mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-06 10:46:21 +08:00
Move RDN checks to entry_schema_check() so that it is consistently
applied (and disabled via schemacheck off). Removed add-rdn-values flag.
This commit is contained in:
Kurt Zeilenga
parent
cb0a009dca
commit
c315e28779
@ -47,8 +47,6 @@ do_add( Connection *conn, Operation *op )
|
||||
Modifications **modtail = &modlist;
|
||||
Modifications tmp;
|
||||
const char *text;
|
||||
LDAPRDN *rdn = NULL;
|
||||
int cnt;
|
||||
int rc = LDAP_SUCCESS;
|
||||
int manageDSAit;
|
||||
#ifdef LDAP_SLAPI
|
||||
@ -201,135 +199,6 @@ do_add( Connection *conn, Operation *op )
|
||||
goto done;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get attribute type(s) and attribute value(s) of our rdn,
|
||||
*/
|
||||
if ( ldap_bv2rdn( &e->e_name, &rdn, (char **)&text,
|
||||
LDAP_DN_FORMAT_LDAP ) )
|
||||
{
|
||||
send_ldap_result( conn, op, rc = LDAP_INVALID_DN_SYNTAX,
|
||||
NULL, "unknown type(s) used in RDN",
|
||||
NULL, NULL );
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Check for RDN attrs in entry */
|
||||
for ( cnt = 0; rdn[ 0 ][ cnt ]; cnt++ ) {
|
||||
AttributeDescription *desc = NULL;
|
||||
Modifications *mod;
|
||||
MatchingRule *mr;
|
||||
int i;
|
||||
|
||||
rc = slap_bv2ad( &rdn[ 0 ][ cnt ]->la_attr,
|
||||
&desc, &text );
|
||||
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
send_ldap_result( conn, op, rc,
|
||||
NULL, text, NULL, NULL );
|
||||
goto done;
|
||||
}
|
||||
|
||||
for (mod = modlist; mod; mod = mod->sml_next) {
|
||||
AttributeDescription *mod_desc = NULL;
|
||||
|
||||
rc = slap_bv2ad( &mod->sml_type,
|
||||
&mod_desc, &text );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
send_ldap_result( conn, op, rc,
|
||||
NULL, text, NULL, NULL );
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (mod_desc == desc) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (mod == NULL) {
|
||||
if ( !global_add_rdn_values ) {
|
||||
/* bail out */
|
||||
send_ldap_result( conn, op,
|
||||
rc = LDAP_NO_SUCH_ATTRIBUTE,
|
||||
NULL,
|
||||
"RDN attribute value assertion not present in entry",
|
||||
NULL, NULL );
|
||||
goto done;
|
||||
|
||||
} else {
|
||||
struct berval bv;
|
||||
|
||||
/* add attribute type and value to modlist */
|
||||
mod = (Modifications *) ch_malloc( sizeof(Modifications) );
|
||||
|
||||
mod->sml_op = LDAP_MOD_ADD;
|
||||
mod->sml_next = NULL;
|
||||
mod->sml_desc = NULL;
|
||||
|
||||
ber_dupbv( &mod->sml_type,
|
||||
&rdn[ 0 ][ cnt ]->la_attr );
|
||||
|
||||
mod->sml_bvalues = NULL;
|
||||
ber_dupbv( &bv, &rdn[ 0 ][ cnt ]->la_value );
|
||||
ber_bvarray_add( &mod->sml_bvalues, &bv );
|
||||
|
||||
*modtail = mod;
|
||||
modtail = &mod->sml_next;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
mr = desc->ad_type->sat_equality;
|
||||
if (mr == NULL || !mr->smr_match ) {
|
||||
/* bail out */
|
||||
send_ldap_result( conn, op,
|
||||
rc = LDAP_INVALID_SYNTAX,
|
||||
NULL,
|
||||
"attribute in RDN lacks matching rule",
|
||||
NULL, NULL );
|
||||
goto done;
|
||||
}
|
||||
|
||||
for (i = 0; mod->sml_bvalues[ i ].bv_val; i++) {
|
||||
int match = 0;
|
||||
|
||||
rc = value_match(&match, desc, mr,
|
||||
SLAP_MR_VALUE_SYNTAX_MATCH,
|
||||
&mod->sml_bvalues[ i ],
|
||||
&rdn[ 0 ][ cnt ]->la_value, &text);
|
||||
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
send_ldap_result( conn, op, rc,
|
||||
NULL, text, NULL, NULL);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (match == 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* not found? */
|
||||
if (mod->sml_bvalues[ i ].bv_val == NULL) {
|
||||
if ( !global_add_rdn_values ) {
|
||||
/* bailout */
|
||||
send_ldap_result( conn, op,
|
||||
rc = LDAP_NO_SUCH_ATTRIBUTE,
|
||||
NULL,
|
||||
"value in RDN not listed in entry",
|
||||
NULL, NULL );
|
||||
goto done;
|
||||
|
||||
} else {
|
||||
struct berval bv;
|
||||
|
||||
/* add attribute type and value to modlist */
|
||||
ber_dupbv( &bv, &rdn[ 0 ][ cnt ]->la_value );
|
||||
ber_bvarray_add( &mod->sml_bvalues, &bv );
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
manageDSAit = get_manageDSAit( op );
|
||||
|
||||
/*
|
||||
|
||||
@ -1727,36 +1727,6 @@ read_config( const char *fname, int depth )
|
||||
global_schemacheck = 1;
|
||||
}
|
||||
|
||||
/* turn on/off rdn value add */
|
||||
} else if ( strcasecmp( cargv[0], "add-rdn-values" ) == 0 ) {
|
||||
if ( cargc < 2 ) {
|
||||
#ifdef NEW_LOGGING
|
||||
LDAP_LOG( CONFIG, CRIT,
|
||||
"%s: line %d: missing on|off in \"add-rdn-values <on|off>\""
|
||||
" line.\n", fname, lineno , 0 );
|
||||
#else
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: line %d: missing on|off in \"add-rdn-values <on|off>\" line\n",
|
||||
fname, lineno, 0 );
|
||||
#endif
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
if ( strcasecmp( cargv[1], "on" ) == 0 ) {
|
||||
#ifdef NEW_LOGGING
|
||||
LDAP_LOG( CONFIG, CRIT,
|
||||
"%s: line %d: add-rdn-values enabled! your mileage may vary!\n",
|
||||
fname, lineno , 0 );
|
||||
#else
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: line %d: add-rdn-values enabled! your mileage may vary!\n",
|
||||
fname, lineno, 0 );
|
||||
#endif
|
||||
global_add_rdn_values = 1;
|
||||
} else {
|
||||
global_add_rdn_values = 0;
|
||||
}
|
||||
|
||||
/* specify access control info */
|
||||
} else if ( strcasecmp( cargv[0], "access" ) == 0 ) {
|
||||
parse_acl( be, fname, lineno, cargc, cargv );
|
||||
|
||||
@ -1107,7 +1107,6 @@ LDAP_SLAPD_V (slap_access_t) global_default_access;
|
||||
LDAP_SLAPD_V (int) global_gentlehup;
|
||||
LDAP_SLAPD_V (int) global_idletimeout;
|
||||
LDAP_SLAPD_V (int) global_schemacheck;
|
||||
LDAP_SLAPD_V (int) global_add_rdn_values;
|
||||
LDAP_SLAPD_V (char *) global_host;
|
||||
LDAP_SLAPD_V (char *) global_realm;
|
||||
LDAP_SLAPD_V (char *) default_passwd_hash;
|
||||
|
||||
@ -212,11 +212,59 @@ entry_schema_check(
|
||||
|
||||
} else if ( sc != oc ) {
|
||||
snprintf( textbuf, textlen,
|
||||
"structural object class modification from '%s' to '%s' not allowed",
|
||||
"structural object class modification "
|
||||
"from '%s' to '%s' not allowed",
|
||||
asc->a_vals[0].bv_val, nsc.bv_val );
|
||||
return LDAP_NO_OBJECT_CLASS_MODS;
|
||||
}
|
||||
|
||||
{ /* naming check */
|
||||
LDAPRDN *rdn;
|
||||
const char *p;
|
||||
ber_len_t cnt;
|
||||
|
||||
/*
|
||||
* Get attribute type(s) and attribute value(s) of our RDN
|
||||
*/
|
||||
if ( ldap_bv2rdn( &e->e_name, &rdn, (char **)&p,
|
||||
LDAP_DN_FORMAT_LDAP ) )
|
||||
{
|
||||
*text = "unrecongized attribute type(s) in RDN";
|
||||
return LDAP_INVALID_DN_SYNTAX;
|
||||
}
|
||||
|
||||
/* Check that each AVA of the RDN is present in the entry */
|
||||
/* FIXME: Should also check that each AVA lists a distinct type */
|
||||
for ( cnt = 0; rdn[0][cnt]; cnt++ ) {
|
||||
LDAPAVA *ava = rdn[0][cnt];
|
||||
AttributeDescription *desc = NULL;
|
||||
Attribute *attr;
|
||||
const char *errtext;
|
||||
|
||||
rc = slap_bv2ad( &ava->la_attr, &desc, &errtext );
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
snprintf( textbuf, textlen, "%s (in RDN)", errtext );
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* find the naming attribute */
|
||||
attr = attr_find( e->e_attrs, desc );
|
||||
if ( attr == NULL ) {
|
||||
snprintf( textbuf, textlen,
|
||||
"naming attribute '%s' is not present in entry",
|
||||
ava->la_attr );
|
||||
return LDAP_NO_SUCH_ATTRIBUTE;
|
||||
}
|
||||
|
||||
if ( value_find( desc, attr->a_vals, &ava->la_value ) != 0 ) {
|
||||
snprintf( textbuf, textlen,
|
||||
"value of naming attribute '%s' is not present in entry",
|
||||
ava->la_attr );
|
||||
return LDAP_NO_SUCH_ATTRIBUTE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef SLAP_EXTENDED_SCHEMA
|
||||
/* find the content rule for the structural class */
|
||||
cr = cr_find( sc->soc_oid );
|
||||
|
||||
@ -17,7 +17,6 @@
|
||||
#include "ldap_schema.h"
|
||||
|
||||
int global_schemacheck = 1; /* schemacheck ON is default */
|
||||
int global_add_rdn_values = 0; /* bail out if rdn values do not match entry values is default */
|
||||
|
||||
static void oc_usage(void);
|
||||
static void at_usage(void);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user