From aa9612f0519762979d9ec38256a3bf6c28616ee4 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Thu, 10 Jan 2002 06:30:26 +0000 Subject: [PATCH] add system schema checks --- servers/slapd/schema.c | 8 +++--- servers/slapd/schema_check.c | 10 ++++++- servers/slapd/schema_prep.c | 54 ++++++++++++++++++++++++++++++------ 3 files changed, 58 insertions(+), 14 deletions(-) diff --git a/servers/slapd/schema.c b/servers/slapd/schema.c index e7e38a087f..469de9a2b4 100644 --- a/servers/slapd/schema.c +++ b/servers/slapd/schema.c @@ -39,16 +39,16 @@ schema_info( Entry **entry, const char **text ) (void) dnNormalize2( NULL, &e->e_name, &e->e_nname ); e->e_private = NULL; - vals[0].bv_val = "LDAPsubentry"; - vals[0].bv_len = sizeof("LDAPsubentry")-1; + vals[0].bv_val = "subentry"; + vals[0].bv_len = sizeof("subentry")-1; attr_merge( e, ad_structuralObjectClass, vals ); vals[0].bv_val = "top"; vals[0].bv_len = sizeof("top")-1; attr_merge( e, ad_objectClass, vals ); - vals[0].bv_val = "LDAPsubentry"; - vals[0].bv_len = sizeof("LDAPsubentry")-1; + vals[0].bv_val = "subentry"; + vals[0].bv_len = sizeof("subentry")-1; attr_merge( e, ad_objectClass, vals ); vals[0].bv_val = "subschema"; diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c index da711a9ec8..81ef656276 100644 --- a/servers/slapd/schema_check.c +++ b/servers/slapd/schema_check.c @@ -204,8 +204,16 @@ entry_schema_check( #endif return LDAP_OBJECT_CLASS_VIOLATION; + } - } else if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) { + if ( oc->sco_check ) { + int rc = (oc->sco_check)( e, oc, + text, textbuf, textlen ); + if( rc != LDAP_SUCCESS ) { + return rc; + } + } + if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) { /* object class is abstract */ if ( oc != slap_schema.si_oc_top && !is_object_subclass( oc, sc )) diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index 9ee09073f8..798f5982fc 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -115,6 +115,9 @@ structuralObjectClassMatch( return LDAP_SUCCESS; } +static ObjectClassSchemaCheckFN rootDseObjectClass; +static ObjectClassSchemaCheckFN subentryObjectClass; + static struct slap_schema_oc_map { char *ssom_name; char *ssom_defn; @@ -142,8 +145,8 @@ static struct slap_schema_oc_map { { "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 " "NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) " "DESC 'OpenLDAP Root DSE object' " - "SUP top STRUCTURAL MAY cn )", - 0, offsetof(struct slap_internal_schema, si_oc_rootdse) }, + "SUP top STRUCTURAL MAY cn )", rootDseObjectClass, + offsetof(struct slap_internal_schema, si_oc_rootdse) }, { "subentry", "( 2.5.20.0 NAME 'subentry' " "SUP top STRUCTURAL " "MUST ( cn $ subtreeSpecification ) )", @@ -153,12 +156,11 @@ static struct slap_schema_oc_map { "AUXILIARY " "MAY ( dITStructureRules $ nameForms $ ditContentRules $ " "objectClasses $ attributeTypes $ matchingRules $ " - "matchingRuleUse ) )", - 0, offsetof(struct slap_internal_schema, si_oc_subschema) }, + "matchingRuleUse ) )", subentryObjectClass, + offsetof(struct slap_internal_schema, si_oc_subschema) }, { "collectiveAttributes", "( 2.5.20.2 " "NAME 'collectiveAttributes' " - "AUXILIARY )", - 0, + "AUXILIARY )", subentryObjectClass, offsetof(struct slap_internal_schema, si_oc_collectiveAttributes) }, { NULL, 0 } }; @@ -704,6 +706,40 @@ slap_schema_check( void ) return LDAP_SUCCESS; } +static int rootDseObjectClass ( + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + if( e->e_nname.bv_len ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" only allowed in the root DSE", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + /* we should not be called for the root DSE */ + assert( 0 ); + return LDAP_SUCCESS; +} + +static int subentryObjectClass ( + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + if( !is_entry_subentry( e ) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" only allowed in subentries", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + return LDAP_SUCCESS; +} + static int rootDseAttribute ( Entry *e, Attribute *attr, @@ -713,7 +749,7 @@ static int rootDseAttribute ( *text = textbuf; if( e->e_nname.bv_len ) { snprintf( textbuf, textlen, - "attribute \"%s\"only allowed in the root DSE", + "attribute \"%s\" only allowed in the root DSE", attr->a_desc->ad_cname.bv_val ); return LDAP_OBJECT_CLASS_VIOLATION; } @@ -732,7 +768,7 @@ static int subentryAttribute ( *text = textbuf; if( !is_entry_subentry( e ) ) { snprintf( textbuf, textlen, - "attribute \"%s\"only allowed in the subentry", + "attribute \"%s\" only allowed in the subentry", attr->a_desc->ad_cname.bv_val ); return LDAP_OBJECT_CLASS_VIOLATION; } @@ -749,7 +785,7 @@ static int referralAttribute ( *text = textbuf; if( !is_entry_referral( e ) ) { snprintf( textbuf, textlen, - "attribute \"%s\"only allowed in the referral", + "attribute \"%s\" only allowed in the referral", attr->a_desc->ad_cname.bv_val ); return LDAP_OBJECT_CLASS_VIOLATION; }