--- servers/slapd/schema_check.c 2011/01/04 23:50:23 1.103.2.13 +++ servers/slapd/schema_check.c 2006/11/27 18:59:59 1.104 @@ -1,8 +1,8 @@ /* schema_check.c - routines to enforce schema definitions */ -/* $OpenLDAP: pkg/ldap/servers/slapd/schema_check.c,v 1.103.2.12 2010/04/13 20:23:19 kurt Exp $ */ +/* $OpenLDAP: pkg/ldap/servers/slapd/schema_check.c,v 1.103 2006/01/03 22:12:15 kurt Exp $ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2011 The OpenLDAP Foundation. + * Copyright 1998-2006 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -32,7 +32,6 @@ static char * oc_check_required( static int entry_naming_check( Entry *e, int manage, - int add_naming, const char** text, char *textbuf, size_t textlen ); /* @@ -48,8 +47,7 @@ entry_schema_check( Entry *e, Attribute *oldattrs, int manage, - int add, - Attribute **socp, + int add_soc, const char** text, char *textbuf, size_t textlen ) { @@ -137,7 +135,7 @@ entry_schema_check( assert( aoc->a_vals[0].bv_val != NULL ); /* check the structural object class attribute */ - if ( asc == NULL && !add ) { + if ( asc == NULL && !add_soc ) { Debug( LDAP_DEBUG_ANY, "No structuralObjectClass for entry (%s)\n", e->e_dn, 0, 0 ); @@ -152,7 +150,7 @@ entry_schema_check( return rc; } - if ( asc == NULL && add ) { + if ( asc == NULL && add_soc ) { attr_merge_one( e, ad_structuralObjectClass, &oc->soc_cname, NULL ); asc = attr_find( e->e_attrs, ad_structuralObjectClass ); sc = oc; @@ -173,8 +171,7 @@ entry_schema_check( "entry_check_schema(%s): %s\n", e->e_dn, textbuf, 0 ); - rc = LDAP_OBJECT_CLASS_VIOLATION; - goto done; + return LDAP_OBJECT_CLASS_VIOLATION; } if( sc->soc_kind != LDAP_SCHEMA_STRUCTURAL ) { @@ -186,8 +183,7 @@ entry_schema_check( "entry_check_schema(%s): %s\n", e->e_dn, textbuf, 0 ); - rc = LDAP_OTHER; - goto done; + return LDAP_OTHER; } got_soc: @@ -200,8 +196,7 @@ got_soc: "entry_check_schema(%s): %s\n", e->e_dn, textbuf, 0 ); - rc = LDAP_OBJECT_CLASS_VIOLATION; - goto done; + return LDAP_OBJECT_CLASS_VIOLATION; } *text = textbuf; @@ -211,37 +206,24 @@ got_soc: "unrecognized objectClass '%s'", aoc->a_vals[0].bv_val ); rc = LDAP_OBJECT_CLASS_VIOLATION; - goto done; - - } else if ( sc != oc ) { - if ( !manage && sc != slap_schema.si_oc_glue ) { - snprintf( textbuf, textlen, - "structural object class modification " - "from '%s' to '%s' not allowed", - asc->a_vals[0].bv_val, oc->soc_cname.bv_val ); - rc = LDAP_NO_OBJECT_CLASS_MODS; - goto done; - } - - assert( asc->a_vals != NULL ); - assert( !BER_BVISNULL( &asc->a_vals[0] ) ); - assert( BER_BVISNULL( &asc->a_vals[1] ) ); - assert( asc->a_nvals == asc->a_vals ); + goto leave; - /* draft-zeilenga-ldap-relax: automatically modify - * structuralObjectClass if changed with relax */ + } else if ( sc != slap_schema.si_oc_glue && sc != oc ) { + snprintf( textbuf, textlen, + "structural object class modification " + "from '%s' to '%s' not allowed", + asc->a_vals[0].bv_val, oc->soc_cname.bv_val ); + rc = LDAP_NO_OBJECT_CLASS_MODS; + goto leave; + } else if ( sc == slap_schema.si_oc_glue ) { sc = oc; - ber_bvreplace( &asc->a_vals[ 0 ], &sc->soc_cname ); - if ( socp ) { - *socp = asc; - } } /* naming check */ if ( !is_entry_glue ( e ) ) { - rc = entry_naming_check( e, manage, add, text, textbuf, textlen ); + rc = entry_naming_check( e, manage, text, textbuf, textlen ); if( rc != LDAP_SUCCESS ) { - goto done; + goto leave; } } else { /* Glue Entry */ @@ -265,7 +247,7 @@ got_soc: e->e_dn, textbuf, 0 ); rc = LDAP_OBJECT_CLASS_VIOLATION; - goto done; + goto leave; } if( cr->scr_required ) for( i=0; cr->scr_required[i]; i++ ) { @@ -289,7 +271,7 @@ got_soc: e->e_dn, textbuf, 0 ); rc = LDAP_OBJECT_CLASS_VIOLATION; - goto done; + goto leave; } } @@ -314,7 +296,7 @@ got_soc: e->e_dn, textbuf, 0 ); rc = LDAP_OBJECT_CLASS_VIOLATION; - goto done; + goto leave; } } } @@ -333,14 +315,14 @@ got_soc: e->e_dn, textbuf, 0 ); rc = LDAP_OBJECT_CLASS_VIOLATION; - goto done; + goto leave; } if ( oc->soc_check ) { rc = (oc->soc_check)( op->o_bd, e, oc, text, textbuf, textlen ); if( rc != LDAP_SUCCESS ) { - goto done; + goto leave; } } @@ -370,8 +352,8 @@ got_soc: } } - if( xc != NULL ) { - snprintf( textbuf, textlen, "instantiation of " + if( xc == NULL ) { + snprintf( textbuf, textlen, "instanstantiation of " "abstract objectClass '%s' not allowed", aoc->a_vals[i].bv_val ); @@ -380,7 +362,7 @@ got_soc: e->e_dn, textbuf, 0 ); rc = LDAP_OBJECT_CLASS_VIOLATION; - goto done; + goto leave; } } @@ -402,28 +384,24 @@ got_soc: } } } - if ( k ) { - snprintf( textbuf, textlen, - "class '%s' not allowed by content rule '%s'", - oc->soc_cname.bv_val, - ldap_contentrule2name( &cr->scr_crule ) ); - } } else if ( global_disallows & SLAP_DISALLOW_AUX_WO_CR ) { k = -1; - snprintf( textbuf, textlen, - "class '%s' not allowed by any content rule", - oc->soc_cname.bv_val ); } else { k = 0; } if( k == -1 ) { + snprintf( textbuf, textlen, + "content rule '%s' does not allow class '%s'", + ldap_contentrule2name( &cr->scr_crule ), + oc->soc_cname.bv_val ); + Debug( LDAP_DEBUG_ANY, "Entry (%s): %s\n", e->e_dn, textbuf, 0 ); rc = LDAP_OBJECT_CLASS_VIOLATION; - goto done; + goto leave; } } @@ -438,7 +416,7 @@ got_soc: e->e_dn, textbuf, 0 ); rc = LDAP_OBJECT_CLASS_VIOLATION; - goto done; + goto leave; } if( oc == slap_schema.si_oc_extensibleObject ) { @@ -450,7 +428,7 @@ got_soc: if( extensible ) { *text = NULL; rc = LDAP_SUCCESS; - goto done; + goto leave; } /* check that each attr in the entry is allowed by some oc */ @@ -491,12 +469,12 @@ got_soc: "Entry (%s), %s\n", e->e_dn, textbuf, 0 ); - goto done; + goto leave; } } *text = NULL; -done: +leave: slap_sl_free( socs, op->o_tmpmemctx ); return rc; } @@ -587,10 +565,6 @@ int oc_check_allowed( for ( i = 0; socs[i]; i++ ) { /* if we know about the oc */ ObjectClass *oc = socs[i]; - /* extensibleObject allows all */ - if ( oc == slap_schema.si_oc_extensibleObject ) { - return LDAP_SUCCESS; - } if ( oc != NULL && oc->soc_kind != LDAP_SCHEMA_ABSTRACT && ( sc == NULL || oc->soc_kind == LDAP_SCHEMA_AUXILIARY )) { @@ -777,7 +751,6 @@ static int entry_naming_check( Entry *e, int manage, - int add_naming, const char** text, char *textbuf, size_t textlen ) { @@ -797,7 +770,7 @@ entry_naming_check( if ( ldap_bv2rdn( &e->e_name, &rdn, (char **)&p, LDAP_DN_FORMAT_LDAP ) ) { - *text = "unrecognized attribute type(s) in RDN"; + *text = "unrecongized attribute type(s) in RDN"; return LDAP_INVALID_DN_SYNTAX; } @@ -808,7 +781,6 @@ entry_naming_check( AttributeDescription *desc = NULL; Attribute *attr; const char *errtext; - int add = 0; if( ava->la_flags & LDAP_AVA_BINARY ) { snprintf( textbuf, textlen, @@ -869,64 +841,37 @@ entry_naming_check( snprintf( textbuf, textlen, "naming attribute '%s' is not present in entry", ava->la_attr.bv_val ); - if ( add_naming ) { - add = 1; - - } else { - rc = LDAP_NAMING_VIOLATION; - } - - } else { - rc = attr_valfind( attr, SLAP_MR_VALUE_OF_ASSERTION_SYNTAX| - SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH, - &ava->la_value, NULL, NULL ); - - if ( rc != 0 ) { - switch( rc ) { - case LDAP_INAPPROPRIATE_MATCHING: - snprintf( textbuf, textlen, - "inappropriate matching for naming attribute '%s'", - ava->la_attr.bv_val ); - break; - case LDAP_INVALID_SYNTAX: - snprintf( textbuf, textlen, - "value of naming attribute '%s' is invalid", - ava->la_attr.bv_val ); - break; - case LDAP_NO_SUCH_ATTRIBUTE: - if ( add_naming ) { - if ( is_at_single_value( desc->ad_type ) ) { - snprintf( textbuf, textlen, - "value of single-valued naming attribute '%s' conflicts with value present in entry", - ava->la_attr.bv_val ); - - } else { - add = 1; - rc = LDAP_SUCCESS; - } - - } else { - snprintf( textbuf, textlen, - "value of naming attribute '%s' is not present in entry", - ava->la_attr.bv_val ); - } - break; - default: - snprintf( textbuf, textlen, - "naming attribute '%s' is inappropriate", - ava->la_attr.bv_val ); - } - - if ( !add ) { - rc = LDAP_NAMING_VIOLATION; - } - } + rc = LDAP_NAMING_VIOLATION; + break; } - if ( add ) { - attr_merge_normalize_one( e, desc, &ava->la_value, NULL ); - - } else if ( rc != LDAP_SUCCESS ) { + rc = value_find_ex( desc, SLAP_MR_VALUE_OF_ASSERTION_SYNTAX| + SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH, + attr->a_nvals, &ava->la_value, NULL ); + + if( rc != 0 ) { + switch( rc ) { + case LDAP_INAPPROPRIATE_MATCHING: + snprintf( textbuf, textlen, + "inappropriate matching for naming attribute '%s'", + ava->la_attr.bv_val ); + break; + case LDAP_INVALID_SYNTAX: + snprintf( textbuf, textlen, + "value of naming attribute '%s' is invalid", + ava->la_attr.bv_val ); + break; + case LDAP_NO_SUCH_ATTRIBUTE: + snprintf( textbuf, textlen, + "value of naming attribute '%s' is not present in entry", + ava->la_attr.bv_val ); + break; + default: + snprintf( textbuf, textlen, + "naming attribute '%s' is inappropriate", + ava->la_attr.bv_val ); + } + rc = LDAP_NAMING_VIOLATION; break; } }