From bc51bd5180fe6c83b92b76578e2b9e4b0492b7af Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Sun, 6 Feb 2000 21:09:44 +0000 Subject: [PATCH] Yet another round of SLAPD_SCHEMA_NOT_COMPAT changes... Changes outside of #ifdef include three value filter processing. --- servers/slapd/Makefile.in | 4 +- servers/slapd/acl.c | 9 +- servers/slapd/ad.c | 144 +++++++++++++ servers/slapd/at.c | 2 +- servers/slapd/attr.c | 13 -- servers/slapd/ava.c | 29 ++- servers/slapd/back-bdb2/search.c | 2 +- servers/slapd/back-ldbm/compare.c | 16 +- servers/slapd/back-ldbm/external.h | 6 + servers/slapd/back-ldbm/filterindex.c | 11 + servers/slapd/back-ldbm/index.c | 2 + servers/slapd/back-ldbm/search.c | 16 +- servers/slapd/back-passwd/search.c | 6 +- servers/slapd/compare.c | 53 ++++- servers/slapd/entry.c | 4 + servers/slapd/filter.c | 45 ++++- servers/slapd/filterentry.c | 211 ++++++++++++++++---- servers/slapd/libslapd.dsp | 4 + servers/slapd/modify.c | 3 + servers/slapd/nt_svc.c | 4 + servers/slapd/proto-slap.h | 21 +- servers/slapd/result.c | 4 + servers/slapd/schema_check.c | 77 +++++-- servers/slapd/schema_init.c | 2 +- servers/slapd/schemaparse.c | 16 +- servers/slapd/search.c | 6 + servers/slapd/shell-backends/passwd-shell.c | 4 +- servers/slapd/shell-backends/shellutil.c | 3 +- servers/slapd/slap.h | 127 ++++++++---- servers/slapd/str2filter.c | 8 + servers/slapd/tools/Makefile.in | 2 +- servers/slapd/tools/slapindex.c | 4 + 32 files changed, 710 insertions(+), 148 deletions(-) create mode 100644 servers/slapd/ad.c diff --git a/servers/slapd/Makefile.in b/servers/slapd/Makefile.in index b25e48efa0..35f06f7048 100644 --- a/servers/slapd/Makefile.in +++ b/servers/slapd/Makefile.in @@ -16,7 +16,7 @@ SRCS = main.c daemon.c connection.c search.c filter.c add.c charray.c \ phonetic.c acl.c str2filter.c aclparse.c init.c user.c \ repl.c lock.c controls.c extended.c kerberos.c passwd.c \ schema.c schema_check.c schema_init.c schemaparse.c \ - at.c mr.c syntax.c oc.c \ + ad.c at.c mr.c syntax.c oc.c \ monitor.c configinfo.c starttls.c \ root_dse.c sasl.c module.c suffixalias.c $(@PLAT@_SRCS) @@ -27,7 +27,7 @@ OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \ phonetic.o acl.o str2filter.o aclparse.o init.o user.o \ repl.o lock.o controls.o extended.o kerberos.o passwd.o \ schema.o schema_check.o schema_init.o schemaparse.o \ - at.o mr.o syntax.o oc.o \ + ad.o at.o mr.o syntax.o oc.o \ monitor.o configinfo.o starttls.o \ root_dse.o sasl.o module.o suffixalias.o $(@PLAT@_OBJS) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 239bffa572..f5c141bc4a 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -35,7 +35,7 @@ static int aci_mask( regmatch_t *matches, slap_access_t *grant, slap_access_t *deny ); char *supportedACIMechs[] = { - "1.3.6.1.4.1.4203.666.7.1", /* experimental draft aci family */ + "1.3.6.1.4.1.4203.666.7.1", /* experimental IETF aci family */ "1.3.6.1.4.1.4203.666.7.2", /* experimental OpenLDAP aci family */ NULL }; @@ -74,7 +74,9 @@ access_allowed( { int count; AccessControl *a; +#ifdef LDAP_DEBUG char accessmaskbuf[ACCESSMASK_MAXLEN]; +#endif slap_access_mask_t mask; slap_control_t control; @@ -238,7 +240,8 @@ acl_get( } if ( a->acl_filter != NULL ) { - if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) { + ber_int_t rc = test_filter( NULL, NULL, NULL, e, a->acl_filter ); + if ( rc != LDAP_COMPARE_TRUE ) { continue; } } @@ -286,7 +289,9 @@ acl_mask( { int i; Access *b; +#ifdef LDAP_DEBUG char accessmaskbuf[ACCESSMASK_MAXLEN]; +#endif assert( a != NULL ); assert( mask != NULL ); diff --git a/servers/slapd/ad.c b/servers/slapd/ad.c new file mode 100644 index 0000000000..db715584e3 --- /dev/null +++ b/servers/slapd/ad.c @@ -0,0 +1,144 @@ +/* $OpenLDAP$ */ +/* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ +/* ad.c - routines for dealing with attribute descriptions */ + +#include "portable.h" + +#include + +#include +#include +#include +#include +#include + +#include "ldap_pvt.h" +#include "slap.h" + +#ifdef SLAPD_SCHEMA_NOT_COMPAT + +int slap_bv2ad( + struct berval *bv, + AttributeDescription **ad, + char **text ) +{ + int rtn = LDAP_UNDEFINED_TYPE; + int i; + AttributeDescription desc; + char **tokens; + + assert( *ad != NULL ); + assert( *text != NULL ); + + if( bv == NULL || bv->bv_len == 0 ) { + *text = "empty attribute description"; + return LDAP_UNDEFINED_TYPE; + } + + /* make sure description is IA5 */ + if( IA5StringValidate( NULL, bv ) != 0 ) { + *text = "attribute description contains non-IA5 characters"; + return LDAP_UNDEFINED_TYPE; + } + + tokens = str2charray( bv->bv_val, ";"); + + if( tokens == NULL || *tokens == NULL ) { + *text = "no attribute type"; + goto done; + } + + desc.ad_type = at_find( *tokens ); + + if( desc.ad_type == NULL ) { + *text = "attribute type undefined"; + goto done; + } + + desc.ad_flags = SLAP_DESC_NONE; + desc.ad_lang = NULL; + + for( i=1; tokens[i] != NULL; i++ ) { + if( strcasecmp( tokens[i], "binary" ) == 0 ) { + if( desc.ad_flags & SLAP_DESC_BINARY ) { + *text = "option \"binary\" specified multiple times"; + goto done; + } + + if(!( desc.ad_type->sat_syntax->ssyn_flags + & SLAP_SYNTAX_BINARY )) + { + /* not stored in binary, disallow option */ + *text = "option \"binary\" with type not supported"; + goto done; + } + + desc.ad_flags |= SLAP_DESC_BINARY; + + } else if ( strncasecmp( tokens[i], "lang-", + sizeof("lang-")-1 ) == 0 && tokens[i][sizeof("lang-")-1] ) + { + if( desc.ad_lang != NULL ) { + *text = "multiple language tag options specified"; + goto done; + } + desc.ad_lang = tokens[i]; + + /* normalize to all lower case, it's easy */ + ldap_pvt_str2lower( desc.ad_lang ); + + } else { + *text = "unrecognized option"; + goto done; + } + } + + desc.ad_cname = ch_malloc( sizeof( struct berval ) ); + + desc.ad_cname->bv_len = strlen( desc.ad_type->sat_cname ); + if( desc.ad_flags & SLAP_DESC_BINARY ) { + desc.ad_cname->bv_len += sizeof("binary"); + } + if( desc.ad_lang != NULL ) { + desc.ad_cname->bv_len += strlen( desc.ad_lang ); + } + + desc.ad_cname = ch_malloc( desc.ad_cname->bv_len + 1 ); + + strcpy( desc.ad_cname->bv_val, desc.ad_type->sat_cname ); + strcat( desc.ad_cname->bv_val, ";binary" ); + if( desc.ad_flags & SLAP_DESC_BINARY ) { + strcat( desc.ad_cname->bv_val, ";binary" ); + } + + if( desc.ad_lang != NULL ) { + strcat( desc.ad_cname->bv_val, ";" ); + strcat( desc.ad_cname->bv_val, desc.ad_lang ); + } + + *ad = ch_malloc( sizeof( AttributeDescription ) ); + **ad = desc; + + rtn = LDAP_SUCCESS; + +done: + charray_free( tokens ); + return rtn; +} + +void +ad_free( AttributeDescription *ad, int freeit ) +{ + if( ad == NULL ) return; + + ber_bvfree( ad->ad_cname ); + free( ad->ad_lang ); + + if( freeit ) free( ad ); +} + +#endif + diff --git a/servers/slapd/at.c b/servers/slapd/at.c index 2538e143ee..3866108548 100644 --- a/servers/slapd/at.c +++ b/servers/slapd/at.c @@ -3,7 +3,7 @@ * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ -/* at.c - routines for dealing with attributes */ +/* at.c - routines for dealing with attribute types */ #include "portable.h" diff --git a/servers/slapd/attr.c b/servers/slapd/attr.c index 0621645f03..353eed131c 100644 --- a/servers/slapd/attr.c +++ b/servers/slapd/attr.c @@ -26,19 +26,6 @@ static void at_index_print( void ); #endif -#ifdef SLAPD_SCHEMA_NOT_COMPAT -void -ad_free( AttributeDescription *ad, int freeit ) -{ - if( ad == NULL ) return; - - ber_bvfree( ad->ad_cname ); - free( ad->ad_lang ); - - if( freeit ) free( ad ); -} -#endif - void attr_free( Attribute *a ) { diff --git a/servers/slapd/ava.c b/servers/slapd/ava.c index 5732a3777f..d948f35bbf 100644 --- a/servers/slapd/ava.c +++ b/servers/slapd/ava.c @@ -14,6 +14,23 @@ #include "slap.h" +#ifdef SLAPD_SCHEMA_NOT_COMPAT + +void +ava_free( + AttributeAssertion *ava, + int freeit +) +{ + ad_free( ava->aa_desc, 1 ); + ber_bvfree( ava->aa_value ); + if ( freeit ) { + ch_free( (char *) ava ); + } +} + +#else + int get_ava( BerElement *ber, @@ -23,14 +40,11 @@ get_ava( if ( ber_scanf( ber, "{ao}", &ava->ava_type, &ava->ava_value ) == LBER_ERROR ) { Debug( LDAP_DEBUG_ANY, " get_ava ber_scanf\n", 0, 0, 0 ); - return( -1 ); + return -1; } attr_normalize( ava->ava_type ); - -#ifndef SLAPD_SCHEMA_NOT_COMPAT value_normalize( ava->ava_value.bv_val, attr_syntax( ava->ava_type ) ); -#endif return( LDAP_SUCCESS ); } @@ -41,10 +55,11 @@ ava_free( int freeit ) { - free( (char *) ava->ava_type ); - free( (char *) ava->ava_value.bv_val ); + ch_free( (char *) ava->ava_type ); + ch_free( (char *) ava->ava_value.bv_val ); if ( freeit ) { - free( (char *) ava ); + ch_free( (char *) ava ); } } +#endif diff --git a/servers/slapd/back-bdb2/search.c b/servers/slapd/back-bdb2/search.c index 516493453e..2cb121b7d8 100644 --- a/servers/slapd/back-bdb2/search.c +++ b/servers/slapd/back-bdb2/search.c @@ -240,7 +240,7 @@ bdb2i_back_search_internal( } /* if it matches the filter and scope, send it */ - if ( test_filter( be, conn, op, e, filter ) == 0 ) { + if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) { char *dn; /* check scope */ diff --git a/servers/slapd/back-ldbm/compare.c b/servers/slapd/back-ldbm/compare.c index 97cfbceb79..bc62dfbb3d 100644 --- a/servers/slapd/back-ldbm/compare.c +++ b/servers/slapd/back-ldbm/compare.c @@ -23,7 +23,11 @@ ldbm_back_compare( Operation *op, char *dn, char *ndn, +#ifdef SLAPD_SCHEMA_NOT_COMPAT + AttributeAssertion *ava +#else Ava *ava +#endif ) { struct ldbminfo *li = (struct ldbminfo *) be->be_private; @@ -76,8 +80,13 @@ ldbm_back_compare( goto return_results; } +#ifdef SLAPD_SCHEMA_NOT_COMPAT + if ( ! access_allowed( be, conn, op, e, + ava->aa_desc->ad_type->sat_cname, ava->aa_value, ACL_COMPARE ) ) +#else if ( ! access_allowed( be, conn, op, e, ava->ava_type, &ava->ava_value, ACL_COMPARE ) ) +#endif { send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL ); @@ -85,7 +94,12 @@ ldbm_back_compare( goto return_results; } - if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + if ( (a = attr_find( e->e_attrs, ava->aa_desc->ad_cname->bv_val )) == NULL ) +#else + if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) +#endif + { send_ldap_result( conn, op, LDAP_NO_SUCH_ATTRIBUTE, NULL, NULL, NULL, NULL ); rc = 1; diff --git a/servers/slapd/back-ldbm/external.h b/servers/slapd/back-ldbm/external.h index 9f4778e21c..9a7bb508e2 100644 --- a/servers/slapd/back-ldbm/external.h +++ b/servers/slapd/back-ldbm/external.h @@ -45,9 +45,15 @@ extern int ldbm_back_search LDAP_P(( BackendDB *bd, char *nbase, int scope, int deref, int sizelimit, int timelimit, Filter *filter, char *filterstr, char **attrs, int attrsonly )); +#ifdef SLAPD_SCHEMA_NOT_COMPAT +extern int ldbm_back_compare LDAP_P(( BackendDB *bd, + Connection *conn, Operation *op, + char *dn, char *ndn, AttributeAssertion *ava )); +#else extern int ldbm_back_compare LDAP_P((BackendDB *bd, Connection *conn, Operation *op, char *dn, char *ndn, Ava *ava )); +#endif extern int ldbm_back_modify LDAP_P(( BackendDB *bd, Connection *conn, Operation *op, diff --git a/servers/slapd/back-ldbm/filterindex.c b/servers/slapd/back-ldbm/filterindex.c index 55f73cc398..9191ea28ff 100644 --- a/servers/slapd/back-ldbm/filterindex.c +++ b/servers/slapd/back-ldbm/filterindex.c @@ -15,6 +15,16 @@ #include "slap.h" #include "back-ldbm.h" +#ifdef SLAPD_SCHEMA_NOT_COMPAT +ID_BLOCK * +filter_candidates( + Backend *be, + Filter *f ) +{ + return NULL; +} +#else + static ID_BLOCK *ava_candidates( Backend *be, Ava *ava, int type ); static ID_BLOCK *presence_candidates( Backend *be, char *type ); static ID_BLOCK *approx_candidates( Backend *be, Ava *ava ); @@ -384,3 +394,4 @@ substring_comp_candidates( idl ? ID_BLOCK_NIDS(idl) : 0, 0, 0 ); return( idl ); } +#endif diff --git a/servers/slapd/back-ldbm/index.c b/servers/slapd/back-ldbm/index.c index 6c90a6f179..a554543cc2 100644 --- a/servers/slapd/back-ldbm/index.c +++ b/servers/slapd/back-ldbm/index.c @@ -318,7 +318,9 @@ index_change_values( } +#ifndef SLAPD_SCHEMA_NOT_COMPAT attr_normalize(type); +#endif attr_mask( be->be_private, type, &indexmask ); if ( indexmask == 0 ) { diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c index b680818cd9..3731b92a6c 100644 --- a/servers/slapd/back-ldbm/search.c +++ b/servers/slapd/back-ldbm/search.c @@ -245,7 +245,7 @@ ldbm_back_search( } /* if it matches the filter and scope, send it */ - if ( test_filter( be, conn, op, e, filter ) == 0 ) { + if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) { char *dn; /* check scope */ @@ -412,12 +412,14 @@ search_candidates( rf = (Filter *) ch_malloc( sizeof(Filter) ); rf->f_next = NULL; rf->f_choice = LDAP_FILTER_OR; +#ifndef SLAPD_SCHEMA_NOT_COMPAT rf->f_or = (Filter *) ch_malloc( sizeof(Filter) ); rf->f_or->f_choice = LDAP_FILTER_EQUALITY; rf->f_or->f_avtype = ch_strdup( "objectclass" ); rf->f_or->f_avvalue.bv_val = ch_strdup( "REFERRAL" ); rf->f_or->f_avvalue.bv_len = sizeof("REFERRAL")-1; rf->f_or->f_next = filter; +#endif f = rf; } else { rf = NULL; @@ -429,12 +431,14 @@ search_candidates( af = (Filter *) ch_malloc( sizeof(Filter) ); af->f_next = NULL; af->f_choice = LDAP_FILTER_OR; +#ifndef SLAPD_SCHEMA_NOT_COMPAT af->f_or = (Filter *) ch_malloc( sizeof(Filter) ); af->f_or->f_choice = LDAP_FILTER_EQUALITY; af->f_or->f_avtype = ch_strdup( "objectclass" ); af->f_or->f_avvalue.bv_val = ch_strdup( "ALIAS" ); af->f_or->f_avvalue.bv_len = sizeof("ALIAS")-1; af->f_or->f_next = f; +#endif f = af; } else { af = NULL; @@ -444,24 +448,28 @@ search_candidates( lf = (Filter *) ch_malloc( sizeof(Filter) ); lf->f_next = NULL; lf->f_choice = LDAP_FILTER_AND; +#ifndef SLAPD_SCHEMA_NOT_COMPAT lf->f_and = (Filter *) ch_malloc( sizeof(Filter) ); lf->f_and->f_choice = SLAPD_FILTER_DN_SUBTREE; lf->f_and->f_dn = e->e_ndn; lf->f_and->f_next = f; +#endif f = lf; } else if ( scope == LDAP_SCOPE_ONELEVEL ) { lf = (Filter *) ch_malloc( sizeof(Filter) ); lf->f_next = NULL; lf->f_choice = LDAP_FILTER_AND; +#ifndef SLAPD_SCHEMA_NOT_COMPAT lf->f_and = (Filter *) ch_malloc( sizeof(Filter) ); lf->f_and->f_choice = SLAPD_FILTER_DN_ONE; lf->f_and->f_dn = e->e_ndn; lf->f_and->f_next = f; +#endif f = lf; } else { @@ -472,17 +480,23 @@ search_candidates( /* free up filter additions we allocated above */ if( lf != NULL ) { +#ifndef SLAPD_SCHEMA_NOT_COMPAT free( lf->f_and ); +#endif free( lf ); } if( af != NULL ) { +#ifndef SLAPD_SCHEMA_NOT_COMPAT af->f_or->f_next = NULL; +#endif filter_free( af ); } if( rf != NULL ) { +#ifndef SLAPD_SCHEMA_NOT_COMPAT rf->f_or->f_next = NULL; +#endif filter_free( rf ); } diff --git a/servers/slapd/back-passwd/search.c b/servers/slapd/back-passwd/search.c index 1da4023edf..3cb0c9c4c6 100644 --- a/servers/slapd/back-passwd/search.c +++ b/servers/slapd/back-passwd/search.c @@ -108,7 +108,7 @@ passwd_back_search( val.bv_len = strlen( val.bv_val ); attr_merge( e, "objectClass", vals ); - if ( test_filter( be, conn, op, e, filter ) == 0 ) { + if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) { send_search_entry( be, conn, op, e, attrs, attrsonly, NULL ); sent++; @@ -138,7 +138,7 @@ passwd_back_search( e = pw2entry( be, pw, NULL ); - if ( test_filter( be, conn, op, e, filter ) == 0 ) { + if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) { /* check size limit */ if ( --slimit == -1 ) { send_ldap_result( conn, op, LDAP_SIZELIMIT_EXCEEDED, @@ -195,7 +195,7 @@ passwd_back_search( e = pw2entry( be, pw, rdn ); - if ( test_filter( be, conn, op, e, filter ) == 0 ) { + if ( test_filter( be, conn, op, e, filter ) == LDAP_COMPARE_TRUE ) { send_search_entry( be, conn, op, e, attrs, attrsonly, NULL ); sent++; diff --git a/servers/slapd/compare.c b/servers/slapd/compare.c index aa421fee0c..890c3e0193 100644 --- a/servers/slapd/compare.c +++ b/servers/slapd/compare.c @@ -31,9 +31,21 @@ do_compare( ) { char *dn = NULL, *ndn=NULL; - Ava ava; + struct berval desc; + struct berval value; Backend *be; int rc = LDAP_SUCCESS; +#ifdef SLAPD_SCHEMA_NOT_COMPAT + char *text = NULL; + AttributeAssertion ava; + + ava.aa_desc = NULL; +#else + Ava ava; +#endif + + desc.bv_val = NULL; + value.bv_val = NULL; Debug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 ); @@ -73,18 +85,20 @@ do_compare( goto cleanup; } - if ( get_ava( op->o_ber, &ava ) != LDAP_SUCCESS ) { + if ( ber_scanf( op->o_ber, "{oo}", &desc, &value ) == LBER_ERROR ) { Debug( LDAP_DEBUG_ANY, "do_compare: get ava failed\n", 0, 0, 0 ); send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, "decoding error" ); - return -1; + rc = -1; + goto cleanup; } if ( ber_scanf( op->o_ber, /*{*/ "}" ) == LBER_ERROR ) { Debug( LDAP_DEBUG_ANY, "ber_scanf failed\n", 0, 0, 0 ); send_ldap_disconnect( conn, op, LDAP_PROTOCOL_ERROR, "decoding error" ); - return -1; + rc = -1; + goto cleanup; } if( ( rc = get_ctrls( conn, op, 1 )) != LDAP_SUCCESS ) { @@ -92,11 +106,34 @@ do_compare( goto cleanup; } +#ifdef SLAPD_SCHEMA_NOT_COMPAT + rc = slap_bv2ad( &desc, &ava.aa_desc, &text ); + if( rc != LDAP_SUCCESS ) { + send_ldap_result( conn, op, rc, NULL, + text, NULL, NULL ); + goto cleanup; + } + ava.aa_value = &value; + + Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n", + dn, ava.aa_desc->ad_cname, ava.aa_value->bv_val ); + + Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n", + op->o_connid, op->o_opid, dn, ava.aa_desc->ad_cname, 0 ); + +#else + ava.ava_type = desc.bv_val; + ava.ava_value = value; + attr_normalize( ava.ava_type ); + value_normalize( ava.ava_value.bv_val, attr_syntax( ava.ava_type ) ); + Debug( LDAP_DEBUG_ARGS, "do_compare: dn (%s) attr (%s) value (%s)\n", dn, ava.ava_type, ava.ava_value.bv_val ); Statslog( LDAP_DEBUG_STATS, "conn=%ld op=%d CMP dn=\"%s\" attr=\"%s\"\n", op->o_connid, op->o_opid, dn, ava.ava_type, 0 ); +#endif + /* * We could be serving multiple database backends. Select the @@ -132,7 +169,13 @@ do_compare( cleanup: free( dn ); free( ndn ); - ava_free( &ava, 0 ); + free( desc.bv_val ); + free( value.bv_val ); +#ifdef SLAPD_SCHEMA_NOT_COMPAT + if( ava.aa_desc != NULL ) { + ad_free( ava.aa_desc, 1 ); + } +#endif return rc; } diff --git a/servers/slapd/entry.c b/servers/slapd/entry.c index 86abbae9c1..822145f2f5 100644 --- a/servers/slapd/entry.c +++ b/servers/slapd/entry.c @@ -120,6 +120,9 @@ str2entry( char *s ) bval.bv_val = value; bval.bv_len = vlen; +#ifdef SLAPD_SCHEMA_NOT_COMPAT + /* not yet implemented */ +#else if ( attr_merge_fast( e, type, vals, nvals, 1, &maxvals, &a ) != 0 ) { Debug( LDAP_DEBUG_TRACE, @@ -129,6 +132,7 @@ str2entry( char *s ) free( type ); return( NULL ); } +#endif free( value ); free( type ); diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c index 200d3aa709..497b6a80ff 100644 --- a/servers/slapd/filter.c +++ b/servers/slapd/filter.c @@ -68,6 +68,7 @@ get_filter( Connection *conn, BerElement *ber, Filter **filt, char **fstr ) f->f_choice = ber_peek_tag( ber, &len ); switch ( f->f_choice ) { +#ifndef SLAPD_SCHEMA_NOT_COMPAT case LDAP_FILTER_EQUALITY: Debug( LDAP_DEBUG_FILTER, "EQUALITY\n", 0, 0, 0 ); if ( (err = get_ava( ber, &f->f_ava )) == LDAP_SUCCESS ) { @@ -124,6 +125,7 @@ get_filter( Connection *conn, BerElement *ber, Filter **filt, char **fstr ) f->f_avvalue.bv_val ); } break; +#endif case LDAP_FILTER_AND: Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); @@ -158,6 +160,13 @@ get_filter( Connection *conn, BerElement *ber, Filter **filt, char **fstr ) } break; + case LDAP_FILTER_EXT: + /* not yet implemented */ + Debug( LDAP_DEBUG_ANY, "extensible match not yet implemented.\n", + f->f_choice, 0, 0 ); + err = -1; + break; + case LBER_DEFAULT: Debug( LDAP_DEBUG_ANY, "decoding filter error\n", 0, 0, 0 ); @@ -218,6 +227,8 @@ get_filter_list( Connection *conn, BerElement *ber, Filter **f, char **fstr ) return( LDAP_SUCCESS ); } +#ifndef SLAPD_SCHEMA_NOT_COMPAT + static int get_substring_filter( Connection *conn, @@ -362,6 +373,8 @@ return_error: return( LDAP_SUCCESS ); } +#endif /* not compat */ + void filter_free( Filter *f ) { @@ -372,14 +385,38 @@ filter_free( Filter *f ) } switch ( f->f_choice ) { + case LDAP_FILTER_PRESENT: +#ifdef SLAPD_SCHEMA_NOT_COMPAT + ad_free( f->f_desc, 1 ); +#else + if ( f->f_type != NULL ) { + free( f->f_type ); + } +#endif + break; + case LDAP_FILTER_EQUALITY: case LDAP_FILTER_GE: case LDAP_FILTER_LE: case LDAP_FILTER_APPROX: +#ifdef SLAPD_SCHEMA_NOT_COMPAT + ava_free( f->f_ava, 1 ); +#else ava_free( &f->f_ava, 0 ); +#endif break; case LDAP_FILTER_SUBSTRINGS: +#ifdef SLAPD_SCHEMA_NOT_COMPAT + ad_free( f->f_sub_desc, 1 ); + if ( f->f_sub_initial != NULL ) { + ber_bvfree( f->f_sub_initial ); + } + ber_bvecfree( f->f_sub_any ); + if ( f->f_sub_final != NULL ) { + ber_bvfree( f->f_sub_final ); + } +#else if ( f->f_sub_type != NULL ) { free( f->f_sub_type ); } @@ -390,12 +427,7 @@ filter_free( Filter *f ) if ( f->f_sub_final != NULL ) { ber_bvfree( f->f_sub_final ); } - break; - - case LDAP_FILTER_PRESENT: - if ( f->f_type != NULL ) { - free( f->f_type ); - } +#endif break; case LDAP_FILTER_AND: @@ -412,6 +444,7 @@ filter_free( Filter *f ) f->f_choice, 0, 0 ); break; } + free( f ); } diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c index e6b5ec4517..aa96c940da 100644 --- a/servers/slapd/filterentry.c +++ b/servers/slapd/filterentry.c @@ -18,12 +18,26 @@ #include "slap.h" -static int test_filter_list(Backend *be, +static int test_filter_and( Backend *be, Connection *conn, Operation *op, - Entry *e, Filter *flist, int ftype); -static int test_substring_filter(Backend *be, + Entry *e, Filter *flist ); +static int test_filter_or( Backend *be, + Connection *conn, Operation *op, + Entry *e, Filter *flist ); +static int test_substring_filter( Backend *be, Connection *conn, Operation *op, Entry *e, Filter *f); +#ifdef SLAPD_SCHEMA_NOT_COMPAT +static int test_ava_filter( Backend *be, + Connection *conn, Operation *op, + Entry *e, AttributeAssertion *ava, int type ); +static int test_mra_filter( Backend *be, + Connection *conn, Operation *op, + Entry *e, MatchingRuleAssertion *mra ); +static int test_presence_filter( Backend *be, + Connection *conn, Operation *op, + Entry *e, AttributeDescription *desc ); +#else static int test_ava_filter(Backend *be, Connection *conn, Operation *op, Entry *e, Ava *ava, int type); @@ -33,13 +47,15 @@ static int test_approx_filter(Backend *be, static int test_presence_filter(Backend *be, Connection *conn, Operation *op, Entry *e, char *type); +#endif + /* * test_filter - test a filter against a single entry. * returns: - * 0 filter matched - * -1 filter did not match - * >0 an ldap error code + * LDAP_COMPARE_TRUE filter matched + * LDAP_COMPARE_FALSE filter did not match + * or an ldap error code */ int @@ -58,8 +74,13 @@ test_filter( switch ( f->f_choice ) { case LDAP_FILTER_EQUALITY: Debug( LDAP_DEBUG_FILTER, " EQUALITY\n", 0, 0, 0 ); +#ifdef SLAPD_SCHEMA_NOT_COMPAT + rc = test_ava_filter( be, conn, op, e, f->f_ava, + LDAP_FILTER_EQUALITY ); +#else rc = test_ava_filter( be, conn, op, e, &f->f_ava, LDAP_FILTER_EQUALITY ); +#endif break; case LDAP_FILTER_SUBSTRINGS: @@ -68,42 +89,82 @@ test_filter( break; case LDAP_FILTER_GE: +#ifdef SLAPD_SCHEMA_NOT_COMPAT + rc = test_ava_filter( be, conn, op, e, f->f_ava, + LDAP_FILTER_GE ); +#else Debug( LDAP_DEBUG_FILTER, " GE\n", 0, 0, 0 ); rc = test_ava_filter( be, conn, op, e, &f->f_ava, LDAP_FILTER_GE ); +#endif break; case LDAP_FILTER_LE: +#ifdef SLAPD_SCHEMA_NOT_COMPAT + rc = test_ava_filter( be, conn, op, e, f->f_ava, + LDAP_FILTER_LE ); +#else Debug( LDAP_DEBUG_FILTER, " LE\n", 0, 0, 0 ); rc = test_ava_filter( be, conn, op, e, &f->f_ava, LDAP_FILTER_LE ); +#endif break; case LDAP_FILTER_PRESENT: Debug( LDAP_DEBUG_FILTER, " PRESENT\n", 0, 0, 0 ); +#ifdef SLAPD_SCHEMA_NOT_COMPAT + rc = test_presence_filter( be, conn, op, e, f->f_desc ); +#else rc = test_presence_filter( be, conn, op, e, f->f_type ); +#endif break; case LDAP_FILTER_APPROX: Debug( LDAP_DEBUG_FILTER, " APPROX\n", 0, 0, 0 ); +#ifdef SLAPD_SCHEMA_NOT_COMPAT + rc = test_ava_filter( be, conn, op, e, f->f_ava, + LDAP_FILTER_APPROX ); +#else rc = test_approx_filter( be, conn, op, e, &f->f_ava ); +#endif break; case LDAP_FILTER_AND: Debug( LDAP_DEBUG_FILTER, " AND\n", 0, 0, 0 ); - rc = test_filter_list( be, conn, op, e, f->f_and, - LDAP_FILTER_AND ); + rc = test_filter_and( be, conn, op, e, f->f_and ); break; case LDAP_FILTER_OR: Debug( LDAP_DEBUG_FILTER, " OR\n", 0, 0, 0 ); - rc = test_filter_list( be, conn, op, e, f->f_or, - LDAP_FILTER_OR ); + rc = test_filter_or( be, conn, op, e, f->f_or ); break; case LDAP_FILTER_NOT: Debug( LDAP_DEBUG_FILTER, " NOT\n", 0, 0, 0 ); - rc = (! test_filter( be, conn, op, e, f->f_not ) ); + rc = test_filter( be, conn, op, e, f->f_not ); + + switch( rc ) { + case LDAP_COMPARE_TRUE: + rc = LDAP_COMPARE_FALSE; + break; + case LDAP_COMPARE_FALSE: + rc = LDAP_COMPARE_TRUE; + break; + } + break; + + case LDAP_FILTER_EXT: + Debug( LDAP_DEBUG_FILTER, " EXT\n", 0, 0, 0 ); +#if SLAPD_SCHEMA_NOT_COMPAT && notyet + rc = test_mra_filter( be, conn, op, e, f->f_mra ); +#else + rc = -1; +#endif + break; + + case 0: + Debug( LDAP_DEBUG_FILTER, " UNDEFINED\n", 0, 0, 0 ); + rc = -1; break; default: @@ -116,27 +177,44 @@ test_filter( return( rc ); } + static int test_ava_filter( Backend *be, Connection *conn, Operation *op, Entry *e, +#ifdef SLAPD_SCHEMA_NOT_COMPAT + AttributeAssertion *ava, +#else Ava *ava, +#endif int type ) { - int i, rc; + int i; Attribute *a; +#ifdef SLAPD_SCHEMA_NOT_COMPAT + if ( be != NULL && ! access_allowed( be, conn, op, e, + ava->aa_desc->ad_type->sat_cname, ava->aa_value, ACL_SEARCH ) ) +#else + int rc; + if ( be != NULL && ! access_allowed( be, conn, op, e, ava->ava_type, &ava->ava_value, ACL_SEARCH ) ) +#endif { return( -2 ); } - if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) { - return( -1 ); +#ifdef SLAPD_SCHEMA_NOT_COMPAT + if ( (a = attr_find( e->e_attrs, ava->aa_desc->ad_cname->bv_val )) == NULL ) +#else + if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) +#endif + { + return LDAP_COMPARE_FALSE; } #ifdef SLAPD_SCHEMA_NOT_COMPAT @@ -150,53 +228,72 @@ test_ava_filter( for ( i = 0; a->a_vals[i] != NULL; i++ ) { #ifdef SLAPD_SCHEMA_NOT_COMPAT /* not yet implemented */ + int rc; #else - rc = value_cmp( a->a_vals[i], &ava->ava_value, a->a_syntax, + int rc = value_cmp( a->a_vals[i], &ava->ava_value, a->a_syntax, 3 ); #endif switch ( type ) { case LDAP_FILTER_EQUALITY: + case LDAP_FILTER_APPROX: if ( rc == 0 ) { - return( 0 ); + return LDAP_COMPARE_TRUE; } break; case LDAP_FILTER_GE: if ( rc >= 0 ) { - return( 0 ); + return LDAP_COMPARE_TRUE; } break; case LDAP_FILTER_LE: if ( rc <= 0 ) { - return( 0 ); + return LDAP_COMPARE_TRUE; } break; } } - return( 1 ); + return( LDAP_COMPARE_FALSE ); } + static int test_presence_filter( Backend *be, Connection *conn, Operation *op, Entry *e, +#ifdef SLAPD_SCHEMA_NOT_COMPAT + AttributeDescription *desc +#else char *type +#endif ) { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + if ( be != NULL && ! access_allowed( be, conn, op, e, + desc->ad_type->sat_cname, NULL, ACL_SEARCH ) ) +#else if ( be != NULL && ! access_allowed( be, conn, op, e, type, NULL, ACL_SEARCH ) ) +#endif { return( -2 ); } - return( attr_find( e->e_attrs, type ) != NULL ? 0 : -1 ); +#ifdef SLAPD_SCHEMA_NOT_COMPAT + return attr_find( e->e_attrs, desc->ad_cname->bv_val ) != NULL +#else + return attr_find( e->e_attrs, type ) != NULL +#endif + ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE; } +#ifndef SLAPD_SCHEMA_NOT_COMPAT + static int test_approx_filter( Backend *be, @@ -217,7 +314,7 @@ test_approx_filter( } if ( (a = attr_find( e->e_attrs, ava->ava_type )) == NULL ) { - return( -1 ); + return LDAP_COMPARE_FALSE; } /* for each value in the attribute */ @@ -267,43 +364,73 @@ test_approx_filter( * have a match. */ if ( w1 == NULL ) { - return( 0 ); + return LDAP_COMPARE_TRUE; } } - return( 1 ); + return LDAP_COMPARE_FALSE; } +#endif + static int -test_filter_list( +test_filter_and( Backend *be, Connection *conn, Operation *op, Entry *e, - Filter *flist, - int ftype + Filter *flist ) { - int nomatch; Filter *f; + int rtn = LDAP_COMPARE_TRUE; - Debug( LDAP_DEBUG_FILTER, "=> test_filter_list\n", 0, 0, 0 ); + Debug( LDAP_DEBUG_FILTER, "=> test_filter_and\n", 0, 0, 0 ); - nomatch = 1; for ( f = flist; f != NULL; f = f->f_next ) { - if ( test_filter( be, conn, op, e, f ) != 0 ) { - if ( ftype == LDAP_FILTER_AND ) { - Debug( LDAP_DEBUG_FILTER, - "<= test_filter_list 1\n", 0, 0, 0 ); - return( 1 ); - } - } else { - nomatch = 0; + int rc = test_filter( be, conn, op, e, f ); + + if ( rc == LDAP_COMPARE_FALSE ) { + rtn = LDAP_COMPARE_FALSE; + break; + } + if ( rc != LDAP_COMPARE_TRUE ) { + rtn = rc; + } + } + + Debug( LDAP_DEBUG_FILTER, "<= test_filter_and %d\n", rtn, 0, 0 ); + return rtn; +} + +static int +test_filter_or( + Backend *be, + Connection *conn, + Operation *op, + Entry *e, + Filter *flist +) +{ + Filter *f; + int rtn = LDAP_COMPARE_FALSE; + + Debug( LDAP_DEBUG_FILTER, "=> test_filter_or\n", 0, 0, 0 ); + + for ( f = flist; f != NULL; f = f->f_next ) { + int rc = test_filter( be, conn, op, e, f ); + + if ( rc == LDAP_COMPARE_TRUE ) { + rtn = LDAP_COMPARE_TRUE; + break; + } + if ( rc != LDAP_COMPARE_TRUE ) { + rtn = rc; } } - Debug( LDAP_DEBUG_FILTER, "<= test_filter_list %d\n", nomatch, 0, 0 ); - return( nomatch ); + Debug( LDAP_DEBUG_FILTER, "<= test_filter_or %d\n", rtn, 0, 0 ); + return rtn; } #ifndef SLAPD_SCHEMA_NOT_COMPAT @@ -365,7 +492,7 @@ test_substring_filter( } if ( (a = attr_find( e->e_attrs, f->f_sub_type )) == NULL ) { - return( -1 ); + return LDAP_COMPARE_FALSE; } if ( a->a_syntax & SYNTAX_BIN ) { @@ -456,7 +583,7 @@ test_substring_filter( } if ( rc == 1 ) { regfree(&re); - return( 0 ); + return LDAP_COMPARE_TRUE; } } @@ -464,5 +591,5 @@ test_substring_filter( #endif Debug( LDAP_DEBUG_FILTER, "end test_substring_filter 1\n", 0, 0, 0 ); - return( 1 ); + return LDAP_COMPARE_FALSE; } diff --git a/servers/slapd/libslapd.dsp b/servers/slapd/libslapd.dsp index fa3e332047..66fe20901e 100644 --- a/servers/slapd/libslapd.dsp +++ b/servers/slapd/libslapd.dsp @@ -136,6 +136,10 @@ SOURCE=.\aclparse.c # End Source File # Begin Source File +SOURCE=.\ad.c +# End Source File +# Begin Source File + SOURCE=.\add.c # End Source File # Begin Source File diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index f8392e8f03..98a3bda3bd 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -143,7 +143,10 @@ do_modify( rc = LDAP_PROTOCOL_ERROR; goto cleanup; } + +#ifndef SLAPD_SCHEMA_NOT_COMPAT attr_normalize( (*modtail)->ml_type ); +#endif modtail = &(*modtail)->ml_next; } diff --git a/servers/slapd/nt_svc.c b/servers/slapd/nt_svc.c index 6eb5730dba..4349def634 100644 --- a/servers/slapd/nt_svc.c +++ b/servers/slapd/nt_svc.c @@ -1,4 +1,8 @@ /* $OpenLDAP$ */ +/* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ #include "portable.h" #include diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 0fdac434cb..d3360fd622 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -10,6 +10,17 @@ LDAP_BEGIN_DECL +#ifdef SLAPD_SCHEMA_NOT_COMPAT +LIBSLAPD_F (int) slap_bv2ad LDAP_P(( + struct berval *bv, + AttributeDescription **ad, + char **text )); + +LIBSLAPD_F (void) ad_free LDAP_P(( + AttributeDescription *desc, + int freeit )); +#endif + /* * acl.c */ @@ -83,9 +94,17 @@ LIBSLAPD_F (char *) at_canonical_name LDAP_P(( const char * a_type )); /* * ava.c */ - +#ifdef SLAPD_SCHEMA_NOT_COMPAT +LIBSLAPD_F (int) get_ava LDAP_P(( + BerElement *ber, + AttributeAssertion *ava )); +LIBSLAPD_F (void) ava_free LDAP_P(( + AttributeAssertion *ava, + int freeit )); +#else LIBSLAPD_F (int) get_ava LDAP_P(( BerElement *ber, Ava *ava )); LIBSLAPD_F (void) ava_free LDAP_P(( Ava *ava, int freeit )); +#endif /* * backend.c diff --git a/servers/slapd/result.c b/servers/slapd/result.c index f90c92e930..2dc83b3689 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -1,5 +1,9 @@ /* result.c - routines to send ldap results, errors, and referrals */ /* $OpenLDAP$ */ +/* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ #include "portable.h" diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c index 25bbd5486a..433cabae19 100644 --- a/servers/slapd/schema_check.c +++ b/servers/slapd/schema_check.c @@ -16,8 +16,14 @@ #include "slap.h" #include "ldap_pvt.h" -static char * oc_check_required(Entry *e, char *ocname); -static int oc_check_allowed(char *type, struct berval **ocl); +#ifdef SLAPD_SCHEMA_NOT_COMPAT +static int oc_check_allowed( + AttributeType *type, + struct berval **oclist ); +#else +static int oc_check_allowed(char *type, struct berval **oclist); +#endif +static char * oc_check_required(Entry *e, struct berval *ocname); /* * entry_schema_check - check that entry e conforms to the schema required @@ -52,7 +58,7 @@ schema_check_entry( Entry *e ) } else { - char *s = oc_check_required( e, aoc->a_vals[i]->bv_val ); + char *s = oc_check_required( e, aoc->a_vals[i] ); if (s != NULL) { Debug( LDAP_DEBUG_ANY, @@ -90,7 +96,7 @@ schema_check_entry( Entry *e ) } static char * -oc_check_required( Entry *e, char *ocname ) +oc_check_required( Entry *e, struct berval *ocname ) { ObjectClass *oc; AttributeType *at; @@ -102,7 +108,7 @@ oc_check_required( Entry *e, char *ocname ) e->e_dn, ocname, 0 ); /* find global oc defn. it we don't know about it assume it's ok */ - if ( (oc = oc_find( ocname )) == NULL ) { + if ( (oc = oc_find( ocname->bv_val )) == NULL ) { return( 0 ); } @@ -146,11 +152,15 @@ oc_check_required( Entry *e, char *ocname ) } /* not there => schema violation */ if ( a == NULL ) { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + return at->sat_cname; +#else if ( at->sat_names && at->sat_names[0] ) { return at->sat_names[0]; } else { return at->sat_oid; } +#endif } } @@ -158,13 +168,32 @@ oc_check_required( Entry *e, char *ocname ) } static int -oc_check_allowed( char *type, struct berval **ocl ) +oc_check_allowed( +#ifdef SLAPD_SCHEMA_NOT_COMPAT + AttributeType *at, +#else + char *type, +#endif + struct berval **ocl ) { ObjectClass *oc; - AttributeType *at; int i, j; + +#ifdef SLAPD_SCHEMA_NOT_COMPAT + Debug( LDAP_DEBUG_TRACE, + "oc_check_allowed type \"%s\"\n", + at->sat_cname, 0, 0 ); + + /* always allow objectclass attribute */ + if ( strcasecmp( at->sat_cname, "objectclass" ) == 0 ) { + return( 0 ); + } + +#else + AttributeType *at; char **pp; - char *p, *t; + char *p; + char *t; Debug( LDAP_DEBUG_TRACE, "oc_check_allowed type \"%s\"\n", type, 0, 0 ); @@ -173,9 +202,13 @@ oc_check_allowed( char *type, struct berval **ocl ) if ( strcasecmp( type, "objectclass" ) == 0 ) { return( 0 ); } +#endif -#ifndef SLAPD_SCHEMA_NOT_COMPAT - /* Treat any attribute type with option as an unknown attribute type */ +#ifdef SLAPD_SCHEMA_NOT_COMPAT + if( is_at_operational(at) ) { + return 0; + } +#else /* * The "type" we have received is actually an AttributeDescription. * Let's find out the corresponding type. @@ -190,18 +223,17 @@ oc_check_allowed( char *type, struct berval **ocl ) t, type, 0 ); } else -#endif { t = type; } - /* * All operational attributions are allowed by schema rules. */ if ( oc_check_op_attr( t ) ) { return( 0 ); } +#endif /* check that the type appears as req or opt in at least one oc */ for ( i = 0; ocl[i] != NULL; i++ ) { @@ -209,7 +241,13 @@ oc_check_allowed( char *type, struct berval **ocl ) if ( (oc = oc_find( ocl[i]->bv_val )) != NULL ) { /* does it require the type? */ for ( j = 0; oc->soc_required != NULL && - oc->soc_required[j] != NULL; j++ ) { + oc->soc_required[j] != NULL; j++ ) + { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + if( at == oc->soc_required[j] ) { + return 0; + } +#else at = oc->soc_required[j]; if ( at->sat_oid && strcmp(at->sat_oid, t ) == 0 ) { @@ -228,10 +266,17 @@ oc_check_allowed( char *type, struct berval **ocl ) } pp++; } +#endif } /* does it allow the type? */ for ( j = 0; oc->soc_allowed != NULL && - oc->soc_allowed[j] != NULL; j++ ) { + oc->soc_allowed[j] != NULL; j++ ) + { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + if( at == oc->soc_allowed[j] ) { + return 0; + } +#else at = oc->soc_allowed[j]; if ( at->sat_oid && strcmp( at->sat_oid, t ) == 0 ) { @@ -251,6 +296,7 @@ oc_check_allowed( char *type, struct berval **ocl ) } pp++; } +#endif } /* maybe the next oc allows it */ @@ -264,8 +310,11 @@ oc_check_allowed( char *type, struct berval **ocl ) } } +#ifndef SLAPD_SCHEMA_NOT_COMPAT if ( t != type ) ldap_memfree( t ); +#endif + /* not allowed by any oc */ return( 1 ); } diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index f88ec4318e..f5c7e686ff 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -129,7 +129,7 @@ UTF8StringNormalize( return 0; } -static int +int IA5StringValidate( Syntax *syntax, struct berval *val ) diff --git a/servers/slapd/schemaparse.c b/servers/slapd/schemaparse.c index d85f33ed6c..25374fee69 100644 --- a/servers/slapd/schemaparse.c +++ b/servers/slapd/schemaparse.c @@ -189,11 +189,11 @@ find_oidm(char *oid) if ((pos = dscompare(om->som_name, oid, ':'))) { suflen = strlen(oid + pos); - new = ch_calloc(1, om->som_oidlen + suflen + 1); - strcpy(new, om->som_oid); + new = ch_calloc(1, om->som_oid.bv_len + suflen + 1); + strcpy(new, om->som_oid.bv_val); if (suflen) { - suflen = om->som_oidlen; + suflen = om->som_oid.bv_len; new[suflen++] = '.'; strcpy(new+suflen, oid+pos+1); } @@ -222,19 +222,19 @@ usage: fprintf( stderr, "ObjectIdentifier \n"); om = (OidMacro *) ch_malloc( sizeof(OidMacro) ); om->som_name = ch_strdup( argv[1] ); - om->som_oid = find_oidm( argv[2] ); + om->som_oid.bv_val = find_oidm( argv[2] ); - if (!om->som_oid) { + if (!om->som_oid.bv_val) { fprintf( stderr, "%s: line %d: OID %s not recognized\n", fname, lineno, argv[2] ); goto usage; } - if (om->som_oid == argv[2]) { - om->som_oid = ch_strdup( argv[2] ); + if (om->som_oid.bv_val == argv[2]) { + om->som_oid.bv_val = ch_strdup( argv[2] ); } - om->som_oidlen = strlen( om->som_oid ); + om->som_oid.bv_len = strlen( om->som_oid.bv_val ); om->som_next = om_list; om_list = om; } diff --git a/servers/slapd/search.c b/servers/slapd/search.c index 6fc3101c17..2c3f42707c 100644 --- a/servers/slapd/search.c +++ b/servers/slapd/search.c @@ -1,5 +1,9 @@ /* $OpenLDAP$ */ /* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ +/* Portions * Copyright (c) 1995 Regents of the University of Michigan. * All rights reserved. * @@ -153,7 +157,9 @@ do_search( if ( attrs != NULL ) { for ( i = 0; attrs[i] != NULL; i++ ) { +#ifndef SLAPD_SCHEMA_NOT_COMPAT attr_normalize( attrs[i] ); +#endif Debug( LDAP_DEBUG_ARGS, " %s", attrs[i], 0, 0 ); } } diff --git a/servers/slapd/shell-backends/passwd-shell.c b/servers/slapd/shell-backends/passwd-shell.c index d7f7b191cf..ef3ab616df 100644 --- a/servers/slapd/shell-backends/passwd-shell.c +++ b/servers/slapd/shell-backends/passwd-shell.c @@ -112,8 +112,8 @@ pwdfile_search( struct ldop *op, FILE *ofp ) write_entry( op, entry, ofp ); break; } - } else if ( test_filter( op, entry )) { - write_entry( op, entry, ofp ); + } else if ( test_filter( op, entry ) == LDAP_COMPARE_TRUE ) { + write_entry( op, entry, ofp ); } free_entry( entry ); } diff --git a/servers/slapd/shell-backends/shellutil.c b/servers/slapd/shell-backends/shellutil.c index d05ec73895..7a1cb7be85 100644 --- a/servers/slapd/shell-backends/shellutil.c +++ b/servers/slapd/shell-backends/shellutil.c @@ -89,7 +89,8 @@ write_entry( struct ldop *op, struct ldentry *entry, FILE *ofp ) int test_filter( struct ldop *op, struct ldentry *entry ) { - return (( random() & 0x07 ) == 0x07 ); /* XXX random for now */ + return ((random() & 0x07 ) == 0x07) /* XXX random for now */ + ? LDAP_COMPARE_TRUE : LDAP_COMPARE_FALSE; } diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 8403bfc0f5..36f1649062 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -122,8 +122,7 @@ LIBSLAPD_F (int) slap_debug; typedef struct slap_oid_macro { char *som_name; - char *som_oid; - int som_oidlen; + struct berval som_oid; struct slap_oid_macro *som_next; } OidMacro; @@ -220,8 +219,10 @@ typedef struct slap_attribute_type { MatchingRule *sat_ordering; MatchingRule *sat_substr; Syntax *sat_syntax; +#ifndef SLAPD_SCHEMA_NOT_COMPAT /* The next one is created to help in the transition */ int sat_syntax_compat; +#endif struct slap_attribute_type *sat_next; #define sat_oid sat_atype.at_oid #define sat_names sat_atype.at_names @@ -260,33 +261,6 @@ typedef struct slap_object_class { } ObjectClass; -struct slap_op; -struct slap_conn; - -struct replog_moddn { - char *newrdn; - int deloldrdn; - char *newsup; -}; - -/* - * represents an attribute value assertion (i.e., attr;option=value) - */ -typedef struct slap_ava { - char *ava_type; /* attribute description */ - struct berval ava_value; -} Ava; - -/* - * represents an matching rule assertion - */ -typedef struct slap_mra { - char *mra_rule; /* optional */ - char *mra_type; /* attribute description -- optional */ - int mra_dnattrs; - struct berval *mra_value; -} Mra; - #ifdef SLAPD_SCHEMA_NOT_COMPAT /* * represents a recognized attribute description ( type + options ) @@ -301,16 +275,44 @@ typedef struct slap_attr_desc { } AttributeDescription; typedef struct slap_attr_assertion { - AttributeDescription aa_desc; + AttributeDescription *aa_desc; struct berval *aa_value; } AttributeAssertion; +typedef struct slap_ss_assertion { + AttributeDescription *sa_desc; + struct berval *sa_initial; + struct berval **sa_any; + struct berval *sa_final; +} SubstringAssertion; + typedef struct slap_mr_assertion { char *ma_rule; /* optional */ AttributeDescription *ma_desc; /* optional */ int ma_dnattrs; /* boolean */ struct berval *ma_value; /* required */ } MatchingRuleAssertion; + +#else + +/* + * represents an attribute value assertion (i.e., attr;option=value) + */ +typedef struct slap_ava { + char *ava_type; /* attribute description */ + struct berval ava_value; +} Ava; + +/* + * represents an matching rule assertion + */ +typedef struct slap_mra { + char *mra_rule; /* optional */ + char *mra_type; /* attribute description -- optional */ + int mra_dnattrs; + struct berval *mra_value; +} Mra; + #endif /* @@ -320,6 +322,41 @@ typedef struct slap_filter { ber_tag_t f_choice; /* values taken from ldap.h */ union f_un_u { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + /* DN */ + char *f_un_dn; + + /* present */ + AttributeDescription *f_un_desc; + + /* simple value assertion */ + AttributeAssertion *f_un_ava; + + /* substring assertion */ + SubstringAssertion *f_un_ssa; + + /* matching rule assertion */ + MatchingRuleAssertion *f_un_mra; + + /* and, or, not */ + struct slap_filter *f_un_complex; + +#define f_dn f_un.f_un_dn +#define f_desc f_un.f_un_desc +#define f_ava f_un.f_un_ava +#define f_av_desc f_un.f_un_ava->aa_desc +#define f_av_value f_un.f_un_ava->aa_value +#define f_sub f_un.f_un_ssa +#define f_sub_desc f_un.f_un_ssa->sa_desc +#define f_sub_initial f_un.f_un_ssa->sa_initial +#define f_sub_any f_un.f_un_ssa->sa_any +#define f_sub_final f_un.f_un_ssa->sa_final +#define f_mra f_un.f_un_mra +#define f_mr_rule f_un.f_un_mra->ma_rule +#define f_mr_desc f_un.f_un_mra->ma_desc +#define f_mr_value f_un.f_un_mra->ma_value +#define f_mr_dnaddrs f_un.f_un_mra->ma_dnattrs +#else /* present */ char *f_un_type; @@ -329,7 +366,7 @@ typedef struct slap_filter { /* extensible */ Mra f_un_fra; - /* and, or, not */ + /* and, or, not, list */ struct slap_filter *f_un_complex; /* substrings */ @@ -340,7 +377,6 @@ typedef struct slap_filter { struct berval **f_un_sub_any; struct berval *f_un_sub_final; } f_un_sub; - } f_un; #define f_dn f_un.f_un_type /* used for DN indices */ #define f_type f_un.f_un_type @@ -351,15 +387,18 @@ typedef struct slap_filter { #define f_mrtype f_un.f_un_mra.mra_type #define f_mrvalue f_un.f_un_mra.mra_value #define f_mrdnaddrs f_un.f_un_mra.mra_dnattrs -#define f_and f_un.f_un_complex -#define f_or f_un.f_un_complex -#define f_not f_un.f_un_complex -#define f_list f_un.f_un_complex #define f_sub f_un.f_un_sub #define f_sub_type f_un.f_un_sub.f_un_sub_type #define f_sub_initial f_un.f_un_sub.f_un_sub_initial #define f_sub_any f_un.f_un_sub.f_un_sub_any #define f_sub_final f_un.f_un_sub.f_un_sub_final +#endif + } f_un; + +#define f_and f_un.f_un_complex +#define f_or f_un.f_un_complex +#define f_not f_un.f_un_complex +#define f_list f_un.f_un_complex struct slap_filter *f_next; } Filter; @@ -561,6 +600,13 @@ typedef struct ldapmodlist { #define ml_bvalues ml_mod.mod_bvalues } LDAPModList; + +struct replog_moddn { + char *newrdn; + int deloldrdn; + char *newsup; +}; + /* * Backend-info * represents a backend @@ -659,6 +705,9 @@ struct slap_backend_db { void *be_private; /* anything the backend database needs */ }; +struct slap_conn; +struct slap_op; + typedef int (*SLAP_EXTENDED_FN) LDAP_P(( Backend *be, struct slap_conn *conn, @@ -742,9 +791,15 @@ struct slap_backend_info { int slimit, int tlimit, Filter *f, char *filterstr, char **attrs, int attrsonly)); +#ifdef SLAPD_SCHEMA_NOT_COMPAT + int (*bi_op_compare)LDAP_P((BackendDB *bd, + struct slap_conn *c, struct slap_op *o, + char *dn, char *ndn, AttributeAssertion *ava)); +#else int (*bi_op_compare)LDAP_P((BackendDB *bd, struct slap_conn *c, struct slap_op *o, char *dn, char *ndn, Ava *ava)); +#endif int (*bi_op_modify) LDAP_P((BackendDB *bd, struct slap_conn *c, struct slap_op *o, char *dn, char *ndn, LDAPModList *m)); diff --git a/servers/slapd/str2filter.c b/servers/slapd/str2filter.c index f0e332b4c8..b4fbcac553 100644 --- a/servers/slapd/str2filter.c +++ b/servers/slapd/str2filter.c @@ -24,6 +24,10 @@ static int str2subvals(char *val, Filter *f); Filter * str2filter( char *str ) { +#ifdef SLAPD_SCHEMA_NOT_COMPAT + /* not yet implemented */ + return NULL; +#else Filter *f = NULL; char *end, *freeme; @@ -90,8 +94,10 @@ str2filter( char *str ) free( freeme ); return( f ); +#endif } +#ifndef SLAPD_SCHEMA_NOT_COMPAT /* * Put a list of filters like this "(filter1)(filter2)..." */ @@ -270,3 +276,5 @@ find_matching_paren( char *s ) return( NULL ); } + +#endif diff --git a/servers/slapd/tools/Makefile.in b/servers/slapd/tools/Makefile.in index f450db9f46..183275d27d 100644 --- a/servers/slapd/tools/Makefile.in +++ b/servers/slapd/tools/Makefile.in @@ -52,7 +52,7 @@ QUIPUSRCS = edb2ldif.c ldapsyntax.c chlog2replog.c SLAPD_OBJS = ../config.o ../ch_malloc.o ../backend.o ../charray.o \ ../module.o ../aclparse.o ../filterentry.o \ ../schema.o ../schema_check.o ../schema_init.o ../schemaparse.o \ - ../at.o ../mr.o ../oc.o ../syntax.o \ + ../ad.o ../at.o ../mr.o ../oc.o ../syntax.o \ ../acl.o ../phonetic.o ../attr.o ../value.o ../entry.o \ ../dn.o ../filter.o ../str2filter.o ../ava.o ../init.o \ ../controls.o ../kerberos.o ../passwd.o \ diff --git a/servers/slapd/tools/slapindex.c b/servers/slapd/tools/slapindex.c index ba63e70799..a3e33cadf3 100644 --- a/servers/slapd/tools/slapindex.c +++ b/servers/slapd/tools/slapindex.c @@ -38,7 +38,11 @@ main( int argc, char **argv ) exit( EXIT_FAILURE ); } +#ifdef SLAPD_SCHEMA_NOT_COMPAT + type = argv[argc - 1]; +#else type = attr_normalize( argv[argc - 1] ); +#endif if ( !be->be_index_attr( be, type ) ) { fprintf( stderr, "attribute type \"%s\": no indices to generate\n", -- 2.39.5