", + oc_map[i].ssom_name ); + return LDAP_OTHER; + } + + code = oc_add(oc,&err); + if ( code ) { + fprintf( stderr, "slap_schema_load: " + "%s: %s: \"%s\"\n", + oc_map[i].ssom_name, scherr2str(code), err); + return code; + } - ldap_memfree(oc); - return 0; + ldap_memfree(oc); + } } return LDAP_SUCCESS; @@ -669,7 +695,6 @@ slap_schema_check( void ) assert( *adp == NULL ); rc = slap_str2ad( ad_map[i].ssam_name, adp, &text ); - if( rc != LDAP_SUCCESS ) { fprintf( stderr, "slap_schema_check: " "No attribute \"%s\" defined in schema\n", @@ -677,6 +702,13 @@ slap_schema_check( void ) return rc; } + if( ad_map[i].ssam_check ) { + /* install check routine */ + (*adp)->ad_type->sat_check = ad_map[i].ssam_check; + } + /* install flags */ + (*adp)->ad_type->sat_flags |= ad_map[i].ssam_flags; + if( ad_map[i].ssam_match ) { /* install custom matching routine */ (*adp)->ad_type->sat_equality->smr_match = ad_map[i].ssam_match; @@ -690,29 +722,141 @@ slap_schema_check( void ) assert( *ocp == NULL ); *ocp = oc_find( oc_map[i].ssom_name ); - if( *ocp == NULL ) { fprintf( stderr, "slap_schema_check: " "No objectClass \"%s\" defined in schema\n", oc_map[i].ssom_name ); return LDAP_OBJECT_CLASS_VIOLATION; } + + if( oc_map[i].ssom_check ) { + /* install check routine */ + (*ocp)->sco_check = oc_map[i].ssom_check; + } + /* install flags */ + (*ocp)->sco_flags |= oc_map[i].ssom_flags; } ++schema_init_done; return LDAP_SUCCESS; } +static int rootDseObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( e->e_nname.bv_len ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" only allowed in the root DSE", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + /* we should not be called for the root DSE */ + assert( 0 ); + return LDAP_SUCCESS; +} + +static int aliasObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_ALIASES(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int referralObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_REFERRALS(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int subentryObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_SUBENTRIES(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( oc != slap_schema.si_oc_subentry && !is_entry_subentry( e ) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" only allowed in subentries", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int dynamicObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_DYNAMIC(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + static int rootDseAttribute ( + Backend *be, Entry *e, Attribute *attr, const char** text, char *textbuf, size_t textlen ) { *text = textbuf; + if( e->e_nname.bv_len ) { snprintf( textbuf, textlen, - "attribute \"%s\"only allowed in the root DSE", + "attribute \"%s\" only allowed in the root DSE", attr->a_desc->ad_cname.bv_val ); return LDAP_OBJECT_CLASS_VIOLATION; } @@ -722,16 +866,25 @@ static int rootDseAttribute ( return LDAP_SUCCESS; } -static int subentryAttribute ( +static int aliasAttribute ( + Backend *be, Entry *e, Attribute *attr, const char** text, char *textbuf, size_t textlen ) { *text = textbuf; - if( !is_entry_subentry( e ) ) { + + if( !SLAP_ALIASES(be) ) { snprintf( textbuf, textlen, - "attribute \"%s\"only allowed in the subentry", + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( !is_entry_alias( e ) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in the alias", attr->a_desc->ad_cname.bv_val ); return LDAP_OBJECT_CLASS_VIOLATION; } @@ -740,15 +893,76 @@ static int subentryAttribute ( } static int referralAttribute ( + Backend *be, Entry *e, Attribute *attr, const char** text, char *textbuf, size_t textlen ) { *text = textbuf; + + if( !SLAP_REFERRALS(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + if( !is_entry_referral( e ) ) { snprintf( textbuf, textlen, - "attribute \"%s\"only allowed in the referral", + "attribute \"%s\" only allowed in the referral", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int subentryAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_SUBENTRIES(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( !is_entry_subentry( e ) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in the subentry", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int dynamicAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_DYNAMIC(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( !is_entry_dynamicObject( e ) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in dynamic object", attr->a_desc->ad_cname.bv_val ); return LDAP_OBJECT_CLASS_VIOLATION; }