bv.bv_val = op->o_ndn;
bv.bv_len = strlen( bv.bv_val );
- /* see if asker is listed in dnattr */
- if ( (at = attr_find( e->e_attrs, b->a_dn_at )) != NULL
+ /* see if asker is listed in dnattr */
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
-#else
- && value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0
-#endif
- )
+ for( at = attrs_find( e->e_attrs, b->a_dn_at );
+ at == NULL;
+ at = attrs_find( e->e_attrs->a_next, b->a_dn_at ) )
{
- if ( b->a_dn_self &&
- (val == NULL
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
+ if( value_find( b->a_dn_at, at->a_vals, &bv ) == 0 ) {
+ }
+ }
+
#else
- || value_cmp( &bv, val, at->a_syntax, 2 )
-#endif
- ) )
+ /* see if asker is listed in dnattr */
+ if ( (at = attr_find( e->e_attrs, b->a_dn_at )) != NULL &&
+ value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
+ {
+ if ( b->a_dn_self && (val == NULL
+ || value_cmp( &bv, val, at->a_syntax, 2 ) ) )
{
continue;
}
/* asker not listed in dnattr - check for self access */
} else if ( ! b->a_dn_self || val == NULL
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
-#else
- || value_cmp( &bv, val, at->a_syntax, 2 ) != 0
-#endif
- )
+ || value_cmp( &bv, val, at->a_syntax, 2 ) != 0 )
{
continue;
}
+#endif
}
if ( b->a_group_pat != NULL && op->o_ndn != NULL ) {
* by the user
*/
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
+ if ( is_at_no_user_mod( mlist->sml_desc->ad_type ) ) {
+ Debug( LDAP_DEBUG_ACL, "acl: no-user-mod %s:"
+ " modify access granted\n",
+ mlist->sml_desc->ad_cname->bv_val, 0, 0 );
+ continue;
+ }
#else
if ( oc_check_op_no_usermod_attr( mlist->sml_type ) ) {
- Debug( LDAP_DEBUG_ACL, "NoUserMod Operational attribute:"
+ Debug( LDAP_DEBUG_ACL, "acl: no-user-mod %s:"
" modify access granted\n",
mlist->sml_type, 0, 0 );
continue;
char *grpoc;
char *grpat;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- AttributeDescription *grpad = NULL;
+ ObjectClass *grp_oc = NULL;
+ AttributeDescription *grp_ad = NULL;
char *text;
#else
- char *grpad;
+ char *grp_oc;
+ char *grp_ad;
#endif
int rc;
}
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- rc = slap_str2ad( grpat, &grpad, &text );
+ rc = slap_str2ad( grpat, &grp_ad, &text );
if( rc != LDAP_SUCCESS ) {
rc = 0;
goto done;
}
#else
- grpad = grpat;
+ grp_ad = grpat;
#endif
rc = 0;
grpdn = (char *)ch_malloc(1024);
- if (grpoc != NULL && grpad != NULL && grpdn != NULL) {
+ if (grp_oc != NULL && grp_ad != NULL && grpdn != NULL) {
string_expand(grpdn, 1024, subjdn, e->e_ndn, matches);
if ( dn_normalize(grpdn) != NULL ) {
- rc = (backend_group(be, e, grpdn, op->o_ndn, grpoc, grpad) == 0);
+ rc = (backend_group(be, e, grpdn, op->o_ndn, grp_oc, grp_ad) == 0);
}
}
-done:
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- if( grpad != NULL ) ad_free( grpad, 1 );
+done:
+ if( grp_ad != NULL ) ad_free( grp_ad, 1 );
#endif
ch_free(grpdn);
ch_free(grpat);
return(1);
} else if (aci_strbvcmp( "dnattr", &bv ) == 0) {
- Attribute *at;
char *dnattr = aci_bvstrdup(&sdn);
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- AttributeDescription *dnad = NULL;
- char *text;
- rc = slap_str2ad( dnattr, &dnad, &text );
+ Attribute *at;
+ AttributeDescription *ad = NULL;
+ const char *text;
+
+ rc = slap_str2ad( dnattr, &ad, &text );
ch_free( dnattr );
- if ( rc == LDAP_SUCCESS ) {
-#else
- char *dnad = dnattr;
-#endif
- at = attr_find( e->e_attrs, dnad );
-#ifdef SLAPD_SCHEMA_NOT_COMAT
- ad_free( dnad, 1 );
-#else
- ch_free( dnad );
-#endif
- if (at != NULL) {
- bv.bv_val = op->o_ndn;
- bv.bv_len = strlen( bv.bv_val );
+ if( rc != LDAP_SUCCESS ) {
+ return 0;
+ }
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
-#else
- if (value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
- return(1);
-#endif
+ rc = 0;
+
+ bv.bv_val = op->o_ndn;
+ bv.bv_len = strlen( bv.bv_val );
+
+ for(at = attrs_find( e->e_attrs, ad );
+ at != NULL;
+ at = attrs_find( at->a_next, ad ) )
+ {
+ if (value_find( ad, at->a_vals, &bv) == 0 ) {
+ rc = 1;
+ break;
}
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
- } else {
- ad_free( dnad, 1 );
-#endif
}
+ ad_free( ad, 1 );
+ return rc;
+
+#else
+ Attribute *at;
+ at = attr_find( e->e_attrs, dnattr );
+ ch_free( dnattr );
+
+ if (at != NULL) {
+ bv.bv_val = op->o_ndn;
+ bv.bv_len = strlen( bv.bv_val );
+
+ if (value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
+ return(1);
+ }
+#endif
+
} else if (aci_strbvcmp( "group", &bv ) == 0) {
if (aci_group_member(&sdn, "groupOfNames", "member", be, e, op, matches))
return(1);
b->a_group_pat = ch_strdup( right );
if (value && *value) {
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ b->a_group_oc = oc_find( value );
+#else
b->a_group_oc = ch_strdup(value);
+#endif
+ if( b->a_group_oc == NULL ) {
+ fprintf( stderr,
+ "%s: line %d: group objectclass \"%s\" unknown\n",
+ fname, lineno, value );
+ acl_usage();
+ }
+
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ if( is_object_subclass( b->a_group_oc,
+ slap_schema.si_oc_referral ) )
+ {
+ fprintf( stderr,
+ "%s: line %d: group objectclass \"%s\" is subclass of referral\n",
+ fname, lineno, value );
+ acl_usage();
+ }
+
+ if( is_object_subclass( b->a_group_oc,
+ slap_schema.si_oc_alias ) )
+ {
+ fprintf( stderr,
+ "%s: line %d: group objectclass \"%s\" is subclass of alias\n",
+ fname, lineno, value );
+ acl_usage();
+ }
+#endif
+
*--value = '/';
+
} else {
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ b->a_group_oc = slap_schema.si_oc_groupOfNames;
+#else
b->a_group_oc = ch_strdup("groupOfNames");
+#endif
}
+
if (name && *name) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
rc = slap_str2ad( right, &b->a_group_at, &text );
fname, lineno );
acl_usage();
}
+
+
+ {
+ int rc;
+ struct berval val;
+ struct berval *vals[2];
+
+ val.bv_val = b->a_group_oc->soc_oid;
+ val.bv_len = strlen(val.bv_val);
+ vals[0] = &val;
+ vals[1] = NULL;
+
+
+ rc = oc_check_allowed( b->a_group_at->ad_type, vals );
+
+ if( rc != 0 ) {
+ fprintf( stderr,
+ "%s: line %d: group: \"%s\" not allowed by \"%s\"\n",
+ fname, lineno,
+ b->a_group_at->ad_type,
+ b->a_group_oc->soc_oid );
+ acl_usage();
+ }
+ }
+
#endif /* SLAPD_SCHEMA_NOT_COMPAT */
continue;
}
rc = LDAP_COMPARE_FALSE;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
+ if ( value_find( ava->aa_desc, a->a_vals, ava->aa_value ) == 0 )
#else
if ( value_find( a->a_vals, &ava->ava_value, a->a_syntax, 1 ) == 0 )
#endif
#ifdef SLAPD_SCHEMA_NOT_COMPAT
extern int ldbm_back_group LDAP_P(( BackendDB *bd,
Entry *target,
- const char* gr_ndn, const char* op_ndn,
- const char* objectclassValue,
+ const char* gr_ndn,
+ const char* op_ndn,
+ ObjectClass* group_oc,
AttributeDescription* group_at));
#else
extern int ldbm_back_group LDAP_P(( BackendDB *bd,
Entry *target,
const char* gr_ndn, const char* op_ndn,
- const char* objectclassValue,
+ const char* group_oc,
const char* group_at));
#endif
Entry *target,
const char *gr_ndn,
const char *op_ndn,
- const char *objectclassValue,
#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ ObjectClass *group_oc,
AttributeDescription *group_at
#else
+ const char *group_oc,
const char *group_at
#endif
)
Attribute *attr;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- AttributeDescription *objectClass = slap_schema.si_ad_objectClass;
- const char *groupattrName = group_at->ad_cname->bv_val;
+ AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
+ const char *group_oc_name = NULL;
+ const char *group_at_name = group_at->ad_cname->bv_val;
+
+ if( group_oc->soc_names && group_oc->soc_names[0] ) {
+ group_oc_name = group_oc->soc_names[0];
+ } else {
+ group_oc_name = group_oc->soc_oid;
+ }
#else
struct berval bv;
- const char *objectClass = "objectclass";
- const char *groupattrName = group_at;
+ const char *ad_objectClass = "objectclass";
+ const char *group_oc_name = group_oc;
+ const char *group_at_name = group_at;
#endif
Debug( LDAP_DEBUG_ARGS,
"=> ldbm_back_group: op dn: \"%s\"\n",
op_ndn, 0, 0 );
Debug( LDAP_DEBUG_ARGS,
- "=> ldbm_back_group: objectClass: \"%s\" attrName: \"%s\"\n",
- objectclassValue, groupattrName, 0 );
+ "=> ldbm_back_group: oc: \"%s\" at: \"%s\"\n",
+ group_oc_name, group_at_name, 0 );
Debug( LDAP_DEBUG_ARGS,
"=> ldbm_back_group: tr dn: \"%s\"\n",
rc = 1;
- if ((attr = attr_find(e->e_attrs, objectClass)) == NULL) {
+ if ((attr = attr_find(e->e_attrs, ad_objectClass)) == NULL) {
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: failed to find objectClass\n", 0, 0, 0 );
goto return_results;
goto return_results;
}
- bv.bv_val = (char *) objectclassValue;
+ bv.bv_val = (char *) group_oc_name;
bv.bv_len = strlen( bv.bv_val );
if (value_find(attr->a_vals, &bv, attr->a_syntax, 1) != 0) {
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: failed to find %s in objectClass\n",
- objectclassValue, 0, 0 );
+ group_oc_name, 0, 0 );
goto return_results;
}
if ((attr = attr_find(e->e_attrs, group_at)) == NULL) {
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: failed to find %s\n",
- groupattrName, 0, 0 );
+ group_at_name, 0, 0 );
goto return_results;
}
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: found objectClass %s and %s\n",
- objectclassValue, groupattrName, 0 );
+ group_oc_name, group_at_name, 0 );
bv.bv_val = (char *) op_ndn;
bv.bv_len = strlen( op_ndn );
{
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: \"%s\" not in \"%s\": %s\n",
- op_ndn, gr_ndn, groupattrName );
+ op_ndn, gr_ndn, group_at_name );
goto return_results;
}
#endif
Debug( LDAP_DEBUG_ACL,
"<= ldbm_back_group: \"%s\" is in \"%s\": %s\n",
- op_ndn, gr_ndn, groupattrName );
+ op_ndn, gr_ndn, group_at_name );
rc = 0;
switch ( mod->sm_op ) {
case LDAP_MOD_REPLACE: {
/* Need to remove all values from indexes */
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ /* not yet implemented */
+#else
Attribute *a = save_attrs
? attr_find( save_attrs, mod->sm_desc )
: NULL;
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
-#else
if( a != NULL ) {
(void) index_change_values( be,
mod->mod_type,
case LDAP_MOD_DELETE: {
/* Need to add all remaining values */
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ /* not yet implemented */
+#else
Attribute *a = e->e_attrs
? attr_find( e->e_attrs, mod->sm_desc )
: NULL;
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
-#else
if( a != NULL ) {
(void) index_change_values( be,
mod->mod_type,
if ( a != NULL ) {
for ( i = 0; mod->sm_bvalues[i] != NULL; i++ ) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
+ if ( value_find( desc, a->a_vals, mod->sm_bvalues[i] ) == 0 )
#else
if ( value_find( a->a_vals, mod->sm_bvalues[i],
a->a_syntax, 3 ) == 0 )
+#endif
{
return( LDAP_TYPE_OR_VALUE_EXISTS );
}
-#endif
}
}
char *dn
)
{
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
-#else
int i, j, k, found;
Attribute *a;
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ char *desc = mod->sm_desc->ad_cname->bv_val;
+#else
+ char *desc = mod->mod_type;
+#endif
/* delete the entire attribute */
- if ( mod->mod_bvalues == NULL ) {
+ if ( mod->sm_bvalues == NULL ) {
Debug( LDAP_DEBUG_ARGS, "removing entire attribute %s\n",
- mod->mod_type, 0, 0 );
- return( attr_delete( &e->e_attrs, mod->mod_type ) ?
+ desc, 0, 0 );
+ return( attr_delete( &e->e_attrs, mod->sm_desc ) ?
LDAP_NO_SUCH_ATTRIBUTE : LDAP_SUCCESS );
}
/* delete specific values - find the attribute first */
- if ( (a = attr_find( e->e_attrs, mod->mod_type )) == NULL ) {
+ if ( (a = attr_find( e->e_attrs, mod->sm_desc )) == NULL ) {
Debug( LDAP_DEBUG_ARGS, "could not find attribute %s\n",
- mod->mod_type, 0, 0 );
+ desc, 0, 0 );
return( LDAP_NO_SUCH_ATTRIBUTE );
}
/* find each value to delete */
- for ( i = 0; mod->mod_bvalues[i] != NULL; i++ ) {
+ for ( i = 0; mod->sm_bvalues[i] != NULL; i++ ) {
found = 0;
for ( j = 0; a->a_vals[j] != NULL; j++ ) {
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ int match;
+ const char *text;
+ int rc = value_match( &match, mod->sm_desc, NULL,
+ mod->sm_bvalues[i], a->a_vals[j], &text );
+
+ if( rc == LDAP_SUCCESS && match == 0 )
+#else
if ( value_cmp( mod->mod_bvalues[i], a->a_vals[j],
- a->a_syntax, 3 ) != 0 ) {
+ a->a_syntax, 3 ) != 0 )
+#endif
+ {
continue;
}
found = 1;
if ( a->a_vals[0] == NULL) {
Debug( LDAP_DEBUG_ARGS,
"removing entire attribute %s\n",
- mod->mod_type, 0, 0 );
- if ( attr_delete( &e->e_attrs, mod->mod_type ) ) {
+ desc, 0, 0 );
+ if ( attr_delete( &e->e_attrs, mod->sm_desc ) ) {
return LDAP_NO_SUCH_ATTRIBUTE;
}
}
if ( ! found ) {
Debug( LDAP_DEBUG_ARGS,
"could not find value for attr %s\n",
- mod->mod_type, 0, 0 );
+ desc, 0, 0 );
return LDAP_NO_SUCH_ATTRIBUTE;
}
}
-#endif
return( LDAP_SUCCESS );
}
/* Retrieve the old rdn from the entry's dn */
if ( (old_rdn = dn_rdn( be, dn )) == NULL ) {
-
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_modrdn: can't figure out old_rdn from dn\n",
0, 0, 0 );
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "could not parse old DN", NULL, NULL );
goto return_results;
-
}
if ( (old_rdn_type = rdn_attr_type( old_rdn )) == NULL ) {
-
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_modrdn: can't figure out the old_rdn type\n",
0, 0, 0 );
send_ldap_result( conn, op, LDAP_OTHER,
NULL, "count parse RDN from old DN", NULL, NULL );
goto return_results;
-
}
if ( strcasecmp( old_rdn_type, new_rdn_type ) != 0 ) {
-
/* Not a big deal but we may say something */
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_modrdn: old_rdn_type=%s, new_rdn_type=%s!\n",
old_rdn_type, new_rdn_type, 0 );
-
}
Debug( LDAP_DEBUG_TRACE, "ldbm_back_modrdn: DN_X500\n",
add_bv.bv_len = strlen(new_rdn_val);
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
+ {
+ int rc;
+ const char *text;
+
+ mod[0].sml_desc = NULL;
+ rc = slap_str2ad( new_rdn_type, &mod[0].sml_desc, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: %s: %s (new)\n",
+ text, new_rdn_type, 0 );
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+ goto return_results;
+ }
+ }
#else
- mod[0].ml_type = new_rdn_type;
- mod[0].ml_bvalues = add_bvals;
- mod[0].ml_op = SLAP_MOD_SOFTADD;
- mod[0].ml_next = NULL;
+ mod[0].sml_type = new_rdn_type;
#endif
+ mod[0].sml_bvalues = add_bvals;
+ mod[0].sml_op = SLAP_MOD_SOFTADD;
+ mod[0].sml_next = NULL;
/* Remove old rdn value if required */
"ldbm_back_modrdn: can't figure out old_rdn_val from old_rdn\n",
0, 0, 0 );
send_ldap_result( conn, op, LDAP_OTHER,
- NULL, "cound not parse value from old RDN", NULL, NULL );
+ NULL, "could not parse value from old RDN", NULL, NULL );
goto return_results;
}
del_bv.bv_len = strlen(old_rdn_val);
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- /* not yet implemented */
+ {
+ int rc;
+ const char *text;
+
+ mod[1].sml_desc = NULL;
+ rc = slap_str2ad( old_rdn_type, &mod[0].sml_desc, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_back_modrdn: %s: %s (old)\n",
+ text, old_rdn_type, 0 );
+ send_ldap_result( conn, op, rc,
+ NULL, text, NULL, NULL );
+ goto return_results;
+ }
+ }
#else
- /* No need to normalize old_rdn_type, delete_values()
- * does that for us
- */
- mod[0].ml_next = &mod[1];
- mod[1].ml_type = old_rdn_type;
- mod[1].ml_bvalues = del_bvals;
- mod[1].ml_op = LDAP_MOD_DELETE;
- mod[1].ml_next = NULL;
+ mod[1].sml_type = old_rdn_type;
#endif
+ mod[0].sml_next = &mod[1];
+ mod[1].sml_bvalues = del_bvals;
+ mod[1].sml_op = LDAP_MOD_DELETE;
+ mod[1].sml_next = NULL;
Debug( LDAP_DEBUG_TRACE,
"ldbm_back_modrdn: removing old_rdn_val=%s\n",
Entry *target,
const char *gr_ndn,
const char *op_ndn,
- const char *objectclassValue,
#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ ObjectClass *group_oc,
AttributeDescription *group_at
#else
+ const char *group_oc,
const char *group_at
#endif
)
{
if (be->be_group)
return( be->be_group(be, target, gr_ndn, op_ndn,
- objectclassValue, group_at) );
+ group_oc, group_at) );
else
- return(1);
+ return LDAP_UNWILLING_TO_PERFORM;
}
#ifdef SLAPD_SCHEMA_DN
mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ) );
mod->sml_op = mop;
- mod->sml_desc = slap_schema.si_ad_modifiersName;
+ mod->sml_desc = ad_dup( slap_schema.si_ad_modifiersName );
mod->sml_bvalues = (struct berval **) malloc( 2 * sizeof( struct berval * ) );
mod->sml_bvalues[0] = ber_bvdup( &name );
mod->sml_bvalues[1] = NULL;
mod = (Modifications *) ch_calloc( 1, sizeof( Modifications ) );
mod->sml_op = mop;
- mod->sml_desc = slap_schema.si_ad_modifyTimestamp;
+ mod->sml_desc = ad_dup( slap_schema.si_ad_modifyTimestamp );
mod->sml_bvalues = (struct berval **) malloc( 2 * sizeof( struct berval * ) );
mod->sml_bvalues[0] = ber_bvdup( ×tamp );
mod->sml_bvalues[1] = NULL;
#include "slap.h"
#include "ldap_pvt.h"
+int is_object_subclass(
+ ObjectClass *sub,
+ ObjectClass *sup )
+{
+ int i;
+
+ if( sup == sub ) {
+ return 1;
+ }
+
+ if( sup->soc_sups == NULL ) {
+ return 0;
+ }
+
+ for( i=0; sup->soc_sups[i] != NULL; i++ ) {
+ if( is_object_subclass( sup->soc_sups[i], sup ) ) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
int is_entry_objectclass(
Entry* e,
#ifdef SLAPD_SCHEMA_NOT_COMPAT
Entry *target,
const char *gr_ndn,
const char *op_ndn,
- const char *objectclassValue,
- AttributeDescription *groupAttrType
+ ObjectClass *group_oc,
+ AttributeDescription *group_at
));
#else
LIBSLAPD_F (int) backend_group LDAP_P((Backend *be,
Entry *target,
const char *gr_ndn,
const char *op_ndn,
- const char *objectclassValue,
- const char *groupattrName
+ const char *group_oc,
+ const char *group_at
));
#endif
LIBSLAPD_F (int) oc_check_op_usermod_attr LDAP_P(( const char *type ));
LIBSLAPD_F (int) oc_check_op_no_usermod_attr LDAP_P(( const char *type ));
#endif
-LIBSLAPD_F (ObjectClass *) oc_find LDAP_P((const char *ocname));
-LIBSLAPD_F (int) oc_add LDAP_P((LDAP_OBJECT_CLASS *oc, const char **err));
+LIBSLAPD_F (ObjectClass *) oc_find LDAP_P((
+ const char *ocname));
+
+LIBSLAPD_F (int) oc_add LDAP_P((
+ LDAP_OBJECT_CLASS *oc,
+ const char **err));
+
+LIBSLAPD_F (int) is_object_subclass LDAP_P((
+ ObjectClass *sub,
+ ObjectClass *sup ));
+
LIBSLAPD_F (Syntax *) syn_find LDAP_P((const char *synname));
LIBSLAPD_F (Syntax *) syn_find_desc LDAP_P((const char *syndesc, int *slen));
/*
* schema_check.c
*/
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+int oc_check_allowed(
+ AttributeType *type,
+ struct berval **oclist );
+#endif
LIBSLAPD_F (int) entry_schema_check LDAP_P((
Entry *e, Attribute *attrs,
const char** text ));
const char ** text ));
LIBSLAPD_F (int) value_find LDAP_P((
AttributeDescription *ad,
- MatchingRule *mr,
struct berval **values,
- struct berval *value,
- const char ** text ));
+ struct berval *value ));
#else
LIBSLAPD_F (int) value_add_fast LDAP_P(( struct berval ***vals, struct berval **addvals, int nvals, int naddvals, int *maxvals ));
LIBSLAPD_F (void) value_normalize LDAP_P(( char *s, int syntax ));
#include "slap.h"
#include "ldap_pvt.h"
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-static int oc_check_allowed(
- AttributeType *type,
- struct berval **oclist );
-#else
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
static int oc_check_allowed(char *type, struct berval **oclist);
#endif
static char * oc_check_required(Entry *e, struct berval *ocname);
return( NULL );
}
-static int
-oc_check_allowed(
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
+static
+#endif
+int oc_check_allowed(
#ifdef SLAPD_SCHEMA_NOT_COMPAT
AttributeType *at,
#else
{ "LDAProotDSE", offsetof(struct slap_internal_schema, si_oc_rootdse) },
{ "LDAPsubentry", offsetof(struct slap_internal_schema, si_oc_subentry) },
{ "subschema", offsetof(struct slap_internal_schema, si_oc_subschema) },
-#ifdef SLAPD_ACI_ENABLED
{ "groupOfNames", offsetof(struct slap_internal_schema, si_oc_groupOfNames) },
-#endif
{ NULL, 0 }
};
ObjectClass *si_oc_subentry;
ObjectClass *si_oc_subschema;
ObjectClass *si_oc_rootdse;
-#ifdef SLAPD_ACI_ENABLED
ObjectClass *si_oc_groupOfNames;
-#endif
/* objectClass attribute */
AttributeDescription *si_ad_objectClass;
/* ACL Groups */
char *a_group_pat;
- char *a_group_oc;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ ObjectClass *a_group_oc;
AttributeDescription *a_group_at;
#else
+ char *a_group_oc;
char *a_group_at;
#endif
#ifdef SLAPD_SCHEMA_NOT_COMPAT
int (*bi_acl_group) LDAP_P((Backend *bd,
Entry *e, const char *bdn, const char *edn,
- const char *objectclassValue,
+ ObjectClass *group_oc,
AttributeDescription *group_at ));
#else
int (*bi_acl_group) LDAP_P((Backend *bd,
Entry *e, const char *bdn, const char *edn,
- const char *objectclassValue,
+ const char *group_oc,
const char *group_at ));
#endif
# cleartext passwords, especially for the rootdn, should
# be avoid. See slapd.conf(5) for details.
rootpw secret
+# this directory MUST exist and be writable by the slapd/tools
+# process before running slapd and/or tools.
directory %LOCALSTATEDIR%/openldap-ldbm
#ifdef SLAPD_SCHEMA_NOT_COMPAT
int value_find(
AttributeDescription *ad,
- MatchingRule *mr,
struct berval **vals,
- struct berval *val,
- const char ** text )
+ struct berval *val )
#else
int
value_find(
#endif
{
int i;
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ MatchingRule *mr = ad->ad_type->sat_equality;
+
+ if( mr == NULL ) {
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+#endif
for ( i = 0; vals[i] != NULL; i++ ) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
int rc;
int match;
- rc = value_match( &match, ad, mr, vals[i], val, text );
+ const char *text;
+ rc = value_match( &match, ad, mr, vals[i], val, &text );
if( rc == LDAP_SUCCESS && match == 0 )
#else
projects / openldap / commitdiff