Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
openldap
OpenLDAP
Commits
bdad40c6
Commit
bdad40c6
authored
May 30, 2002
by
Kurt Zeilenga
Browse files
Disallow addition of system schema via config files.
parent
aecf4033
Changes
6
Hide whitespace changes
Inline
Side-by-side
servers/slapd/config.c
View file @
bdad40c6
...
...
@@ -1651,7 +1651,6 @@ read_config( const char *fname )
"%s: line %d: old objectclass format not supported.
\n
"
,
fname
,
lineno
,
0
);
#endif
}
/* specify an attribute type */
...
...
servers/slapd/oc.c
View file @
bdad40c6
...
...
@@ -163,6 +163,7 @@ static int
oc_create_required
(
ObjectClass
*
soc
,
char
**
attrs
,
int
*
op
,
const
char
**
err
)
{
char
**
attrs1
;
...
...
@@ -178,6 +179,9 @@ oc_create_required(
*
err
=
*
attrs1
;
return
SLAP_SCHERR_ATTR_NOT_FOUND
;
}
if
(
is_at_operational
(
sat
))
(
*
op
)
++
;
if
(
at_find_in_list
(
sat
,
soc
->
soc_required
)
<
0
)
{
if
(
at_append_to_list
(
sat
,
&
soc
->
soc_required
)
)
{
*
err
=
*
attrs1
;
...
...
@@ -201,6 +205,7 @@ static int
oc_create_allowed
(
ObjectClass
*
soc
,
char
**
attrs
,
int
*
op
,
const
char
**
err
)
{
char
**
attrs1
;
...
...
@@ -214,6 +219,9 @@ oc_create_allowed(
*
err
=
*
attrs1
;
return
SLAP_SCHERR_ATTR_NOT_FOUND
;
}
if
(
is_at_operational
(
sat
))
(
*
op
)
++
;
if
(
at_find_in_list
(
sat
,
soc
->
soc_required
)
<
0
&&
at_find_in_list
(
sat
,
soc
->
soc_allowed
)
<
0
)
{
if
(
at_append_to_list
(
sat
,
&
soc
->
soc_allowed
)
)
{
...
...
@@ -231,6 +239,7 @@ static int
oc_add_sups
(
ObjectClass
*
soc
,
char
**
sups
,
int
*
op
,
const
char
**
err
)
{
int
code
;
...
...
@@ -274,16 +283,19 @@ oc_add_sups(
return
SLAP_SCHERR_CLASS_BAD_USAGE
;
}
if
(
add_sups
)
if
(
soc
->
soc_flags
&
SLAP_OC_OPERATIONAL
)
(
*
op
)
++
;
if
(
add_sups
)
{
soc
->
soc_sups
[
nsups
]
=
soc1
;
}
code
=
oc_add_sups
(
soc
,
soc1
->
soc_sup_oids
,
err
);
code
=
oc_add_sups
(
soc
,
soc1
->
soc_sup_oids
,
op
,
err
);
if
(
code
)
return
code
;
code
=
oc_create_required
(
soc
,
soc1
->
soc_at_oids_must
,
err
);
code
=
oc_create_required
(
soc
,
soc1
->
soc_at_oids_must
,
op
,
err
);
if
(
code
)
return
code
;
code
=
oc_create_allowed
(
soc
,
soc1
->
soc_at_oids_may
,
err
);
code
=
oc_create_allowed
(
soc
,
soc1
->
soc_at_oids_may
,
op
,
err
);
if
(
code
)
return
code
;
nsups
++
;
...
...
@@ -382,11 +394,13 @@ oc_insert(
int
oc_add
(
LDAPObjectClass
*
oc
,
int
user
,
const
char
**
err
)
{
ObjectClass
*
soc
;
int
code
;
int
op
=
0
;
if
(
oc
->
oc_names
!=
NULL
)
{
int
i
;
...
...
@@ -419,19 +433,21 @@ oc_add(
{
/* structural object classes implicitly inherit from 'top' */
static
char
*
top_oids
[]
=
{
SLAPD_TOP_OID
,
NULL
};
code
=
oc_add_sups
(
soc
,
top_oids
,
err
);
code
=
oc_add_sups
(
soc
,
top_oids
,
&
op
,
err
);
}
else
{
code
=
oc_add_sups
(
soc
,
soc
->
soc_sup_oids
,
err
);
code
=
oc_add_sups
(
soc
,
soc
->
soc_sup_oids
,
&
op
,
err
);
}
if
(
code
!=
0
)
return
code
;
code
=
oc_create_required
(
soc
,
soc
->
soc_at_oids_must
,
err
);
code
=
oc_create_required
(
soc
,
soc
->
soc_at_oids_must
,
&
op
,
err
);
if
(
code
!=
0
)
return
code
;
code
=
oc_create_allowed
(
soc
,
soc
->
soc_at_oids_may
,
err
);
code
=
oc_create_allowed
(
soc
,
soc
->
soc_at_oids_may
,
&
op
,
err
);
if
(
code
!=
0
)
return
code
;
if
(
user
&&
op
)
return
SLAP_SCHERR_CLASS_OPERATIONAL
;
code
=
oc_insert
(
soc
,
err
);
return
code
;
}
...
...
servers/slapd/proto-slap.h
View file @
bdad40c6
...
...
@@ -626,6 +626,7 @@ LDAP_SLAPD_F (void) mra_free LDAP_P((
/* oc.c */
LDAP_SLAPD_F
(
int
)
oc_add
LDAP_P
((
LDAPObjectClass
*
oc
,
int
user
,
const
char
**
err
));
LDAP_SLAPD_F
(
void
)
oc_destroy
LDAP_P
((
void
));
...
...
servers/slapd/schema_prep.c
View file @
bdad40c6
...
...
@@ -162,28 +162,29 @@ static struct slap_schema_oc_map {
"NAME 'extensibleObject' "
"DESC 'RFC2252: extensible object' "
"SUP top AUXILIARY )"
,
0
,
0
,
offsetof
(
struct
slap_internal_schema
,
si_oc_extensibleObject
)
},
0
,
SLAP_OC_OPERATIONAL
,
offsetof
(
struct
slap_internal_schema
,
si_oc_extensibleObject
)
},
{
"alias"
,
"( 2.5.6.1 NAME 'alias' "
"DESC 'RFC2256: an alias' "
"SUP top STRUCTURAL "
"MUST aliasedObjectName )"
,
aliasObjectClass
,
SLAP_OC_ALIAS
,
aliasObjectClass
,
SLAP_OC_ALIAS
|
SLAP_OC_OPERATIONAL
,
offsetof
(
struct
slap_internal_schema
,
si_oc_alias
)
},
{
"referral"
,
"( 2.16.840.1.113730.3.2.6 NAME 'referral' "
"DESC 'namedref: named subordinate referral' "
"SUP top STRUCTURAL MUST ref )"
,
referralObjectClass
,
SLAP_OC_REFERRAL
,
referralObjectClass
,
SLAP_OC_REFERRAL
|
SLAP_OC_OPERATIONAL
,
offsetof
(
struct
slap_internal_schema
,
si_oc_referral
)
},
{
"LDAProotDSE"
,
"( 1.3.6.1.4.1.4203.1.4.1 "
"NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) "
"DESC 'OpenLDAP Root DSE object' "
"SUP top STRUCTURAL MAY cn )"
,
rootDseObjectClass
,
0
,
rootDseObjectClass
,
SLAP_OC_OPERATIONAL
,
offsetof
(
struct
slap_internal_schema
,
si_oc_rootdse
)
},
{
"subentry"
,
"( 2.5.20.0 NAME 'subentry' "
"SUP top STRUCTURAL "
"MUST ( cn $ subtreeSpecification ) )"
,
subentryObjectClass
,
SLAP_OC_SUBENTRY
,
subentryObjectClass
,
SLAP_OC_SUBENTRY
|
SLAP_OC_OPERATIONAL
,
offsetof
(
struct
slap_internal_schema
,
si_oc_subentry
)
},
{
"subschema"
,
"( 2.5.20.1 NAME 'subschema' "
"DESC 'RFC2252: controlling subschema (sub)entry' "
...
...
@@ -191,17 +192,19 @@ static struct slap_schema_oc_map {
"MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
"objectClasses $ attributeTypes $ matchingRules $ "
"matchingRuleUse ) )"
,
subentryObjectClass
,
0
,
subentryObjectClass
,
SLAP_OC_OPERATIONAL
,
offsetof
(
struct
slap_internal_schema
,
si_oc_subschema
)
},
{
"monitor"
,
"( 1.3.6.1.4.1.4203.666.3.2 NAME 'monitor' "
"DESC 'OpenLDAP system monitoring' "
"STRUCTURAL "
"MUST cn )"
,
0
,
0
,
offsetof
(
struct
slap_internal_schema
,
si_oc_monitor
)
},
0
,
SLAP_OC_OPERATIONAL
,
offsetof
(
struct
slap_internal_schema
,
si_oc_monitor
)
},
{
"collectiveAttributeSubentry"
,
"( 2.5.20.2 "
"NAME 'collectiveAttributeSubentry' "
"AUXILIARY )"
,
subentryObjectClass
,
SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY
|
SLAP_OC_HIDE
,
subentryObjectClass
,
SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY
|
SLAP_OC_OPERATIONAL
|
SLAP_OC_HIDE
,
offsetof
(
struct
slap_internal_schema
,
si_oc_collectiveAttributeSubentry
)
},
{
"dynamicObject"
,
"( 1.3.6.1.4.1.1466.101.119.2 "
"NAME 'dynamicObject' "
...
...
@@ -307,14 +310,14 @@ static struct slap_schema_ad_map {
"EQUALITY octetStringMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} "
"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )"
,
NULL
,
0
,
NULL
,
NULL
,
NULL
,
NULL
,
SLAP_AT_HIDE
,
NULL
,
NULL
,
NULL
,
offsetof
(
struct
slap_internal_schema
,
si_ad_entryUUID
)
},
{
"entryCSN"
,
"( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' "
"DESC 'LCUP/LDUP: change sequence number' "
"EQUALITY octetStringMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} "
"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )"
,
NULL
,
0
,
NULL
,
NULL
,
NULL
,
NULL
,
SLAP_AT_HIDE
,
NULL
,
NULL
,
NULL
,
offsetof
(
struct
slap_internal_schema
,
si_ad_entryCSN
)
},
/* root DSE attributes */
...
...
@@ -715,7 +718,7 @@ slap_schema_load( void )
return
LDAP_OTHER
;
}
code
=
oc_add
(
oc
,
&
err
);
code
=
oc_add
(
oc
,
0
,
&
err
);
if
(
code
)
{
fprintf
(
stderr
,
"slap_schema_load: "
"%s: %s:
\"
%s
\"\n
"
,
...
...
servers/slapd/schemaparse.c
View file @
bdad40c6
...
...
@@ -26,6 +26,7 @@ static char *const err2text[SLAP_SCHERR_LAST+1] = {
"Out of memory"
,
"ObjectClass not found"
,
"ObjectClass inappropriate SUPerior"
,
"ObjectClass operational"
,
"AttributeType not found"
,
"AttributeType inappropriate USAGE"
,
"Duplicate objectClass"
,
...
...
@@ -118,7 +119,7 @@ parse_oc(
return
1
;
}
code
=
oc_add
(
oc
,
&
err
);
code
=
oc_add
(
oc
,
1
,
&
err
);
if
(
code
)
{
fprintf
(
stderr
,
"%s: line %d: %s:
\"
%s
\"\n
"
,
fname
,
lineno
,
scherr2str
(
code
),
err
);
...
...
servers/slapd/slap.h
View file @
bdad40c6
...
...
@@ -221,20 +221,21 @@ typedef struct slap_ssf_set {
#define SLAP_SCHERR_OUTOFMEM 1
#define SLAP_SCHERR_CLASS_NOT_FOUND 2
#define SLAP_SCHERR_CLASS_BAD_USAGE 3
#define SLAP_SCHERR_ATTR_NOT_FOUND 4
#define SLAP_SCHERR_ATTR_BAD_USAGE 5
#define SLAP_SCHERR_DUP_CLASS 6
#define SLAP_SCHERR_DUP_ATTR 7
#define SLAP_SCHERR_DUP_SYNTAX 8
#define SLAP_SCHERR_DUP_RULE 9
#define SLAP_SCHERR_NO_NAME 10
#define SLAP_SCHERR_ATTR_INCOMPLETE 11
#define SLAP_SCHERR_MR_NOT_FOUND 12
#define SLAP_SCHERR_SYN_NOT_FOUND 13
#define SLAP_SCHERR_MR_INCOMPLETE 14
#define SLAP_SCHERR_NOT_SUPPORTED 15
#define SLAP_SCHERR_BAD_DESCR 16
#define SLAP_SCHERR_OIDM 17
#define SLAP_SCHERR_CLASS_OPERATIONAL 4
#define SLAP_SCHERR_ATTR_NOT_FOUND 5
#define SLAP_SCHERR_ATTR_BAD_USAGE 6
#define SLAP_SCHERR_DUP_CLASS 7
#define SLAP_SCHERR_DUP_ATTR 8
#define SLAP_SCHERR_DUP_SYNTAX 9
#define SLAP_SCHERR_DUP_RULE 10
#define SLAP_SCHERR_NO_NAME 11
#define SLAP_SCHERR_ATTR_INCOMPLETE 12
#define SLAP_SCHERR_MR_NOT_FOUND 13
#define SLAP_SCHERR_SYN_NOT_FOUND 14
#define SLAP_SCHERR_MR_INCOMPLETE 15
#define SLAP_SCHERR_NOT_SUPPORTED 16
#define SLAP_SCHERR_BAD_DESCR 17
#define SLAP_SCHERR_OIDM 18
#define SLAP_SCHERR_LAST SLAP_SCHERR_OIDM
typedef
union
slap_sockaddr
{
...
...
@@ -492,14 +493,15 @@ typedef struct slap_object_class {
struct
slap_object_class
*
soc_next
;
}
ObjectClass
;
#define SLAP_OC_ALIAS 0x01
#define SLAP_OC_REFERRAL 0x02
#define SLAP_OC_SUBENTRY 0x04
#define SLAP_OC_DYNAMICOBJECT 0x08
#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x10
#define SLAP_OC__MASK 0x1F
#define SLAP_OC__END 0x20
#define SLAP_OC_HIDE 0x80
#define SLAP_OC_ALIAS 0x0001
#define SLAP_OC_REFERRAL 0x0002
#define SLAP_OC_SUBENTRY 0x0004
#define SLAP_OC_DYNAMICOBJECT 0x0008
#define SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY 0x0010
#define SLAP_OC__MASK 0x001F
#define SLAP_OC__END 0x0020
#define SLAP_OC_OPERATIONAL 0x4000
#define SLAP_OC_HIDE 0x8000
#ifdef LDAP_EXTENDED_SCHEMA
/*
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment