X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fschema_prep.c;h=5813aa52c09e56f855cc48cdae4e3da09eae74e8;hb=ef3d895cb80a5b0830817ffaa5dc0a92edd93723;hp=9ee09073f8603f65aca5c085442411852492d456;hpb=b4bb3b5bf8c92853400895596e0ff43af03b2027;p=openldap diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index 9ee09073f8..5813aa52c0 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -34,6 +34,17 @@ objectClassMatch( ObjectClass *oc = oc_bvfind( value ); ObjectClass *asserted = oc_bvfind( a ); +#if 1 +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, + "> objectClassMatch(%s, %s)\n", + value->bv_val, a->bv_val )); +#else + Debug( LDAP_DEBUG_TRACE, "> objectClassMatch(%s,%s)\n", + value->bv_val, a->bv_val, 0 ); +#endif +#endif + if( asserted == NULL ) { if( OID_LEADCHAR( *a->bv_val ) ) { /* OID form, return FALSE */ @@ -56,13 +67,13 @@ objectClassMatch( *matchp = !is_object_subclass( asserted, oc ); } -#if 0 +#if 1 #ifdef NEW_LOGGING LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "objectClassMatch(%s, %s) = %d\n", + "< objectClassMatch(%s, %s) = %d\n", value->bv_val, a->bv_val, *matchp )); #else - Debug( LDAP_DEBUG_TRACE, "objectClassMatch(%s,%s) = %d\n", + Debug( LDAP_DEBUG_TRACE, "< objectClassMatch(%s,%s) = %d\n", value->bv_val, a->bv_val, *matchp ); #endif #endif @@ -70,6 +81,9 @@ objectClassMatch( return LDAP_SUCCESS; } +#if 1 +#define structuralObjectClassMatch objectClassMatch +#else static int structuralObjectClassMatch( int *matchp, @@ -83,6 +97,17 @@ structuralObjectClassMatch( ObjectClass *oc = oc_bvfind( value ); ObjectClass *asserted = oc_bvfind( a ); +#if 1 +#ifdef NEW_LOGGING + LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, + "> structuralObjectClassMatch(%s, %s)\n", + value->bv_val, a->bv_val )); +#else + Debug( LDAP_DEBUG_TRACE, "> structuralObjectClassMatch(%s,%s)\n", + value->bv_val, a->bv_val, 0 ); +#endif +#endif + if( asserted == NULL ) { if( OID_LEADCHAR( *a->bv_val ) ) { /* OID form, return FALSE */ @@ -101,76 +126,107 @@ structuralObjectClassMatch( *matchp = ( asserted != oc ); -#if 0 +#if 1 #ifdef NEW_LOGGING LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY, - "structuralObjectClassMatch( %s, %s ) = %d\n", + "< structuralObjectClassMatch( %s, %s ) = %d\n", value->bv_val, a->bv_val, *matchp )); #else - Debug( LDAP_DEBUG_TRACE, "structuralObjectClassMatch(%s,%s) = %d\n", + Debug( LDAP_DEBUG_TRACE, "< structuralObjectClassMatch(%s,%s) = %d\n", value->bv_val, a->bv_val, *matchp ); #endif #endif return LDAP_SUCCESS; } +#endif + +static ObjectClassSchemaCheckFN rootDseObjectClass; +static ObjectClassSchemaCheckFN aliasObjectClass; +static ObjectClassSchemaCheckFN referralObjectClass; +static ObjectClassSchemaCheckFN subentryObjectClass; +static ObjectClassSchemaCheckFN dynamicObjectClass; static struct slap_schema_oc_map { char *ssom_name; char *ssom_defn; ObjectClassSchemaCheckFN *ssom_check; + slap_mask_t ssom_flags; size_t ssom_offset; } oc_map[] = { { "top", "( 2.5.6.0 NAME 'top' " "DESC 'top of the superclass chain' " "ABSTRACT MUST objectClass )", - 0, offsetof(struct slap_internal_schema, si_oc_top) }, + 0, 0, offsetof(struct slap_internal_schema, si_oc_top) }, { "extensibleObject", "( 1.3.6.1.4.1.1466.101.120.111 " "NAME 'extensibleObject' " "DESC 'RFC2252: extensible object' " "SUP top AUXILIARY )", - 0, offsetof(struct slap_internal_schema, si_oc_extensibleObject) }, + 0, SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_extensibleObject) }, { "alias", "( 2.5.6.1 NAME 'alias' " "DESC 'RFC2256: an alias' " "SUP top STRUCTURAL " "MUST aliasedObjectName )", - 0, offsetof(struct slap_internal_schema, si_oc_alias) }, + aliasObjectClass, SLAP_OC_ALIAS|SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_alias) }, { "referral", "( 2.16.840.1.113730.3.2.6 NAME 'referral' " "DESC 'namedref: named subordinate referral' " "SUP top STRUCTURAL MUST ref )", - 0, offsetof(struct slap_internal_schema, si_oc_referral) }, + referralObjectClass, SLAP_OC_REFERRAL|SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_referral) }, { "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 " "NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) " "DESC 'OpenLDAP Root DSE object' " "SUP top STRUCTURAL MAY cn )", - 0, offsetof(struct slap_internal_schema, si_oc_rootdse) }, + rootDseObjectClass, SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_rootdse) }, { "subentry", "( 2.5.20.0 NAME 'subentry' " "SUP top STRUCTURAL " "MUST ( cn $ subtreeSpecification ) )", - 0, offsetof(struct slap_internal_schema, si_oc_subentry) }, + subentryObjectClass, SLAP_OC_SUBENTRY|SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_subentry) }, { "subschema", "( 2.5.20.1 NAME 'subschema' " "DESC 'RFC2252: controlling subschema (sub)entry' " "AUXILIARY " "MAY ( dITStructureRules $ nameForms $ ditContentRules $ " "objectClasses $ attributeTypes $ matchingRules $ " "matchingRuleUse ) )", - 0, offsetof(struct slap_internal_schema, si_oc_subschema) }, - { "collectiveAttributes", "( 2.5.20.2 " - "NAME 'collectiveAttributes' " + subentryObjectClass, SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_subschema) }, + { "monitor", "( 1.3.6.1.4.1.4203.666.3.2 NAME 'monitor' " + "DESC 'OpenLDAP system monitoring' " + "STRUCTURAL " + "MUST cn )", + 0, SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_monitor) }, + { "collectiveAttributeSubentry", "( 2.5.20.2 " + "NAME 'collectiveAttributeSubentry' " "AUXILIARY )", - 0, - offsetof(struct slap_internal_schema, si_oc_collectiveAttributes) }, - { NULL, 0 } + subentryObjectClass, + SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE, + offsetof(struct slap_internal_schema, si_oc_collectiveAttributeSubentry) }, + { "dynamicObject", "( 1.3.6.1.4.1.1466.101.119.2 " + "NAME 'dynamicObject' " + "DESC 'RFC2589: Dynamic Object' " + "SUP top AUXILIARY )", + dynamicObjectClass, SLAP_OC_DYNAMICOBJECT, + offsetof(struct slap_internal_schema, si_oc_dynamicObject) }, + { NULL, NULL, NULL, 0, 0 } }; static AttributeTypeSchemaCheckFN rootDseAttribute; -static AttributeTypeSchemaCheckFN subentryAttribute; +static AttributeTypeSchemaCheckFN aliasAttribute; static AttributeTypeSchemaCheckFN referralAttribute; +static AttributeTypeSchemaCheckFN subentryAttribute; +static AttributeTypeSchemaCheckFN administrativeRoleAttribute; +static AttributeTypeSchemaCheckFN dynamicAttribute; static struct slap_schema_ad_map { char *ssam_name; char *ssam_defn; AttributeTypeSchemaCheckFN *ssam_check; + slap_mask_t ssam_flags; slap_mr_match_func *ssam_match; slap_mr_indexer_func *ssam_indexer; slap_mr_filter_func *ssam_filter; @@ -180,8 +236,7 @@ static struct slap_schema_ad_map { "DESC 'RFC2256: object classes of the entity' " "EQUALITY objectIdentifierMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", - NULL, - objectClassMatch, NULL, NULL, + NULL, SLAP_AT_FINAL, objectClassMatch, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_objectClass) }, /* user entry operational attributes */ @@ -189,9 +244,8 @@ static struct slap_schema_ad_map { "DESC 'X.500(93): structural object class of entry' " "EQUALITY objectIdentifierMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " - "NO-USER-MODIFICATION SINGLE-VALUE USAGE directoryOperation )", - NULL, - structuralObjectClassMatch, NULL, NULL, + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, 0, structuralObjectClassMatch, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_structuralObjectClass) }, { "createTimestamp", "( 2.5.18.1 NAME 'createTimestamp' " "DESC 'RFC2252: time which object was created' " @@ -199,7 +253,7 @@ static struct slap_schema_ad_map { "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_createTimestamp) }, { "modifyTimestamp", "( 2.5.18.2 NAME 'modifyTimestamp' " "DESC 'RFC2252: time which object was last modified' " @@ -207,48 +261,48 @@ static struct slap_schema_ad_map { "ORDERING generalizedTimeOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) }, { "creatorsName", "( 2.5.18.3 NAME 'creatorsName' " "DESC 'RFC2252: name of creator' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_creatorsName) }, { "modifiersName", "( 2.5.18.4 NAME 'modifiersName' " "DESC 'RFC2252: name of last modifier' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_modifiersName) }, { "hasSubordinates", "( 2.5.18.9 NAME 'hasSubordinates' " "DESC 'X.501: entry has children' " "EQUALITY booleanMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_hasSubordinates) }, { "subschemaSubentry", "( 2.5.18.10 NAME 'subschemaSubentry' " "DESC 'RFC2252: name of controlling subschema entry' " "EQUALITY distinguishedNameMatch " - "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION " - "SINGLE-VALUE USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE " + "NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) }, - { "collectiveAttributeSubentry", "( 2.5.18.12 " - "NAME 'collectiveAttributeSubentry' " + { "collectiveAttributeSubentries", "( 2.5.18.12 " + "NAME 'collectiveAttributeSubentries' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " - "USAGE directoryOperation NO-USER-MODIFICATION )", - NULL, NULL, NULL, NULL, - offsetof(struct slap_internal_schema, si_ad_collectiveSubentry) }, + "NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_HIDE, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_collectiveSubentries) }, { "collectiveExclusions", "( 2.5.18.7 NAME 'collectiveExclusions' " "EQUALITY objectIdentifierMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " "USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_collectiveExclusions) }, { "entryUUID", "( 1.3.6.1.4.1.4203.666.1.6 NAME 'entryUUID' " @@ -256,51 +310,51 @@ static struct slap_schema_ad_map { "EQUALITY octetStringMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_entryUUID) }, { "entryCSN", "( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' " "DESC 'LCUP/LDUP: change sequence number' " "EQUALITY octetStringMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} " "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_entryCSN) }, /* root DSE attributes */ { "altServer", "( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' " "DESC 'RFC2252: alternative servers' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_altServer) }, { "namingContexts", "( 1.3.6.1.4.1.1466.101.120.5 " "NAME 'namingContexts' " "DESC 'RFC2252: naming contexts' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_namingContexts) }, { "supportedControl", "( 1.3.6.1.4.1.1466.101.120.13 " "NAME 'supportedControl' " - "DESC 'RFC2252: supported controls' " - "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + "DESC 'RFC2252: supported controls' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_supportedControl) }, { "supportedExtension", "( 1.3.6.1.4.1.1466.101.120.7 " "NAME 'supportedExtension' " "DESC 'RFC2252: supported extended operations' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_supportedExtension) }, { "supportedLDAPVersion", "( 1.3.6.1.4.1.1466.101.120.15 " "NAME 'supportedLDAPVersion' " "DESC 'RFC2252: supported LDAP versions' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) }, { "supportedSASLMechanisms", "( 1.3.6.1.4.1.1466.101.120.14 " "NAME 'supportedSASLMechanisms' " "DESC 'RFC2252: supported SASL mechanisms'" "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) }, { "supportedFeatures", "( 1.3.6.1.4.1.4203.1.3.5 " "NAME 'supportedFeatures' " @@ -308,15 +362,24 @@ static struct slap_schema_ad_map { "EQUALITY objectIdentifierMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " "USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_supportedFeatures) }, + { "monitorContext", "( 1.3.6.1.4.1.4203.666.1.10 " + "NAME 'monitorContext' " + "DESC 'monitor context' " + "EQUALITY objectIdentifierMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " + "SINGLE-VALUE NO-USER-MODIFICATION " + "USAGE dSAOperation )", + rootDseAttribute, SLAP_AT_HIDE, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_monitorContext) }, { "vendorName", "( 1.3.6.1.1.4 NAME 'vendorName' " "DESC 'RFC3045: name of implementation vendor' " "EQUALITY 1.3.6.1.4.1.1466.109.114.1 " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " "SINGLE-VALUE NO-USER-MODIFICATION " "USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_vendorName) }, { "vendorVersion", "( 1.3.6.1.1.5 NAME 'vendorVersion' " "DESC 'RFC3045: version of implementation' " @@ -324,7 +387,7 @@ static struct slap_schema_ad_map { "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " "SINGLE-VALUE NO-USER-MODIFICATION " "USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_vendorVersion) }, /* subentry attributes */ @@ -332,13 +395,13 @@ static struct slap_schema_ad_map { "EQUALITY objectIdentifierMatch " "USAGE directoryOperation " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", - NULL, NULL, NULL, NULL, + administrativeRoleAttribute, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_administrativeRole) }, { "subtreeSpecification", "( 2.5.18.6 NAME 'subtreeSpecification' " "SINGLE-VALUE " "USAGE directoryOperation " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_subtreeSpecification) }, /* subschema subentry attributes */ @@ -347,50 +410,50 @@ static struct slap_schema_ad_map { "EQUALITY integerFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 " "USAGE directoryOperation ) ", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_ditStructureRules) }, { "ditContentRules", "( 2.5.21.2 NAME 'dITContentRules' " "DESC 'RFC2252: DIT content rules' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_ditContentRules) }, { "matchingRules", "( 2.5.21.4 NAME 'matchingRules' " "DESC 'RFC2252: matching rules' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_matchingRules) }, { "attributeTypes", "( 2.5.21.5 NAME 'attributeTypes' " "DESC 'RFC2252: attribute types' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_attributeTypes) }, { "objectClasses", "( 2.5.21.6 NAME 'objectClasses' " "DESC 'RFC2252: object classes' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_objectClasses) }, { "nameForms", "( 2.5.21.7 NAME 'nameForms' " "DESC 'RFC2252: name forms ' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_nameForms) }, { "matchingRuleUse", "( 2.5.21.8 NAME 'matchingRuleUse' " "DESC 'RFC2252: matching rule uses' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_matchingRuleUse) }, { "ldapSyntaxes", "( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' " "DESC 'RFC2252: LDAP syntaxes' " "EQUALITY objectIdentifierFirstComponentMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )", - subentryAttribute, NULL, NULL, NULL, + subentryAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_ldapSyntaxes) }, /* knowledge information */ @@ -399,14 +462,14 @@ static struct slap_schema_ad_map { "DESC 'RFC2256: name of aliased object' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", - NULL, NULL, NULL, NULL, + aliasAttribute, SLAP_AT_FINAL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) }, { "ref", "( 2.16.840.1.113730.3.1.34 NAME 'ref' " "DESC 'namedref: subordinate referral URL' " "EQUALITY caseExactMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " "USAGE distributedOperation )", - referralAttribute, NULL, NULL, NULL, + referralAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_ref) }, /* access control internals */ @@ -415,15 +478,31 @@ static struct slap_schema_ad_map { "DESC 'OpenLDAP ACL entry pseudo-attribute' " "SYNTAX 1.3.6.1.4.1.4203.1.1.1 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", - NULL, NULL, NULL, NULL, + NULL, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_entry) }, { "children", "( 1.3.6.1.4.1.4203.1.3.2 " "NAME 'children' " "DESC 'OpenLDAP ACL children pseudo-attribute' " "SYNTAX 1.3.6.1.4.1.4203.1.1.1 " "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", - NULL, NULL, NULL, NULL, + NULL, SLAP_AT_HIDE, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_children) }, + { "saslAuthzTo", "( 1.3.6.1.4.1.4203.666.1.8 " + "NAME 'saslAuthzTo' " + "DESC 'SASL proxy authorization targets' " + "EQUALITY caseExactMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " + "USAGE distributedOperation )", + NULL, SLAP_AT_HIDE, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_saslAuthzTo) }, + { "saslAuthzFrom", "( 1.3.6.1.4.1.4203.666.1.9 " + "NAME 'saslAuthzFrom' " + "DESC 'SASL proxy authorization sources' " + "EQUALITY caseExactMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " + "USAGE distributedOperation )", + NULL, SLAP_AT_HIDE, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_saslAuthzFrom) }, #ifdef SLAPD_ACI_ENABLED { "OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 " "NAME 'OpenLDAPaci' " @@ -431,7 +510,7 @@ static struct slap_schema_ad_map { "EQUALITY OpenLDAPaciMatch " "SYNTAX 1.3.6.1.4.1.4203.666.2.1 " "USAGE directoryOperation )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_aci) }, #endif @@ -439,41 +518,40 @@ static struct slap_schema_ad_map { "DESC 'RFC2589: entry time-to-live' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE " "NO-USER-MODIFICATION USAGE dSAOperation )", - NULL, NULL, NULL, NULL, + dynamicAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_entryTtl) }, { "dynamicSubtrees", "( 1.3.6.1.4.1.1466.101.119.4 " "NAME 'dynamicSubtrees' " "DESC 'RFC2589: dynamic subtrees' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION " "USAGE dSAOperation )", - rootDseAttribute, NULL, NULL, NULL, + rootDseAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_dynamicSubtrees) }, - /* userApplication attributes */ + /* userApplication attributes (which system schema depends upon) */ { "distinguishedName", "( 2.5.4.49 NAME 'distinguishedName' " "DESC 'RFC2256: common supertype of DN attributes' " "EQUALITY distinguishedNameMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", - NULL, NULL, NULL, NULL, + NULL, SLAP_AT_ABSTRACT, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_distinguishedName) }, { "name", "( 2.5.4.41 NAME 'name' " "DESC 'RFC2256: common supertype of name attributes' " "EQUALITY caseIgnoreMatch " "SUBSTR caseIgnoreSubstringsMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )", - NULL, NULL, NULL, NULL, + NULL, SLAP_AT_ABSTRACT, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_name) }, { "cn", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) " "DESC 'RFC2256: common name(s) for which the entity is known by' " "SUP name )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_cn) }, - { "userPassword", "( 2.5.4.35 NAME 'userPassword' " "DESC 'RFC2256/2307: password of user' " "EQUALITY octetStringMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )", - NULL, NULL, NULL, NULL, + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_userPassword) }, #ifdef SLAPD_AUTHPASSWD @@ -482,7 +560,8 @@ static struct slap_schema_ad_map { "DESC 'RFC3112: authentication password attribute' " "EQUALITY 1.3.6.1.4.1.4203.1.2.2 " "SYNTAX 1.3.6.1.4.1.4203.1.1.2 )", - NULL, NULL, NULL, NULL, + NULL, 0, + NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_authPassword) }, { "supportedAuthPasswordSchemes", "( 1.3.6.1.4.1.4203.1.3.3 " "NAME 'supportedAuthPasswordSchemes' " @@ -490,16 +569,21 @@ static struct slap_schema_ad_map { "EQUALITY caseExactIA5Match " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} " "USAGE dSAOperation )", - subschemaAttribute, NULL, NULL, NULL, + subschemaAttribute, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_authPassword) }, #endif #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND - { "krbName", NULL, - NULL, NULL, NULL, NULL, + { "krbName", "( 1.3.6.1.4.1.250.1.32 " + "NAME ( 'krbName' 'kerberosName' ) " + "DESC 'Kerberos principal associated with object' " + "EQUALITY caseIgnoreIA5Match " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 " + "SINGLE-VALUE )", + NULL, 0, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_krbName) }, #endif - { NULL, NULL, NULL, NULL, NULL, NULL, 0 } + { NULL, NULL, NULL, 0, NULL, NULL, NULL, 0 } }; static AttributeType slap_at_undefined = { @@ -512,8 +596,9 @@ static AttributeType slap_at_undefined = { NULL, NULL, NULL, NULL, /* matching rules */ NULL, /* syntax (this may need to be defined) */ (AttributeTypeSchemaCheckFN *) 0, /* schema check function */ - NULL, /* attribute description */ - NULL /* next */ + SLAP_AT_ABSTRACT|SLAP_AT_FINAL, /* mask */ + NULL, /* next */ + NULL /* attribute description */ /* mutex (don't know how to initialize it :) */ }; @@ -532,6 +617,8 @@ static struct slap_schema_syn_map { char *sssm_name; size_t sssm_offset; } syn_map[] = { + { "1.3.6.1.4.1.1466.115.121.1.40", + offsetof(struct slap_internal_schema, si_syn_octetString) }, { "1.3.6.1.4.1.1466.115.121.1.12", offsetof(struct slap_internal_schema, si_syn_distinguishedName) }, { "1.3.6.1.4.1.1466.115.121.1.27", @@ -543,8 +630,42 @@ int slap_schema_load( void ) { int i; + + for( i=0; syn_map[i].sssm_name; i++ ) { + Syntax ** synp = (Syntax **) + &(((char *) &slap_schema)[syn_map[i].sssm_offset]); + + assert( *synp == NULL ); + + *synp = syn_find( syn_map[i].sssm_name ); + + if( *synp == NULL ) { + fprintf( stderr, "slap_schema_check: " + "No syntax \"%s\" defined in schema\n", + syn_map[i].sssm_name ); + return LDAP_INVALID_SYNTAX; + } + } + + for( i=0; mr_map[i].ssmm_name; i++ ) { + MatchingRule ** mrp = (MatchingRule **) + &(((char *) &slap_schema)[mr_map[i].ssmm_offset]); + + assert( *mrp == NULL ); + + *mrp = mr_find( mr_map[i].ssmm_name ); + + if( *mrp == NULL ) { + fprintf( stderr, "slap_schema_check: " + "No matching rule \"%s\" defined in schema\n", + mr_map[i].ssmm_name ); + return LDAP_INAPPROPRIATE_MATCHING; + } + } + for( i=0; ad_map[i].ssam_name; i++ ) { - if( ad_map[i].ssam_defn != NULL ) { + assert( ad_map[i].ssam_defn != NULL ); + { LDAPAttributeType *at; int code; const char *err; @@ -574,10 +695,40 @@ slap_schema_load( void ) } ldap_memfree( at ); } + { + int rc; + const char *text; + + AttributeDescription ** adp = (AttributeDescription **) + &(((char *) &slap_schema)[ad_map[i].ssam_offset]); + + assert( *adp == NULL ); + + rc = slap_str2ad( ad_map[i].ssam_name, adp, &text ); + if( rc != LDAP_SUCCESS ) { + fprintf( stderr, "slap_schema_check: " + "No attribute \"%s\" defined in schema\n", + ad_map[i].ssam_name ); + return rc; + } + + if( ad_map[i].ssam_check ) { + /* install check routine */ + (*adp)->ad_type->sat_check = ad_map[i].ssam_check; + } + /* install flags */ + (*adp)->ad_type->sat_flags |= ad_map[i].ssam_flags; + + if( ad_map[i].ssam_match ) { + /* install custom matching routine */ + (*adp)->ad_type->sat_equality->smr_match = ad_map[i].ssam_match; + } + } } for( i=0; oc_map[i].ssom_name; i++ ) { - if( oc_map[i].ssom_defn != NULL ) { + assert( oc_map[i].ssom_defn != NULL ); + { LDAPObjectClass *oc; int code; const char *err; @@ -598,7 +749,7 @@ slap_schema_load( void ) return LDAP_OTHER; } - code = oc_add(oc,&err); + code = oc_add(oc,0,&err); if ( code ) { fprintf( stderr, "slap_schema_load: " "%s: %s: \"%s\"\n", @@ -608,112 +759,161 @@ slap_schema_load( void ) ldap_memfree(oc); } + { + ObjectClass ** ocp = (ObjectClass **) + &(((char *) &slap_schema)[oc_map[i].ssom_offset]); + + assert( *ocp == NULL ); + + *ocp = oc_find( oc_map[i].ssom_name ); + if( *ocp == NULL ) { + fprintf( stderr, "slap_schema_check: " + "No objectClass \"%s\" defined in schema\n", + oc_map[i].ssom_name ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( oc_map[i].ssom_check ) { + /* install check routine */ + (*ocp)->soc_check = oc_map[i].ssom_check; + } + /* install flags */ + (*ocp)->soc_flags |= oc_map[i].ssom_flags; + } } + slap_at_undefined.sat_syntax = slap_schema.si_syn_distinguishedName; + slap_schema.si_at_undefined = &slap_at_undefined; + return LDAP_SUCCESS; } int slap_schema_check( void ) { - int i; /* we should only be called once after schema_init() was called */ assert( schema_init_done == 1 ); - for( i=0; syn_map[i].sssm_name; i++ ) { - Syntax ** synp = (Syntax **) - &(((char *) &slap_schema)[syn_map[i].sssm_offset]); - - assert( *synp == NULL ); + ++schema_init_done; + return LDAP_SUCCESS; +} - *synp = syn_find( syn_map[i].sssm_name ); +static int rootDseObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; - if( *synp == NULL ) { - fprintf( stderr, "slap_schema_check: " - "No syntax \"%s\" defined in schema\n", - syn_map[i].sssm_name ); - return LDAP_INVALID_SYNTAX; - } + if( e->e_nname.bv_len ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" only allowed in the root DSE", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; } - for( i=0; mr_map[i].ssmm_name; i++ ) { - MatchingRule ** mrp = (MatchingRule **) - &(((char *) &slap_schema)[mr_map[i].ssmm_offset]); - - assert( *mrp == NULL ); - - *mrp = mr_find( mr_map[i].ssmm_name ); + /* we should not be called for the root DSE */ + assert( 0 ); + return LDAP_SUCCESS; +} - if( *mrp == NULL ) { - fprintf( stderr, "slap_schema_check: " - "No matching rule \"%s\" defined in schema\n", - mr_map[i].ssmm_name ); - return LDAP_INAPPROPRIATE_MATCHING; - } - } +static int aliasObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; - slap_at_undefined.sat_syntax = syn_find( SLAPD_OCTETSTRING_SYNTAX ); - if( slap_at_undefined.sat_syntax == NULL ) { - fprintf( stderr, "slap_schema_check: " - "No octetString syntax \"" SLAPD_OCTETSTRING_SYNTAX "\"\n" ); - return LDAP_INVALID_SYNTAX; + if( !SLAP_ALIASES(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; } - slap_schema.si_at_undefined = &slap_at_undefined; - for( i=0; ad_map[i].ssam_name; i++ ) { - int rc; - const char *text; + return LDAP_SUCCESS; +} - AttributeDescription ** adp = (AttributeDescription **) - &(((char *) &slap_schema)[ad_map[i].ssam_offset]); +static int referralObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; - assert( *adp == NULL ); + if( !SLAP_REFERRALS(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } - rc = slap_str2ad( ad_map[i].ssam_name, adp, &text ); + return LDAP_SUCCESS; +} - if( rc != LDAP_SUCCESS ) { - fprintf( stderr, "slap_schema_check: " - "No attribute \"%s\" defined in schema\n", - ad_map[i].ssam_name ); - return rc; - } +static int subentryObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; - if( ad_map[i].ssam_match ) { - /* install custom matching routine */ - (*adp)->ad_type->sat_equality->smr_match = ad_map[i].ssam_match; - } + if( !SLAP_SUBENTRIES(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; } - for( i=0; oc_map[i].ssom_name; i++ ) { - ObjectClass ** ocp = (ObjectClass **) - &(((char *) &slap_schema)[oc_map[i].ssom_offset]); + if( oc != slap_schema.si_oc_subentry && !is_entry_subentry( e ) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" only allowed in subentries", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } - assert( *ocp == NULL ); + return LDAP_SUCCESS; +} - *ocp = oc_find( oc_map[i].ssom_name ); +static int dynamicObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; - if( *ocp == NULL ) { - fprintf( stderr, "slap_schema_check: " - "No objectClass \"%s\" defined in schema\n", - oc_map[i].ssom_name ); - return LDAP_OBJECT_CLASS_VIOLATION; - } + if( !SLAP_DYNAMIC(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; } - ++schema_init_done; return LDAP_SUCCESS; } static int rootDseAttribute ( + Backend *be, Entry *e, Attribute *attr, const char** text, char *textbuf, size_t textlen ) { *text = textbuf; + if( e->e_nname.bv_len ) { snprintf( textbuf, textlen, - "attribute \"%s\"only allowed in the root DSE", + "attribute \"%s\" only allowed in the root DSE", attr->a_desc->ad_cname.bv_val ); return LDAP_OBJECT_CLASS_VIOLATION; } @@ -723,16 +923,25 @@ static int rootDseAttribute ( return LDAP_SUCCESS; } -static int subentryAttribute ( +static int aliasAttribute ( + Backend *be, Entry *e, Attribute *attr, const char** text, char *textbuf, size_t textlen ) { *text = textbuf; - if( !is_entry_subentry( e ) ) { + + if( !SLAP_ALIASES(be) ) { snprintf( textbuf, textlen, - "attribute \"%s\"only allowed in the subentry", + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( !is_entry_alias( e ) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in the alias", attr->a_desc->ad_cname.bv_val ); return LDAP_OBJECT_CLASS_VIOLATION; } @@ -741,15 +950,98 @@ static int subentryAttribute ( } static int referralAttribute ( + Backend *be, Entry *e, Attribute *attr, const char** text, char *textbuf, size_t textlen ) { *text = textbuf; + + if( !SLAP_REFERRALS(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + if( !is_entry_referral( e ) ) { snprintf( textbuf, textlen, - "attribute \"%s\"only allowed in the referral", + "attribute \"%s\" only allowed in the referral", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int subentryAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_SUBENTRIES(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( !is_entry_subentry( e ) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in the subentry", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int administrativeRoleAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_SUBENTRIES(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + snprintf( textbuf, textlen, + "attribute \"%s\" not supported!", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; +} + +static int dynamicAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_DYNAMIC(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( !is_entry_dynamicObject( e ) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in dynamic object", attr->a_desc->ad_cname.bv_val ); return LDAP_OBJECT_CLASS_VIOLATION; }