Commit b813a5ba authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

SLAPD_SCHEMA_NOT_COMPAT: prelim ACL work

parent dab0793d
......@@ -98,8 +98,14 @@ parse_acl(
#ifdef SLAPD_SCHEMA_NOT_COMPAT
int rc;
const char *text;
static AttributeDescription *member = NULL;
static AttributeDescription *aci = NULL;
AttributeDescription *ad_distinguishedName = slap_schema.si_ad_distinguishedName;
AttributeDescription *ad_member = slap_schema.si_ad_member;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *ad_aci = slap_schema.si_ad_aci;
#endif
#else
static char *ad_aci = "aci";
static char *ad_member = "member";
#endif
a = NULL;
......@@ -336,16 +342,17 @@ parse_acl(
acl_usage();
}
#ifdef SLAPD_OID_DN_SYNTAX
if( strcmp( b->a_dn_at->ad_type->sat_syntax_oid,
SLAPD_OID_DN_SYNTAX ) != 0 )
if( b->a_dn_at->ad_type->sat_syntax
!= ad_distinguishedName->ad_type->sat_syntax )
{
fprintf( stderr,
"%s: line %d: dnattr attribute type not of DN syntax.\n",
fname, lineno );
"%s: line %d: dnattr \"%s\": inappropriate syntax: %s\n",
fname, lineno, right,
b->a_dn_at->ad_type->sat_syntax_oid );
acl_usage();
}
#endif
#else
b->a_dn_at = ch_strdup( right );
#endif
......@@ -393,6 +400,16 @@ parse_acl(
fname, lineno, right, text );
acl_usage();
}
if( b->a_group_at->ad_type->sat_syntax
!= ad_member->ad_type->sat_syntax )
{
fprintf( stderr,
"%s: line %d: group \"%s\": inappropriate syntax: %s\n",
fname, lineno, right,
b->a_group_at->ad_type->sat_syntax_oid );
acl_usage();
}
#else
b->a_group_at = ch_strdup(name);
#endif
......@@ -400,9 +417,9 @@ parse_acl(
} else {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
b->a_group_at = member;
b->a_group_at = ad_dup( ad_member );
#else
b->a_group_at = ch_strdup("member");
b->a_group_at = ch_strdup( ad_member );
#endif
}
......@@ -413,17 +430,6 @@ parse_acl(
fname, lineno );
acl_usage();
}
#ifdef SLAPD_OID_DN_SYNTAX
if( strcmp( b->a_group_at->ad_type->sat_syntax_oid,
SLAPD_OID_DN_SYNTAX ) != 0 )
{
fprintf( stderr,
"%s: line %d: group attribute type not of DN syntax.\n",
fname, lineno );
acl_usage();
}
#endif /* SLAPD_OID_DN_SYNTAX */
#endif /* SLAPD_SCHEMA_NOT_COMPAT */
continue;
}
......@@ -499,8 +505,18 @@ parse_acl(
fname, lineno, right, text );
acl_usage();
}
if( b->a_aci_at->ad_type->sat_syntax
!= ad_aci->ad_type->sat_syntax )
{
fprintf( stderr,
"%s: line %d: aci \"%s\": inappropriate syntax: %s\n",
fname, lineno, right,
b->a_aci_at->ad_type->sat_syntax_oid );
acl_usage();
}
} else {
b->a_aci_at = aci;
b->a_aci_at = ad_dup( ad_aci );
}
if( b->a_aci_at == NULL ) {
......@@ -510,14 +526,6 @@ parse_acl(
acl_usage();
}
if( strcmp( b->a_aci_at->ad_type->sat_syntax_oid,
SLAPD_OID_ACI_SYNTAX ) != 0 )
{
fprintf( stderr,
"%s: line %d: aci attribute type not of ACI syntax.\n",
fname, lineno );
acl_usage();
}
#else
if ( right != NULL && *right != '\0' ) {
b->a_aci_at = ch_strdup( right );
......@@ -939,7 +947,11 @@ print_access( Access *b )
}
if ( b->a_dn_at != NULL ) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
fprintf( stderr, " dnattr=%s", b->a_dn_at->ad_cname->bv_val );
#else
fprintf( stderr, " dnattr=%s", b->a_dn_at );
#endif
}
if ( b->a_group_pat != NULL ) {
......@@ -949,7 +961,11 @@ print_access( Access *b )
fprintf( stderr, " objectClass: %s", b->a_group_oc );
if ( b->a_group_at ) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
fprintf( stderr, " attributeType: %s", b->a_group_at->ad_cname->bv_val );
#else
fprintf( stderr, " attributeType: %s", b->a_group_at );
#endif
}
}
}
......@@ -972,7 +988,11 @@ print_access( Access *b )
#ifdef SLAPD_ACI_ENABLED
if ( b->a_aci_at != NULL ) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
fprintf( stderr, " aci=%s", b->a_aci_at->ad_cname->bv_val );
#else
fprintf( stderr, " aci=%s", b->a_aci_at );
#endif
}
#endif
......
......@@ -92,7 +92,7 @@ at_config(
#define SYNTAX_DSCE_OID "2.5.13.5"
#define SYNTAX_IA5_OID "1.3.6.1.4.1.1466.115.121.1.26"
#define SYNTAX_IA5CE_OID "1.3.6.1.4.1.1466.109.114.1"
#define SYNTAX_DN_OID SLAPD_OID_DN_SYNTAX
#define SYNTAX_DN_OID "1.3.6.1.4.1.1466.115.121.1.12"
#define SYNTAX_TEL_OID "1.3.6.1.4.1.1466.115.121.1.50"
#define SYNTAX_BIN_OID "1.3.6.1.4.1.1466.115.121.1.40" /* octetString */
......
......@@ -218,9 +218,9 @@ static char* get_alias_dn(
{
Attribute *a;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
static AttributeDescription *aliasedObjectName = NULL;
AttributeDescription *aliasedObjectName = slap_schema.si_ad_aliasedObjectName;
#else
static const char *aliasedObjectName = NULL;
static const char *aliasedObjectName = "aliasedObjectName";
#endif
a = attr_find( e->e_attrs, aliasedObjectName );
......
......@@ -41,7 +41,7 @@ ldbm_back_group(
Attribute *attr;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
static AttributeDescription *objectClass = NULL;
AttributeDescription *objectClass = slap_schema.si_ad_objectClass;
const char *groupattrName = group_at->ad_cname->bv_val;
#else
struct berval bv;
......
......@@ -92,7 +92,6 @@ LIBSLAPD_F (AttributeType *) at_find LDAP_P(( const char *name ));
LIBSLAPD_F (int) at_find_in_list LDAP_P(( AttributeType *sat, AttributeType **list ));
LIBSLAPD_F (int) at_append_to_list LDAP_P(( AttributeType *sat, AttributeType ***listp ));
LIBSLAPD_F (int) at_delete_from_list LDAP_P(( int pos, AttributeType ***listp ));
LIBSLAPD_F (int) at_fake_if_needed LDAP_P(( const char *name ));
LIBSLAPD_F (int) at_schema_info LDAP_P(( Entry *e ));
LIBSLAPD_F (int) at_add LDAP_P(( LDAP_ATTRIBUTE_TYPE *at, const char **err ));
......@@ -103,6 +102,7 @@ LIBSLAPD_F (int) is_at_subtype LDAP_P((
# define at_canonical_name(at) ((at)->sat_cname)
#else
LIBSLAPD_F (int) at_fake_if_needed LDAP_P(( const char *name ));
LIBSLAPD_F (char *) at_canonical_name LDAP_P(( const char * a_type ));
#endif
......
......@@ -16,7 +16,15 @@
#include "slap.h"
#include "ldap_pvt.h"
#define berValidate blobValidate
static int
inValidate(
Syntax *syntax,
struct berval *in )
{
/* any value allowed */
return LDAP_OTHER;
}
static int
blobValidate(
Syntax *syntax,
......@@ -26,6 +34,8 @@ blobValidate(
return LDAP_SUCCESS;
}
#define berValidate blobValidate
static int
UTF8StringValidate(
Syntax *syntax,
......@@ -341,6 +351,7 @@ struct syntax_defs_rec {
#endif
};
#define X_HIDE "X-HIDE 'TRUE' "
#define X_BINARY "X-BINARY-TRANSFER-REQUIRED 'TRUE' "
#define X_NOT_H_R "X-NOT-HUMAN-READABLE 'TRUE' "
......@@ -457,8 +468,12 @@ struct syntax_defs_rec syntax_defs[] = {
0, NULL, NULL, NULL},
/* OpenLDAP Experimental Syntaxes */
{"( " SLAPD_OID_ACI_SYNTAX " DESC 'OpenLDAP Experimental ACI' )",
{"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
0, NULL, NULL, NULL},
{"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP void' " X_HIDE ")" ,
SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
{"( 1.3.6.1.4.1.4203.666.2.3 DESC 'OpenLDAP DN' " X_HIDE ")" ,
SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
{NULL, 0, NULL, NULL, NULL}
};
......
......@@ -41,8 +41,15 @@ struct slap_schema_oc_map {
char *ssom_name;
size_t ssom_offset;
} oc_map[] = {
{ "top", offsetof(struct slap_internal_schema, si_oc_top) },
{ "alias", offsetof(struct slap_internal_schema, si_oc_alias) },
{ "referral", offsetof(struct slap_internal_schema, si_oc_referral) },
{ "LDAProotDSE", offsetof(struct slap_internal_schema, si_oc_rootdse) },
{ "LDAPsubentry", offsetof(struct slap_internal_schema, si_oc_subentry) },
{ "subschema", offsetof(struct slap_internal_schema, si_oc_subschema) },
#ifdef SLAPD_ACI_ENABLED
{ "groupOfNames", offsetof(struct slap_internal_schema, si_oc_groupOfNames) },
#endif
{ NULL, 0 }
};
......@@ -54,6 +61,7 @@ struct slap_schema_ad_map {
{ "objectClass", objectClassMatch,
offsetof(struct slap_internal_schema, si_ad_objectClass) },
/* user entry operational attributes */
{ "creatorsName", NULL,
offsetof(struct slap_internal_schema, si_ad_creatorsName) },
{ "createTimestamp", NULL,
......@@ -62,10 +70,10 @@ struct slap_schema_ad_map {
offsetof(struct slap_internal_schema, si_ad_modifiersName) },
{ "modifyTimestamp", NULL,
offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) },
{ "subschemaSubentry", NULL,
offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) },
/* root DSE attributes */
{ "namingContexts", NULL,
offsetof(struct slap_internal_schema, si_ad_namingContexts) },
{ "supportedControl", NULL,
......@@ -74,14 +82,14 @@ struct slap_schema_ad_map {
offsetof(struct slap_internal_schema, si_ad_supportedExtension) },
{ "supportedLDAPVersion", NULL,
offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) },
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
#ifdef SLAPD_ACI_ENABLED
{ "supportedACIMechanisms", NULL,
offsetof(struct slap_internal_schema, si_ad_supportedACIMechanisms) },
#endif
{ "supportedSASLMechanisms", NULL,
offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) },
/* subschema subentry attributes */
{ "attributeTypes", NULL,
offsetof(struct slap_internal_schema, si_ad_attributeTypes) },
{ "ldapSyntaxes", NULL,
......@@ -91,13 +99,25 @@ struct slap_schema_ad_map {
{ "objectClasses", NULL,
offsetof(struct slap_internal_schema, si_ad_objectClasses) },
/* knowledge information */
{ "aliasedObjectName", NULL,
offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) },
{ "ref", NULL,
offsetof(struct slap_internal_schema, si_ad_ref) },
/* access control information */
{ "entry", NULL,
offsetof(struct slap_internal_schema, si_ad_entry) },
{ "children", NULL,
offsetof(struct slap_internal_schema, si_ad_children) },
{ "distinguishedName", NULL,
offsetof(struct slap_internal_schema, si_ad_distinguishedName) },
{ "member", NULL,
offsetof(struct slap_internal_schema, si_ad_member) },
#ifdef SLAPD_ACI_ENABLED
{ "aci", NULL,
offsetof(struct slap_internal_schema, si_ad_aci) },
#endif
{ "userPassword", NULL,
offsetof(struct slap_internal_schema, si_ad_userPassword) },
......
......@@ -93,11 +93,12 @@ LDAP_BEGIN_DECL
#define AD_LEADCHAR(c) ( ATTR_CHAR(c) )
#define AD_CHAR(c) ( ATTR_CHAR(c) || (c) == ';' )
#define SLAPD_ACI_DEFAULT_ATTR "aci"
#ifndef SLAPD_SCHEMA_NOT_COMPAT
/* schema needed by slapd */
#define SLAPD_OID_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
#define SLAPD_OID_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" /* experimental */
#define SLAPD_ACI_DEFAULT_ATTR "aci"
#endif
LIBSLAPD_F (int) slap_debug;
......@@ -155,10 +156,11 @@ typedef struct slap_syntax {
unsigned ssyn_flags;
#define SLAP_SYNTAX_NONE 0x0U
#define SLAP_SYNTAX_BLOB 0x1U /* syntax treated as blob (audio) */
#define SLAP_SYNTAX_BINARY 0x2U /* binary transfer required (certificate) */
#define SLAP_SYNTAX_BER 0x4U /* stored using BER encoding (binary,certificate) */
#define SLAP_SYNTAX_NONE 0x00U
#define SLAP_SYNTAX_BLOB 0x01U /* syntax treated as blob (audio) */
#define SLAP_SYNTAX_BINARY 0x02U /* binary transfer required (certificate) */
#define SLAP_SYNTAX_BER 0x04U /* stored using BER encoding (binary,certificate) */
#define SLAP_SYNTAX_HIDE 0x80U /* hide (do not publish) */
slap_syntax_validate_func *ssyn_validate;
slap_syntax_transform_func *ssyn_normalize;
......@@ -177,6 +179,7 @@ typedef struct slap_syntax {
#define slap_syntax_is_blob(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BLOB)
#define slap_syntax_is_binary(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BINARY)
#define slap_syntax_is_ber(s) slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
#define slap_syntax_is_hidden(s) slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
/* XXX -> UCS-2 Converter */
typedef int slap_mr_convert_func LDAP_P((
......@@ -327,8 +330,15 @@ typedef struct slap_attr_desc {
*/
struct slap_internal_schema {
/* objectClass */
ObjectClass *si_oc_top;
ObjectClass *si_oc_alias;
ObjectClass *si_oc_referral;
ObjectClass *si_oc_subentry;
ObjectClass *si_oc_subschema;
ObjectClass *si_oc_rootdse;
#ifdef SLAPD_ACI_ENABLED
ObjectClass *si_oc_groupOfNames;
#endif
/* objectClass attribute */
AttributeDescription *si_ad_objectClass;
......@@ -361,9 +371,14 @@ struct slap_internal_schema {
AttributeDescription *si_ad_aliasedObjectName;
AttributeDescription *si_ad_ref;
/* ACL Internals */
/* Access Control Internals */
AttributeDescription *si_ad_entry;
AttributeDescription *si_ad_children;
AttributeDescription *si_ad_member;
AttributeDescription *si_ad_distinguishedName;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *si_ad_aci;
#endif
/* Other */
AttributeDescription *si_ad_userPassword;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment