Commit aa9612f0 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

add system schema checks

parent b4bb3b5b
......@@ -39,16 +39,16 @@ schema_info( Entry **entry, const char **text )
(void) dnNormalize2( NULL, &e->e_name, &e->e_nname );
e->e_private = NULL;
vals[0].bv_val = "LDAPsubentry";
vals[0].bv_len = sizeof("LDAPsubentry")-1;
vals[0].bv_val = "subentry";
vals[0].bv_len = sizeof("subentry")-1;
attr_merge( e, ad_structuralObjectClass, vals );
vals[0].bv_val = "top";
vals[0].bv_len = sizeof("top")-1;
attr_merge( e, ad_objectClass, vals );
vals[0].bv_val = "LDAPsubentry";
vals[0].bv_len = sizeof("LDAPsubentry")-1;
vals[0].bv_val = "subentry";
vals[0].bv_len = sizeof("subentry")-1;
attr_merge( e, ad_objectClass, vals );
vals[0].bv_val = "subschema";
......
......@@ -204,8 +204,16 @@ entry_schema_check(
#endif
return LDAP_OBJECT_CLASS_VIOLATION;
}
} else if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) {
if ( oc->sco_check ) {
int rc = (oc->sco_check)( e, oc,
text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) {
return rc;
}
}
if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT ) {
/* object class is abstract */
if ( oc != slap_schema.si_oc_top &&
!is_object_subclass( oc, sc ))
......
......@@ -115,6 +115,9 @@ structuralObjectClassMatch(
return LDAP_SUCCESS;
}
static ObjectClassSchemaCheckFN rootDseObjectClass;
static ObjectClassSchemaCheckFN subentryObjectClass;
static struct slap_schema_oc_map {
char *ssom_name;
char *ssom_defn;
......@@ -142,8 +145,8 @@ static struct slap_schema_oc_map {
{ "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 "
"NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) "
"DESC 'OpenLDAP Root DSE object' "
"SUP top STRUCTURAL MAY cn )",
0, offsetof(struct slap_internal_schema, si_oc_rootdse) },
"SUP top STRUCTURAL MAY cn )", rootDseObjectClass,
offsetof(struct slap_internal_schema, si_oc_rootdse) },
{ "subentry", "( 2.5.20.0 NAME 'subentry' "
"SUP top STRUCTURAL "
"MUST ( cn $ subtreeSpecification ) )",
......@@ -153,12 +156,11 @@ static struct slap_schema_oc_map {
"AUXILIARY "
"MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
"objectClasses $ attributeTypes $ matchingRules $ "
"matchingRuleUse ) )",
0, offsetof(struct slap_internal_schema, si_oc_subschema) },
"matchingRuleUse ) )", subentryObjectClass,
offsetof(struct slap_internal_schema, si_oc_subschema) },
{ "collectiveAttributes", "( 2.5.20.2 "
"NAME 'collectiveAttributes' "
"AUXILIARY )",
0,
"AUXILIARY )", subentryObjectClass,
offsetof(struct slap_internal_schema, si_oc_collectiveAttributes) },
{ NULL, 0 }
};
......@@ -704,6 +706,40 @@ slap_schema_check( void )
return LDAP_SUCCESS;
}
static int rootDseObjectClass (
Entry *e,
ObjectClass *oc,
const char** text,
char *textbuf, size_t textlen )
{
*text = textbuf;
if( e->e_nname.bv_len ) {
snprintf( textbuf, textlen,
"objectClass \"%s\" only allowed in the root DSE",
oc->soc_oid );
return LDAP_OBJECT_CLASS_VIOLATION;
}
/* we should not be called for the root DSE */
assert( 0 );
return LDAP_SUCCESS;
}
static int subentryObjectClass (
Entry *e,
ObjectClass *oc,
const char** text,
char *textbuf, size_t textlen )
{
if( !is_entry_subentry( e ) ) {
snprintf( textbuf, textlen,
"objectClass \"%s\" only allowed in subentries",
oc->soc_oid );
return LDAP_OBJECT_CLASS_VIOLATION;
}
return LDAP_SUCCESS;
}
static int rootDseAttribute (
Entry *e,
Attribute *attr,
......@@ -713,7 +749,7 @@ static int rootDseAttribute (
*text = textbuf;
if( e->e_nname.bv_len ) {
snprintf( textbuf, textlen,
"attribute \"%s\"only allowed in the root DSE",
"attribute \"%s\" only allowed in the root DSE",
attr->a_desc->ad_cname.bv_val );
return LDAP_OBJECT_CLASS_VIOLATION;
}
......@@ -732,7 +768,7 @@ static int subentryAttribute (
*text = textbuf;
if( !is_entry_subentry( e ) ) {
snprintf( textbuf, textlen,
"attribute \"%s\"only allowed in the subentry",
"attribute \"%s\" only allowed in the subentry",
attr->a_desc->ad_cname.bv_val );
return LDAP_OBJECT_CLASS_VIOLATION;
}
......@@ -749,7 +785,7 @@ static int referralAttribute (
*text = textbuf;
if( !is_entry_referral( e ) ) {
snprintf( textbuf, textlen,
"attribute \"%s\"only allowed in the referral",
"attribute \"%s\" only allowed in the referral",
attr->a_desc->ad_cname.bv_val );
return LDAP_OBJECT_CLASS_VIOLATION;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment