SLAPD_SCHEMA_NOT_COMPAT:

Don't depend acl parsing upon slap_schema, it's filled in post-conf
2024-12-15 03:01:09 +08:00 · 2000-05-28 18:58:09 +00:00 · 2000-05-28 18:58:09 +00:00 · c98f0ea02c
commit c98f0ea02c
parent 9e9be9c283
4 changed files with 67 additions and 78 deletions
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@ -98,14 +98,6 @@ parse_acl(
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
 	int rc;
 	const char *text;
-	AttributeDescription *ad_distinguishedName = slap_schema.si_ad_distinguishedName;
-	AttributeDescription *ad_member = slap_schema.si_ad_member;
-#ifdef SLAPD_ACI_ENABLED
-	AttributeDescription *ad_aci = slap_schema.si_ad_aci;
-#endif
-#else
-	static char *ad_aci = "aci";
-	static char *ad_member = "member";
 #endif

 	a = NULL;
@ -343,11 +335,12 @@ parse_acl(
 					}


-					if( b->a_dn_at->ad_type->sat_syntax
-						!= ad_distinguishedName->ad_type->sat_syntax )
+					if( strcmp( b->a_dn_at->ad_type->sat_oid,
+						SLAPD_OID_DN_SYNTAX ) != 0 )
 					{
 						fprintf( stderr,
-							"%s: line %d: dnattr \"%s\": inappropriate syntax: %s\n",
+							"%s: line %d: dnattr \"%s\": "
+							"inappropriate syntax: %s\n",
 							fname, lineno, right,
 							b->a_dn_at->ad_type->sat_syntax_oid );
 						acl_usage();
@ -389,43 +382,54 @@ parse_acl(
 #else
 						b->a_group_oc = ch_strdup(value);
 #endif
-						if( b->a_group_oc == NULL ) {
-							fprintf( stderr,
-								"%s: line %d: group objectclass \"%s\" unknown\n",
-								fname, lineno, value );
-							acl_usage();
-						}
-
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-						if( is_object_subclass( b->a_group_oc,
-							slap_schema.si_oc_referral ) )
-						{
-							fprintf( stderr,
-								"%s: line %d: group objectclass \"%s\" is subclass of referral\n",
-								fname, lineno, value );
-							acl_usage();
-						}
-
-						if( is_object_subclass( b->a_group_oc,
-							slap_schema.si_oc_alias ) )
-						{
-							fprintf( stderr,
-								"%s: line %d: group objectclass \"%s\" is subclass of alias\n",
-								fname, lineno, value );
-							acl_usage();
-						}
-#endif
-
 						*--value = '/';

+						if( b->a_group_oc == NULL ) {
+							fprintf( stderr,
+								"%s: line %d: group objectclass "
+								"\"%s\" unknown\n",
+								fname, lineno, value );
+							acl_usage();
+						}
 					} else {
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
-						b->a_group_oc = slap_schema.si_oc_groupOfNames;
+						b->a_group_oc = oc_find("groupOfNames");
+
+						if( b->a_group_oc == NULL ) {
+							fprintf( stderr,
+								"%s: line %d: group default objectclass "
+								"\"%s\" unknown\n",
+								fname, lineno, "groupOfNames" );
+							acl_usage();
+						}
 #else
 						b->a_group_oc = ch_strdup("groupOfNames");
 #endif
 					}

+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+#if 0
+					if( is_object_subclass( b->a_group_oc,
+						slap_schema.si_oc_referral ) )
+					{
+						fprintf( stderr,
+							"%s: line %d: group objectclass \"%s\" "
+							"is subclass of referral\n",
+							fname, lineno, value );
+						acl_usage();
+					}
+
+					if( is_object_subclass( b->a_group_oc,
+						slap_schema.si_oc_alias ) )
+					{
+						fprintf( stderr,
+							"%s: line %d: group objectclass \"%s\" "
+							"is subclass of alias\n",
+							fname, lineno, value );
+						acl_usage();
+					}
+#endif
+#endif

 					if (name && *name) {
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
@ -437,34 +441,33 @@ parse_acl(
 								fname, lineno, right, text );
 							acl_usage();
 						}
-
-						if( b->a_group_at->ad_type->sat_syntax
-							!= ad_member->ad_type->sat_syntax )
-						{
-							fprintf( stderr,
-								"%s: line %d: group \"%s\": inappropriate syntax: %s\n",
-								fname, lineno, right,
-								b->a_group_at->ad_type->sat_syntax_oid );
-							acl_usage();
-						}
 #else
 						b->a_group_at = ch_strdup(name);
 #endif
 						*--name = '/';
-
 					} else {
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
-						b->a_group_at = ad_dup( ad_member );
+						rc = slap_str2ad( "member", &b->a_group_at, &text );
+
+						if( rc != LDAP_SUCCESS ) {
+							fprintf( stderr,
+								"%s: line %d: group \"%s\": %s\n",
+								fname, lineno, "member", text );
+							acl_usage();
+						}
 #else
-						b->a_group_at = ch_strdup( ad_member );
+						b->a_group_at = ch_strdup( "member" );
 #endif
 					}

 #ifdef SLAPD_SCHEMA_NOT_COMPAT
-					if( b->a_group_at == NULL ) {
+					if( strcmp( b->a_group_at->ad_type->sat_oid,
+						SLAPD_OID_DN_SYNTAX ) != 0 )
+					{
 						fprintf( stderr,
-							"%s: line %d: group attribute type undefined.\n",
-							fname, lineno );
+							"%s: line %d: group \"%s\": inappropriate syntax: %s\n",
+							fname, lineno, right,
+							b->a_group_at->ad_type->sat_syntax_oid );
 						acl_usage();
 					}

@ -491,8 +494,7 @@ parse_acl(
 							acl_usage();
 						}
 					}
-
-#endif /* SLAPD_SCHEMA_NOT_COMPAT */
+#endif
 					continue;
 				}

--- a/servers/slapd/schema_prep.c
+++ b/servers/slapd/schema_prep.c
@ -47,7 +47,6 @@ struct slap_schema_oc_map {
 	{ "LDAProotDSE", offsetof(struct slap_internal_schema, si_oc_rootdse) },
 	{ "LDAPsubentry", offsetof(struct slap_internal_schema, si_oc_subentry) },
 	{ "subschema", offsetof(struct slap_internal_schema, si_oc_subschema) },
-	{ "groupOfNames", offsetof(struct slap_internal_schema, si_oc_groupOfNames) },
 	{ NULL, 0 }
 };

@ -103,19 +102,11 @@ struct slap_schema_ad_map {
 	{ "ref", NULL,
 		offsetof(struct slap_internal_schema, si_ad_ref) },

-	/* access control information */
+	/* access control internals */
 	{ "entry", NULL,
 		offsetof(struct slap_internal_schema, si_ad_entry) },
 	{ "children", NULL,
 		offsetof(struct slap_internal_schema, si_ad_children) },
-	{ "distinguishedName", NULL,
-		offsetof(struct slap_internal_schema, si_ad_distinguishedName) },
-	{ "member", NULL,
-		offsetof(struct slap_internal_schema, si_ad_member) },
-#ifdef SLAPD_ACI_ENABLED
-	{ "aci", NULL,
-		offsetof(struct slap_internal_schema, si_ad_aci) },
-#endif

 	{ "userPassword", NULL,
 		offsetof(struct slap_internal_schema, si_ad_userPassword) },
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@ -93,12 +93,10 @@ LDAP_BEGIN_DECL
 #define AD_LEADCHAR(c)	( ATTR_CHAR(c) )
 #define AD_CHAR(c)		( ATTR_CHAR(c) || (c) == ';' )

-#ifndef SLAPD_SCHEMA_NOT_COMPAT
-/* schema needed by slapd */
-#define SLAPD_OID_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" /* experimental */
+/* must match syntaxes in schema_init.c */
+#define SLAPD_OID_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1"
+#define SLAPD_OID_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
 #define SLAPD_ACI_DEFAULT_ATTR		"aci"
-#endif
-

 LIBSLAPD_F (int) slap_debug;

@ -336,7 +334,6 @@ struct slap_internal_schema {
 	ObjectClass *si_oc_subentry;
 	ObjectClass *si_oc_subschema;
 	ObjectClass *si_oc_rootdse;
-	ObjectClass *si_oc_groupOfNames;

 	/* objectClass attribute */
 	AttributeDescription *si_ad_objectClass;
@ -372,11 +369,6 @@ struct slap_internal_schema {
 	/* Access Control Internals */
 	AttributeDescription *si_ad_entry;
 	AttributeDescription *si_ad_children;
-	AttributeDescription *si_ad_member;
-	AttributeDescription *si_ad_distinguishedName;
-#ifdef SLAPD_ACI_ENABLED
-	AttributeDescription *si_ad_aci;
-#endif

 	/* Other */
 	AttributeDescription *si_ad_userPassword;
--- a/servers/slapd/str2filter.c
+++ b/servers/slapd/str2filter.c
@ -178,6 +178,7 @@ str2simple( const char *str )
 	case ':':
 		f->f_choice = LDAP_FILTER_EXT;
 		*s = '\0';
+		return NULL;
 		break;

 	default:
@ -188,6 +189,7 @@ str2simple( const char *str )
 		} else {
 			f->f_choice = LDAP_FILTER_SUBSTRINGS;
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
+			f->f_sub = ch_calloc( 1, sizeof( SubstringsAssertion ) );
 			rc = slap_str2ad( str, &f->f_sub_desc, &text );
 			if( rc != LDAP_SUCCESS ) {
 				filter_free( f );
@ -223,6 +225,8 @@ str2simple( const char *str )
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
 		char *tmp;

+		f->f_ava = ch_calloc( 1, sizeof( AttributeAssertion ) );
+		f->f_av_desc = NULL;
 		rc = slap_str2ad( str, &f->f_av_desc, &text );
 		if( rc != LDAP_SUCCESS ) {
 			filter_free( f );