Rework ACI codes to use OpenLDAPaci. Add needed schema elements.

author Kurt Zeilenga <kurt@openldap.org>

Tue, 30 May 2000 21:34:55 +0000 (21:34 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Tue, 30 May 2000 21:34:55 +0000 (21:34 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Tue, 30 May 2000 21:34:55 +0000 (21:34 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Tue, 30 May 2000 21:34:55 +0000 (21:34 +0000)
diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c

index 0778bf5d41ac9b7a8711525a53e490faa286e0f8..31b1b80e9ca256c638bb4a4ab3809d6f7529609d 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -53,12 +53,6 @@ static int aci_mask(
         regmatch_t *matches,
         slap_access_t *grant,
         slap_access_t *deny );
-
-char *supportedACIMechs[] = {
-       "1.3.6.1.4.1.4203.666.7.1",     /* experimental IETF aci family */
-       "1.3.6.1.4.1.4203.666.7.2",     /* experimental OpenLDAP aci family */
-       NULL
-};
  #endif
  
  static int     regex_matches(
@@ -1128,12 +1122,6 @@ aci_mask(
         /* check that the aci family is supported */
         if (aci_get_part(aci, 0, '#', &bv) < 0)
                 return(0);
-       for (i = 0; supportedACIMechs[i] != NULL; i++) {
-               if (aci_strbvcmp( supportedACIMechs[i], &bv ) == 0)
-                       break;
-       }
-       if (supportedACIMechs[i] == NULL)
-               return(0);
  
         /* check that the scope is "entry" */
         if (aci_get_part(aci, 1, '#', &bv) < 0
@@ -1231,15 +1219,6 @@ aci_mask(
         return(0);
  }
  
-char *
-get_supported_acimech(
-       int index )
-{
-       if (index < 0 || index >= (sizeof(supportedACIMechs) / sizeof(char *)))
-               return(NULL);
-       return(supportedACIMechs[index]);
-}
-
  #endif /* SLAPD_ACI_ENABLED */
  
  static void
diff --git a/servers/slapd/oc.c b/servers/slapd/oc.c

index 136170668753421d9c3e8e055853378790889840..c2a5c510d55a5601fe51fd1326ee004b52fb3181 100644 (file)
--- a/servers/slapd/oc.c
+++ b/servers/slapd/oc.c
@@ -116,7 +116,7 @@ static char *oc_op_usermod_attrs[] = {
          * which slapd supports modification of.
          *
          * Currently none.
-        * Likely candidate, "aci"
+        * Likely candidate, "OpenLDAPaci"
          */
         NULL
  };
@@ -139,7 +139,6 @@ static char *oc_op_attrs[] = {
         "supportedControl",
         "supportedSASLMechanisms",
         "supportedLDAPversion",
-       "supportedACIMechanisms",
         "subschemaSubentry",            /* NO USER MOD */
         NULL
  
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h

index d51f1f25f3504334900e3d61f312ccff56550aac..0f883d16e1ed9c9563ac4e8e5f780b67c342d025 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -66,8 +66,6 @@ LIBSLAPD_F (int) acl_check_modlist LDAP_P((
  
  LIBSLAPD_F (void) acl_append( AccessControl **l, AccessControl *a );
  
-LIBSLAPD_F (char *) get_supported_acimech LDAP_P((int index));
-
  /*
   * aclparse.c
   */
diff --git a/servers/slapd/root_dse.c b/servers/slapd/root_dse.c

index 16c10f133c0a1c67e619c226ca6a60ec35f3ada8..7fd02e5eb9cb6ab532f66baa5db3436b7955c77a 100644 (file)
--- a/servers/slapd/root_dse.c
+++ b/servers/slapd/root_dse.c
@@ -33,9 +33,6 @@ root_dse_info( Entry **entry, const char **text )
         AttributeDescription *ad_supportedExtension = slap_schema.si_ad_supportedExtension;
         AttributeDescription *ad_supportedLDAPVersion = slap_schema.si_ad_supportedLDAPVersion;
         AttributeDescription *ad_supportedSASLMechanisms = slap_schema.si_ad_supportedSASLMechanisms;
-#      ifdef SLAPD_ACI_ENABLED
-       AttributeDescription *ad_supportedACIMechanisms = slap_schema.si_ad_supportedACIMechanisms;
-#      endif
         AttributeDescription *ad_ref = slap_schema.si_ad_ref;
  #else
         char *ad_objectClass = "objectClass";
@@ -44,9 +41,6 @@ root_dse_info( Entry **entry, const char **text )
         char *ad_supportedExtension = "supportedExtension";
         char *ad_supportedLDAPVersion = "supportedLDAPVersion";
         char *ad_supportedSASLMechanisms = "supportedSASLMechanisms";
-#      ifdef SLAPD_ACI_ENABLED
-       char *ad_supportedACIMechanisms = "supportedACIMechanisms";
-#      endif
         char *ad_ref = "ref";
  #endif
  
@@ -109,14 +103,6 @@ root_dse_info( Entry **entry, const char **text )
                 }
         }
  
-#ifdef SLAPD_ACI_ENABLED
-       /* supportedACIMechanisms */
-       for ( i=0; (val.bv_val = get_supported_acimech(i)) != NULL; i++ ) {
-               val.bv_len = strlen( val.bv_val );
-               attr_merge( e, ad_supportedACIMechanisms, vals );
-       }
-#endif
-
         if ( default_referral != NULL ) {
                 attr_merge( e, ad_ref, default_referral );
         }
diff --git a/servers/slapd/schema/core.schema b/servers/slapd/schema/core.schema

index f2abdbcb727145c04e61450f3f4251bbd860fbcd..f2303a7401f94a78fbe0d7944bf02ac3b0594626 100644 (file)
--- a/servers/slapd/schema/core.schema
+++ b/servers/slapd/schema/core.schema
@@ -581,19 +581,3 @@ objectclass ( 1.3.6.1.4.1.4203.666.3.2
         DESC 'OpenLDAP Root DSE object'
         SUP top STRUCTURAL MAY cn )
  
-#
-# IETF LDAPext WG Access Control Model
-#      likely to change!
-attributetype ( supportedACIMechanismsOID NAME 'supportedACIMechanisms'
-     DESC 'list of access control mechanisms supported by this directory server'
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.38  USAGE dSAOperation )
-
-attributetype ( aCIMechanismOID NAME 'aCIMechanism'
-     DESC 'list of access control mechanism supported in this subtree'
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.38  USAGE dSAOperation )
-
-attributetype ( ldapACIOID NAME 'ldapACI'
-       DESC 'LDAP access control information'
-       EQUALITY caseIgnoreMatch
-       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-       USAGE directoryOperation )
diff --git a/servers/slapd/schema/openldap.schema b/servers/slapd/schema/openldap.schema

index 0f67dd6ba1e4f4442bc6778b2967c99cf5870ad5..64f8c8af4578a5e9e4eb95520e93f7502fa69767 100644 (file)
--- a/servers/slapd/schema/openldap.schema
+++ b/servers/slapd/schema/openldap.schema
@@ -33,6 +33,12 @@ attributetype ( 1.3.6.1.4.1.4203.666.1.4 NAME 'children'
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
         SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
  
+attributetype ( 1.3.6.1.4.1.4203.666.1.5 NAME 'OpenLDAPaci'
+       DESC 'OpenLDAP access control information'
+       EQUALITY OpenLDAPaciMatch
+       SYNTAX 1.3.6.1.4.1.4203.666.2.1
+       USAGE directoryOperation )
+
  #
  # From U-Mich
  #
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c

index 7d3c5e4b8e078389907f836689479ab00d502e25..4ad571a850b8fe1ee2650d07e9a79a023c1b2beb 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -852,10 +852,12 @@ struct syntax_defs_rec syntax_defs[] = {
         /* OpenLDAP Experimental Syntaxes */
         {"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
                 0, NULL, NULL, NULL},
-       {"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP void' " X_HIDE ")" ,
-               SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
-       {"( 1.3.6.1.4.1.4203.666.2.3 DESC 'OpenLDAP DN' " X_HIDE ")" ,
-               SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
+       {"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP authPassword' )",
+               0, NULL, NULL, NULL},
+       {"( 1.3.6.1.4.1.4203.666.2.3 DESC 'OpenLDAP void' " X_HIDE ")" ,
+               SLAP_SYNTAX_HIDE, inValidate, NULL, NULL},
+       {"( 1.3.6.1.4.1.4203.666.2.4 DESC 'OpenLDAP DN' " X_HIDE ")" ,
+               SLAP_SYNTAX_HIDE, inValidate, NULL, NULL},
  
         {NULL, 0, NULL, NULL, NULL}
  };
@@ -926,6 +928,9 @@ struct mrule_defs_rec {
  #define integerFirstComponentMatch NULL
  #define objectIdentifierFirstComponentMatch NULL
  
+#define OpenLDAPaciMatch NULL
+#define authPasswordMatch NULL
+
  struct mrule_defs_rec mrule_defs[] = {
         {"( 2.5.13.0 NAME 'objectIdentifierMatch' "
                 "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
@@ -1063,6 +1068,16 @@ struct mrule_defs_rec mrule_defs[] = {
                 SLAP_MR_SUBSTR,
                 NULL, NULL, caseIgnoreIA5SubstringsMatch, NULL, NULL},
  
+       {"( 1.3.6.1.4.1.4203.666.4.1 NAME 'authPasswordMatch' "
+               "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )",
+               SLAP_MR_EQUALITY,
+               NULL, NULL, authPasswordMatch, NULL, NULL},
+
+       {"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
+               "SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
+               SLAP_MR_EQUALITY,
+               NULL, NULL, OpenLDAPaciMatch, NULL, NULL},
+
         {NULL, SLAP_MR_NONE, NULL, NULL, NULL}
  };
  
diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c

index 11469fe64e2b0f74dc75af96636e973d122d0685..d2bac90a64a1653d17db0ae5fa9426c901e15c6f 100644 (file)
--- a/servers/slapd/schema_prep.c
+++ b/servers/slapd/schema_prep.c
@@ -79,10 +79,6 @@ struct slap_schema_ad_map {
                 offsetof(struct slap_internal_schema, si_ad_supportedExtension) },
         { "supportedLDAPVersion", NULL,
                 offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) },
-#ifdef SLAPD_ACI_ENABLED
-       { "supportedACIMechanisms", NULL,
-               offsetof(struct slap_internal_schema, si_ad_supportedACIMechanisms) },
-#endif
         { "supportedSASLMechanisms", NULL,
                 offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) },
  
@@ -107,6 +103,10 @@ struct slap_schema_ad_map {
                 offsetof(struct slap_internal_schema, si_ad_entry) },
         { "children", NULL,
                 offsetof(struct slap_internal_schema, si_ad_children) },
+#ifdef SLAPD_ACI_ENABLED
+       { "OpenLDAPaci", NULL,
+               offsetof(struct slap_internal_schema, si_ad_aci) },
+#endif
  
         { "userPassword", NULL,
                 offsetof(struct slap_internal_schema, si_ad_userPassword) },
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h

index 6fe90a994c8c005f511b97b27b86196c37f1590c..16635cca0710d164d3a563816861d647fece3c29 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -101,7 +101,7 @@ LDAP_BEGIN_DECL
  #define SLAPD_ROLE_CLASS               "organizationalRole"
  
  #define SLAPD_ACI_SYNTAX               "1.3.6.1.4.1.4203.666.2.1"
-#define SLAPD_ACI_ATTR                 "aci"
+#define SLAPD_ACI_ATTR                 "OpenLDAPaci"
  
  LIBSLAPD_F (int) slap_debug;
  
@@ -355,9 +355,6 @@ struct slap_internal_schema {
         AttributeDescription *si_ad_supportedControl;
         AttributeDescription *si_ad_supportedExtension;
         AttributeDescription *si_ad_supportedLDAPVersion;
-#ifdef SLAPD_ACI_ENABLED
-       AttributeDescription *si_ad_supportedACIMechanisms;
-#endif
         AttributeDescription *si_ad_supportedSASLMechanisms;
  
         /* subschema subentry attributes */
@@ -374,6 +371,9 @@ struct slap_internal_schema {
         /* Access Control Internals */
         AttributeDescription *si_ad_entry;
         AttributeDescription *si_ad_children;
+#ifdef SLAPD_ACI_ENABLED
+       AttributeDescription *si_ad_aci;
+#endif
  
         /* Other */
         AttributeDescription *si_ad_userPassword;
author	Kurt Zeilenga <kurt@openldap.org>
	Tue, 30 May 2000 21:34:55 +0000 (21:34 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Tue, 30 May 2000 21:34:55 +0000 (21:34 +0000)
servers/slapd/acl.c		patch \| blob \| history
servers/slapd/oc.c		patch \| blob \| history
servers/slapd/proto-slap.h		patch \| blob \| history
servers/slapd/root_dse.c		patch \| blob \| history
servers/slapd/schema/core.schema		patch \| blob \| history
servers/slapd/schema/openldap.schema		patch \| blob \| history
servers/slapd/schema_init.c		patch \| blob \| history
servers/slapd/schema_prep.c		patch \| blob \| history
servers/slapd/slap.h		patch \| blob \| history