diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index bcd648cfaf..81a1de981b 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -98,14 +98,6 @@ parse_acl( #ifdef SLAPD_SCHEMA_NOT_COMPAT int rc; const char *text; - AttributeDescription *ad_distinguishedName = slap_schema.si_ad_distinguishedName; - AttributeDescription *ad_member = slap_schema.si_ad_member; -#ifdef SLAPD_ACI_ENABLED - AttributeDescription *ad_aci = slap_schema.si_ad_aci; -#endif -#else - static char *ad_aci = "aci"; - static char *ad_member = "member"; #endif a = NULL; @@ -343,11 +335,12 @@ parse_acl( } - if( b->a_dn_at->ad_type->sat_syntax - != ad_distinguishedName->ad_type->sat_syntax ) + if( strcmp( b->a_dn_at->ad_type->sat_oid, + SLAPD_OID_DN_SYNTAX ) != 0 ) { fprintf( stderr, - "%s: line %d: dnattr \"%s\": inappropriate syntax: %s\n", + "%s: line %d: dnattr \"%s\": " + "inappropriate syntax: %s\n", fname, lineno, right, b->a_dn_at->ad_type->sat_syntax_oid ); acl_usage(); @@ -389,43 +382,54 @@ parse_acl( #else b->a_group_oc = ch_strdup(value); #endif - if( b->a_group_oc == NULL ) { - fprintf( stderr, - "%s: line %d: group objectclass \"%s\" unknown\n", - fname, lineno, value ); - acl_usage(); - } - -#ifdef SLAPD_SCHEMA_NOT_COMPAT - if( is_object_subclass( b->a_group_oc, - slap_schema.si_oc_referral ) ) - { - fprintf( stderr, - "%s: line %d: group objectclass \"%s\" is subclass of referral\n", - fname, lineno, value ); - acl_usage(); - } - - if( is_object_subclass( b->a_group_oc, - slap_schema.si_oc_alias ) ) - { - fprintf( stderr, - "%s: line %d: group objectclass \"%s\" is subclass of alias\n", - fname, lineno, value ); - acl_usage(); - } -#endif - *--value = '/'; + if( b->a_group_oc == NULL ) { + fprintf( stderr, + "%s: line %d: group objectclass " + "\"%s\" unknown\n", + fname, lineno, value ); + acl_usage(); + } } else { #ifdef SLAPD_SCHEMA_NOT_COMPAT - b->a_group_oc = slap_schema.si_oc_groupOfNames; + b->a_group_oc = oc_find("groupOfNames"); + + if( b->a_group_oc == NULL ) { + fprintf( stderr, + "%s: line %d: group default objectclass " + "\"%s\" unknown\n", + fname, lineno, "groupOfNames" ); + acl_usage(); + } #else b->a_group_oc = ch_strdup("groupOfNames"); #endif } +#ifdef SLAPD_SCHEMA_NOT_COMPAT +#if 0 + if( is_object_subclass( b->a_group_oc, + slap_schema.si_oc_referral ) ) + { + fprintf( stderr, + "%s: line %d: group objectclass \"%s\" " + "is subclass of referral\n", + fname, lineno, value ); + acl_usage(); + } + + if( is_object_subclass( b->a_group_oc, + slap_schema.si_oc_alias ) ) + { + fprintf( stderr, + "%s: line %d: group objectclass \"%s\" " + "is subclass of alias\n", + fname, lineno, value ); + acl_usage(); + } +#endif +#endif if (name && *name) { #ifdef SLAPD_SCHEMA_NOT_COMPAT @@ -437,34 +441,33 @@ parse_acl( fname, lineno, right, text ); acl_usage(); } - - if( b->a_group_at->ad_type->sat_syntax - != ad_member->ad_type->sat_syntax ) - { - fprintf( stderr, - "%s: line %d: group \"%s\": inappropriate syntax: %s\n", - fname, lineno, right, - b->a_group_at->ad_type->sat_syntax_oid ); - acl_usage(); - } #else b->a_group_at = ch_strdup(name); #endif *--name = '/'; - } else { #ifdef SLAPD_SCHEMA_NOT_COMPAT - b->a_group_at = ad_dup( ad_member ); + rc = slap_str2ad( "member", &b->a_group_at, &text ); + + if( rc != LDAP_SUCCESS ) { + fprintf( stderr, + "%s: line %d: group \"%s\": %s\n", + fname, lineno, "member", text ); + acl_usage(); + } #else - b->a_group_at = ch_strdup( ad_member ); + b->a_group_at = ch_strdup( "member" ); #endif } #ifdef SLAPD_SCHEMA_NOT_COMPAT - if( b->a_group_at == NULL ) { + if( strcmp( b->a_group_at->ad_type->sat_oid, + SLAPD_OID_DN_SYNTAX ) != 0 ) + { fprintf( stderr, - "%s: line %d: group attribute type undefined.\n", - fname, lineno ); + "%s: line %d: group \"%s\": inappropriate syntax: %s\n", + fname, lineno, right, + b->a_group_at->ad_type->sat_syntax_oid ); acl_usage(); } @@ -491,8 +494,7 @@ parse_acl( acl_usage(); } } - -#endif /* SLAPD_SCHEMA_NOT_COMPAT */ +#endif continue; } diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index c40a086e18..11469fe64e 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -47,7 +47,6 @@ struct slap_schema_oc_map { { "LDAProotDSE", offsetof(struct slap_internal_schema, si_oc_rootdse) }, { "LDAPsubentry", offsetof(struct slap_internal_schema, si_oc_subentry) }, { "subschema", offsetof(struct slap_internal_schema, si_oc_subschema) }, - { "groupOfNames", offsetof(struct slap_internal_schema, si_oc_groupOfNames) }, { NULL, 0 } }; @@ -103,19 +102,11 @@ struct slap_schema_ad_map { { "ref", NULL, offsetof(struct slap_internal_schema, si_ad_ref) }, - /* access control information */ + /* access control internals */ { "entry", NULL, offsetof(struct slap_internal_schema, si_ad_entry) }, { "children", NULL, offsetof(struct slap_internal_schema, si_ad_children) }, - { "distinguishedName", NULL, - offsetof(struct slap_internal_schema, si_ad_distinguishedName) }, - { "member", NULL, - offsetof(struct slap_internal_schema, si_ad_member) }, -#ifdef SLAPD_ACI_ENABLED - { "aci", NULL, - offsetof(struct slap_internal_schema, si_ad_aci) }, -#endif { "userPassword", NULL, offsetof(struct slap_internal_schema, si_ad_userPassword) }, diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 70f60ecef0..0d259ffbf3 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -93,12 +93,10 @@ LDAP_BEGIN_DECL #define AD_LEADCHAR(c) ( ATTR_CHAR(c) ) #define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' ) -#ifndef SLAPD_SCHEMA_NOT_COMPAT -/* schema needed by slapd */ -#define SLAPD_OID_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" /* experimental */ +/* must match syntaxes in schema_init.c */ +#define SLAPD_OID_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" +#define SLAPD_OID_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12" #define SLAPD_ACI_DEFAULT_ATTR "aci" -#endif - LIBSLAPD_F (int) slap_debug; @@ -336,7 +334,6 @@ struct slap_internal_schema { ObjectClass *si_oc_subentry; ObjectClass *si_oc_subschema; ObjectClass *si_oc_rootdse; - ObjectClass *si_oc_groupOfNames; /* objectClass attribute */ AttributeDescription *si_ad_objectClass; @@ -372,11 +369,6 @@ struct slap_internal_schema { /* Access Control Internals */ AttributeDescription *si_ad_entry; AttributeDescription *si_ad_children; - AttributeDescription *si_ad_member; - AttributeDescription *si_ad_distinguishedName; -#ifdef SLAPD_ACI_ENABLED - AttributeDescription *si_ad_aci; -#endif /* Other */ AttributeDescription *si_ad_userPassword; diff --git a/servers/slapd/str2filter.c b/servers/slapd/str2filter.c index c49d3c3827..01b1a71bdc 100644 --- a/servers/slapd/str2filter.c +++ b/servers/slapd/str2filter.c @@ -178,6 +178,7 @@ str2simple( const char *str ) case ':': f->f_choice = LDAP_FILTER_EXT; *s = '\0'; + return NULL; break; default: @@ -188,6 +189,7 @@ str2simple( const char *str ) } else { f->f_choice = LDAP_FILTER_SUBSTRINGS; #ifdef SLAPD_SCHEMA_NOT_COMPAT + f->f_sub = ch_calloc( 1, sizeof( SubstringsAssertion ) ); rc = slap_str2ad( str, &f->f_sub_desc, &text ); if( rc != LDAP_SUCCESS ) { filter_free( f ); @@ -223,6 +225,8 @@ str2simple( const char *str ) #ifdef SLAPD_SCHEMA_NOT_COMPAT char *tmp; + f->f_ava = ch_calloc( 1, sizeof( AttributeAssertion ) ); + f->f_av_desc = NULL; rc = slap_str2ad( str, &f->f_av_desc, &text ); if( rc != LDAP_SUCCESS ) { filter_free( f );