From c315e28779ab1be382e60396c8922f76fe95c19c Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Fri, 7 Feb 2003 20:12:26 +0000 Subject: [PATCH] Move RDN checks to entry_schema_check() so that it is consistently applied (and disabled via schemacheck off). Removed add-rdn-values flag. --- servers/slapd/add.c | 131 ----------------------------------- servers/slapd/config.c | 30 -------- servers/slapd/proto-slap.h | 1 - servers/slapd/schema_check.c | 50 ++++++++++++- servers/slapd/schemaparse.c | 1 - 5 files changed, 49 insertions(+), 164 deletions(-) diff --git a/servers/slapd/add.c b/servers/slapd/add.c index ff1e305550..2e11d80360 100644 --- a/servers/slapd/add.c +++ b/servers/slapd/add.c @@ -47,8 +47,6 @@ do_add( Connection *conn, Operation *op ) Modifications **modtail = &modlist; Modifications tmp; const char *text; - LDAPRDN *rdn = NULL; - int cnt; int rc = LDAP_SUCCESS; int manageDSAit; #ifdef LDAP_SLAPI @@ -201,135 +199,6 @@ do_add( Connection *conn, Operation *op ) goto done; } - /* - * Get attribute type(s) and attribute value(s) of our rdn, - */ - if ( ldap_bv2rdn( &e->e_name, &rdn, (char **)&text, - LDAP_DN_FORMAT_LDAP ) ) - { - send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX, - NULL, "unknown type(s) used in RDN", - NULL, NULL ); - goto done; - } - - /* Check for RDN attrs in entry */ - for ( cnt = 0; rdn[ 0 ][ cnt ]; cnt++ ) { - AttributeDescription *desc = NULL; - Modifications *mod; - MatchingRule *mr; - int i; - - rc = slap_bv2ad( &rdn[ 0 ][ cnt ]->la_attr, - &desc, &text ); - - if ( rc != LDAP_SUCCESS ) { - send_ldap_result( conn, op, rc, - NULL, text, NULL, NULL ); - goto done; - } - - for (mod = modlist; mod; mod = mod->sml_next) { - AttributeDescription *mod_desc = NULL; - - rc = slap_bv2ad( &mod->sml_type, - &mod_desc, &text ); - if ( rc != LDAP_SUCCESS ) { - send_ldap_result( conn, op, rc, - NULL, text, NULL, NULL ); - goto done; - } - - if (mod_desc == desc) { - break; - } - } - - if (mod == NULL) { - if ( !global_add_rdn_values ) { - /* bail out */ - send_ldap_result( conn, op, - rc = LDAP_NO_SUCH_ATTRIBUTE, - NULL, - "RDN attribute value assertion not present in entry", - NULL, NULL ); - goto done; - - } else { - struct berval bv; - - /* add attribute type and value to modlist */ - mod = (Modifications *) ch_malloc( sizeof(Modifications) ); - - mod->sml_op = LDAP_MOD_ADD; - mod->sml_next = NULL; - mod->sml_desc = NULL; - - ber_dupbv( &mod->sml_type, - &rdn[ 0 ][ cnt ]->la_attr ); - - mod->sml_bvalues = NULL; - ber_dupbv( &bv, &rdn[ 0 ][ cnt ]->la_value ); - ber_bvarray_add( &mod->sml_bvalues, &bv ); - - *modtail = mod; - modtail = &mod->sml_next; - continue; - } - } - - mr = desc->ad_type->sat_equality; - if (mr == NULL || !mr->smr_match ) { - /* bail out */ - send_ldap_result( conn, op, - rc = LDAP_INVALID_SYNTAX, - NULL, - "attribute in RDN lacks matching rule", - NULL, NULL ); - goto done; - } - - for (i = 0; mod->sml_bvalues[ i ].bv_val; i++) { - int match = 0; - - rc = value_match(&match, desc, mr, - SLAP_MR_VALUE_SYNTAX_MATCH, - &mod->sml_bvalues[ i ], - &rdn[ 0 ][ cnt ]->la_value, &text); - - if ( rc != LDAP_SUCCESS ) { - send_ldap_result( conn, op, rc, - NULL, text, NULL, NULL); - goto done; - } - - if (match == 0) { - break; - } - } - - /* not found? */ - if (mod->sml_bvalues[ i ].bv_val == NULL) { - if ( !global_add_rdn_values ) { - /* bailout */ - send_ldap_result( conn, op, - rc = LDAP_NO_SUCH_ATTRIBUTE, - NULL, - "value in RDN not listed in entry", - NULL, NULL ); - goto done; - - } else { - struct berval bv; - - /* add attribute type and value to modlist */ - ber_dupbv( &bv, &rdn[ 0 ][ cnt ]->la_value ); - ber_bvarray_add( &mod->sml_bvalues, &bv ); - continue; - } - } - } - manageDSAit = get_manageDSAit( op ); /* diff --git a/servers/slapd/config.c b/servers/slapd/config.c index 4c8135d1de..052cf3e896 100644 --- a/servers/slapd/config.c +++ b/servers/slapd/config.c @@ -1727,36 +1727,6 @@ read_config( const char *fname, int depth ) global_schemacheck = 1; } - /* turn on/off rdn value add */ - } else if ( strcasecmp( cargv[0], "add-rdn-values" ) == 0 ) { - if ( cargc < 2 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: missing on|off in \"add-rdn-values \"" - " line.\n", fname, lineno , 0 ); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: missing on|off in \"add-rdn-values \" line\n", - fname, lineno, 0 ); -#endif - - return( 1 ); - } - if ( strcasecmp( cargv[1], "on" ) == 0 ) { -#ifdef NEW_LOGGING - LDAP_LOG( CONFIG, CRIT, - "%s: line %d: add-rdn-values enabled! your mileage may vary!\n", - fname, lineno , 0 ); -#else - Debug( LDAP_DEBUG_ANY, - "%s: line %d: add-rdn-values enabled! your mileage may vary!\n", - fname, lineno, 0 ); -#endif - global_add_rdn_values = 1; - } else { - global_add_rdn_values = 0; - } - /* specify access control info */ } else if ( strcasecmp( cargv[0], "access" ) == 0 ) { parse_acl( be, fname, lineno, cargc, cargv ); diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 857611a6b8..4b26475dfc 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -1107,7 +1107,6 @@ LDAP_SLAPD_V (slap_access_t) global_default_access; LDAP_SLAPD_V (int) global_gentlehup; LDAP_SLAPD_V (int) global_idletimeout; LDAP_SLAPD_V (int) global_schemacheck; -LDAP_SLAPD_V (int) global_add_rdn_values; LDAP_SLAPD_V (char *) global_host; LDAP_SLAPD_V (char *) global_realm; LDAP_SLAPD_V (char *) default_passwd_hash; diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c index 44ffbe3dbc..d2fb876ba7 100644 --- a/servers/slapd/schema_check.c +++ b/servers/slapd/schema_check.c @@ -212,11 +212,59 @@ entry_schema_check( } else if ( sc != oc ) { snprintf( textbuf, textlen, - "structural object class modification from '%s' to '%s' not allowed", + "structural object class modification " + "from '%s' to '%s' not allowed", asc->a_vals[0].bv_val, nsc.bv_val ); return LDAP_NO_OBJECT_CLASS_MODS; } + { /* naming check */ + LDAPRDN *rdn; + const char *p; + ber_len_t cnt; + + /* + * Get attribute type(s) and attribute value(s) of our RDN + */ + if ( ldap_bv2rdn( &e->e_name, &rdn, (char **)&p, + LDAP_DN_FORMAT_LDAP ) ) + { + *text = "unrecongized attribute type(s) in RDN"; + return LDAP_INVALID_DN_SYNTAX; + } + + /* Check that each AVA of the RDN is present in the entry */ + /* FIXME: Should also check that each AVA lists a distinct type */ + for ( cnt = 0; rdn[0][cnt]; cnt++ ) { + LDAPAVA *ava = rdn[0][cnt]; + AttributeDescription *desc = NULL; + Attribute *attr; + const char *errtext; + + rc = slap_bv2ad( &ava->la_attr, &desc, &errtext ); + if ( rc != LDAP_SUCCESS ) { + snprintf( textbuf, textlen, "%s (in RDN)", errtext ); + return rc; + } + + /* find the naming attribute */ + attr = attr_find( e->e_attrs, desc ); + if ( attr == NULL ) { + snprintf( textbuf, textlen, + "naming attribute '%s' is not present in entry", + ava->la_attr ); + return LDAP_NO_SUCH_ATTRIBUTE; + } + + if ( value_find( desc, attr->a_vals, &ava->la_value ) != 0 ) { + snprintf( textbuf, textlen, + "value of naming attribute '%s' is not present in entry", + ava->la_attr ); + return LDAP_NO_SUCH_ATTRIBUTE; + } + } + } + #ifdef SLAP_EXTENDED_SCHEMA /* find the content rule for the structural class */ cr = cr_find( sc->soc_oid ); diff --git a/servers/slapd/schemaparse.c b/servers/slapd/schemaparse.c index 6a621937f3..fbfd93a59b 100644 --- a/servers/slapd/schemaparse.c +++ b/servers/slapd/schemaparse.c @@ -17,7 +17,6 @@ #include "ldap_schema.h" int global_schemacheck = 1; /* schemacheck ON is default */ -int global_add_rdn_values = 0; /* bail out if rdn values do not match entry values is default */ static void oc_usage(void); static void at_usage(void); -- 2.39.5