From: Kurt Zeilenga Date: Tue, 3 Sep 2002 07:01:09 +0000 (+0000) Subject: Add appropriate matching rule checks. X-Git-Tag: NO_SLAP_OP_BLOCKS~1033 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8a5b200c447a758d91805827593db72c54bea6e2;p=openldap Add appropriate matching rule checks. Clean up syntax error reporting. --- diff --git a/servers/slapd/at.c b/servers/slapd/at.c index d4fc1a7891..7e28fb6663 100644 --- a/servers/slapd/at.c +++ b/servers/slapd/at.c @@ -309,6 +309,7 @@ at_add( AttributeType *sat; MatchingRule *mr; Syntax *syn; + int i; int code; char *cname; char *oid; @@ -389,7 +390,7 @@ at_add( if ( at->at_sup_oid ) { AttributeType *supsat = at_find(at->at_sup_oid); - if ( (supsat == NULL ) ) { + if ( supsat == NULL ) { *err = at->at_sup_oid; return SLAP_SCHERR_ATTR_NOT_FOUND; } @@ -425,45 +426,128 @@ at_add( } if ( at->at_syntax_oid ) { - if ( (syn = syn_find(sat->sat_syntax_oid)) ) { - sat->sat_syntax = syn; - } else { + syn = syn_find(sat->sat_syntax_oid); + if ( syn == NULL ) { *err = sat->sat_syntax_oid; return SLAP_SCHERR_SYN_NOT_FOUND; } + if( sat->sat_syntax != NULL && sat->sat_syntax != syn ) { + return SLAP_SCHERR_ATTR_BAD_SUP; + } + + sat->sat_syntax = syn; } else if ( sat->sat_syntax == NULL ) { return SLAP_SCHERR_ATTR_INCOMPLETE; } if ( sat->sat_equality_oid ) { - if ( (mr = mr_find(sat->sat_equality_oid)) ) { - sat->sat_equality = mr; - sat->sat_approx = mr->smr_associated; - } else { + mr = mr_find(sat->sat_equality_oid); + + if( mr == NULL ) { *err = sat->sat_equality_oid; return SLAP_SCHERR_MR_NOT_FOUND; } + if(( mr->smr_usage & SLAP_MR_EQUALITY ) != SLAP_MR_EQUALITY ) { + *err = sat->sat_equality_oid; + return SLAP_SCHERR_ATTR_BAD_MR; + } + + if( sat->sat_syntax != mr->smr_syntax ) { + if( mr->smr_compat_syntaxes == NULL ) { + *err = sat->sat_equality_oid; + return SLAP_SCHERR_ATTR_BAD_MR; + } + + for(i=0; mr->smr_compat_syntaxes[i]; i++) { + if( sat->sat_syntax == mr->smr_compat_syntaxes[i] ) { + i = -1; + break; + } + } + + if( i >= 0 ) { + *err = sat->sat_equality_oid; + return SLAP_SCHERR_ATTR_BAD_MR; + } + } + + sat->sat_equality = mr; + sat->sat_approx = mr->smr_associated; } if ( sat->sat_ordering_oid ) { - if ( (mr = mr_find(sat->sat_ordering_oid)) ) { - sat->sat_ordering = mr; - } else { + mr = mr_find(sat->sat_ordering_oid); + + if( mr == NULL ) { *err = sat->sat_ordering_oid; return SLAP_SCHERR_MR_NOT_FOUND; } + + if(( mr->smr_usage & SLAP_MR_ORDERING ) != SLAP_MR_ORDERING ) { + *err = sat->sat_ordering_oid; + return SLAP_SCHERR_ATTR_BAD_MR; + } + + if( sat->sat_syntax != mr->smr_syntax ) { + if( mr->smr_compat_syntaxes == NULL ) { + *err = sat->sat_ordering_oid; + return SLAP_SCHERR_ATTR_BAD_MR; + } + + for(i=0; mr->smr_compat_syntaxes[i]; i++) { + if( sat->sat_syntax == mr->smr_compat_syntaxes[i] ) { + i = -1; + break; + } + } + + if( i >= 0 ) { + *err = sat->sat_ordering_oid; + return SLAP_SCHERR_ATTR_BAD_MR; + } + } + + sat->sat_ordering = mr; } if ( sat->sat_substr_oid ) { - if ( (mr = mr_find(sat->sat_substr_oid)) ) { - sat->sat_substr = mr; - } else { + mr = mr_find(sat->sat_substr_oid); + + if( mr == NULL ) { *err = sat->sat_substr_oid; return SLAP_SCHERR_MR_NOT_FOUND; } + + if(( mr->smr_usage & SLAP_MR_SUBSTR ) != SLAP_MR_SUBSTR ) { + *err = sat->sat_substr_oid; + return SLAP_SCHERR_ATTR_BAD_MR; + } + +#if 0 + if( sat->sat_syntax != mr->smr_syntax ) { + if( mr->smr_compat_syntaxes == NULL ) { + *err = sat->sat_substr_oid; + return SLAP_SCHERR_ATTR_BAD_MR; + } + + for(i=0; mr->smr_compat_syntaxes[i]; i++) { + if( sat->sat_syntax == mr->smr_compat_syntaxes[i] ) { + i = -1; + break; + } + } + + if( i >= 0 ) { + *err = sat->sat_substr_oid; + return SLAP_SCHERR_ATTR_BAD_MR; + } + } +#endif + + sat->sat_substr = mr; } code = at_insert(sat,err); diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index 6ced09a12b..173fabc1ba 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -4429,8 +4429,30 @@ static slap_syntax_defs_rec syntax_defs[] = { #ifdef HAVE_TLS char *certificateExactMatchSyntaxes[] = { - "1.3.6.1.4.1.1466.115.121.1.8", NULL }; + "1.3.6.1.4.1.1466.115.121.1.8" /* certificate */, + NULL +}; #endif +char *directoryStringSyntaxes[] = { + "1.3.6.1.4.1.1466.115.121.1.44" /* printableString */, + NULL +}; +char *integerFirstComponentMatchSyntaxes[] = { + "1.3.6.1.4.1.1466.115.121.1.27" /* INTEGER */, + "1.3.6.1.4.1.1466.115.121.1.17" /* ditStructureRuleDescription */, + NULL +}; +char *objectIdentifierFirstComponentMatchSyntaxes[] = { + "1.3.6.1.4.1.1466.115.121.1.38" /* OID */, + "1.3.6.1.4.1.1466.115.121.1.3" /* attributeTypeDescription */, + "1.3.6.1.4.1.1466.115.121.1.16" /* ditContentRuleDescription */, + "1.3.6.1.4.1.1466.115.121.1.54" /* ldapSyntaxDescription */, + "1.3.6.1.4.1.1466.115.121.1.30" /* matchingRuleDescription */, + "1.3.6.1.4.1.1466.115.121.1.31" /* matchingRuleUseDescription */, + "1.3.6.1.4.1.1466.115.121.1.35" /* nameFormDescription */, + "1.3.6.1.4.1.1466.115.121.1.37" /* objectClassDescription */, + NULL +}; /* * Other matching rules in X.520 that we do not use (yet): @@ -4497,14 +4519,15 @@ static slap_mrule_defs_rec mrule_defs[] = { {"( 2.5.13.2 NAME 'caseIgnoreMatch' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", - SLAP_MR_EQUALITY | SLAP_MR_EXT | SLAP_MR_DN_FOLD, NULL, + SLAP_MR_EQUALITY | SLAP_MR_EXT | SLAP_MR_DN_FOLD, + directoryStringSyntaxes, NULL, NULL, caseIgnoreMatch, caseExactIgnoreIndexer, caseExactIgnoreFilter, directoryStringApproxMatchOID }, {"( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", - SLAP_MR_ORDERING, NULL, + SLAP_MR_ORDERING, directoryStringSyntaxes, NULL, NULL, caseIgnoreOrderingMatch, NULL, NULL, NULL}, @@ -4520,21 +4543,21 @@ static slap_mrule_defs_rec mrule_defs[] = { {"( 2.5.13.5 NAME 'caseExactMatch' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", - SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL, + SLAP_MR_EQUALITY | SLAP_MR_EXT, directoryStringSyntaxes, NULL, NULL, caseExactMatch, caseExactIgnoreIndexer, caseExactIgnoreFilter, directoryStringApproxMatchOID }, {"( 2.5.13.6 NAME 'caseExactOrderingMatch' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", - SLAP_MR_ORDERING, NULL, + SLAP_MR_ORDERING, directoryStringSyntaxes, NULL, NULL, caseExactOrderingMatch, NULL, NULL, NULL}, {"( 2.5.13.7 NAME 'caseExactSubstringsMatch' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", - SLAP_MR_SUBSTR, NULL, + SLAP_MR_SUBSTR, directoryStringSyntaxes, NULL, NULL, caseExactIgnoreSubstringsMatch, caseExactIgnoreSubstringsIndexer, @@ -4663,14 +4686,15 @@ static slap_mrule_defs_rec mrule_defs[] = { {"( 2.5.13.29 NAME 'integerFirstComponentMatch' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", - SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL, + SLAP_MR_EQUALITY | SLAP_MR_EXT, integerFirstComponentMatchSyntaxes, NULL, NULL, integerFirstComponentMatch, NULL, NULL, NULL}, {"( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", - SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL, + SLAP_MR_EQUALITY | SLAP_MR_EXT, + objectIdentifierFirstComponentMatchSyntaxes, NULL, NULL, objectIdentifierFirstComponentMatch, NULL, NULL, NULL}, diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index 25fb3ff286..4ed8cc3054 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -519,7 +519,7 @@ static struct slap_schema_ad_map { offsetof(struct slap_internal_schema, si_ad_monitorContext) }, { "vendorName", "( 1.3.6.1.1.4 NAME 'vendorName' " "DESC 'RFC3045: name of implementation vendor' " - "EQUALITY 1.3.6.1.4.1.1466.109.114.1 " + "EQUALITY caseExactMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " "SINGLE-VALUE NO-USER-MODIFICATION " "USAGE dSAOperation )", @@ -528,7 +528,7 @@ static struct slap_schema_ad_map { offsetof(struct slap_internal_schema, si_ad_vendorName) }, { "vendorVersion", "( 1.3.6.1.1.5 NAME 'vendorVersion' " "DESC 'RFC3045: version of implementation' " - "EQUALITY 1.3.6.1.4.1.1466.109.114.1 " + "EQUALITY caseExactMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " "SINGLE-VALUE NO-USER-MODIFICATION " "USAGE dSAOperation )", @@ -811,7 +811,7 @@ slap_schema_load( void ) *synp = syn_find( syn_map[i].sssm_name ); if( *synp == NULL ) { - fprintf( stderr, "slap_schema_load: " + fprintf( stderr, "slap_schema_load: Syntax: " "No syntax \"%s\" defined in schema\n", syn_map[i].sssm_name ); return LDAP_INVALID_SYNTAX; @@ -827,7 +827,7 @@ slap_schema_load( void ) *mrp = mr_find( mr_map[i].ssmm_name ); if( *mrp == NULL ) { - fprintf( stderr, "slap_schema_load: " + fprintf( stderr, "slap_schema_load: MatchingRule: " "No matching rule \"%s\" defined in schema\n", mr_map[i].ssmm_name ); return LDAP_INAPPROPRIATE_MATCHING; @@ -845,22 +845,22 @@ slap_schema_load( void ) &code, &err, LDAP_SCHEMA_ALLOW_ALL ); if ( !at ) { fprintf( stderr, - "slap_schema_load: %s: %s before %s\n", + "slap_schema_load: AttributeType \"%s\": %s before %s\n", ad_map[i].ssam_name, ldap_scherr2str(code), err ); return code; } if ( at->at_oid == NULL ) { fprintf( stderr, "slap_schema_load: " - "attributeType \"%s\" has no OID\n", + "AttributeType \"%s\": no OID\n", ad_map[i].ssam_name ); return LDAP_OTHER; } code = at_add( at, &err ); if ( code ) { - fprintf( stderr, "slap_schema_load: " - "%s: %s: \"%s\"\n", + fprintf( stderr, "slap_schema_load: AttributeType " + "\"%s\": %s: \"%s\"\n", ad_map[i].ssam_name, scherr2str(code), err ); return code; } @@ -877,8 +877,8 @@ slap_schema_load( void ) rc = slap_str2ad( ad_map[i].ssam_name, adp, &text ); if( rc != LDAP_SUCCESS ) { - fprintf( stderr, "slap_schema_load: " - "No attribute \"%s\" defined in schema\n", + fprintf( stderr, "slap_schema_load: AttributeType \"%s\": " + "not defined in schema\n", ad_map[i].ssam_name ); return rc; } @@ -930,23 +930,23 @@ slap_schema_load( void ) oc = ldap_str2objectclass( oc_map[i].ssom_defn, &code, &err, LDAP_SCHEMA_ALLOW_ALL ); if ( !oc ) { - fprintf( stderr, "slap_schema_load: " - "%s: %s before %s\n", + fprintf( stderr, "slap_schema_load: ObjectClass " + "\"%s\": %s before %s\n", oc_map[i].ssom_name, ldap_scherr2str(code), err ); return code; } if ( oc->oc_oid == NULL ) { - fprintf( stderr, "slap_schema_load: " - "%s: objectclass has no OID\n", + fprintf( stderr, "slap_schema_load: ObjectClass " + "\"%s\": no OID\n", oc_map[i].ssom_name ); return LDAP_OTHER; } code = oc_add(oc,0,&err); if ( code ) { - fprintf( stderr, "slap_schema_load: " - "%s: %s: \"%s\"\n", + fprintf( stderr, "slap_schema_load: ObjectClass " + "\"%s\": %s: \"%s\"\n", oc_map[i].ssom_name, scherr2str(code), err); return code; } @@ -962,7 +962,7 @@ slap_schema_load( void ) *ocp = oc_find( oc_map[i].ssom_name ); if( *ocp == NULL ) { fprintf( stderr, "slap_schema_load: " - "No objectClass \"%s\" defined in schema\n", + "ObjectClass \"%s\": not defined in schema\n", oc_map[i].ssom_name ); return LDAP_OBJECT_CLASS_VIOLATION; } diff --git a/servers/slapd/schemaparse.c b/servers/slapd/schemaparse.c index ffbf47dc22..cb5fca8f82 100644 --- a/servers/slapd/schemaparse.c +++ b/servers/slapd/schemaparse.c @@ -25,18 +25,19 @@ static char *const err2text[] = { "Success", "Out of memory", "ObjectClass not found", - "user-defined ObjectClass has inappropriate SUPerior", "user-defined ObjectClass includes operational attributes", + "user-defined ObjectClass has inappropriate SUPerior", "Duplicate objectClass", "AttributeType not found", + "AttributeType inappropriate matching rule", "AttributeType inappropriate USAGE", "AttributeType inappropriate SUPerior", "AttributeType SYNTAX or SUPerior required", "Duplicate attributeType", "MatchingRule not found", + "MatchingRule incomplete", "Duplicate matchingRule", "Syntax not found", - "Syntax required", "Duplicate ldapSyntax", "OID or name required", "Qualifier not supported", diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 3f428b7f01..a672e1ea86 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -224,19 +224,20 @@ typedef struct slap_ssf_set { #define SLAP_SCHERR_CLASS_BAD_SUP 4 #define SLAP_SCHERR_CLASS_DUP 5 #define SLAP_SCHERR_ATTR_NOT_FOUND 6 -#define SLAP_SCHERR_ATTR_BAD_USAGE 7 -#define SLAP_SCHERR_ATTR_BAD_SUP 8 -#define SLAP_SCHERR_ATTR_INCOMPLETE 9 -#define SLAP_SCHERR_ATTR_DUP 10 -#define SLAP_SCHERR_MR_NOT_FOUND 11 -#define SLAP_SCHERR_MR_INCOMPLETE 12 -#define SLAP_SCHERR_MR_DUP 13 -#define SLAP_SCHERR_SYN_NOT_FOUND 14 -#define SLAP_SCHERR_SYN_DUP 15 -#define SLAP_SCHERR_NO_NAME 16 -#define SLAP_SCHERR_NOT_SUPPORTED 17 -#define SLAP_SCHERR_BAD_DESCR 18 -#define SLAP_SCHERR_OIDM 19 +#define SLAP_SCHERR_ATTR_BAD_MR 7 +#define SLAP_SCHERR_ATTR_BAD_USAGE 8 +#define SLAP_SCHERR_ATTR_BAD_SUP 9 +#define SLAP_SCHERR_ATTR_INCOMPLETE 10 +#define SLAP_SCHERR_ATTR_DUP 11 +#define SLAP_SCHERR_MR_NOT_FOUND 12 +#define SLAP_SCHERR_MR_INCOMPLETE 13 +#define SLAP_SCHERR_MR_DUP 14 +#define SLAP_SCHERR_SYN_NOT_FOUND 15 +#define SLAP_SCHERR_SYN_DUP 16 +#define SLAP_SCHERR_NO_NAME 17 +#define SLAP_SCHERR_NOT_SUPPORTED 18 +#define SLAP_SCHERR_BAD_DESCR 19 +#define SLAP_SCHERR_OIDM 20 #define SLAP_SCHERR_LAST SLAP_SCHERR_OIDM typedef union slap_sockaddr {