allow attribute inheritance with syntax restriction (please review)

servers/slapd/aci.c

@@ -676,6 +676,7 @@ aci_init( void )
 	static slap_syntax_defs_rec aci_syntax_def = {
 		"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
 			SLAP_SYNTAX_HIDE,
+			NULL,
 			OpenLDAPaciValidate,
 			OpenLDAPaciPretty
 	};

servers/slapd/at.c

@@ -754,9 +754,16 @@ at_add(
 			goto error_return;
 		}
 
-		if( sat->sat_syntax != NULL && sat->sat_syntax != syn ) {
-			code = SLAP_SCHERR_ATTR_BAD_SUP;
-			goto error_return;
+		if ( sat->sat_syntax != NULL && sat->sat_syntax != syn ) {
+			Syntax *supsyn = syn->ssyn_sup;
+
+			for ( ; supsyn && supsyn != sat->sat_syntax; 
+				supsyn = supsyn->ssyn_sup )
+				;
+			if ( supsyn == NULL ) {
+				code = SLAP_SCHERR_ATTR_BAD_SUP;
+				goto error_return;
+			}
 		}
 
 		sat->sat_syntax = syn;

servers/slapd/schema/core.schema

@@ -92,9 +92,18 @@ attributetype ( 2.5.4.5 NAME 'serialNumber'
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
 
-attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+# RFC 4519 definition (cannot be loaded because SYNTAX conflicts
+# with that of name).
+#
+attributetype ( 2.5.4.6 NAME 'c'
 	DESC 'RFC2256: ISO-3166 country 2-letter code'
-	SUP name SINGLE-VALUE )
+	SUP name
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
+	SINGLE-VALUE )
+
+#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+#	DESC 'RFC2256: ISO-3166 country 2-letter code'
+#	SUP name SINGLE-VALUE )
 
 attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
 	DESC 'RFC2256: locality which this object resides in'

servers/slapd/schema_init.c

@@ -4012,176 +4012,187 @@ firstComponentNormalize(
 static slap_syntax_defs_rec syntax_defs[] = {
 	{"( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item' "
 		X_BINARY X_NOT_H_R ")",
-		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, NULL},
+		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point' " X_NOT_H_R ")",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Description' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' "
 		X_NOT_H_R ")",
-		SLAP_SYNTAX_BLOB, blobValidate, NULL},
+		SLAP_SYNTAX_BLOB, NULL, blobValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' "
 		X_NOT_H_R ")",
-		SLAP_SYNTAX_BER, berValidate, NULL},
+		SLAP_SYNTAX_BER, NULL, berValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )",
-		0, bitStringValidate, NULL },
+		0, NULL, bitStringValidate, NULL },
 	{"( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )",
-		0, booleanValidate, NULL},
+		0, NULL, booleanValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' "
 		X_BINARY X_NOT_H_R ")",
-		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, certificateValidate, NULL},
+		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER,
+		NULL, certificateValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' "
 		X_BINARY X_NOT_H_R ")",
-		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, sequenceValidate, NULL},
+		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER,
+		NULL, sequenceValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' "
 		X_BINARY X_NOT_H_R ")",
-		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, sequenceValidate, NULL},
+		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER,
+		NULL, sequenceValidate, NULL},
+#if 0	/* need to go __after__ printableString */
 	{"( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )",
-		0, countryStringValidate, NULL},
+		0, "1.3.6.1.4.1.1466.115.121.1.44",
+		countryStringValidate, NULL},
+#endif
 	{"( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' )",
-		0, dnValidate, dnPretty},
+		0, NULL, dnValidate, dnPretty},
 	{"( 1.2.36.79672281.1.5.0 DESC 'RDN' )",
-		0, rdnValidate, rdnPretty},
+		0, NULL, rdnValidate, rdnPretty},
 #ifdef LDAP_COMP_MATCH
 	{"( 1.2.36.79672281.1.5.3 DESC 'allComponents' )",
-		0, allComponentsValidate, NULL},
+		0, NULL, allComponentsValidate, NULL},
  	{"( 1.2.36.79672281.1.5.2 DESC 'componentFilterMatch assertion') ",
-		0, componentFilterValidate, NULL},
+		0, NULL, componentFilterValidate, NULL},
 #endif
 	{"( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )",
-		0, deliveryMethodValidate, NULL},
+		0, NULL, deliveryMethodValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )",
-		0, UTF8StringValidate, NULL},
+		0, NULL, UTF8StringValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule Description' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DIT Structure Rule Description' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.19 DESC 'DSA Quality' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.20 DESC 'DSE Type' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' )",
-		0, printablesStringValidate, NULL},
+		0, NULL, printablesStringValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' " X_NOT_H_R ")",
-		SLAP_SYNTAX_BLOB, NULL, NULL},
+		SLAP_SYNTAX_BLOB, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )",
-		0, generalizedTimeValidate, NULL},
+		0, NULL, generalizedTimeValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )",
-		0, IA5StringValidate, NULL},
+		0, NULL, IA5StringValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )",
-		0, integerValidate, NULL},
+		0, NULL, integerValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' " X_NOT_H_R ")",
-		SLAP_SYNTAX_BLOB, blobValidate, NULL},
+		SLAP_SYNTAX_BLOB, NULL, blobValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.29 DESC 'Master And Shadow Access Points' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule Description' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'Matching Rule Use Description' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'Mail Preference' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.33 DESC 'MHS OR Address' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )",
-		0, nameUIDValidate, nameUIDPretty },
+		0, NULL, nameUIDValidate, nameUIDPretty },
 	{"( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )",
-		0, numericStringValidate, NULL},
+		0, NULL, numericStringValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class Description' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )",
-		0, numericoidValidate, NULL},
+		0, NULL, numericoidValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )",
-		0, IA5StringValidate, NULL},
+		0, NULL, IA5StringValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )",
-		0, blobValidate, NULL},
+		0, NULL, blobValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )",
-		0, UTF8StringValidate, NULL},
+		0, NULL, UTF8StringValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation Address' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )",
-		0, printableStringValidate, NULL},
+		0, "1.3.6.1.4.1.1466.115.121.1.15",
+		printableStringValidate, NULL},
+	/* moved here because now depends on printable string */
+	{"( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )",
+		0, "1.3.6.1.4.1.1466.115.121.1.44",
+		countryStringValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' )",
 #define subtreeSpecificationValidate UTF8StringValidate /* FIXME */
-		0, subtreeSpecificationValidate, NULL},
+		0, NULL, subtreeSpecificationValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' "
 		X_BINARY X_NOT_H_R ")",
-		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, berValidate, NULL},
+		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER, NULL, berValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )",
-		0, printableStringValidate, NULL},
+		0, NULL, printableStringValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )",
-		0, printablesStringValidate, NULL},
+		0, NULL, printablesStringValidate, NULL},
 #ifdef SUPPORT_OBSOLETE_UTC_SYNTAX
 	{"( 1.3.6.1.4.1.1466.115.121.1.53 DESC 'UTC Time' )",
-		0, utcTimeValidate, NULL},
+		0, NULL, utcTimeValidate, NULL},
 #endif
 	{"( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax Description' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.55 DESC 'Modify Rights' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.56 DESC 'LDAP Schema Definition' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.57 DESC 'LDAP Schema Description' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring Assertion' )",
-		0, NULL, NULL},
+		0, NULL, NULL, NULL},
 
 	/* RFC 2307 NIS Syntaxes */
 	{"( 1.3.6.1.1.1.0.0  DESC 'RFC2307 NIS Netgroup Triple' )",
-		0, nisNetgroupTripleValidate, NULL},
+		0, NULL, nisNetgroupTripleValidate, NULL},
 	{"( 1.3.6.1.1.1.0.1  DESC 'RFC2307 Boot Parameter' )",
-		0, bootParameterValidate, NULL},
+		0, NULL, bootParameterValidate, NULL},
 
 	/* draft-zeilenga-ldap-x509 */
 	{"( 1.3.6.1.1.15.1 DESC 'Certificate Exact Assertion' )",
-		SLAP_SYNTAX_HIDE,
+		SLAP_SYNTAX_HIDE, NULL,
 		serialNumberAndIssuerValidate,
 		serialNumberAndIssuerPretty},
 	{"( 1.3.6.1.1.15.2 DESC 'Certificate Assertion' )",
-		SLAP_SYNTAX_HIDE, NULL, NULL},
+		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 	{"( 1.3.6.1.1.15.3 DESC 'Certificate Pair Exact Assertion' )",
-		SLAP_SYNTAX_HIDE, NULL, NULL},
+		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 	{"( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' )",
-		SLAP_SYNTAX_HIDE, NULL, NULL},
+		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 	{"( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' )",
-		SLAP_SYNTAX_HIDE, NULL, NULL},
+		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 	{"( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' )",
-		SLAP_SYNTAX_HIDE, NULL, NULL},
+		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 	{"( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' )",
-		SLAP_SYNTAX_HIDE, NULL, NULL},
+		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 
 #ifdef SLAPD_AUTHPASSWD
 	/* needs updating */
 	{"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP authPassword' )",
-		SLAP_SYNTAX_HIDE, NULL, NULL},
+		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 #endif
 
 	{"( 1.3.6.1.1.16.1 DESC 'UUID' )",
-		0, UUIDValidate, UUIDPretty},
+		0, NULL, UUIDValidate, UUIDPretty},
 
 	{"( 1.3.6.1.4.1.4203.666.11.2.1 DESC 'CSN' )",
-		SLAP_SYNTAX_HIDE, csnValidate, NULL},
+		SLAP_SYNTAX_HIDE, NULL, csnValidate, NULL},
 
 	/* OpenLDAP Void Syntax */
 	{"( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )" ,
-		SLAP_SYNTAX_HIDE, inValidate, NULL},
+		SLAP_SYNTAX_HIDE, NULL, inValidate, NULL},
 
 	/* FIXME: OID is unused, but not registered yet */
 	{"( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )",
-		SLAP_SYNTAX_HIDE, authzValidate, authzPretty},
+		SLAP_SYNTAX_HIDE, NULL, authzValidate, authzPretty},
 
-	{NULL, 0, NULL, NULL}
+	{NULL, 0, NULL, NULL, NULL}
 };
 
 char *certificateExactMatchSyntaxes[] = {

servers/slapd/schemaparse.c

@@ -49,6 +49,7 @@ static char *const err2text[] = {
 	"Duplicate matchingRule",
 	"Syntax not found",
 	"Duplicate ldapSyntax",
+	"Superior syntax not found",
 	"OID or name required",
 	"Qualifier not supported",
 	"Invalid NAME",

servers/slapd/slap.h

@@ -268,7 +268,7 @@ typedef struct slap_ssf_set {
 #define SLAP_SYNTAX_ATTRIBUTETYPES_OID	 "1.3.6.1.4.1.1466.115.121.1.3"
 #define SLAP_SYNTAX_OBJECTCLASSES_OID	 "1.3.6.1.4.1.1466.115.121.1.37"
 #define SLAP_SYNTAX_MATCHINGRULEUSES_OID "1.3.6.1.4.1.1466.115.121.1.31"
-#define SLAP_SYNTAX_CONTENTRULE_OID		 "1.3.6.1.4.1.1466.115.121.1.16"
+#define SLAP_SYNTAX_CONTENTRULE_OID	 "1.3.6.1.4.1.1466.115.121.1.16"
 
 /*
  * represents schema information for a database
@@ -292,6 +292,7 @@ enum {
 	SLAP_SCHERR_MR_DUP,
 	SLAP_SCHERR_SYN_NOT_FOUND,
 	SLAP_SCHERR_SYN_DUP,
+	SLAP_SCHERR_SYN_SUP_NOT_FOUND,
 	SLAP_SCHERR_NO_NAME,
 	SLAP_SCHERR_NOT_SUPPORTED,
 	SLAP_SCHERR_BAD_DESCR,
@@ -408,6 +409,8 @@ struct Syntax {
 #define SLAP_SYNTAX_HIDE	0x8000U /* hide (do not publish) */
 #endif
 
+	Syntax				*ssyn_sup;
+
 	slap_syntax_validate_func	*ssyn_validate;
 	slap_syntax_transform_func	*ssyn_pretty;
 
@@ -433,6 +436,7 @@ struct Syntax {
 typedef struct slap_syntax_defs_rec {
 	char *sd_desc;
 	int sd_flags;
+	char *sd_sup;
 	slap_syntax_validate_func *sd_validate;
 	slap_syntax_transform_func *sd_pretty;
 #ifdef SLAPD_BINARY_CONVERSION

servers/slapd/syntax.c

@@ -129,7 +129,7 @@ syn_add(
 )
 {
 	Syntax		*ssyn;
-	int		code;
+	int		code = 0;
 
 	ssyn = (Syntax *) SLAP_CALLOC( 1, sizeof(Syntax) );
 	if( ssyn == NULL ) {
@@ -156,7 +156,18 @@ syn_add(
 	ssyn->ssyn_str2ber = def->sd_str2ber;
 #endif
 
-	code = syn_insert(ssyn, err);
+	if ( def->sd_sup != NULL ) {
+		ssyn->ssyn_sup = syn_find( def->sd_sup );
+		if ( ssyn->ssyn_sup == NULL ) {
+			*err = def->sd_sup;
+			code = SLAP_SCHERR_SYN_SUP_NOT_FOUND;
+		}
+	}
+
+	if ( code == 0 ) {
+		code = syn_insert(ssyn, err);
+	}
+
 	return code;
 }