#ifdef SLAPD_SCHEMA_NOT_COMPAT
int rc;
const char *text;
- static AttributeDescription *member = NULL;
- static AttributeDescription *aci = NULL;
+ AttributeDescription *ad_distinguishedName = slap_schema.si_ad_distinguishedName;
+ AttributeDescription *ad_member = slap_schema.si_ad_member;
+#ifdef SLAPD_ACI_ENABLED
+ AttributeDescription *ad_aci = slap_schema.si_ad_aci;
+#endif
+#else
+ static char *ad_aci = "aci";
+ static char *ad_member = "member";
#endif
a = NULL;
acl_usage();
}
-#ifdef SLAPD_OID_DN_SYNTAX
- if( strcmp( b->a_dn_at->ad_type->sat_syntax_oid,
- SLAPD_OID_DN_SYNTAX ) != 0 )
+
+ if( b->a_dn_at->ad_type->sat_syntax
+ != ad_distinguishedName->ad_type->sat_syntax )
{
fprintf( stderr,
- "%s: line %d: dnattr attribute type not of DN syntax.\n",
- fname, lineno );
+ "%s: line %d: dnattr \"%s\": inappropriate syntax: %s\n",
+ fname, lineno, right,
+ b->a_dn_at->ad_type->sat_syntax_oid );
acl_usage();
}
-#endif
+
#else
b->a_dn_at = ch_strdup( right );
#endif
fname, lineno, right, text );
acl_usage();
}
+
+ if( b->a_group_at->ad_type->sat_syntax
+ != ad_member->ad_type->sat_syntax )
+ {
+ fprintf( stderr,
+ "%s: line %d: group \"%s\": inappropriate syntax: %s\n",
+ fname, lineno, right,
+ b->a_group_at->ad_type->sat_syntax_oid );
+ acl_usage();
+ }
#else
b->a_group_at = ch_strdup(name);
#endif
} else {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- b->a_group_at = member;
+ b->a_group_at = ad_dup( ad_member );
#else
- b->a_group_at = ch_strdup("member");
+ b->a_group_at = ch_strdup( ad_member );
#endif
}
fname, lineno );
acl_usage();
}
-
-#ifdef SLAPD_OID_DN_SYNTAX
- if( strcmp( b->a_group_at->ad_type->sat_syntax_oid,
- SLAPD_OID_DN_SYNTAX ) != 0 )
- {
- fprintf( stderr,
- "%s: line %d: group attribute type not of DN syntax.\n",
- fname, lineno );
- acl_usage();
- }
-#endif /* SLAPD_OID_DN_SYNTAX */
#endif /* SLAPD_SCHEMA_NOT_COMPAT */
continue;
}
fname, lineno, right, text );
acl_usage();
}
+
+ if( b->a_aci_at->ad_type->sat_syntax
+ != ad_aci->ad_type->sat_syntax )
+ {
+ fprintf( stderr,
+ "%s: line %d: aci \"%s\": inappropriate syntax: %s\n",
+ fname, lineno, right,
+ b->a_aci_at->ad_type->sat_syntax_oid );
+ acl_usage();
+ }
} else {
- b->a_aci_at = aci;
+ b->a_aci_at = ad_dup( ad_aci );
}
if( b->a_aci_at == NULL ) {
acl_usage();
}
- if( strcmp( b->a_aci_at->ad_type->sat_syntax_oid,
- SLAPD_OID_ACI_SYNTAX ) != 0 )
- {
- fprintf( stderr,
- "%s: line %d: aci attribute type not of ACI syntax.\n",
- fname, lineno );
- acl_usage();
- }
#else
if ( right != NULL && *right != '\0' ) {
b->a_aci_at = ch_strdup( right );
}
if ( b->a_dn_at != NULL ) {
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ fprintf( stderr, " dnattr=%s", b->a_dn_at->ad_cname->bv_val );
+#else
fprintf( stderr, " dnattr=%s", b->a_dn_at );
+#endif
}
if ( b->a_group_pat != NULL ) {
fprintf( stderr, " objectClass: %s", b->a_group_oc );
if ( b->a_group_at ) {
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ fprintf( stderr, " attributeType: %s", b->a_group_at->ad_cname->bv_val );
+#else
fprintf( stderr, " attributeType: %s", b->a_group_at );
+#endif
}
}
}
#ifdef SLAPD_ACI_ENABLED
if ( b->a_aci_at != NULL ) {
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ fprintf( stderr, " aci=%s", b->a_aci_at->ad_cname->bv_val );
+#else
fprintf( stderr, " aci=%s", b->a_aci_at );
+#endif
}
#endif
#define SYNTAX_DSCE_OID "2.5.13.5"
#define SYNTAX_IA5_OID "1.3.6.1.4.1.1466.115.121.1.26"
#define SYNTAX_IA5CE_OID "1.3.6.1.4.1.1466.109.114.1"
-#define SYNTAX_DN_OID SLAPD_OID_DN_SYNTAX
+#define SYNTAX_DN_OID "1.3.6.1.4.1.1466.115.121.1.12"
#define SYNTAX_TEL_OID "1.3.6.1.4.1.1466.115.121.1.50"
#define SYNTAX_BIN_OID "1.3.6.1.4.1.1466.115.121.1.40" /* octetString */
{
Attribute *a;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- static AttributeDescription *aliasedObjectName = NULL;
+ AttributeDescription *aliasedObjectName = slap_schema.si_ad_aliasedObjectName;
#else
- static const char *aliasedObjectName = NULL;
+ static const char *aliasedObjectName = "aliasedObjectName";
#endif
a = attr_find( e->e_attrs, aliasedObjectName );
Attribute *attr;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- static AttributeDescription *objectClass = NULL;
+ AttributeDescription *objectClass = slap_schema.si_ad_objectClass;
const char *groupattrName = group_at->ad_cname->bv_val;
#else
struct berval bv;
LIBSLAPD_F (int) at_find_in_list LDAP_P(( AttributeType *sat, AttributeType **list ));
LIBSLAPD_F (int) at_append_to_list LDAP_P(( AttributeType *sat, AttributeType ***listp ));
LIBSLAPD_F (int) at_delete_from_list LDAP_P(( int pos, AttributeType ***listp ));
-LIBSLAPD_F (int) at_fake_if_needed LDAP_P(( const char *name ));
LIBSLAPD_F (int) at_schema_info LDAP_P(( Entry *e ));
LIBSLAPD_F (int) at_add LDAP_P(( LDAP_ATTRIBUTE_TYPE *at, const char **err ));
# define at_canonical_name(at) ((at)->sat_cname)
#else
+LIBSLAPD_F (int) at_fake_if_needed LDAP_P(( const char *name ));
LIBSLAPD_F (char *) at_canonical_name LDAP_P(( const char * a_type ));
#endif
#include "slap.h"
#include "ldap_pvt.h"
-#define berValidate blobValidate
+static int
+inValidate(
+ Syntax *syntax,
+ struct berval *in )
+{
+ /* any value allowed */
+ return LDAP_OTHER;
+}
+
static int
blobValidate(
Syntax *syntax,
return LDAP_SUCCESS;
}
+#define berValidate blobValidate
+
static int
UTF8StringValidate(
Syntax *syntax,
#endif
};
+#define X_HIDE "X-HIDE 'TRUE' "
#define X_BINARY "X-BINARY-TRANSFER-REQUIRED 'TRUE' "
#define X_NOT_H_R "X-NOT-HUMAN-READABLE 'TRUE' "
0, NULL, NULL, NULL},
/* OpenLDAP Experimental Syntaxes */
- {"( " SLAPD_OID_ACI_SYNTAX " DESC 'OpenLDAP Experimental ACI' )",
+ {"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
0, NULL, NULL, NULL},
+ {"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP void' " X_HIDE ")" ,
+ SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
+ {"( 1.3.6.1.4.1.4203.666.2.3 DESC 'OpenLDAP DN' " X_HIDE ")" ,
+ SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
{NULL, 0, NULL, NULL, NULL}
};
char *ssom_name;
size_t ssom_offset;
} oc_map[] = {
+ { "top", offsetof(struct slap_internal_schema, si_oc_top) },
{ "alias", offsetof(struct slap_internal_schema, si_oc_alias) },
{ "referral", offsetof(struct slap_internal_schema, si_oc_referral) },
+ { "LDAProotDSE", offsetof(struct slap_internal_schema, si_oc_rootdse) },
+ { "LDAPsubentry", offsetof(struct slap_internal_schema, si_oc_subentry) },
+ { "subschema", offsetof(struct slap_internal_schema, si_oc_subschema) },
+#ifdef SLAPD_ACI_ENABLED
+ { "groupOfNames", offsetof(struct slap_internal_schema, si_oc_groupOfNames) },
+#endif
{ NULL, 0 }
};
{ "objectClass", objectClassMatch,
offsetof(struct slap_internal_schema, si_ad_objectClass) },
+ /* user entry operational attributes */
{ "creatorsName", NULL,
offsetof(struct slap_internal_schema, si_ad_creatorsName) },
{ "createTimestamp", NULL,
offsetof(struct slap_internal_schema, si_ad_modifiersName) },
{ "modifyTimestamp", NULL,
offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) },
-
{ "subschemaSubentry", NULL,
offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) },
+ /* root DSE attributes */
{ "namingContexts", NULL,
offsetof(struct slap_internal_schema, si_ad_namingContexts) },
{ "supportedControl", NULL,
offsetof(struct slap_internal_schema, si_ad_supportedExtension) },
{ "supportedLDAPVersion", NULL,
offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) },
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+#ifdef SLAPD_ACI_ENABLED
{ "supportedACIMechanisms", NULL,
offsetof(struct slap_internal_schema, si_ad_supportedACIMechanisms) },
-
#endif
{ "supportedSASLMechanisms", NULL,
offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) },
+ /* subschema subentry attributes */
{ "attributeTypes", NULL,
offsetof(struct slap_internal_schema, si_ad_attributeTypes) },
{ "ldapSyntaxes", NULL,
{ "objectClasses", NULL,
offsetof(struct slap_internal_schema, si_ad_objectClasses) },
+ /* knowledge information */
+ { "aliasedObjectName", NULL,
+ offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) },
{ "ref", NULL,
offsetof(struct slap_internal_schema, si_ad_ref) },
+ /* access control information */
{ "entry", NULL,
offsetof(struct slap_internal_schema, si_ad_entry) },
{ "children", NULL,
offsetof(struct slap_internal_schema, si_ad_children) },
+ { "distinguishedName", NULL,
+ offsetof(struct slap_internal_schema, si_ad_distinguishedName) },
+ { "member", NULL,
+ offsetof(struct slap_internal_schema, si_ad_member) },
+#ifdef SLAPD_ACI_ENABLED
+ { "aci", NULL,
+ offsetof(struct slap_internal_schema, si_ad_aci) },
+#endif
{ "userPassword", NULL,
offsetof(struct slap_internal_schema, si_ad_userPassword) },
#define AD_LEADCHAR(c) ( ATTR_CHAR(c) )
#define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' )
-#define SLAPD_ACI_DEFAULT_ATTR "aci"
-
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
/* schema needed by slapd */
-#define SLAPD_OID_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
#define SLAPD_OID_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" /* experimental */
+#define SLAPD_ACI_DEFAULT_ATTR "aci"
+#endif
+
LIBSLAPD_F (int) slap_debug;
unsigned ssyn_flags;
-#define SLAP_SYNTAX_NONE 0x0U
-#define SLAP_SYNTAX_BLOB 0x1U /* syntax treated as blob (audio) */
-#define SLAP_SYNTAX_BINARY 0x2U /* binary transfer required (certificate) */
-#define SLAP_SYNTAX_BER 0x4U /* stored using BER encoding (binary,certificate) */
+#define SLAP_SYNTAX_NONE 0x00U
+#define SLAP_SYNTAX_BLOB 0x01U /* syntax treated as blob (audio) */
+#define SLAP_SYNTAX_BINARY 0x02U /* binary transfer required (certificate) */
+#define SLAP_SYNTAX_BER 0x04U /* stored using BER encoding (binary,certificate) */
+#define SLAP_SYNTAX_HIDE 0x80U /* hide (do not publish) */
slap_syntax_validate_func *ssyn_validate;
slap_syntax_transform_func *ssyn_normalize;
#define slap_syntax_is_blob(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BLOB)
#define slap_syntax_is_binary(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BINARY)
#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
+#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
/* XXX -> UCS-2 Converter */
typedef int slap_mr_convert_func LDAP_P((
*/
struct slap_internal_schema {
/* objectClass */
+ ObjectClass *si_oc_top;
ObjectClass *si_oc_alias;
ObjectClass *si_oc_referral;
+ ObjectClass *si_oc_subentry;
+ ObjectClass *si_oc_subschema;
+ ObjectClass *si_oc_rootdse;
+#ifdef SLAPD_ACI_ENABLED
+ ObjectClass *si_oc_groupOfNames;
+#endif
/* objectClass attribute */
AttributeDescription *si_ad_objectClass;
AttributeDescription *si_ad_aliasedObjectName;
AttributeDescription *si_ad_ref;
- /* ACL Internals */
+ /* Access Control Internals */
AttributeDescription *si_ad_entry;
AttributeDescription *si_ad_children;
+ AttributeDescription *si_ad_member;
+ AttributeDescription *si_ad_distinguishedName;
+#ifdef SLAPD_ACI_ENABLED
+ AttributeDescription *si_ad_aci;
+#endif
/* Other */
AttributeDescription *si_ad_userPassword;
projects / openldap / commitdiff