Commit 19f2925a authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Add some basic system schema checks.

parent f57057ee
......@@ -116,7 +116,10 @@ structuralObjectClassMatch(
}
static ObjectClassSchemaCheckFN rootDseObjectClass;
static ObjectClassSchemaCheckFN aliasObjectClass;
static ObjectClassSchemaCheckFN referralObjectClass;
static ObjectClassSchemaCheckFN subentryObjectClass;
static ObjectClassSchemaCheckFN dynamicObjectClass;
static struct slap_schema_oc_map {
char *ssom_name;
......@@ -137,36 +140,42 @@ static struct slap_schema_oc_map {
"DESC 'RFC2256: an alias' "
"SUP top STRUCTURAL "
"MUST aliasedObjectName )",
0, offsetof(struct slap_internal_schema, si_oc_alias) },
aliasObjectClass,
offsetof(struct slap_internal_schema, si_oc_alias) },
{ "referral", "( 2.16.840.1.113730.3.2.6 NAME 'referral' "
"DESC 'namedref: named subordinate referral' "
"SUP top STRUCTURAL MUST ref )",
0, offsetof(struct slap_internal_schema, si_oc_referral) },
referralObjectClass,
offsetof(struct slap_internal_schema, si_oc_referral) },
{ "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 "
"NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) "
"DESC 'OpenLDAP Root DSE object' "
"SUP top STRUCTURAL MAY cn )", rootDseObjectClass,
"SUP top STRUCTURAL MAY cn )",
rootDseObjectClass,
offsetof(struct slap_internal_schema, si_oc_rootdse) },
{ "subentry", "( 2.5.20.0 NAME 'subentry' "
"SUP top STRUCTURAL "
"MUST ( cn $ subtreeSpecification ) )",
0, offsetof(struct slap_internal_schema, si_oc_subentry) },
subentryObjectClass,
offsetof(struct slap_internal_schema, si_oc_subentry) },
{ "subschema", "( 2.5.20.1 NAME 'subschema' "
"DESC 'RFC2252: controlling subschema (sub)entry' "
"AUXILIARY "
"MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
"objectClasses $ attributeTypes $ matchingRules $ "
"matchingRuleUse ) )", subentryObjectClass,
"matchingRuleUse ) )",
subentryObjectClass,
offsetof(struct slap_internal_schema, si_oc_subschema) },
{ "collectiveAttributes", "( 2.5.20.2 "
"NAME 'collectiveAttributes' "
"AUXILIARY )", subentryObjectClass,
"AUXILIARY )",
subentryObjectClass,
offsetof(struct slap_internal_schema, si_oc_collectiveAttributes) },
{ "dynamicObject", "( 1.3.6.1.4.1.1466.101.119.2 "
"NAME 'dynamicObject' "
"DESC 'RFC2589: Dynamic Object' "
"SUP top AUXILIARY )",
0,
dynamicObjectClass,
offsetof(struct slap_internal_schema, si_oc_dynamicObject) },
{ NULL, 0 }
};
......@@ -457,7 +466,7 @@ static struct slap_schema_ad_map {
rootDseAttribute, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_dynamicSubtrees) },
/* userApplication attributes */
/* userApplication attributes (which system schema depends upon) */
{ "distinguishedName", "( 2.5.4.49 NAME 'distinguishedName' "
"DESC 'RFC2256: common supertype of DN attributes' "
"EQUALITY distinguishedNameMatch "
......@@ -476,7 +485,6 @@ static struct slap_schema_ad_map {
"SUP name )",
NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_cn) },
{ "userPassword", "( 2.5.4.35 NAME 'userPassword' "
"DESC 'RFC2256/2307: password of user' "
"EQUALITY octetStringMatch "
......@@ -732,6 +740,38 @@ static int rootDseObjectClass (
return LDAP_SUCCESS;
}
static int aliasObjectClass (
Backend *be,
Entry *e,
ObjectClass *oc,
const char** text,
char *textbuf, size_t textlen )
{
if( !SLAP_ALIASES(be) ) {
snprintf( textbuf, textlen,
"objectClass \"%s\" not supported in context",
oc->soc_oid );
return LDAP_OBJECT_CLASS_VIOLATION;
}
return LDAP_SUCCESS;
}
static int referralObjectClass (
Backend *be,
Entry *e,
ObjectClass *oc,
const char** text,
char *textbuf, size_t textlen )
{
if( !SLAP_REFERRALS(be) ) {
snprintf( textbuf, textlen,
"objectClass \"%s\" not supported in context",
oc->soc_oid );
return LDAP_OBJECT_CLASS_VIOLATION;
}
return LDAP_SUCCESS;
}
static int subentryObjectClass (
Backend *be,
Entry *e,
......@@ -739,7 +779,14 @@ static int subentryObjectClass (
const char** text,
char *textbuf, size_t textlen )
{
if( !is_entry_subentry( e ) ) {
if( !SLAP_SUBENTRIES(be) ) {
snprintf( textbuf, textlen,
"objectClass \"%s\" not supported in context",
oc->soc_oid );
return LDAP_OBJECT_CLASS_VIOLATION;
}
if( oc != slap_schema.si_oc_subentry && !is_entry_subentry( e ) ) {
snprintf( textbuf, textlen,
"objectClass \"%s\" only allowed in subentries",
oc->soc_oid );
......@@ -748,6 +795,22 @@ static int subentryObjectClass (
return LDAP_SUCCESS;
}
static int dynamicObjectClass (
Backend *be,
Entry *e,
ObjectClass *oc,
const char** text,
char *textbuf, size_t textlen )
{
if( !SLAP_DYNAMIC(be) ) {
snprintf( textbuf, textlen,
"objectClass \"%s\" not supported in context",
oc->soc_oid );
return LDAP_OBJECT_CLASS_VIOLATION;
}
return LDAP_SUCCESS;
}
static int rootDseAttribute (
Backend *be,
Entry *e,
......
......@@ -1026,12 +1026,14 @@ struct slap_backend_db {
#define SLAP_BFLAG_REFERRALS 0x0200U
#define SLAP_BFLAG_SUBENTRIES 0x0400U
#define SLAP_BFLAG_MONITOR 0x1000U
#define SLAP_BFLAG_DYNAMIC 0x2000U
slap_mask_t be_flags;
#define SLAP_LASTMOD(be) (!((be)->be_flags & SLAP_BFLAG_NOLASTMOD))
#define SLAP_ALIASES(be) ((be)->be_flags & SLAP_BFLAG_ALIASES)
#define SLAP_REFERRALS(be) ((be)->be_flags & SLAP_BFLAG_REFERRALS)
#define SLAP_SUBENTRIES(be) ((be)->be_flags & SLAP_BFLAG_SUBENTRIES)
#define SLAP_MONITOR(be) ((be)->be_flags & SLAP_BFLAG_MONITOR)
#define SLAP_DYNAMIC(be) ((be)->be_flags & SLAP_BFLAG_DYNAMIC)
slap_mask_t be_restrictops; /* restriction operations */
#define SLAP_RESTRICT_OP_ADD 0x0001U
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment