From b813a5ba30c6b0d947daf72ab96c80105202f08f Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sat, 27 May 2000 19:33:08 +0000 Subject: [PATCH] SLAPD_SCHEMA_NOT_COMPAT: prelim ACL work --- servers/slapd/aclparse.c | 80 ++++++++++++++++++++------------- servers/slapd/at.c | 2 +- servers/slapd/back-ldbm/alias.c | 4 +- servers/slapd/back-ldbm/group.c | 2 +- servers/slapd/proto-slap.h | 2 +- servers/slapd/schema_init.c | 19 +++++++- servers/slapd/schema_prep.c | 26 +++++++++-- servers/slapd/slap.h | 31 +++++++++---- 8 files changed, 118 insertions(+), 48 deletions(-) diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index 42b5b4d941..946e0e1396 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -98,8 +98,14 @@ parse_acl( #ifdef SLAPD_SCHEMA_NOT_COMPAT int rc; const char *text; - static AttributeDescription *member = NULL; - static AttributeDescription *aci = NULL; + AttributeDescription *ad_distinguishedName = slap_schema.si_ad_distinguishedName; + AttributeDescription *ad_member = slap_schema.si_ad_member; +#ifdef SLAPD_ACI_ENABLED + AttributeDescription *ad_aci = slap_schema.si_ad_aci; +#endif +#else + static char *ad_aci = "aci"; + static char *ad_member = "member"; #endif a = NULL; @@ -336,16 +342,17 @@ parse_acl( acl_usage(); } -#ifdef SLAPD_OID_DN_SYNTAX - if( strcmp( b->a_dn_at->ad_type->sat_syntax_oid, - SLAPD_OID_DN_SYNTAX ) != 0 ) + + if( b->a_dn_at->ad_type->sat_syntax + != ad_distinguishedName->ad_type->sat_syntax ) { fprintf( stderr, - "%s: line %d: dnattr attribute type not of DN syntax.\n", - fname, lineno ); + "%s: line %d: dnattr \"%s\": inappropriate syntax: %s\n", + fname, lineno, right, + b->a_dn_at->ad_type->sat_syntax_oid ); acl_usage(); } -#endif + #else b->a_dn_at = ch_strdup( right ); #endif @@ -393,6 +400,16 @@ parse_acl( fname, lineno, right, text ); acl_usage(); } + + if( b->a_group_at->ad_type->sat_syntax + != ad_member->ad_type->sat_syntax ) + { + fprintf( stderr, + "%s: line %d: group \"%s\": inappropriate syntax: %s\n", + fname, lineno, right, + b->a_group_at->ad_type->sat_syntax_oid ); + acl_usage(); + } #else b->a_group_at = ch_strdup(name); #endif @@ -400,9 +417,9 @@ parse_acl( } else { #ifdef SLAPD_SCHEMA_NOT_COMPAT - b->a_group_at = member; + b->a_group_at = ad_dup( ad_member ); #else - b->a_group_at = ch_strdup("member"); + b->a_group_at = ch_strdup( ad_member ); #endif } @@ -413,17 +430,6 @@ parse_acl( fname, lineno ); acl_usage(); } - -#ifdef SLAPD_OID_DN_SYNTAX - if( strcmp( b->a_group_at->ad_type->sat_syntax_oid, - SLAPD_OID_DN_SYNTAX ) != 0 ) - { - fprintf( stderr, - "%s: line %d: group attribute type not of DN syntax.\n", - fname, lineno ); - acl_usage(); - } -#endif /* SLAPD_OID_DN_SYNTAX */ #endif /* SLAPD_SCHEMA_NOT_COMPAT */ continue; } @@ -499,8 +505,18 @@ parse_acl( fname, lineno, right, text ); acl_usage(); } + + if( b->a_aci_at->ad_type->sat_syntax + != ad_aci->ad_type->sat_syntax ) + { + fprintf( stderr, + "%s: line %d: aci \"%s\": inappropriate syntax: %s\n", + fname, lineno, right, + b->a_aci_at->ad_type->sat_syntax_oid ); + acl_usage(); + } } else { - b->a_aci_at = aci; + b->a_aci_at = ad_dup( ad_aci ); } if( b->a_aci_at == NULL ) { @@ -510,14 +526,6 @@ parse_acl( acl_usage(); } - if( strcmp( b->a_aci_at->ad_type->sat_syntax_oid, - SLAPD_OID_ACI_SYNTAX ) != 0 ) - { - fprintf( stderr, - "%s: line %d: aci attribute type not of ACI syntax.\n", - fname, lineno ); - acl_usage(); - } #else if ( right != NULL && *right != '\0' ) { b->a_aci_at = ch_strdup( right ); @@ -939,7 +947,11 @@ print_access( Access *b ) } if ( b->a_dn_at != NULL ) { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + fprintf( stderr, " dnattr=%s", b->a_dn_at->ad_cname->bv_val ); +#else fprintf( stderr, " dnattr=%s", b->a_dn_at ); +#endif } if ( b->a_group_pat != NULL ) { @@ -949,7 +961,11 @@ print_access( Access *b ) fprintf( stderr, " objectClass: %s", b->a_group_oc ); if ( b->a_group_at ) { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + fprintf( stderr, " attributeType: %s", b->a_group_at->ad_cname->bv_val ); +#else fprintf( stderr, " attributeType: %s", b->a_group_at ); +#endif } } } @@ -972,7 +988,11 @@ print_access( Access *b ) #ifdef SLAPD_ACI_ENABLED if ( b->a_aci_at != NULL ) { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + fprintf( stderr, " aci=%s", b->a_aci_at->ad_cname->bv_val ); +#else fprintf( stderr, " aci=%s", b->a_aci_at ); +#endif } #endif diff --git a/servers/slapd/at.c b/servers/slapd/at.c index 14c20bd19f..e1a3f5f971 100644 --- a/servers/slapd/at.c +++ b/servers/slapd/at.c @@ -92,7 +92,7 @@ at_config( #define SYNTAX_DSCE_OID "2.5.13.5" #define SYNTAX_IA5_OID "1.3.6.1.4.1.1466.115.121.1.26" #define SYNTAX_IA5CE_OID "1.3.6.1.4.1.1466.109.114.1" -#define SYNTAX_DN_OID SLAPD_OID_DN_SYNTAX +#define SYNTAX_DN_OID "1.3.6.1.4.1.1466.115.121.1.12" #define SYNTAX_TEL_OID "1.3.6.1.4.1.1466.115.121.1.50" #define SYNTAX_BIN_OID "1.3.6.1.4.1.1466.115.121.1.40" /* octetString */ diff --git a/servers/slapd/back-ldbm/alias.c b/servers/slapd/back-ldbm/alias.c index ad2b0f5da3..9aabaf12eb 100644 --- a/servers/slapd/back-ldbm/alias.c +++ b/servers/slapd/back-ldbm/alias.c @@ -218,9 +218,9 @@ static char* get_alias_dn( { Attribute *a; #ifdef SLAPD_SCHEMA_NOT_COMPAT - static AttributeDescription *aliasedObjectName = NULL; + AttributeDescription *aliasedObjectName = slap_schema.si_ad_aliasedObjectName; #else - static const char *aliasedObjectName = NULL; + static const char *aliasedObjectName = "aliasedObjectName"; #endif a = attr_find( e->e_attrs, aliasedObjectName ); diff --git a/servers/slapd/back-ldbm/group.c b/servers/slapd/back-ldbm/group.c index d531984337..5c1973a7db 100644 --- a/servers/slapd/back-ldbm/group.c +++ b/servers/slapd/back-ldbm/group.c @@ -41,7 +41,7 @@ ldbm_back_group( Attribute *attr; #ifdef SLAPD_SCHEMA_NOT_COMPAT - static AttributeDescription *objectClass = NULL; + AttributeDescription *objectClass = slap_schema.si_ad_objectClass; const char *groupattrName = group_at->ad_cname->bv_val; #else struct berval bv; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 792dc525c5..bf73fc435b 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -92,7 +92,6 @@ LIBSLAPD_F (AttributeType *) at_find LDAP_P(( const char *name )); LIBSLAPD_F (int) at_find_in_list LDAP_P(( AttributeType *sat, AttributeType **list )); LIBSLAPD_F (int) at_append_to_list LDAP_P(( AttributeType *sat, AttributeType ***listp )); LIBSLAPD_F (int) at_delete_from_list LDAP_P(( int pos, AttributeType ***listp )); -LIBSLAPD_F (int) at_fake_if_needed LDAP_P(( const char *name )); LIBSLAPD_F (int) at_schema_info LDAP_P(( Entry *e )); LIBSLAPD_F (int) at_add LDAP_P(( LDAP_ATTRIBUTE_TYPE *at, const char **err )); @@ -103,6 +102,7 @@ LIBSLAPD_F (int) is_at_subtype LDAP_P(( # define at_canonical_name(at) ((at)->sat_cname) #else +LIBSLAPD_F (int) at_fake_if_needed LDAP_P(( const char *name )); LIBSLAPD_F (char *) at_canonical_name LDAP_P(( const char * a_type )); #endif diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index a812c92557..50f644ac6c 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -16,7 +16,15 @@ #include "slap.h" #include "ldap_pvt.h" -#define berValidate blobValidate +static int +inValidate( + Syntax *syntax, + struct berval *in ) +{ + /* any value allowed */ + return LDAP_OTHER; +} + static int blobValidate( Syntax *syntax, @@ -26,6 +34,8 @@ blobValidate( return LDAP_SUCCESS; } +#define berValidate blobValidate + static int UTF8StringValidate( Syntax *syntax, @@ -341,6 +351,7 @@ struct syntax_defs_rec { #endif }; +#define X_HIDE "X-HIDE 'TRUE' " #define X_BINARY "X-BINARY-TRANSFER-REQUIRED 'TRUE' " #define X_NOT_H_R "X-NOT-HUMAN-READABLE 'TRUE' " @@ -457,8 +468,12 @@ struct syntax_defs_rec syntax_defs[] = { 0, NULL, NULL, NULL}, /* OpenLDAP Experimental Syntaxes */ - {"( " SLAPD_OID_ACI_SYNTAX " DESC 'OpenLDAP Experimental ACI' )", + {"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )", 0, NULL, NULL, NULL}, + {"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP void' " X_HIDE ")" , + SLAP_SYNTAX_HIDE, NULL, NULL, NULL}, + {"( 1.3.6.1.4.1.4203.666.2.3 DESC 'OpenLDAP DN' " X_HIDE ")" , + SLAP_SYNTAX_HIDE, NULL, NULL, NULL}, {NULL, 0, NULL, NULL, NULL} }; diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index 086b1a2250..051c98d583 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -41,8 +41,15 @@ struct slap_schema_oc_map { char *ssom_name; size_t ssom_offset; } oc_map[] = { + { "top", offsetof(struct slap_internal_schema, si_oc_top) }, { "alias", offsetof(struct slap_internal_schema, si_oc_alias) }, { "referral", offsetof(struct slap_internal_schema, si_oc_referral) }, + { "LDAProotDSE", offsetof(struct slap_internal_schema, si_oc_rootdse) }, + { "LDAPsubentry", offsetof(struct slap_internal_schema, si_oc_subentry) }, + { "subschema", offsetof(struct slap_internal_schema, si_oc_subschema) }, +#ifdef SLAPD_ACI_ENABLED + { "groupOfNames", offsetof(struct slap_internal_schema, si_oc_groupOfNames) }, +#endif { NULL, 0 } }; @@ -54,6 +61,7 @@ struct slap_schema_ad_map { { "objectClass", objectClassMatch, offsetof(struct slap_internal_schema, si_ad_objectClass) }, + /* user entry operational attributes */ { "creatorsName", NULL, offsetof(struct slap_internal_schema, si_ad_creatorsName) }, { "createTimestamp", NULL, @@ -62,10 +70,10 @@ struct slap_schema_ad_map { offsetof(struct slap_internal_schema, si_ad_modifiersName) }, { "modifyTimestamp", NULL, offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) }, - { "subschemaSubentry", NULL, offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) }, + /* root DSE attributes */ { "namingContexts", NULL, offsetof(struct slap_internal_schema, si_ad_namingContexts) }, { "supportedControl", NULL, @@ -74,14 +82,14 @@ struct slap_schema_ad_map { offsetof(struct slap_internal_schema, si_ad_supportedExtension) }, { "supportedLDAPVersion", NULL, offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) }, -#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND +#ifdef SLAPD_ACI_ENABLED { "supportedACIMechanisms", NULL, offsetof(struct slap_internal_schema, si_ad_supportedACIMechanisms) }, - #endif { "supportedSASLMechanisms", NULL, offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) }, + /* subschema subentry attributes */ { "attributeTypes", NULL, offsetof(struct slap_internal_schema, si_ad_attributeTypes) }, { "ldapSyntaxes", NULL, @@ -91,13 +99,25 @@ struct slap_schema_ad_map { { "objectClasses", NULL, offsetof(struct slap_internal_schema, si_ad_objectClasses) }, + /* knowledge information */ + { "aliasedObjectName", NULL, + offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) }, { "ref", NULL, offsetof(struct slap_internal_schema, si_ad_ref) }, + /* access control information */ { "entry", NULL, offsetof(struct slap_internal_schema, si_ad_entry) }, { "children", NULL, offsetof(struct slap_internal_schema, si_ad_children) }, + { "distinguishedName", NULL, + offsetof(struct slap_internal_schema, si_ad_distinguishedName) }, + { "member", NULL, + offsetof(struct slap_internal_schema, si_ad_member) }, +#ifdef SLAPD_ACI_ENABLED + { "aci", NULL, + offsetof(struct slap_internal_schema, si_ad_aci) }, +#endif { "userPassword", NULL, offsetof(struct slap_internal_schema, si_ad_userPassword) }, diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index d3a73807d4..f4766f22fc 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -93,11 +93,12 @@ LDAP_BEGIN_DECL #define AD_LEADCHAR(c) ( ATTR_CHAR(c) ) #define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' ) -#define SLAPD_ACI_DEFAULT_ATTR "aci" - +#ifndef SLAPD_SCHEMA_NOT_COMPAT /* schema needed by slapd */ -#define SLAPD_OID_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12" #define SLAPD_OID_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" /* experimental */ +#define SLAPD_ACI_DEFAULT_ATTR "aci" +#endif + LIBSLAPD_F (int) slap_debug; @@ -155,10 +156,11 @@ typedef struct slap_syntax { unsigned ssyn_flags; -#define SLAP_SYNTAX_NONE 0x0U -#define SLAP_SYNTAX_BLOB 0x1U /* syntax treated as blob (audio) */ -#define SLAP_SYNTAX_BINARY 0x2U /* binary transfer required (certificate) */ -#define SLAP_SYNTAX_BER 0x4U /* stored using BER encoding (binary,certificate) */ +#define SLAP_SYNTAX_NONE 0x00U +#define SLAP_SYNTAX_BLOB 0x01U /* syntax treated as blob (audio) */ +#define SLAP_SYNTAX_BINARY 0x02U /* binary transfer required (certificate) */ +#define SLAP_SYNTAX_BER 0x04U /* stored using BER encoding (binary,certificate) */ +#define SLAP_SYNTAX_HIDE 0x80U /* hide (do not publish) */ slap_syntax_validate_func *ssyn_validate; slap_syntax_transform_func *ssyn_normalize; @@ -177,6 +179,7 @@ typedef struct slap_syntax { #define slap_syntax_is_blob(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BLOB) #define slap_syntax_is_binary(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BINARY) #define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER) +#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE) /* XXX -> UCS-2 Converter */ typedef int slap_mr_convert_func LDAP_P(( @@ -327,8 +330,15 @@ typedef struct slap_attr_desc { */ struct slap_internal_schema { /* objectClass */ + ObjectClass *si_oc_top; ObjectClass *si_oc_alias; ObjectClass *si_oc_referral; + ObjectClass *si_oc_subentry; + ObjectClass *si_oc_subschema; + ObjectClass *si_oc_rootdse; +#ifdef SLAPD_ACI_ENABLED + ObjectClass *si_oc_groupOfNames; +#endif /* objectClass attribute */ AttributeDescription *si_ad_objectClass; @@ -361,9 +371,14 @@ struct slap_internal_schema { AttributeDescription *si_ad_aliasedObjectName; AttributeDescription *si_ad_ref; - /* ACL Internals */ + /* Access Control Internals */ AttributeDescription *si_ad_entry; AttributeDescription *si_ad_children; + AttributeDescription *si_ad_member; + AttributeDescription *si_ad_distinguishedName; +#ifdef SLAPD_ACI_ENABLED + AttributeDescription *si_ad_aci; +#endif /* Other */ AttributeDescription *si_ad_userPassword; -- 2.39.5