SLAPD_SCHEMA_NOT_COMPAT: prelim ACL work

servers/slapd/aclparse.c

@@ -98,8 +98,14 @@ parse_acl(
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
 	int rc;
 	const char *text;
-	static AttributeDescription *member = NULL;
-	static AttributeDescription *aci = NULL;
+	AttributeDescription *ad_distinguishedName = slap_schema.si_ad_distinguishedName;
+	AttributeDescription *ad_member = slap_schema.si_ad_member;
+#ifdef SLAPD_ACI_ENABLED
+	AttributeDescription *ad_aci = slap_schema.si_ad_aci;
+#endif
+#else
+	static char *ad_aci = "aci";
+	static char *ad_member = "member";
 #endif
 
 	a = NULL;
@@ -336,16 +342,17 @@ parse_acl(
 						acl_usage();
 					}
 
-#ifdef SLAPD_OID_DN_SYNTAX
-					if( strcmp( b->a_dn_at->ad_type->sat_syntax_oid,
-						SLAPD_OID_DN_SYNTAX ) != 0 )
+
+					if( b->a_dn_at->ad_type->sat_syntax
+						!= ad_distinguishedName->ad_type->sat_syntax )
 					{
 						fprintf( stderr,
-							"%s: line %d: dnattr attribute type not of DN syntax.\n",
-							fname, lineno );
+							"%s: line %d: dnattr \"%s\": inappropriate syntax: %s\n",
+							fname, lineno, right,
+							b->a_dn_at->ad_type->sat_syntax_oid );
 						acl_usage();
 					}
-#endif
+
 #else
 					b->a_dn_at = ch_strdup( right );
 #endif
@@ -393,6 +400,16 @@ parse_acl(
 								fname, lineno, right, text );
 							acl_usage();
 						}
+
+						if( b->a_group_at->ad_type->sat_syntax
+							!= ad_member->ad_type->sat_syntax )
+						{
+							fprintf( stderr,
+								"%s: line %d: group \"%s\": inappropriate syntax: %s\n",
+								fname, lineno, right,
+								b->a_group_at->ad_type->sat_syntax_oid );
+							acl_usage();
+						}
 #else
 						b->a_group_at = ch_strdup(name);
 #endif
@@ -400,9 +417,9 @@ parse_acl(
 
 					} else {
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
-						b->a_group_at = member;
+						b->a_group_at = ad_dup( ad_member );
 #else
-						b->a_group_at = ch_strdup("member");
+						b->a_group_at = ch_strdup( ad_member );
 #endif
 					}
 
@@ -413,17 +430,6 @@ parse_acl(
 							fname, lineno );
 						acl_usage();
 					}
-
-#ifdef SLAPD_OID_DN_SYNTAX
-					if( strcmp( b->a_group_at->ad_type->sat_syntax_oid,
-						SLAPD_OID_DN_SYNTAX ) != 0 )
-					{
-						fprintf( stderr,
-							"%s: line %d: group attribute type not of DN syntax.\n",
-							fname, lineno );
-						acl_usage();
-					}
-#endif /* SLAPD_OID_DN_SYNTAX */
 #endif /* SLAPD_SCHEMA_NOT_COMPAT */
 					continue;
 				}
@@ -499,8 +505,18 @@ parse_acl(
 								fname, lineno, right, text );
 							acl_usage();
 						}
+
+						if( b->a_aci_at->ad_type->sat_syntax
+							!= ad_aci->ad_type->sat_syntax )
+						{
+							fprintf( stderr,
+								"%s: line %d: aci \"%s\": inappropriate syntax: %s\n",
+								fname, lineno, right,
+								b->a_aci_at->ad_type->sat_syntax_oid );
+							acl_usage();
+						}
 					} else {
-						b->a_aci_at = aci;
+						b->a_aci_at = ad_dup( ad_aci );
 					}
 
 					if( b->a_aci_at == NULL ) {
@@ -510,14 +526,6 @@ parse_acl(
 						acl_usage();
 					}
 
-					if( strcmp( b->a_aci_at->ad_type->sat_syntax_oid,
-						SLAPD_OID_ACI_SYNTAX ) != 0 )
-					{
-						fprintf( stderr,
-							"%s: line %d: aci attribute type not of ACI syntax.\n",
-							fname, lineno );
-						acl_usage();
-					}
 #else
 					if ( right != NULL && *right != '\0' ) {
 						b->a_aci_at = ch_strdup( right );
@@ -939,7 +947,11 @@ print_access( Access *b )
 	}
 
 	if ( b->a_dn_at != NULL ) {
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+		fprintf( stderr, " dnattr=%s", b->a_dn_at->ad_cname->bv_val );
+#else
 		fprintf( stderr, " dnattr=%s", b->a_dn_at );
+#endif
 	}
 
 	if ( b->a_group_pat != NULL ) {
@@ -949,7 +961,11 @@ print_access( Access *b )
 			fprintf( stderr, " objectClass: %s", b->a_group_oc );
 
 			if ( b->a_group_at ) {
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+				fprintf( stderr, " attributeType: %s", b->a_group_at->ad_cname->bv_val );
+#else
 				fprintf( stderr, " attributeType: %s", b->a_group_at );
+#endif
 			}
 		}
     }
@@ -972,7 +988,11 @@ print_access( Access *b )
 
 #ifdef SLAPD_ACI_ENABLED
 	if ( b->a_aci_at != NULL ) {
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+		fprintf( stderr, " aci=%s", b->a_aci_at->ad_cname->bv_val );
+#else
 		fprintf( stderr, " aci=%s", b->a_aci_at );
+#endif
 	}
 #endif
 

servers/slapd/at.c

@@ -92,7 +92,7 @@ at_config(
 #define SYNTAX_DSCE_OID	"2.5.13.5"
 #define SYNTAX_IA5_OID	"1.3.6.1.4.1.1466.115.121.1.26"
 #define SYNTAX_IA5CE_OID	"1.3.6.1.4.1.1466.109.114.1"
-#define SYNTAX_DN_OID	SLAPD_OID_DN_SYNTAX
+#define SYNTAX_DN_OID	"1.3.6.1.4.1.1466.115.121.1.12"
 #define SYNTAX_TEL_OID	"1.3.6.1.4.1.1466.115.121.1.50"
 #define SYNTAX_BIN_OID	"1.3.6.1.4.1.1466.115.121.1.40" /* octetString */
 

servers/slapd/back-ldbm/alias.c

@@ -218,9 +218,9 @@ static char* get_alias_dn(
 {	
 	Attribute *a;
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
-	static AttributeDescription *aliasedObjectName = NULL;
+	AttributeDescription *aliasedObjectName = slap_schema.si_ad_aliasedObjectName;
 #else
-	static const char *aliasedObjectName = NULL;
+	static const char *aliasedObjectName = "aliasedObjectName";
 #endif
 
 	a = attr_find( e->e_attrs, aliasedObjectName );

servers/slapd/back-ldbm/group.c

@@ -41,7 +41,7 @@ ldbm_back_group(
 	Attribute   *attr;
 
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
-	static AttributeDescription *objectClass = NULL;
+	AttributeDescription *objectClass = slap_schema.si_ad_objectClass;
 	const char *groupattrName = group_at->ad_cname->bv_val;
 #else
 	struct berval bv;

servers/slapd/proto-slap.h

@@ -92,7 +92,6 @@ LIBSLAPD_F (AttributeType *) at_find LDAP_P(( const char *name ));
 LIBSLAPD_F (int) at_find_in_list LDAP_P(( AttributeType *sat, AttributeType **list ));
 LIBSLAPD_F (int) at_append_to_list LDAP_P(( AttributeType *sat, AttributeType ***listp ));
 LIBSLAPD_F (int) at_delete_from_list LDAP_P(( int pos, AttributeType ***listp ));
-LIBSLAPD_F (int) at_fake_if_needed LDAP_P(( const char *name ));
 LIBSLAPD_F (int) at_schema_info LDAP_P(( Entry *e ));
 LIBSLAPD_F (int) at_add LDAP_P(( LDAP_ATTRIBUTE_TYPE *at, const char **err ));
 
@@ -103,6 +102,7 @@ LIBSLAPD_F (int) is_at_subtype LDAP_P((
 
 #	define at_canonical_name(at) ((at)->sat_cname)	
 #else
+LIBSLAPD_F (int) at_fake_if_needed LDAP_P(( const char *name ));
 LIBSLAPD_F (char *) at_canonical_name LDAP_P(( const char * a_type ));
 #endif
 

servers/slapd/schema_init.c

@@ -16,7 +16,15 @@
 #include "slap.h"
 #include "ldap_pvt.h"
 
-#define berValidate blobValidate
+static int
+inValidate(
+	Syntax *syntax,
+	struct berval *in )
+{
+	/* any value allowed */
+	return LDAP_OTHER;
+}
+
 static int
 blobValidate(
 	Syntax *syntax,
@@ -26,6 +34,8 @@ blobValidate(
 	return LDAP_SUCCESS;
 }
 
+#define berValidate blobValidate
+
 static int
 UTF8StringValidate(
 	Syntax *syntax,
@@ -341,6 +351,7 @@ struct syntax_defs_rec {
 #endif
 };
 
+#define X_HIDE "X-HIDE 'TRUE' "
 #define X_BINARY "X-BINARY-TRANSFER-REQUIRED 'TRUE' "
 #define X_NOT_H_R "X-NOT-HUMAN-READABLE 'TRUE' "
 
@@ -457,8 +468,12 @@ struct syntax_defs_rec syntax_defs[] = {
 		0, NULL, NULL, NULL},
 
 	/* OpenLDAP Experimental Syntaxes */
-	{"( " SLAPD_OID_ACI_SYNTAX " DESC 'OpenLDAP Experimental ACI' )",
+	{"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
 		0, NULL, NULL, NULL},
+	{"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP void' " X_HIDE ")" ,
+		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
+	{"( 1.3.6.1.4.1.4203.666.2.3 DESC 'OpenLDAP DN' " X_HIDE ")" ,
+		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 
 	{NULL, 0, NULL, NULL, NULL}
 };

servers/slapd/schema_prep.c

@@ -41,8 +41,15 @@ struct slap_schema_oc_map {
 	char *ssom_name;
 	size_t ssom_offset;
 } oc_map[] = {
+	{ "top", offsetof(struct slap_internal_schema, si_oc_top) },
 	{ "alias", offsetof(struct slap_internal_schema, si_oc_alias) },
 	{ "referral", offsetof(struct slap_internal_schema, si_oc_referral) },
+	{ "LDAProotDSE", offsetof(struct slap_internal_schema, si_oc_rootdse) },
+	{ "LDAPsubentry", offsetof(struct slap_internal_schema, si_oc_subentry) },
+	{ "subschema", offsetof(struct slap_internal_schema, si_oc_subschema) },
+#ifdef SLAPD_ACI_ENABLED
+	{ "groupOfNames", offsetof(struct slap_internal_schema, si_oc_groupOfNames) },
+#endif
 	{ NULL, 0 }
 };
 
@@ -54,6 +61,7 @@ struct slap_schema_ad_map {
 	{ "objectClass", objectClassMatch,
 		offsetof(struct slap_internal_schema, si_ad_objectClass) },
 
+	/* user entry operational attributes */
 	{ "creatorsName", NULL,
 		offsetof(struct slap_internal_schema, si_ad_creatorsName) },
 	{ "createTimestamp", NULL,
@@ -62,10 +70,10 @@ struct slap_schema_ad_map {
 		offsetof(struct slap_internal_schema, si_ad_modifiersName) },
 	{ "modifyTimestamp", NULL,
 		offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) },
-
 	{ "subschemaSubentry", NULL,
 		offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) },
 
+	/* root DSE attributes */
 	{ "namingContexts", NULL,
 		offsetof(struct slap_internal_schema, si_ad_namingContexts) },
 	{ "supportedControl", NULL,
@@ -74,14 +82,14 @@ struct slap_schema_ad_map {
 		offsetof(struct slap_internal_schema, si_ad_supportedExtension) },
 	{ "supportedLDAPVersion", NULL,
 		offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) },
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+#ifdef SLAPD_ACI_ENABLED
 	{ "supportedACIMechanisms", NULL,
 		offsetof(struct slap_internal_schema, si_ad_supportedACIMechanisms) },
-
 #endif
 	{ "supportedSASLMechanisms", NULL,
 		offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) },
 
+	/* subschema subentry attributes */
 	{ "attributeTypes", NULL,
 		offsetof(struct slap_internal_schema, si_ad_attributeTypes) },
 	{ "ldapSyntaxes", NULL,
@@ -91,13 +99,25 @@ struct slap_schema_ad_map {
 	{ "objectClasses", NULL,
 		offsetof(struct slap_internal_schema, si_ad_objectClasses) },
 
+	/* knowledge information */
+	{ "aliasedObjectName", NULL,
+		offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) },
 	{ "ref", NULL,
 		offsetof(struct slap_internal_schema, si_ad_ref) },
 
+	/* access control information */
 	{ "entry", NULL,
 		offsetof(struct slap_internal_schema, si_ad_entry) },
 	{ "children", NULL,
 		offsetof(struct slap_internal_schema, si_ad_children) },
+	{ "distinguishedName", NULL,
+		offsetof(struct slap_internal_schema, si_ad_distinguishedName) },
+	{ "member", NULL,
+		offsetof(struct slap_internal_schema, si_ad_member) },
+#ifdef SLAPD_ACI_ENABLED
+	{ "aci", NULL,
+		offsetof(struct slap_internal_schema, si_ad_aci) },
+#endif
 
 	{ "userPassword", NULL,
 		offsetof(struct slap_internal_schema, si_ad_userPassword) },

servers/slapd/slap.h

@@ -93,11 +93,12 @@ LDAP_BEGIN_DECL
 #define AD_LEADCHAR(c)	( ATTR_CHAR(c) )
 #define AD_CHAR(c)		( ATTR_CHAR(c) || (c) == ';' )
 
-#define SLAPD_ACI_DEFAULT_ATTR		"aci"
-
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
 /* schema needed by slapd */
-#define SLAPD_OID_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
 #define SLAPD_OID_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" /* experimental */
+#define SLAPD_ACI_DEFAULT_ATTR		"aci"
+#endif
+
 
 LIBSLAPD_F (int) slap_debug;
 
@@ -155,10 +156,11 @@ typedef struct slap_syntax {
 
 	unsigned	ssyn_flags;
 
-#define SLAP_SYNTAX_NONE	0x0U
-#define SLAP_SYNTAX_BLOB	0x1U /* syntax treated as blob (audio) */
-#define SLAP_SYNTAX_BINARY	0x2U /* binary transfer required (certificate) */
-#define SLAP_SYNTAX_BER		0x4U /* stored using BER encoding (binary,certificate) */
+#define SLAP_SYNTAX_NONE	0x00U
+#define SLAP_SYNTAX_BLOB	0x01U /* syntax treated as blob (audio) */
+#define SLAP_SYNTAX_BINARY	0x02U /* binary transfer required (certificate) */
+#define SLAP_SYNTAX_BER		0x04U /* stored using BER encoding (binary,certificate) */
+#define SLAP_SYNTAX_HIDE	0x80U /* hide (do not publish) */
 
 	slap_syntax_validate_func	*ssyn_validate;
 	slap_syntax_transform_func	*ssyn_normalize;
@@ -177,6 +179,7 @@ typedef struct slap_syntax {
 #define slap_syntax_is_blob(s)		slap_syntax_is_flag((s),SLAP_SYNTAX_BLOB)
 #define slap_syntax_is_binary(s)	slap_syntax_is_flag((s),SLAP_SYNTAX_BINARY)
 #define slap_syntax_is_ber(s)		slap_syntax_is_flag((s),SLAP_SYNTAX_BER)
+#define slap_syntax_is_hidden(s)	slap_syntax_is_flag((s),SLAP_SYNTAX_HIDE)
 
 /* XXX -> UCS-2 Converter */
 typedef int slap_mr_convert_func LDAP_P((
@@ -327,8 +330,15 @@ typedef struct slap_attr_desc {
  */
 struct slap_internal_schema {
 	/* objectClass */
+	ObjectClass *si_oc_top;
 	ObjectClass *si_oc_alias;
 	ObjectClass *si_oc_referral;
+	ObjectClass *si_oc_subentry;
+	ObjectClass *si_oc_subschema;
+	ObjectClass *si_oc_rootdse;
+#ifdef SLAPD_ACI_ENABLED
+	ObjectClass *si_oc_groupOfNames;
+#endif
 
 	/* objectClass attribute */
 	AttributeDescription *si_ad_objectClass;
@@ -361,9 +371,14 @@ struct slap_internal_schema {
 	AttributeDescription *si_ad_aliasedObjectName;
 	AttributeDescription *si_ad_ref;
 
-	/* ACL Internals */
+	/* Access Control Internals */
 	AttributeDescription *si_ad_entry;
 	AttributeDescription *si_ad_children;
+	AttributeDescription *si_ad_member;
+	AttributeDescription *si_ad_distinguishedName;
+#ifdef SLAPD_ACI_ENABLED
+	AttributeDescription *si_ad_aci;
+#endif
 
 	/* Other */
 	AttributeDescription *si_ad_userPassword;