diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 11:11:40 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 11:11:40 +0000 |
commit | 7731832751ab9f3c6ddeb66f186d3d7fa1934a6d (patch) | |
tree | e91015872543a59be2aad26c2fea02e41b57005d /servers/slapd/schema_prep.c | |
parent | Initial commit. (diff) | |
download | openldap-7731832751ab9f3c6ddeb66f186d3d7fa1934a6d.tar.xz openldap-7731832751ab9f3c6ddeb66f186d3d7fa1934a6d.zip |
Adding upstream version 2.4.57+dfsg.upstream/2.4.57+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | servers/slapd/schema_prep.c | 1614 |
1 files changed, 1614 insertions, 0 deletions
diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c new file mode 100644 index 0000000..72a5ddf --- /dev/null +++ b/servers/slapd/schema_prep.c @@ -0,0 +1,1614 @@ +/* schema_prep.c - load builtin schema */ +/* $OpenLDAP$ */ +/* This work is part of OpenLDAP Software <http://www.openldap.org/>. + * + * Copyright 1998-2021 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * <http://www.OpenLDAP.org/license.html>. + */ + +#include "portable.h" + +#include <stdio.h> + +#include <ac/ctype.h> +#include <ac/string.h> +#include <ac/socket.h> + +#include "slap.h" + +#define OCDEBUG 0 + +int schema_init_done = 0; + +struct slap_internal_schema slap_schema; + +static int +oidValidate( + Syntax *syntax, + struct berval *in ) +{ + struct berval val = *in; + + if( val.bv_len == 0 ) { + /* disallow empty strings */ + return LDAP_INVALID_SYNTAX; + } + + if( DESC_LEADCHAR( val.bv_val[0] ) ) { + val.bv_val++; + val.bv_len--; + if ( val.bv_len == 0 ) return LDAP_SUCCESS; + + while( DESC_CHAR( val.bv_val[0] ) ) { + val.bv_val++; + val.bv_len--; + + if ( val.bv_len == 0 ) return LDAP_SUCCESS; + } + + } else { + int sep = 0; + while( OID_LEADCHAR( val.bv_val[0] ) ) { + val.bv_val++; + val.bv_len--; + + if ( val.bv_val[-1] != '0' ) { + while ( OID_LEADCHAR( val.bv_val[0] )) { + val.bv_val++; + val.bv_len--; + } + } + + if( val.bv_len == 0 ) { + if( sep == 0 ) break; + return LDAP_SUCCESS; + } + + if( !OID_SEPARATOR( val.bv_val[0] )) break; + + sep++; + val.bv_val++; + val.bv_len--; + } + } + + return LDAP_INVALID_SYNTAX; +} + + +static int objectClassPretty( + Syntax *syntax, + struct berval *in, + struct berval *out, + void *ctx ) +{ + ObjectClass *oc; + + if( oidValidate( NULL, in )) return LDAP_INVALID_SYNTAX; + + oc = oc_bvfind( in ); + if( oc == NULL ) return LDAP_INVALID_SYNTAX; + + ber_dupbv_x( out, &oc->soc_cname, ctx ); + return LDAP_SUCCESS; +} + +static int +attributeTypeMatch( + int *matchp, + slap_mask_t flags, + Syntax *syntax, + MatchingRule *mr, + struct berval *value, + void *assertedValue ) +{ + struct berval *a = (struct berval *) assertedValue; + AttributeType *at = at_bvfind( value ); + AttributeType *asserted = at_bvfind( a ); + + if( asserted == NULL ) { + if( OID_LEADCHAR( *a->bv_val ) ) { + /* OID form, return FALSE */ + *matchp = 1; + return LDAP_SUCCESS; + } + + /* desc form, return undefined */ + return LDAP_INVALID_SYNTAX; + } + + if ( at == NULL ) { + /* unrecognized stored value */ + return LDAP_INVALID_SYNTAX; + } + + *matchp = ( asserted != at ); + return LDAP_SUCCESS; +} + +static int +matchingRuleMatch( + int *matchp, + slap_mask_t flags, + Syntax *syntax, + MatchingRule *mr, + struct berval *value, + void *assertedValue ) +{ + struct berval *a = (struct berval *) assertedValue; + MatchingRule *mrv = mr_bvfind( value ); + MatchingRule *asserted = mr_bvfind( a ); + + if( asserted == NULL ) { + if( OID_LEADCHAR( *a->bv_val ) ) { + /* OID form, return FALSE */ + *matchp = 1; + return LDAP_SUCCESS; + } + + /* desc form, return undefined */ + return LDAP_INVALID_SYNTAX; + } + + if ( mrv == NULL ) { + /* unrecognized stored value */ + return LDAP_INVALID_SYNTAX; + } + + *matchp = ( asserted != mrv ); + return LDAP_SUCCESS; +} + +static int +objectClassMatch( + int *matchp, + slap_mask_t flags, + Syntax *syntax, + MatchingRule *mr, + struct berval *value, + void *assertedValue ) +{ + struct berval *a = (struct berval *) assertedValue; + ObjectClass *oc = oc_bvfind( value ); + ObjectClass *asserted = oc_bvfind( a ); + + if( asserted == NULL ) { + if( OID_LEADCHAR( *a->bv_val ) ) { + /* OID form, return FALSE */ + *matchp = 1; + return LDAP_SUCCESS; + } + + /* desc form, return undefined */ + return LDAP_INVALID_SYNTAX; + } + + if ( oc == NULL ) { + /* unrecognized stored value */ + return LDAP_INVALID_SYNTAX; + } + + *matchp = ( asserted != oc ); + return LDAP_SUCCESS; +} + +static int +objectSubClassMatch( + int *matchp, + slap_mask_t flags, + Syntax *syntax, + MatchingRule *mr, + struct berval *value, + void *assertedValue ) +{ + struct berval *a = (struct berval *) assertedValue; + ObjectClass *oc = oc_bvfind( value ); + ObjectClass *asserted = oc_bvfind( a ); + + if( asserted == NULL ) { + if( OID_LEADCHAR( *a->bv_val ) ) { + /* OID form, return FALSE */ + *matchp = 1; + return LDAP_SUCCESS; + } + + /* desc form, return undefined */ + return LDAP_INVALID_SYNTAX; + } + + if ( oc == NULL ) { + /* unrecognized stored value */ + return LDAP_INVALID_SYNTAX; + } + + if( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX( flags ) ) { + *matchp = ( asserted != oc ); + } else { + *matchp = !is_object_subclass( asserted, oc ); + } + + return LDAP_SUCCESS; +} + +static int objectSubClassIndexer( + slap_mask_t use, + slap_mask_t mask, + Syntax *syntax, + MatchingRule *mr, + struct berval *prefix, + BerVarray values, + BerVarray *keysp, + void *ctx ) +{ + int rc, noc, i; + BerVarray ocvalues; + ObjectClass **socs; + + for( noc=0; values[noc].bv_val != NULL; noc++ ) { + /* just count em */; + } + + /* over allocate */ + socs = slap_sl_malloc( (noc+16) * sizeof( ObjectClass * ), ctx ); + + /* initialize */ + for( i=0; i<noc; i++ ) { + socs[i] = oc_bvfind( &values[i] ); + } + + /* expand values */ + for( i=0; i<noc; i++ ) { + int j; + ObjectClass *oc = socs[i]; + if( oc == NULL || oc->soc_sups == NULL ) continue; + + for( j=0; oc->soc_sups[j] != NULL; j++ ) { + int found = 0; + ObjectClass *sup = oc->soc_sups[j]; + int k; + + for( k=0; k<noc; k++ ) { + if( sup == socs[k] ) { + found++; + break; + } + } + + if( !found ) { + socs = slap_sl_realloc( socs, + sizeof( ObjectClass * ) * (noc+2), ctx ); + + assert( k == noc ); + socs[noc++] = sup; + } + } + } + + ocvalues = slap_sl_malloc( sizeof( struct berval ) * (noc+1), ctx ); + /* copy values */ + for( i=0; i<noc; i++ ) { + if ( socs[i] ) + ocvalues[i] = socs[i]->soc_cname; + else + ocvalues[i] = values[i]; + } + BER_BVZERO( &ocvalues[i] ); + + rc = octetStringIndexer( use, mask, syntax, mr, + prefix, ocvalues, keysp, ctx ); + + slap_sl_free( ocvalues, ctx ); + slap_sl_free( socs, ctx ); + return rc; +} + +#define objectSubClassFilter octetStringFilter + +static ObjectClassSchemaCheckFN rootDseObjectClass; +static ObjectClassSchemaCheckFN aliasObjectClass; +static ObjectClassSchemaCheckFN referralObjectClass; +static ObjectClassSchemaCheckFN subentryObjectClass; +#ifdef LDAP_DYNAMIC_OBJECTS +static ObjectClassSchemaCheckFN dynamicObjectClass; +#endif + +static struct slap_schema_oc_map { + char *ssom_name; + char *ssom_defn; + ObjectClassSchemaCheckFN *ssom_check; + slap_mask_t ssom_flags; + size_t ssom_offset; +} oc_map[] = { + { "top", "( 2.5.6.0 NAME 'top' " + "DESC 'top of the superclass chain' " + "ABSTRACT MUST objectClass )", + 0, 0, offsetof(struct slap_internal_schema, si_oc_top) }, + { "extensibleObject", "( 1.3.6.1.4.1.1466.101.120.111 " + "NAME 'extensibleObject' " + "DESC 'RFC4512: extensible object' " + "SUP top AUXILIARY )", + 0, SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_extensibleObject) }, + { "alias", "( 2.5.6.1 NAME 'alias' " + "DESC 'RFC4512: an alias' " + "SUP top STRUCTURAL " + "MUST aliasedObjectName )", + aliasObjectClass, SLAP_OC_ALIAS|SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_alias) }, + { "referral", "( 2.16.840.1.113730.3.2.6 NAME 'referral' " + "DESC 'namedref: named subordinate referral' " + "SUP top STRUCTURAL MUST ref )", + referralObjectClass, SLAP_OC_REFERRAL|SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_referral) }, + { "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 " + "NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) " + "DESC 'OpenLDAP Root DSE object' " + "SUP top STRUCTURAL MAY cn )", + rootDseObjectClass, SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_rootdse) }, + { "subentry", "( 2.5.17.0 NAME 'subentry' " + "DESC 'RFC3672: subentry' " + "SUP top STRUCTURAL " + "MUST ( cn $ subtreeSpecification ) )", + subentryObjectClass, SLAP_OC_SUBENTRY|SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_subentry) }, + { "subschema", "( 2.5.20.1 NAME 'subschema' " + "DESC 'RFC4512: controlling subschema (sub)entry' " + "AUXILIARY " + "MAY ( dITStructureRules $ nameForms $ dITContentRules $ " + "objectClasses $ attributeTypes $ matchingRules $ " + "matchingRuleUse ) )", + subentryObjectClass, SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_subschema) }, +#ifdef LDAP_COLLECTIVE_ATTRIBUTES + { "collectiveAttributeSubentry", "( 2.5.17.2 " + "NAME 'collectiveAttributeSubentry' " + "DESC 'RFC3671: collective attribute subentry' " + "AUXILIARY )", + subentryObjectClass, + SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE, + offsetof( struct slap_internal_schema, + si_oc_collectiveAttributeSubentry) }, +#endif +#ifdef LDAP_DYNAMIC_OBJECTS + { "dynamicObject", "( 1.3.6.1.4.1.1466.101.119.2 " + "NAME 'dynamicObject' " + "DESC 'RFC2589: Dynamic Object' " + "SUP top AUXILIARY )", + dynamicObjectClass, SLAP_OC_DYNAMICOBJECT, + offsetof(struct slap_internal_schema, si_oc_dynamicObject) }, +#endif + { "glue", "( 1.3.6.1.4.1.4203.666.3.4 " + "NAME 'glue' " + "DESC 'Glue Entry' " + "SUP top STRUCTURAL )", + 0, SLAP_OC_GLUE|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE, + offsetof(struct slap_internal_schema, si_oc_glue) }, + { "syncConsumerSubentry", "( 1.3.6.1.4.1.4203.666.3.5 " + "NAME 'syncConsumerSubentry' " + "DESC 'Persistent Info for SyncRepl Consumer' " + "AUXILIARY " + "MAY syncreplCookie )", + 0, SLAP_OC_SYNCCONSUMERSUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE, + offsetof(struct slap_internal_schema, si_oc_syncConsumerSubentry) }, + { "syncProviderSubentry", "( 1.3.6.1.4.1.4203.666.3.6 " + "NAME 'syncProviderSubentry' " + "DESC 'Persistent Info for SyncRepl Producer' " + "AUXILIARY " + "MAY contextCSN )", + 0, SLAP_OC_SYNCPROVIDERSUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE, + offsetof(struct slap_internal_schema, si_oc_syncProviderSubentry) }, + + { NULL, NULL, NULL, 0, 0 } +}; + +static AttributeTypeSchemaCheckFN rootDseAttribute; +static AttributeTypeSchemaCheckFN aliasAttribute; +static AttributeTypeSchemaCheckFN referralAttribute; +static AttributeTypeSchemaCheckFN subentryAttribute; +static AttributeTypeSchemaCheckFN administrativeRoleAttribute; +#ifdef LDAP_DYNAMIC_OBJECTS +static AttributeTypeSchemaCheckFN dynamicAttribute; +#endif + +static struct slap_schema_ad_map { + char *ssam_name; + char *ssam_defn; + AttributeTypeSchemaCheckFN *ssam_check; + slap_mask_t ssam_flags; + slap_syntax_validate_func *ssam_syn_validate; + slap_syntax_transform_func *ssam_syn_pretty; + slap_mr_convert_func *ssam_mr_convert; + slap_mr_normalize_func *ssam_mr_normalize; + slap_mr_match_func *ssam_mr_match; + slap_mr_indexer_func *ssam_mr_indexer; + slap_mr_filter_func *ssam_mr_filter; + size_t ssam_offset; +} ad_map[] = { + { "objectClass", "( 2.5.4.0 NAME 'objectClass' " + "DESC 'RFC4512: object classes of the entity' " + "EQUALITY objectIdentifierMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", + NULL, SLAP_AT_FINAL, + oidValidate, objectClassPretty, + NULL, NULL, objectSubClassMatch, + objectSubClassIndexer, objectSubClassFilter, + offsetof(struct slap_internal_schema, si_ad_objectClass) }, + + /* user entry operational attributes */ + { "structuralObjectClass", "( 2.5.21.9 NAME 'structuralObjectClass' " + "DESC 'RFC4512: structural object class of entry' " + "EQUALITY objectIdentifierMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, 0, + oidValidate, objectClassPretty, + NULL, NULL, objectSubClassMatch, + objectSubClassIndexer, objectSubClassFilter, + offsetof(struct slap_internal_schema, si_ad_structuralObjectClass) }, + { "createTimestamp", "( 2.5.18.1 NAME 'createTimestamp' " + "DESC 'RFC4512: time which object was created' " + "EQUALITY generalizedTimeMatch " + "ORDERING generalizedTimeOrderingMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_MANAGEABLE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_createTimestamp) }, + { "modifyTimestamp", "( 2.5.18.2 NAME 'modifyTimestamp' " + "DESC 'RFC4512: time which object was last modified' " + "EQUALITY generalizedTimeMatch " + "ORDERING generalizedTimeOrderingMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_MANAGEABLE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) }, + { "creatorsName", "( 2.5.18.3 NAME 'creatorsName' " + "DESC 'RFC4512: name of creator' " + "EQUALITY distinguishedNameMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_MANAGEABLE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_creatorsName) }, + { "modifiersName", "( 2.5.18.4 NAME 'modifiersName' " + "DESC 'RFC4512: name of last modifier' " + "EQUALITY distinguishedNameMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_MANAGEABLE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_modifiersName) }, + { "hasSubordinates", "( 2.5.18.9 NAME 'hasSubordinates' " + "DESC 'X.501: entry has children' " + "EQUALITY booleanMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_DYNAMIC, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_hasSubordinates) }, + { "subschemaSubentry", "( 2.5.18.10 NAME 'subschemaSubentry' " + "DESC 'RFC4512: name of controlling subschema entry' " + "EQUALITY distinguishedNameMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE " + "NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_DYNAMIC, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) }, +#ifdef LDAP_COLLECTIVE_ATTRIBUTES + { "collectiveAttributeSubentries", "( 2.5.18.12 " + "NAME 'collectiveAttributeSubentries' " + "DESC 'RFC3671: collective attribute subentries' " + "EQUALITY distinguishedNameMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " + "NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_collectiveSubentries) }, + { "collectiveExclusions", "( 2.5.18.7 NAME 'collectiveExclusions' " + "DESC 'RFC3671: collective attribute exclusions' " + "EQUALITY objectIdentifierMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " + "USAGE directoryOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_collectiveExclusions) }, +#endif + + { "entryDN", "( 1.3.6.1.1.20 NAME 'entryDN' " + "DESC 'DN of the entry' " + "EQUALITY distinguishedNameMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_DYNAMIC, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_entryDN) }, + { "entryUUID", "( 1.3.6.1.1.16.4 NAME 'entryUUID' " + "DESC 'UUID of the entry' " + "EQUALITY UUIDMatch " + "ORDERING UUIDOrderingMatch " + "SYNTAX 1.3.6.1.1.16.1 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_MANAGEABLE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_entryUUID) }, + { "entryCSN", "( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' " + "DESC 'change sequence number of the entry content' " + "EQUALITY CSNMatch " + "ORDERING CSNOrderingMatch " + "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_entryCSN) }, + { "namingCSN", "( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' " + "DESC 'change sequence number of the entry naming (RDN)' " + "EQUALITY CSNMatch " + "ORDERING CSNOrderingMatch " + "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_namingCSN) }, + +#ifdef LDAP_SUPERIOR_UUID + { "superiorUUID", "( 1.3.6.1.4.1.4203.666.1.11 NAME 'superiorUUID' " + "DESC 'UUID of the superior entry' " + "EQUALITY UUIDMatch " + "ORDERING UUIDOrderingMatch " + "SYNTAX 1.3.6.1.1.16.1 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_superiorUUID) }, +#endif + + { "syncreplCookie", "( 1.3.6.1.4.1.4203.666.1.23 " + "NAME 'syncreplCookie' " + "DESC 'syncrepl Cookie for shadow copy' " + "EQUALITY octetStringMatch " + "ORDERING octetStringOrderingMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_syncreplCookie) }, + + { "contextCSN", "( 1.3.6.1.4.1.4203.666.1.25 " + "NAME 'contextCSN' " + "DESC 'the largest committed CSN of a context' " + "EQUALITY CSNMatch " + "ORDERING CSNOrderingMatch " + "SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} " + "NO-USER-MODIFICATION USAGE dSAOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_contextCSN) }, + +#ifdef LDAP_SYNC_TIMESTAMP + { "syncTimestamp", "( 1.3.6.1.4.1.4203.666.1.26 NAME 'syncTimestamp' " + "DESC 'Time which object was replicated' " + "EQUALITY generalizedTimeMatch " + "ORDERING generalizedTimeOrderingMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_syncTimestamp) }, +#endif + + /* root DSE attributes */ + { "altServer", "( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' " + "DESC 'RFC4512: alternative servers' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )", + rootDseAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_altServer) }, + { "namingContexts", "( 1.3.6.1.4.1.1466.101.120.5 " + "NAME 'namingContexts' " + "DESC 'RFC4512: naming contexts' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )", + rootDseAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_namingContexts) }, + { "supportedControl", "( 1.3.6.1.4.1.1466.101.120.13 " + "NAME 'supportedControl' " + "DESC 'RFC4512: supported controls' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", + rootDseAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_supportedControl) }, + { "supportedExtension", "( 1.3.6.1.4.1.1466.101.120.7 " + "NAME 'supportedExtension' " + "DESC 'RFC4512: supported extended operations' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", + rootDseAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_supportedExtension) }, + { "supportedLDAPVersion", "( 1.3.6.1.4.1.1466.101.120.15 " + "NAME 'supportedLDAPVersion' " + "DESC 'RFC4512: supported LDAP versions' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )", + rootDseAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) }, + { "supportedSASLMechanisms", "( 1.3.6.1.4.1.1466.101.120.14 " + "NAME 'supportedSASLMechanisms' " + "DESC 'RFC4512: supported SASL mechanisms'" + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )", + rootDseAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) }, + { "supportedFeatures", "( 1.3.6.1.4.1.4203.1.3.5 " + "NAME 'supportedFeatures' " + "DESC 'RFC4512: features supported by the server' " + "EQUALITY objectIdentifierMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 " + "USAGE dSAOperation )", + rootDseAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_supportedFeatures) }, + { "monitorContext", "( 1.3.6.1.4.1.4203.666.1.10 " + "NAME 'monitorContext' " + "DESC 'monitor context' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " + "EQUALITY distinguishedNameMatch " + "SINGLE-VALUE NO-USER-MODIFICATION " + "USAGE dSAOperation )", + rootDseAttribute, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_monitorContext) }, + { "configContext", "( 1.3.6.1.4.1.4203.1.12.2.1 " + "NAME 'configContext' " + "DESC 'config context' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 " + "EQUALITY distinguishedNameMatch " + "SINGLE-VALUE NO-USER-MODIFICATION " + "USAGE dSAOperation )", + rootDseAttribute, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_configContext) }, + { "vendorName", "( 1.3.6.1.1.4 NAME 'vendorName' " + "DESC 'RFC3045: name of implementation vendor' " + "EQUALITY caseExactMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " + "SINGLE-VALUE NO-USER-MODIFICATION " + "USAGE dSAOperation )", + rootDseAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_vendorName) }, + { "vendorVersion", "( 1.3.6.1.1.5 NAME 'vendorVersion' " + "DESC 'RFC3045: version of implementation' " + "EQUALITY caseExactMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " + "SINGLE-VALUE NO-USER-MODIFICATION " + "USAGE dSAOperation )", + rootDseAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_vendorVersion) }, + + /* subentry attributes */ + { "administrativeRole", "( 2.5.18.5 NAME 'administrativeRole' " + "DESC 'RFC3672: administrative role' " + "EQUALITY objectIdentifierMatch " + "USAGE directoryOperation " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", + administrativeRoleAttribute, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_administrativeRole) }, + { "subtreeSpecification", "( 2.5.18.6 NAME 'subtreeSpecification' " + "DESC 'RFC3672: subtree specification' " + "SINGLE-VALUE " + "USAGE directoryOperation " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )", + subentryAttribute, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_subtreeSpecification) }, + + /* subschema subentry attributes */ + { "dITStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' " + "DESC 'RFC4512: DIT structure rules' " + "EQUALITY integerFirstComponentMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 " + "USAGE directoryOperation ) ", + subentryAttribute, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_ditStructureRules) }, + { "dITContentRules", "( 2.5.21.2 NAME 'dITContentRules' " + "DESC 'RFC4512: DIT content rules' " + "EQUALITY objectIdentifierFirstComponentMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )", + subentryAttribute, SLAP_AT_HIDE, + oidValidate, NULL, + NULL, NULL, objectClassMatch, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_ditContentRules) }, + { "matchingRules", "( 2.5.21.4 NAME 'matchingRules' " + "DESC 'RFC4512: matching rules' " + "EQUALITY objectIdentifierFirstComponentMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )", + subentryAttribute, 0, + oidValidate, NULL, + NULL, NULL, matchingRuleMatch, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_matchingRules) }, + { "attributeTypes", "( 2.5.21.5 NAME 'attributeTypes' " + "DESC 'RFC4512: attribute types' " + "EQUALITY objectIdentifierFirstComponentMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )", + subentryAttribute, 0, + oidValidate, NULL, + NULL, NULL, attributeTypeMatch, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_attributeTypes) }, + { "objectClasses", "( 2.5.21.6 NAME 'objectClasses' " + "DESC 'RFC4512: object classes' " + "EQUALITY objectIdentifierFirstComponentMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )", + subentryAttribute, 0, + oidValidate, NULL, + NULL, NULL, objectClassMatch, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_objectClasses) }, + { "nameForms", "( 2.5.21.7 NAME 'nameForms' " + "DESC 'RFC4512: name forms ' " + "EQUALITY objectIdentifierFirstComponentMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )", + subentryAttribute, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_nameForms) }, + { "matchingRuleUse", "( 2.5.21.8 NAME 'matchingRuleUse' " + "DESC 'RFC4512: matching rule uses' " + "EQUALITY objectIdentifierFirstComponentMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )", + subentryAttribute, 0, + oidValidate, NULL, + NULL, NULL, matchingRuleMatch, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_matchingRuleUse) }, + + { "ldapSyntaxes", "( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' " + "DESC 'RFC4512: LDAP syntaxes' " + "EQUALITY objectIdentifierFirstComponentMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )", + subentryAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_ldapSyntaxes) }, + + /* knowledge information */ + { "aliasedObjectName", "( 2.5.4.1 " + "NAME ( 'aliasedObjectName' 'aliasedEntryName' ) " + "DESC 'RFC4512: name of aliased object' " + "EQUALITY distinguishedNameMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", + aliasAttribute, SLAP_AT_FINAL, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) }, + { "ref", "( 2.16.840.1.113730.3.1.34 NAME 'ref' " + "DESC 'RFC3296: subordinate referral URL' " + "EQUALITY caseExactMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " + "USAGE distributedOperation )", + referralAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_ref) }, + + /* access control internals */ + { "entry", "( 1.3.6.1.4.1.4203.1.3.1 " + "NAME 'entry' " + "DESC 'OpenLDAP ACL entry pseudo-attribute' " + "SYNTAX 1.3.6.1.4.1.4203.1.1.1 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_entry) }, + { "children", "( 1.3.6.1.4.1.4203.1.3.2 " + "NAME 'children' " + "DESC 'OpenLDAP ACL children pseudo-attribute' " + "SYNTAX 1.3.6.1.4.1.4203.1.1.1 " + "SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_children) }, + + /* access control externals */ + { "authzTo", "( 1.3.6.1.4.1.4203.666.1.8 " + "NAME ( 'authzTo' 'saslAuthzTo' ) " + "DESC 'proxy authorization targets' " + "EQUALITY authzMatch " + "SYNTAX 1.3.6.1.4.1.4203.666.2.7 " + "X-ORDERED 'VALUES' " + "USAGE distributedOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_saslAuthzTo) }, + { "authzFrom", "( 1.3.6.1.4.1.4203.666.1.9 " + "NAME ( 'authzFrom' 'saslAuthzFrom' ) " + "DESC 'proxy authorization sources' " + "EQUALITY authzMatch " + "SYNTAX 1.3.6.1.4.1.4203.666.2.7 " + "X-ORDERED 'VALUES' " + "USAGE distributedOperation )", + NULL, SLAP_AT_HIDE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_saslAuthzFrom) }, + +#ifdef LDAP_DYNAMIC_OBJECTS + { "entryTtl", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' " + "DESC 'RFC2589: entry time-to-live' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE " + "NO-USER-MODIFICATION USAGE dSAOperation )", + dynamicAttribute, SLAP_AT_MANAGEABLE, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_entryTtl) }, + { "dynamicSubtrees", "( 1.3.6.1.4.1.1466.101.119.4 " + "NAME 'dynamicSubtrees' " + "DESC 'RFC2589: dynamic subtrees' " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION " + "USAGE dSAOperation )", + rootDseAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_dynamicSubtrees) }, +#endif + + /* userApplication attributes (which system schema depends upon) */ + { "distinguishedName", "( 2.5.4.49 NAME 'distinguishedName' " + "DESC 'RFC4519: common supertype of DN attributes' " + "EQUALITY distinguishedNameMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", + NULL, SLAP_AT_ABSTRACT, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_distinguishedName) }, + { "name", "( 2.5.4.41 NAME 'name' " + "DESC 'RFC4519: common supertype of name attributes' " + "EQUALITY caseIgnoreMatch " + "SUBSTR caseIgnoreSubstringsMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )", + NULL, SLAP_AT_ABSTRACT, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_name) }, + { "cn", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) " + "DESC 'RFC4519: common name(s) for which the entity is known by' " + "SUP name )", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_cn) }, + { "uid", "( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) " + "DESC 'RFC4519: user identifier' " + "EQUALITY caseIgnoreMatch " + "SUBSTR caseIgnoreSubstringsMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_uid) }, + { "uidNumber", /* for ldapi:// */ + "( 1.3.6.1.1.1.1.0 NAME 'uidNumber' " + "DESC 'RFC2307: An integer uniquely identifying a user " + "in an administrative domain' " + "EQUALITY integerMatch " + "ORDERING integerOrderingMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_uidNumber) }, + { "gidNumber", /* for ldapi:// */ + "( 1.3.6.1.1.1.1.1 NAME 'gidNumber' " + "DESC 'RFC2307: An integer uniquely identifying a group " + "in an administrative domain' " + "EQUALITY integerMatch " + "ORDERING integerOrderingMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_gidNumber) }, + { "userPassword", "( 2.5.4.35 NAME 'userPassword' " + "DESC 'RFC4519/2307: password of user' " + "EQUALITY octetStringMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_userPassword) }, + + { "labeledURI", "( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' " + "DESC 'RFC2079: Uniform Resource Identifier with optional label' " + "EQUALITY caseExactMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_labeledURI) }, + +#ifdef SLAPD_AUTHPASSWD + { "authPassword", "( 1.3.6.1.4.1.4203.1.3.4 " + "NAME 'authPassword' " + "DESC 'RFC3112: authentication password attribute' " + "EQUALITY 1.3.6.1.4.1.4203.1.2.2 " + "SYNTAX 1.3.6.1.4.1.4203.1.1.2 )", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_authPassword) }, + { "supportedAuthPasswordSchemes", "( 1.3.6.1.4.1.4203.1.3.3 " + "NAME 'supportedAuthPasswordSchemes' " + "DESC 'RFC3112: supported authPassword schemes' " + "EQUALITY caseExactIA5Match " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} " + "USAGE dSAOperation )", + subschemaAttribute, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_authPasswordSchemes) }, +#endif + + { "description", "( 2.5.4.13 NAME 'description' " + "DESC 'RFC4519: descriptive information' " + "EQUALITY caseIgnoreMatch " + "SUBSTR caseIgnoreSubstringsMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_description) }, + + { "seeAlso", "( 2.5.4.34 NAME 'seeAlso' " + "DESC 'RFC4519: DN of related object' " + "SUP distinguishedName )", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_seeAlso) }, + + { NULL, NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0 } +}; + +static AttributeType slap_at_undefined = { + { "1.1.1", NULL, "Catchall for undefined attribute types", 1, NULL, + NULL, NULL, NULL, NULL, + 0, 0, 0, 1, LDAP_SCHEMA_DSA_OPERATION, NULL }, /* LDAPAttributeType */ + BER_BVC("UNDEFINED"), /* cname */ + NULL, /* sup */ + NULL, /* subtypes */ + NULL, NULL, NULL, NULL, /* matching rules routines */ + NULL, /* syntax (will be set later to "octetString") */ + NULL, /* schema check function */ + NULL, /* oidmacro */ + NULL, /* soidmacro */ + SLAP_AT_ABSTRACT|SLAP_AT_FINAL, /* mask */ + { NULL }, /* next */ + NULL /* attribute description */ + /* mutex (don't know how to initialize it :) */ +}; + +static AttributeType slap_at_proxied = { + { "1.1.1", NULL, "Catchall for undefined proxied attribute types", 1, NULL, + NULL, NULL, NULL, NULL, + 0, 0, 0, 0, LDAP_SCHEMA_USER_APPLICATIONS, NULL }, /* LDAPAttributeType */ + BER_BVC("PROXIED"), /* cname */ + NULL, /* sup */ + NULL, /* subtypes */ + NULL, NULL, NULL, NULL, /* matching rules routines (will be set later) */ + NULL, /* syntax (will be set later to "octetString") */ + NULL, /* schema check function */ + NULL, /* oidmacro */ + NULL, /* soidmacro */ + SLAP_AT_ABSTRACT|SLAP_AT_FINAL, /* mask */ + { NULL }, /* next */ + NULL /* attribute description */ + /* mutex (don't know how to initialize it :) */ +}; + +static struct slap_schema_mr_map { + char *ssmm_name; + size_t ssmm_offset; +} mr_map[] = { + { "caseExactIA5Match", + offsetof(struct slap_internal_schema, si_mr_caseExactIA5Match) }, + { "caseExactMatch", + offsetof(struct slap_internal_schema, si_mr_caseExactMatch) }, + { "caseExactSubstringsMatch", + offsetof(struct slap_internal_schema, si_mr_caseExactSubstringsMatch) }, + { "distinguishedNameMatch", + offsetof(struct slap_internal_schema, si_mr_distinguishedNameMatch) }, + { "dnSubtreeMatch", + offsetof(struct slap_internal_schema, si_mr_dnSubtreeMatch) }, + { "dnOneLevelMatch", + offsetof(struct slap_internal_schema, si_mr_dnOneLevelMatch) }, + { "dnSubordinateMatch", + offsetof(struct slap_internal_schema, si_mr_dnSubordinateMatch) }, + { "dnSuperiorMatch", + offsetof(struct slap_internal_schema, si_mr_dnSuperiorMatch) }, + { "integerMatch", + offsetof(struct slap_internal_schema, si_mr_integerMatch) }, + { "integerFirstComponentMatch", + offsetof(struct slap_internal_schema, + si_mr_integerFirstComponentMatch) }, + { "objectIdentifierFirstComponentMatch", + offsetof(struct slap_internal_schema, + si_mr_objectIdentifierFirstComponentMatch) }, + { "caseIgnoreMatch", + offsetof(struct slap_internal_schema, si_mr_caseIgnoreMatch) }, + { "caseIgnoreListMatch", + offsetof(struct slap_internal_schema, si_mr_caseIgnoreListMatch) }, + { NULL, 0 } +}; + +static struct slap_schema_syn_map { + char *sssm_name; + size_t sssm_offset; +} syn_map[] = { + { "1.3.6.1.4.1.1466.115.121.1.15", + offsetof(struct slap_internal_schema, si_syn_directoryString) }, + { "1.3.6.1.4.1.1466.115.121.1.12", + offsetof(struct slap_internal_schema, si_syn_distinguishedName) }, + { "1.3.6.1.4.1.1466.115.121.1.27", + offsetof(struct slap_internal_schema, si_syn_integer) }, + { "1.3.6.1.4.1.1466.115.121.1.40", + offsetof(struct slap_internal_schema, si_syn_octetString) }, + { "1.3.6.1.4.1.1466.115.121.1.3", + offsetof(struct slap_internal_schema, si_syn_attributeTypeDesc) }, + { "1.3.6.1.4.1.1466.115.121.1.16", + offsetof(struct slap_internal_schema, si_syn_ditContentRuleDesc) }, + { "1.3.6.1.4.1.1466.115.121.1.54", + offsetof(struct slap_internal_schema, si_syn_ldapSyntaxDesc) }, + { "1.3.6.1.4.1.1466.115.121.1.30", + offsetof(struct slap_internal_schema, si_syn_matchingRuleDesc) }, + { "1.3.6.1.4.1.1466.115.121.1.31", + offsetof(struct slap_internal_schema, si_syn_matchingRuleUseDesc) }, + { "1.3.6.1.4.1.1466.115.121.1.35", + offsetof(struct slap_internal_schema, si_syn_nameFormDesc) }, + { "1.3.6.1.4.1.1466.115.121.1.37", + offsetof(struct slap_internal_schema, si_syn_objectClassDesc) }, + { "1.3.6.1.4.1.1466.115.121.1.17", + offsetof(struct slap_internal_schema, si_syn_ditStructureRuleDesc) }, + { NULL, 0 } +}; + +int +slap_schema_load( void ) +{ + int i; + + for( i=0; syn_map[i].sssm_name; i++ ) { + Syntax ** synp = (Syntax **) + &(((char *) &slap_schema)[syn_map[i].sssm_offset]); + + assert( *synp == NULL ); + + *synp = syn_find( syn_map[i].sssm_name ); + + if( *synp == NULL ) { + fprintf( stderr, "slap_schema_load: Syntax: " + "No syntax \"%s\" defined in schema\n", + syn_map[i].sssm_name ); + return LDAP_INVALID_SYNTAX; + } + } + + for( i=0; mr_map[i].ssmm_name; i++ ) { + MatchingRule ** mrp = (MatchingRule **) + &(((char *) &slap_schema)[mr_map[i].ssmm_offset]); + + assert( *mrp == NULL ); + + *mrp = mr_find( mr_map[i].ssmm_name ); + + if( *mrp == NULL ) { + fprintf( stderr, "slap_schema_load: MatchingRule: " + "No matching rule \"%s\" defined in schema\n", + mr_map[i].ssmm_name ); + return LDAP_INAPPROPRIATE_MATCHING; + } + } + + slap_at_undefined.sat_syntax = slap_schema.si_syn_octetString; + slap_schema.si_at_undefined = &slap_at_undefined; + + slap_at_proxied.sat_equality = mr_find( "octetStringMatch" ); + slap_at_proxied.sat_approx = mr_find( "octetStringMatch" ); + slap_at_proxied.sat_ordering = mr_find( "octetStringOrderingMatch" ); + slap_at_proxied.sat_substr = mr_find( "octetStringSubstringsMatch" ); + slap_at_proxied.sat_syntax = slap_schema.si_syn_octetString; + slap_schema.si_at_proxied = &slap_at_proxied; + + ldap_pvt_thread_mutex_init( &ad_index_mutex ); + ldap_pvt_thread_mutex_init( &ad_undef_mutex ); + ldap_pvt_thread_mutex_init( &oc_undef_mutex ); + + for( i=0; ad_map[i].ssam_name; i++ ) { + assert( ad_map[i].ssam_defn != NULL ); + { + LDAPAttributeType *at; + int code; + const char *err; + + at = ldap_str2attributetype( ad_map[i].ssam_defn, + &code, &err, LDAP_SCHEMA_ALLOW_ALL ); + if ( !at ) { + fprintf( stderr, + "slap_schema_load: AttributeType \"%s\": %s before %s\n", + ad_map[i].ssam_name, ldap_scherr2str(code), err ); + return code; + } + + if ( at->at_oid == NULL ) { + fprintf( stderr, "slap_schema_load: " + "AttributeType \"%s\": no OID\n", + ad_map[i].ssam_name ); + ldap_attributetype_free( at ); + return LDAP_OTHER; + } + + code = at_add( at, 0, NULL, NULL, &err ); + if ( code ) { + ldap_attributetype_free( at ); + fprintf( stderr, "slap_schema_load: AttributeType " + "\"%s\": %s: \"%s\"\n", + ad_map[i].ssam_name, scherr2str(code), err ); + return code; + } + ldap_memfree( at ); + } + { + int rc; + const char *text; + Syntax *syntax = NULL; + + AttributeDescription ** adp = (AttributeDescription **) + &(((char *) &slap_schema)[ad_map[i].ssam_offset]); + + assert( *adp == NULL ); + + rc = slap_str2ad( ad_map[i].ssam_name, adp, &text ); + if( rc != LDAP_SUCCESS ) { + fprintf( stderr, "slap_schema_load: AttributeType \"%s\": " + "not defined in schema\n", + ad_map[i].ssam_name ); + return rc; + } + + if( ad_map[i].ssam_check ) { + /* install check routine */ + (*adp)->ad_type->sat_check = ad_map[i].ssam_check; + } + /* install flags */ + (*adp)->ad_type->sat_flags |= ad_map[i].ssam_flags; + + /* install custom syntax routines */ + if( ad_map[i].ssam_syn_validate || + ad_map[i].ssam_syn_pretty ) + { + Syntax *syn; + + syntax = (*adp)->ad_type->sat_syntax; + + syn = ch_malloc( sizeof( Syntax ) ); + *syn = *syntax; + + if( ad_map[i].ssam_syn_validate ) { + syn->ssyn_validate = ad_map[i].ssam_syn_validate; + } + if( ad_map[i].ssam_syn_pretty ) { + syn->ssyn_pretty = ad_map[i].ssam_syn_pretty; + } + + (*adp)->ad_type->sat_syntax = syn; + } + + /* install custom rule routines */ + if( syntax != NULL || + ad_map[i].ssam_mr_convert || + ad_map[i].ssam_mr_normalize || + ad_map[i].ssam_mr_match || + ad_map[i].ssam_mr_indexer || + ad_map[i].ssam_mr_filter ) + { + MatchingRule *mr = ch_malloc( sizeof( MatchingRule ) ); + *mr = *(*adp)->ad_type->sat_equality; + + if ( syntax != NULL ) { + mr->smr_syntax = (*adp)->ad_type->sat_syntax; + } + if ( ad_map[i].ssam_mr_convert ) { + mr->smr_convert = ad_map[i].ssam_mr_convert; + } + if ( ad_map[i].ssam_mr_normalize ) { + mr->smr_normalize = ad_map[i].ssam_mr_normalize; + } + if ( ad_map[i].ssam_mr_match ) { + mr->smr_match = ad_map[i].ssam_mr_match; + } + if ( ad_map[i].ssam_mr_indexer ) { + mr->smr_indexer = ad_map[i].ssam_mr_indexer; + } + if ( ad_map[i].ssam_mr_filter ) { + mr->smr_filter = ad_map[i].ssam_mr_filter; + } + + (*adp)->ad_type->sat_equality = mr; + } + } + } + + for( i=0; oc_map[i].ssom_name; i++ ) { + assert( oc_map[i].ssom_defn != NULL ); + { + LDAPObjectClass *oc; + int code; + const char *err; + + oc = ldap_str2objectclass( oc_map[i].ssom_defn, &code, &err, + LDAP_SCHEMA_ALLOW_ALL ); + if ( !oc ) { + fprintf( stderr, "slap_schema_load: ObjectClass " + "\"%s\": %s before %s\n", + oc_map[i].ssom_name, ldap_scherr2str(code), err ); + return code; + } + + if ( oc->oc_oid == NULL ) { + fprintf( stderr, "slap_schema_load: ObjectClass " + "\"%s\": no OID\n", + oc_map[i].ssom_name ); + ldap_objectclass_free( oc ); + return LDAP_OTHER; + } + + code = oc_add(oc,0,NULL,NULL,&err); + if ( code ) { + ldap_objectclass_free( oc ); + fprintf( stderr, "slap_schema_load: ObjectClass " + "\"%s\": %s: \"%s\"\n", + oc_map[i].ssom_name, scherr2str(code), err); + return code; + } + ldap_memfree(oc); + + } + { + ObjectClass ** ocp = (ObjectClass **) + &(((char *) &slap_schema)[oc_map[i].ssom_offset]); + + assert( *ocp == NULL ); + + *ocp = oc_find( oc_map[i].ssom_name ); + if( *ocp == NULL ) { + fprintf( stderr, "slap_schema_load: " + "ObjectClass \"%s\": not defined in schema\n", + oc_map[i].ssom_name ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( oc_map[i].ssom_check ) { + /* install check routine */ + (*ocp)->soc_check = oc_map[i].ssom_check; + } + /* install flags */ + (*ocp)->soc_flags |= oc_map[i].ssom_flags; + } + } + + return LDAP_SUCCESS; +} + +int +slap_schema_check( void ) +{ + /* we should only be called once after schema_init() was called */ + assert( schema_init_done == 1 ); + + /* + * cycle thru attributeTypes to build matchingRuleUse + */ + if ( matching_rule_use_init() ) { + return LDAP_OTHER; + } + + ++schema_init_done; + return LDAP_SUCCESS; +} + +static int rootDseObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( e->e_nname.bv_len ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" only allowed in the root DSE", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + /* we should not be called for the root DSE */ + assert( 0 ); + return LDAP_SUCCESS; +} + +static int aliasObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_ALIASES(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int referralObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_REFERRALS(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int subentryObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_SUBENTRIES(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( oc != slap_schema.si_oc_subentry && !is_entry_subentry( e ) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" only allowed in subentries", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +#ifdef LDAP_DYNAMIC_OBJECTS +static int dynamicObjectClass ( + Backend *be, + Entry *e, + ObjectClass *oc, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_DYNAMIC(be) ) { + snprintf( textbuf, textlen, + "objectClass \"%s\" not supported in context", + oc->soc_oid ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} +#endif /* LDAP_DYNAMIC_OBJECTS */ + +static int rootDseAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( e->e_nname.bv_len ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in the root DSE", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + /* we should not be called for the root DSE */ + assert( 0 ); + return LDAP_SUCCESS; +} + +static int aliasAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_ALIASES(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( !is_entry_alias( e ) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in the alias", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int referralAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_REFERRALS(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( !is_entry_referral( e ) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in the referral", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int subentryAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_SUBENTRIES(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( !is_entry_subentry( e ) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in the subentry", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} + +static int administrativeRoleAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_SUBENTRIES(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + snprintf( textbuf, textlen, + "attribute \"%s\" not supported!", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; +} + +#ifdef LDAP_DYNAMIC_OBJECTS +static int dynamicAttribute ( + Backend *be, + Entry *e, + Attribute *attr, + const char** text, + char *textbuf, size_t textlen ) +{ + *text = textbuf; + + if( !SLAP_DYNAMIC(be) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" not supported in context", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + if( !is_entry_dynamicObject( e ) ) { + snprintf( textbuf, textlen, + "attribute \"%s\" only allowed in dynamic object", + attr->a_desc->ad_cname.bv_val ); + return LDAP_OBJECT_CLASS_VIOLATION; + } + + return LDAP_SUCCESS; +} +#endif /* LDAP_DYNAMIC_OBJECTS */ |