add system schema checks

diff --git a/servers/slapd/schema.c b/servers/slapd/schema.c
index e7e38a087fe1d1f047995c8f88834985ecf71237..469de9a2b44f2ae6967dad2c94339fd5d069ef1b 100644 (file)
--- a/servers/slapd/schema.c
+++ b/servers/slapd/schema.c
@@ -39,16 +39,16 @@ schema_info( Entry **entry, const char **text )
        (void) dnNormalize2( NULL, &e->e_name, &e->e_nname );
        e->e_private = NULL;
 
-       vals[0].bv_val = "LDAPsubentry";
-       vals[0].bv_len = sizeof("LDAPsubentry")-1;
+       vals[0].bv_val = "subentry";
+       vals[0].bv_len = sizeof("subentry")-1;
        attr_merge( e, ad_structuralObjectClass, vals );
 
        vals[0].bv_val = "top";
        vals[0].bv_len = sizeof("top")-1;
        attr_merge( e, ad_objectClass, vals );
 
-       vals[0].bv_val = "LDAPsubentry";
-       vals[0].bv_len = sizeof("LDAPsubentry")-1;
+       vals[0].bv_val = "subentry";
+       vals[0].bv_len = sizeof("subentry")-1;
        attr_merge( e, ad_objectClass, vals );
 
        vals[0].bv_val = "subschema";

diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c
index da711a9ec8b684f7034102134ce6b86d1e9c260e..81ef6562768f0157973fca2400ec4a7d1abd48b1 100644 (file)
--- a/servers/slapd/schema_check.c
+++ b/servers/slapd/schema_check.c
@@ -204,8 +204,16 @@ entry_schema_check(
 #endif
 
                        return LDAP_OBJECT_CLASS_VIOLATION;
+               }
 
-               } else if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) {
+               if ( oc->sco_check ) {
+                       int rc = (oc->sco_check)( e, oc,
+                               text, textbuf, textlen );
+                       if( rc != LDAP_SUCCESS ) {
+                               return rc;
+                       }
+               }
+               if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) {
                        /* object class is abstract */
                        if ( oc != slap_schema.si_oc_top &&
                                !is_object_subclass( oc, sc ))

diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c
index 9ee09073f8603f65aca5c085442411852492d456..798f5982fcfe17aa900fd6bff09194817e657f04 100644 (file)
--- a/servers/slapd/schema_prep.c
+++ b/servers/slapd/schema_prep.c
@@ -115,6 +115,9 @@ structuralObjectClassMatch(
        return LDAP_SUCCESS;
 }
 
+static ObjectClassSchemaCheckFN rootDseObjectClass;
+static ObjectClassSchemaCheckFN subentryObjectClass;
+
 static struct slap_schema_oc_map {
        char *ssom_name;
        char *ssom_defn;
@@ -142,8 +145,8 @@ static struct slap_schema_oc_map {
        { "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 "
                        "NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) "
                        "DESC 'OpenLDAP Root DSE object' "
-                       "SUP top STRUCTURAL MAY cn )",
-               0, offsetof(struct slap_internal_schema, si_oc_rootdse) },
+                       "SUP top STRUCTURAL MAY cn )", rootDseObjectClass,
+               offsetof(struct slap_internal_schema, si_oc_rootdse) },
        { "subentry", "( 2.5.20.0 NAME 'subentry' "
                        "SUP top STRUCTURAL "
                        "MUST ( cn $ subtreeSpecification ) )",
@@ -153,12 +156,11 @@ static struct slap_schema_oc_map {
                "AUXILIARY "
                "MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
                        "objectClasses $ attributeTypes $ matchingRules $ "
-                       "matchingRuleUse ) )",
-               0, offsetof(struct slap_internal_schema, si_oc_subschema) },
+                       "matchingRuleUse ) )", subentryObjectClass,
+               offsetof(struct slap_internal_schema, si_oc_subschema) },
        { "collectiveAttributes", "( 2.5.20.2 "
                        "NAME 'collectiveAttributes' "
-                       "AUXILIARY )",
-               0,
+                       "AUXILIARY )", subentryObjectClass,
                offsetof(struct slap_internal_schema, si_oc_collectiveAttributes) },
        { NULL, 0 }
 };
@@ -704,6 +706,40 @@ slap_schema_check( void )
        return LDAP_SUCCESS;
 }
 
+static int rootDseObjectClass (
+       Entry *e,
+       ObjectClass *oc,
+       const char** text,
+       char *textbuf, size_t textlen )
+{
+       *text = textbuf;
+       if( e->e_nname.bv_len ) {
+               snprintf( textbuf, textlen,
+                       "objectClass \"%s\" only allowed in the root DSE",
+                       oc->soc_oid );
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+
+       /* we should not be called for the root DSE */
+       assert( 0 );
+       return LDAP_SUCCESS;
+}
+
+static int subentryObjectClass (
+       Entry *e,
+       ObjectClass *oc,
+       const char** text,
+       char *textbuf, size_t textlen )
+{
+       if( !is_entry_subentry( e ) ) {
+               snprintf( textbuf, textlen,
+                       "objectClass \"%s\" only allowed in subentries",
+                       oc->soc_oid );
+               return LDAP_OBJECT_CLASS_VIOLATION;
+       }
+       return LDAP_SUCCESS;
+}
+
 static int rootDseAttribute (
        Entry *e,
        Attribute *attr,
@@ -713,7 +749,7 @@ static int rootDseAttribute (
        *text = textbuf;
        if( e->e_nname.bv_len ) {
                snprintf( textbuf, textlen,
-                       "attribute \"%s\"only allowed in the root DSE",
+                       "attribute \"%s\" only allowed in the root DSE",
                        attr->a_desc->ad_cname.bv_val );
                return LDAP_OBJECT_CLASS_VIOLATION;
        }
@@ -732,7 +768,7 @@ static int subentryAttribute (
        *text = textbuf;
        if( !is_entry_subentry( e ) ) {
                snprintf( textbuf, textlen,
-                       "attribute \"%s\"only allowed in the subentry",
+                       "attribute \"%s\" only allowed in the subentry",
                        attr->a_desc->ad_cname.bv_val );
                return LDAP_OBJECT_CLASS_VIOLATION;
        }
@@ -749,7 +785,7 @@ static int referralAttribute (
        *text = textbuf;
        if( !is_entry_referral( e ) ) {
                snprintf( textbuf, textlen,
-                       "attribute \"%s\"only allowed in the referral",
+                       "attribute \"%s\" only allowed in the referral",
                        attr->a_desc->ad_cname.bv_val );
                return LDAP_OBJECT_CLASS_VIOLATION;
        }