X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_prep.c;h=5813aa52c09e56f855cc48cdae4e3da09eae74e8;hb=ef3d895cb80a5b0830817ffaa5dc0a92edd93723;hp=8097a10315b4299e6304d22f6d4b7846989f7ab5;hpb=f9766f684b43d6d2f2e0542c1ed487d10b1e7c00;p=openldap

diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c
index 8097a10315..5813aa52c0 100644
--- a/servers/slapd/schema_prep.c
+++ b/servers/slapd/schema_prep.c
@@ -162,28 +162,29 @@ static struct slap_schema_oc_map {
 			"NAME 'extensibleObject' "
 			"DESC 'RFC2252: extensible object' "
 			"SUP top AUXILIARY )",
-		0, 0, offsetof(struct slap_internal_schema, si_oc_extensibleObject) },
+		0, SLAP_OC_OPERATIONAL,
+		offsetof(struct slap_internal_schema, si_oc_extensibleObject) },
 	{ "alias", "( 2.5.6.1 NAME 'alias' "
 			"DESC 'RFC2256: an alias' "
 			"SUP top STRUCTURAL "
 			"MUST aliasedObjectName )",
-		aliasObjectClass, SLAP_OC_ALIAS,
+		aliasObjectClass, SLAP_OC_ALIAS|SLAP_OC_OPERATIONAL,
 		offsetof(struct slap_internal_schema, si_oc_alias) },
 	{ "referral", "( 2.16.840.1.113730.3.2.6 NAME 'referral' "
 			"DESC 'namedref: named subordinate referral' "
 			"SUP top STRUCTURAL MUST ref )",
-		referralObjectClass, SLAP_OC_REFERRAL,
+		referralObjectClass, SLAP_OC_REFERRAL|SLAP_OC_OPERATIONAL,
 		offsetof(struct slap_internal_schema, si_oc_referral) },
 	{ "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 "
 			"NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) "
 			"DESC 'OpenLDAP Root DSE object' "
 			"SUP top STRUCTURAL MAY cn )",
-		rootDseObjectClass, 0,
+		rootDseObjectClass, SLAP_OC_OPERATIONAL,
 		offsetof(struct slap_internal_schema, si_oc_rootdse) },
 	{ "subentry", "( 2.5.20.0 NAME 'subentry' "
 			"SUP top STRUCTURAL "
 			"MUST ( cn $ subtreeSpecification ) )",
-		subentryObjectClass, SLAP_OC_SUBENTRY,
+		subentryObjectClass, SLAP_OC_SUBENTRY|SLAP_OC_OPERATIONAL,
 		offsetof(struct slap_internal_schema, si_oc_subentry) },
 	{ "subschema", "( 2.5.20.1 NAME 'subschema' "
 		"DESC 'RFC2252: controlling subschema (sub)entry' "
@@ -191,17 +192,19 @@ static struct slap_schema_oc_map {
 		"MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
 			"objectClasses $ attributeTypes $ matchingRules $ "
 			"matchingRuleUse ) )",
-		subentryObjectClass, 0,
+		subentryObjectClass, SLAP_OC_OPERATIONAL,
 		offsetof(struct slap_internal_schema, si_oc_subschema) },
 	{ "monitor", "( 1.3.6.1.4.1.4203.666.3.2 NAME 'monitor' "
 		"DESC 'OpenLDAP system monitoring' "
 		"STRUCTURAL "
 		"MUST cn )",
-		0, 0, offsetof(struct slap_internal_schema, si_oc_monitor) },
+		0, SLAP_OC_OPERATIONAL,
+		offsetof(struct slap_internal_schema, si_oc_monitor) },
 	{ "collectiveAttributeSubentry", "( 2.5.20.2 "
 			"NAME 'collectiveAttributeSubentry' "
 			"AUXILIARY )",
-		subentryObjectClass, SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY,
+		subentryObjectClass,
+		SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
 		offsetof(struct slap_internal_schema, si_oc_collectiveAttributeSubentry) },
 	{ "dynamicObject", "( 1.3.6.1.4.1.1466.101.119.2 "
 			"NAME 'dynamicObject' "
@@ -233,7 +236,7 @@ static struct slap_schema_ad_map {
 			"DESC 'RFC2256: object classes of the entity' "
 			"EQUALITY objectIdentifierMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
-		NULL, 0, objectClassMatch, NULL, NULL,
+		NULL, SLAP_AT_FINAL, objectClassMatch, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_objectClass) },
 
 	/* user entry operational attributes */
@@ -293,13 +296,13 @@ static struct slap_schema_ad_map {
 			"EQUALITY distinguishedNameMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
 			"NO-USER-MODIFICATION USAGE directoryOperation )",
-		NULL, 0, NULL, NULL, NULL,
+		NULL, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_collectiveSubentries) },
 	{ "collectiveExclusions", "( 2.5.18.7 NAME 'collectiveExclusions' "
 			"EQUALITY objectIdentifierMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
 			"USAGE directoryOperation )",
-		NULL, 0, NULL, NULL, NULL,
+		NULL, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_collectiveExclusions) },
 
 	{ "entryUUID", "( 1.3.6.1.4.1.4203.666.1.6 NAME 'entryUUID' "   
@@ -307,14 +310,14 @@ static struct slap_schema_ad_map {
 			"EQUALITY octetStringMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} "
 			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
-		NULL, 0, NULL, NULL, NULL,
+		NULL, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_entryUUID) },
 	{ "entryCSN", "( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' "
 			"DESC 'LCUP/LDUP: change sequence number' "
 			"EQUALITY octetStringMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} "
 			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
-		NULL, 0, NULL, NULL, NULL,
+		NULL, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_entryCSN) },
 
 	/* root DSE attributes */
@@ -361,6 +364,15 @@ static struct slap_schema_ad_map {
 			"USAGE dSAOperation )",
 		rootDseAttribute, 0, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_supportedFeatures) },
+	{ "monitorContext", "( 1.3.6.1.4.1.4203.666.1.10 "
+			"NAME 'monitorContext' "
+			"DESC 'monitor context' "
+			"EQUALITY objectIdentifierMatch "
+			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
+			"SINGLE-VALUE NO-USER-MODIFICATION "
+			"USAGE dSAOperation )",
+		rootDseAttribute, SLAP_AT_HIDE, NULL, NULL, NULL,
+		offsetof(struct slap_internal_schema, si_ad_monitorContext) },
 	{ "vendorName", "( 1.3.6.1.1.4 NAME 'vendorName' "
 			"DESC 'RFC3045: name of implementation vendor' "
 			"EQUALITY 1.3.6.1.4.1.1466.109.114.1 "
@@ -383,13 +395,13 @@ static struct slap_schema_ad_map {
 			"EQUALITY objectIdentifierMatch "
 			"USAGE directoryOperation "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
-		administrativeRoleAttribute, 0, NULL, NULL, NULL,
+		administrativeRoleAttribute, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_administrativeRole) },
 	{ "subtreeSpecification", "( 2.5.18.6 NAME 'subtreeSpecification' "
 			"SINGLE-VALUE "
 			"USAGE directoryOperation "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )",
-		subentryAttribute, 0, NULL, NULL, NULL,
+		subentryAttribute, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_subtreeSpecification) },
 
 	/* subschema subentry attributes */
@@ -398,13 +410,13 @@ static struct slap_schema_ad_map {
 			"EQUALITY integerFirstComponentMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 "
 			"USAGE directoryOperation ) ",
-		subentryAttribute, 0, NULL, NULL, NULL,
+		subentryAttribute, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_ditStructureRules) },
 	{ "ditContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
 			"DESC 'RFC2252: DIT content rules' "
 			"EQUALITY objectIdentifierFirstComponentMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )",
-		subentryAttribute, 0, NULL, NULL, NULL,
+		subentryAttribute, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_ditContentRules) },
 	{ "matchingRules", "( 2.5.21.4 NAME 'matchingRules' "
 			"DESC 'RFC2252: matching rules' "
@@ -428,13 +440,13 @@ static struct slap_schema_ad_map {
 			"DESC 'RFC2252: name forms ' "
 			"EQUALITY objectIdentifierFirstComponentMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )",
-		subentryAttribute, 0, NULL, NULL, NULL,
+		subentryAttribute, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_nameForms) },
 	{ "matchingRuleUse", "( 2.5.21.8 NAME 'matchingRuleUse' "
 			"DESC 'RFC2252: matching rule uses' "
 			"EQUALITY objectIdentifierFirstComponentMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )",
-		subentryAttribute, 0, NULL, NULL, NULL,
+		subentryAttribute, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_matchingRuleUse) },
 
 	{ "ldapSyntaxes", "( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' "
@@ -450,7 +462,7 @@ static struct slap_schema_ad_map {
 			"DESC 'RFC2256: name of aliased object' "
 			"EQUALITY distinguishedNameMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )",
-		aliasAttribute, 0, NULL, NULL, NULL,
+		aliasAttribute, SLAP_AT_FINAL, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) },
 	{ "ref", "( 2.16.840.1.113730.3.1.34 NAME 'ref' "
 			"DESC 'namedref: subordinate referral URL' "
@@ -466,15 +478,31 @@ static struct slap_schema_ad_map {
 			"DESC 'OpenLDAP ACL entry pseudo-attribute' "
 			"SYNTAX 1.3.6.1.4.1.4203.1.1.1 "
 			"SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
-		NULL, 0, NULL, NULL, NULL,
+		NULL, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_entry) },
 	{ "children", "( 1.3.6.1.4.1.4203.1.3.2 "
 			"NAME 'children' "
 			"DESC 'OpenLDAP ACL children pseudo-attribute' "
 			"SYNTAX 1.3.6.1.4.1.4203.1.1.1 "
 			"SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
-		NULL, 0, NULL, NULL, NULL,
+		NULL, SLAP_AT_HIDE, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_children) },
+	{ "saslAuthzTo", "( 1.3.6.1.4.1.4203.666.1.8 "
+			"NAME 'saslAuthzTo' "
+			"DESC 'SASL proxy authorization targets' "
+			"EQUALITY caseExactMatch "
+			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+			"USAGE distributedOperation )",
+		NULL, SLAP_AT_HIDE, NULL, NULL, NULL,
+		offsetof(struct slap_internal_schema, si_ad_saslAuthzTo) },
+	{ "saslAuthzFrom", "( 1.3.6.1.4.1.4203.666.1.9 "
+			"NAME 'saslAuthzFrom' "
+			"DESC 'SASL proxy authorization sources' "
+			"EQUALITY caseExactMatch "
+			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+			"USAGE distributedOperation )",
+		NULL, SLAP_AT_HIDE, NULL, NULL, NULL,
+		offsetof(struct slap_internal_schema, si_ad_saslAuthzFrom) },
 #ifdef SLAPD_ACI_ENABLED
 	{ "OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 "
 			"NAME 'OpenLDAPaci' "
@@ -505,14 +533,14 @@ static struct slap_schema_ad_map {
 			"DESC 'RFC2256: common supertype of DN attributes' "
 			"EQUALITY distinguishedNameMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )",
-		NULL, 0, NULL, NULL, NULL,
+		NULL, SLAP_AT_ABSTRACT, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_distinguishedName) },
 	{ "name", "( 2.5.4.41 NAME 'name' "
 			"DESC 'RFC2256: common supertype of name attributes' "
 			"EQUALITY caseIgnoreMatch "
 			"SUBSTR caseIgnoreSubstringsMatch "
 			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )",
-		NULL, 0, NULL, NULL, NULL,
+		NULL, SLAP_AT_ABSTRACT, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_name) },
 	{ "cn", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) "
 			"DESC 'RFC2256: common name(s) for which the entity is known by' "
@@ -545,7 +573,12 @@ static struct slap_schema_ad_map {
 		offsetof(struct slap_internal_schema, si_ad_authPassword) },
 #endif
 #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-	{ "krbName", NULL,
+	{ "krbName", "( 1.3.6.1.4.1.250.1.32 "
+			"NAME ( 'krbName' 'kerberosName' ) "
+			"DESC 'Kerberos principal associated with object' "
+			"EQUALITY caseIgnoreIA5Match "
+			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 "
+			"SINGLE-VALUE )",
 		NULL, 0, NULL, NULL, NULL,
 		offsetof(struct slap_internal_schema, si_ad_krbName) },
 #endif
@@ -562,7 +595,8 @@ static AttributeType slap_at_undefined = {
 	NULL, /* subtypes */
 	NULL, NULL, NULL, NULL,	/* matching rules */
 	NULL, /* syntax (this may need to be defined) */
-	(AttributeTypeSchemaCheckFN *) 0, 0, /* schema check function/mask */
+	(AttributeTypeSchemaCheckFN *) 0, /* schema check function */
+	SLAP_AT_ABSTRACT|SLAP_AT_FINAL,	/* mask */
 	NULL, /* next */
 	NULL /* attribute description */
 	/* mutex (don't know how to initialize it :) */
@@ -715,7 +749,7 @@ slap_schema_load( void )
 				return LDAP_OTHER;
 			}
 
-			code = oc_add(oc,&err);
+			code = oc_add(oc,0,&err);
 			if ( code ) {
 				fprintf( stderr, "slap_schema_load: "
 					"%s: %s: \"%s\"\n",