Add some basic system schema checks.

diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c
index 079026f7ad2a9e2249cbce17bd90339ca5eb252b..6320760d93addedc96251facc553744338c5a232 100644 (file)
--- a/servers/slapd/schema_prep.c
+++ b/servers/slapd/schema_prep.c
@@ -116,7 +116,10 @@ structuralObjectClassMatch(
 }
 
 static ObjectClassSchemaCheckFN rootDseObjectClass;
+static ObjectClassSchemaCheckFN aliasObjectClass;
+static ObjectClassSchemaCheckFN referralObjectClass;
 static ObjectClassSchemaCheckFN subentryObjectClass;
+static ObjectClassSchemaCheckFN dynamicObjectClass;
 
 static struct slap_schema_oc_map {
        char *ssom_name;
@@ -137,36 +140,42 @@ static struct slap_schema_oc_map {
                        "DESC 'RFC2256: an alias' "
                        "SUP top STRUCTURAL "
                        "MUST aliasedObjectName )",
-               0, offsetof(struct slap_internal_schema, si_oc_alias) },
+               aliasObjectClass,
+               offsetof(struct slap_internal_schema, si_oc_alias) },
        { "referral", "( 2.16.840.1.113730.3.2.6 NAME 'referral' "
                        "DESC 'namedref: named subordinate referral' "
                        "SUP top STRUCTURAL MUST ref )",
-               0, offsetof(struct slap_internal_schema, si_oc_referral) },
+               referralObjectClass,
+               offsetof(struct slap_internal_schema, si_oc_referral) },
        { "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 "
                        "NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) "
                        "DESC 'OpenLDAP Root DSE object' "
-                       "SUP top STRUCTURAL MAY cn )", rootDseObjectClass,
+                       "SUP top STRUCTURAL MAY cn )",
+               rootDseObjectClass,
                offsetof(struct slap_internal_schema, si_oc_rootdse) },
        { "subentry", "( 2.5.20.0 NAME 'subentry' "
                        "SUP top STRUCTURAL "
                        "MUST ( cn $ subtreeSpecification ) )",
-               0, offsetof(struct slap_internal_schema, si_oc_subentry) },
+               subentryObjectClass,
+               offsetof(struct slap_internal_schema, si_oc_subentry) },
        { "subschema", "( 2.5.20.1 NAME 'subschema' "
                "DESC 'RFC2252: controlling subschema (sub)entry' "
                "AUXILIARY "
                "MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
                        "objectClasses $ attributeTypes $ matchingRules $ "
-                       "matchingRuleUse ) )", subentryObjectClass,
+                       "matchingRuleUse ) )",
+               subentryObjectClass,
                offsetof(struct slap_internal_schema, si_oc_subschema) },
        { "collectiveAttributes", "( 2.5.20.2 "
                        "NAME 'collectiveAttributes' "
-                       "AUXILIARY )", subentryObjectClass,
+                       "AUXILIARY )",
+               subentryObjectClass,
                offsetof(struct slap_internal_schema, si_oc_collectiveAttributes) },
        { "dynamicObject", "( 1.3.6.1.4.1.1466.101.119.2 "
                        "NAME 'dynamicObject' "
                        "DESC 'RFC2589: Dynamic Object' "
                        "SUP top AUXILIARY )",
-               0,
+               dynamicObjectClass,
                offsetof(struct slap_internal_schema, si_oc_dynamicObject) },
        { NULL, 0 }
 };
@@ -457,7 +466,7 @@ static struct slap_schema_ad_map {
                rootDseAttribute, NULL, NULL, NULL,
                offsetof(struct slap_internal_schema, si_ad_dynamicSubtrees) },
 
-       /* userApplication attributes */
+       /* userApplication attributes (which system schema depends upon) */
        { "distinguishedName", "( 2.5.4.49 NAME 'distinguishedName' "
                        "DESC 'RFC2256: common supertype of DN attributes' "
                        "EQUALITY distinguishedNameMatch "
@@ -476,7 +485,6 @@ static struct slap_schema_ad_map {
                        "SUP name )",
                NULL, NULL, NULL, NULL,
                offsetof(struct slap_internal_schema, si_ad_cn) },
-
        { "userPassword", "( 2.5.4.35 NAME 'userPassword' "
                        "DESC 'RFC2256/2307: password of user' "
                        "EQUALITY octetStringMatch "
@@ -732,6 +740,38 @@ static int rootDseObjectClass (
        return LDAP_SUCCESS;
 }
 
+static int aliasObjectClass (
+       Backend *be,
+       Entry *e,
+       ObjectClass *oc,
+       const char** text,
+       char *textbuf, size_t textlen )
+{
+       if( !SLAP_ALIASES(be) ) {
+               snprintf( textbuf, textlen,
+                       "objectClass \"%s\" not supported in context",
+                       oc->soc_oid );
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+       return LDAP_SUCCESS;
+}
+
+static int referralObjectClass (
+       Backend *be,
+       Entry *e,
+       ObjectClass *oc,
+       const char** text,
+       char *textbuf, size_t textlen )
+{
+       if( !SLAP_REFERRALS(be) ) {
+               snprintf( textbuf, textlen,
+                       "objectClass \"%s\" not supported in context",
+                       oc->soc_oid );
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+       return LDAP_SUCCESS;
+}
+
 static int subentryObjectClass (
        Backend *be,
        Entry *e,
@@ -739,7 +779,14 @@ static int subentryObjectClass (
        const char** text,
        char *textbuf, size_t textlen )
 {
-       if( !is_entry_subentry( e ) ) {
+       if( !SLAP_SUBENTRIES(be) ) {
+               snprintf( textbuf, textlen,
+                       "objectClass \"%s\" not supported in context",
+                       oc->soc_oid );
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+
+       if( oc != slap_schema.si_oc_subentry && !is_entry_subentry( e ) ) {
                snprintf( textbuf, textlen,
                        "objectClass \"%s\" only allowed in subentries",
                        oc->soc_oid );
@@ -748,6 +795,22 @@ static int subentryObjectClass (
        return LDAP_SUCCESS;
 }
 
+static int dynamicObjectClass (
+       Backend *be,
+       Entry *e,
+       ObjectClass *oc,
+       const char** text,
+       char *textbuf, size_t textlen )
+{
+       if( !SLAP_DYNAMIC(be) ) {
+               snprintf( textbuf, textlen,
+                       "objectClass \"%s\" not supported in context",
+                       oc->soc_oid );
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+       return LDAP_SUCCESS;
+}
+
 static int rootDseAttribute (
        Backend *be,
        Entry *e,

diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 13752f9c6be1a6294e8cf1ea2e432f30a3c2c7e8..fd07e57a23a695fa6625d7c76d13daf16d20b451 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1026,12 +1026,14 @@ struct slap_backend_db {
 #define SLAP_BFLAG_REFERRALS   0x0200U
 #define SLAP_BFLAG_SUBENTRIES  0x0400U
 #define SLAP_BFLAG_MONITOR             0x1000U
+#define SLAP_BFLAG_DYNAMIC             0x2000U
        slap_mask_t     be_flags;
 #define SLAP_LASTMOD(be)       (!((be)->be_flags & SLAP_BFLAG_NOLASTMOD))
 #define SLAP_ALIASES(be)       ((be)->be_flags & SLAP_BFLAG_ALIASES)
 #define SLAP_REFERRALS(be)     ((be)->be_flags & SLAP_BFLAG_REFERRALS)
 #define SLAP_SUBENTRIES(be)    ((be)->be_flags & SLAP_BFLAG_SUBENTRIES)
 #define SLAP_MONITOR(be)       ((be)->be_flags & SLAP_BFLAG_MONITOR)
+#define SLAP_DYNAMIC(be)       ((be)->be_flags & SLAP_BFLAG_DYNAMIC)
 
        slap_mask_t     be_restrictops;         /* restriction operations */
 #define SLAP_RESTRICT_OP_ADD           0x0001U