diff options
author | Simo Sorce <idra@samba.org> | 2005-01-03 14:05:47 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:08:16 -0500 |
commit | b92afa3838ba14fbe66bb683949a7f3bce946faa (patch) | |
tree | 280ed146a4de978c59d43aa5231468c7182311b5 /source4/lib | |
parent | 5e94b016f06355289eabcd163678127988421a52 (diff) | |
download | samba-b92afa3838ba14fbe66bb683949a7f3bce946faa.tar.gz samba-b92afa3838ba14fbe66bb683949a7f3bce946faa.tar.bz2 samba-b92afa3838ba14fbe66bb683949a7f3bce946faa.zip |
r4505: Add a first very basic schema module
To use it you should provide a schema.ldb file where the schema is stored
and load the module in the ldb you want to have schema check activated
more info soon.
currently schema checks are performed only on new object creation not on modifications
Simo.
(This used to be commit b8bb62f14419efd434a344606fb3f753384761a0)
Diffstat (limited to 'source4/lib')
-rw-r--r-- | source4/lib/ldb/Makefile.ldb | 2 | ||||
-rw-r--r-- | source4/lib/ldb/common/ldb_modules.c | 4 | ||||
-rw-r--r-- | source4/lib/ldb/config.mk | 9 | ||||
-rw-r--r-- | source4/lib/ldb/modules/schema.c | 489 |
4 files changed, 501 insertions, 3 deletions
diff --git a/source4/lib/ldb/Makefile.ldb b/source4/lib/ldb/Makefile.ldb index 75c298241d..29d33007da 100644 --- a/source4/lib/ldb/Makefile.ldb +++ b/source4/lib/ldb/Makefile.ldb @@ -36,7 +36,7 @@ COMMON_OBJ=common/ldb.o common/ldb_ldif.o common/util.o \ common/ldb_parse.o common/ldb_msg.o common/ldb_utf8.o \ common/ldb_debug.o common/ldb_modules.o -MODULES_OBJ=modules/timestamps.o +MODULES_OBJ=modules/timestamps.o modules/schema.o OBJS = $(MODULES_OBJ) $(COMMON_OBJ) $(LDB_TDB_OBJ) $(TDB_OBJ) $(TALLOC_OBJ) $(LDB_LDAP_OBJ) diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index 4f53535bc4..033717a62b 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -130,7 +130,7 @@ int ldb_load_modules(struct ldb_context *ldb, const char *options[]) DLIST_ADD(ldb->modules, current); continue; } -#if 0 + if (strcmp(modules[i], "schema") == 0) { current = schema_module_init(ldb, options); if (!current) { @@ -140,7 +140,7 @@ int ldb_load_modules(struct ldb_context *ldb, const char *options[]) DLIST_ADD(ldb->modules, current); continue; } -#endif + #ifdef HAVE_DLOPEN_DISABLED { void *handle; diff --git a/source4/lib/ldb/config.mk b/source4/lib/ldb/config.mk index 8a7a34f05b..87ec89e5d3 100644 --- a/source4/lib/ldb/config.mk +++ b/source4/lib/ldb/config.mk @@ -8,6 +8,15 @@ INIT_OBJ_FILES = \ ################################################ ################################################ +# Start MODULE libldb_schema +[MODULE::libldb_schema] +SUBSYSTEM = LIBLDB +INIT_OBJ_FILES = \ + lib/ldb/modules/schema.o +# End MODULE libldb_schema +################################################ + +################################################ # Start MODULE libldb_ldap [MODULE::libldb_ldap] SUBSYSTEM = LIBLDB diff --git a/source4/lib/ldb/modules/schema.c b/source4/lib/ldb/modules/schema.c new file mode 100644 index 0000000000..f083eeb6e5 --- /dev/null +++ b/source4/lib/ldb/modules/schema.c @@ -0,0 +1,489 @@ +/* + ldb database library + + Copyright (C) Simo Sorce 2004 + + ** NOTE! The following LGPL license applies to the ldb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + +/* + * Name: ldb + * + * Component: ldb schema module + * + * Description: add schema check functionality + * + * Author: Simo Sorce + */ + +#include "includes.h" +#include "ldb/include/ldb.h" +#include "ldb/include/ldb_private.h" + +struct attribute_syntax { + const char *name; + const char *syntax_id; +}; + +static struct attribute_syntax attrsyn[] = { + { "Object(DS-DN)", "2.5.5.1"}, + { "String(Object-Identifier)", "2.5.5.2"}, + { "", "2.5.5.3"}, + { "String(Teletex)", "2.5.5.4"}, + { "String(IA5)", "2.5.5.5"}, /* Also String(Printable) */ + { "String(Numeric)", "2.5.5.6"}, + { "Object(DN-Binary)", "2.5.5.7"}, /* Also Object(OR-Name) */ + { "Boolean", "2.5.5.8"}, + { "Integer", "2.5.5.9"}, /* Also Enumeration (3 types ?) ... */ + { "String(Octet)", "2.5.5.10"}, /* Also Object(Replica-Link) */ + { "String(UTC-Time)", "2.5.5.11"}, /* Also String(Generalized-Time) */ + { "String(Unicode)", "2.5.5.12"}, + { "Object(Presentation-Address)", "2.5.5.13"}, + { "Object(DN-String)", "2.5.5.14"}, /* Also Object(Access-Point) */ + { "String(NT-Sec-Desc))", "2.5.5.15"}, + { "LargeInteger", "2.5.5.16"}, /* Also Interval ... */ + { "String(Sid)", "2.5.5.17"} + }; + +#define SCHEMA_TALLOC_CHECK(root, mem, ret) do { if (!mem) { talloc_free(root); return ret;} } while(0); + +struct private_data { + struct ldb_context *schema_db; + const char *error_string; +}; + +/* close */ +static int schema_close(struct ldb_module *module) +{ + return ldb_next_close(module); +} + +/* search */ +static int schema_search(struct ldb_module *module, const char *base, + enum ldb_scope scope, const char *expression, + const char * const *attrs, struct ldb_message ***res) +{ + return ldb_next_search(module, base, scope, expression, attrs, res); +} + +/* search_free */ +static int schema_search_free(struct ldb_module *module, struct ldb_message **res) +{ + return ldb_next_search_free(module, res); +} + +struct check_list { + int check; + char *name; +}; + +struct attr_list { + int syntax; + char *name; +}; + +struct objc_list { + int aux; + char *name; +}; + +struct schema_structures { + struct check_list *cl; + struct objc_list *ol; + struct attr_list *must; + struct attr_list *may; + int num_cl; + int num_objc; + int num_must; + int num_may; +}; + +/* add_record */ +static int schema_add_record(struct ldb_module *module, const struct ldb_message *msg) +{ + struct private_data *data = (struct private_data *)module->private_data; + struct ldb_message **srch; + struct schema_structures *ss; + int i, j, k, l; + int ret; + + /* First implementation: + Build up a list of must and mays from each objectclass + Check all the musts are there and all the other attributes are mays + Throw an error in case a check fail + Free all structures and commit the change + */ + + ss = talloc_p(module, struct schema_structures); + if (!ss) { + return -1; + } + + ss->ol = NULL; + ss->num_cl = msg->num_elements; + ss->cl = talloc_array_p(ss, struct check_list, ss->num_cl); + SCHEMA_TALLOC_CHECK(ss, ss->cl, -1); + for (i = 0, j = 0; i < msg->num_elements; i++) { + if (strcasecmp(msg->elements[i].name, "objectclass") == 0) { + ss->num_objc = msg->elements[i].num_values; + ss->ol = talloc_array_p(ss, struct objc_list, ss->num_objc); + SCHEMA_TALLOC_CHECK(ss, ss->ol, -1); + for (k = 0; k < ss->num_objc; k++) { + ss->ol[k].name = talloc_strndup(ss->ol, msg->elements[i].values[k].data, msg->elements[i].values[k].length); + SCHEMA_TALLOC_CHECK(ss, ss->ol[k].name, -1); + ss->ol[k].aux = 0; + } + } + + ss->cl[j].check = 0; + ss->cl[j].name = talloc_strdup(ss->cl, msg->elements[i].name); + SCHEMA_TALLOC_CHECK(ss, ss->cl[j].name, -1); + j++; + } + + /* find all other objectclasses recursively */ + ss->must = NULL; + ss->may = NULL; + ss->num_must = 0; + ss->num_may = 0; + for (i = 0; i < ss->num_objc; i++) { + char *filter; + + filter = talloc_asprintf(ss, "lDAPDisplayName=%s", ss->ol[i].name); + SCHEMA_TALLOC_CHECK(ss, filter, -1); + ret = ldb_search(data->schema_db, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &srch); + if (ret == 0) { + int ok; + + ok = 0; + /* suppose auxiliary classess are not required */ + if (ss->ol[i].aux) { + int d; + ok = 1; + ss->num_objc -= 1; + for (d = i; d < ss->num_objc; d++) { + ss->ol[d] = ss->ol[d + 1]; + } + i -= 1; + } + if (!ok) { + /* Schema Violation: Object Class Description Not Found */ + data->error_string = "ObjectClass not found"; + talloc_free(ss); + return -1; + } + continue; + } else { + if (ret < 0) { + /* Schema DB Error: Error occurred retrieving Object Class Description */ + data->error_string = "Internal error. Error retrieving schema objectclass"; + talloc_free(ss); + return -1; + } + if (ret > 1) { + /* Schema DB Error: Too Many Records */ + data->error_string = "Internal error. Too many records searching for schema objectclass"; + talloc_free(ss); + return -1; + } + } + + /* Add inherited classes eliminating duplicates */ + /* fill in kust and may attribute lists */ + for (j = 0; j < (*srch)->num_elements; j++) { + int o, is_aux, is_class; + + is_aux = 0; + is_class = 0; + if (strcasecmp((*srch)->elements[j].name, "systemAuxiliaryclass") == 0) { + is_aux = 1; + is_class = 1; + } + if (strcasecmp((*srch)->elements[j].name, "subClassOf") == 0) { + is_class = 1; + } + + if (is_class) { + o = (*srch)->elements[j].num_values; + ss->ol = talloc_realloc_p(ss, ss->ol, struct objc_list, ss->num_objc + o); + SCHEMA_TALLOC_CHECK(ss, ss->ol, -1); + for (k = 0, l = 0; k < o; k++) { + int c, found, len; + + found = 0; + for (c = 0; c < ss->num_objc; c++) { + len = strlen(ss->ol[c].name); + if (len == (*srch)->elements[j].values[k].length) { + if (strncasecmp(ss->ol[c].name, (*srch)->elements[j].values[k].data, len) == 0) { + found = 1; + break; + } + } + } + if (!found) { + ss->ol[l + ss->num_objc].name = talloc_strndup(ss->ol, (*srch)->elements[j].values[k].data, (*srch)->elements[j].values[k].length); + SCHEMA_TALLOC_CHECK(ss, ss->ol[l + ss->num_objc].name, -1); + ss->ol[l + ss->num_objc].aux = is_aux; + l++; + } + } + ss->num_objc += l; + } else { + + if (strcasecmp((*srch)->elements[j].name, "mustContain") == 0 || strcasecmp((*srch)->elements[j].name, "SystemMustContain") == 0) { + int m; + + m = (*srch)->elements[j].num_values; + + ss->must = talloc_realloc_p(ss, ss->must, struct attr_list, ss->num_must + m); + SCHEMA_TALLOC_CHECK(ss, ss->must, -1); + for (k = 0, l = 0; k < m; k++) { + int c, found, len; + + found = 0; + for (c = 0; c < ss->num_must; c++) { + len = strlen(ss->must[c].name); + if (len == (*srch)->elements[j].values[k].length) { + if (strncasecmp(ss->must[c].name, (*srch)->elements[j].values[k].data, len) == 0) { + found = 1; + break; + } + } + } + if (!found) { + ss->must[l + ss->num_must].name = talloc_strndup(ss->must, (*srch)->elements[j].values[k].data, (*srch)->elements[j].values[k].length); + SCHEMA_TALLOC_CHECK(ss, ss->must[l + ss->num_must].name, -1); + l++; + } + } + ss->num_must += l; + } + + if (strcasecmp((*srch)->elements[j].name, "mayContain") == 0 || strcasecmp((*srch)->elements[j].name, "SystemMayContain") == 0) { + int m; + + m = (*srch)->elements[j].num_values; + + ss->may = talloc_realloc_p(ss, ss->may, struct attr_list, ss->num_may + m); + SCHEMA_TALLOC_CHECK(ss, ss->may, -1); + for (k = 0, l = 0; k < m; k++) { + int c, found, len; + + found = 0; + for (c = 0; c < ss->num_may; c++) { + len = strlen(ss->may[c].name); + if (len == (*srch)->elements[j].values[k].length) { + if (strncasecmp(ss->may[c].name, (*srch)->elements[j].values[k].data, (*srch)->elements[j].values[k].length) == 0) { + found = 1; + break; + } + } + } + if (!found) { + ss->may[l + ss->num_may].name = talloc_strndup(ss->may, (*srch)->elements[j].values[k].data, (*srch)->elements[j].values[k].length); + SCHEMA_TALLOC_CHECK(ss, ss->may[l + ss->num_may].name, -1); + l++; + } + } + ss->num_may += l; + } + } + } + + ldb_search_free(module->ldb, srch); + } + + /* now check all musts are present */ + for (i = 0; i < ss->num_must; i++) { + int found; + + found = 0; + for (j = 0; j < ss->num_cl; j++) { + if (strcasecmp(ss->must[i].name, ss->cl[j].name) == 0) { + ss->cl[j].check = 1; + found = 1; + break; + } + } + + if ( ! found ) { + /* TODO: set the error string */ + data->error_string = "Objectclass violation, a required attribute is missing"; + talloc_free(ss); + return -1; + } + } + + /* now check all others atribs are found in mays */ + for (i = 0; i < ss->num_cl; i++) { + + if ( ! ss->cl[i].check ) { + int found; + + found = 0; + for (j = 0; j < ss->num_may; j++) { + if (strcasecmp(ss->may[j].name, ss->cl[i].name) == 0) { + ss->cl[i].check = 1; + found = 1; + break; + } + } + + if ( ! found ) { + data->error_string = "Objectclass violation, an invalid attribute name was found"; + talloc_free(ss); + return -1; + } + } + } + + talloc_free(ss); + + return ldb_next_add_record(module, msg); +} + +/* modify_record */ +static int schema_modify_record(struct ldb_module *module, const struct ldb_message *msg) +{ + struct private_data *data = (struct private_data *)module->private_data; + return ldb_next_modify_record(module, msg); +} + +/* delete_record */ +static int schema_delete_record(struct ldb_module *module, const char *dn) +{ + struct private_data *data = (struct private_data *)module->private_data; + return ldb_next_delete_record(module, dn); +} + +/* rename_record */ +static int schema_rename_record(struct ldb_module *module, const char *olddn, const char *newdn) +{ + return ldb_next_rename_record(module, olddn, newdn); +} + +static int schema_named_lock(struct ldb_module *module, const char *name) { + return ldb_next_named_lock(module, name); +} + +static int schema_named_unlock(struct ldb_module *module, const char *name) { + return ldb_next_named_unlock(module, name); +} + +/* return extended error information */ +static const char *schema_errstring(struct ldb_module *module) +{ + struct private_data *data = (struct private_data *)module->private_data; + + if (data->error_string) { + const char *error; + + error = data->error_string; + data->error_string = NULL; + return error; + } + + return ldb_next_errstring(module); +} + +static const struct ldb_module_ops schema_ops = { + "schema", + schema_close, + schema_search, + schema_search_free, + schema_add_record, + schema_modify_record, + schema_delete_record, + schema_rename_record, + schema_named_lock, + schema_named_unlock, + schema_errstring, +}; + +#define SCHEMA_PREFIX "schema:" +#define SCHEMA_PREFIX_LEN 7 + +#ifdef HAVE_DLOPEN_DISABLED +struct ldb_module *init_module(struct ldb_context *ldb, const char *options[]) +#else +struct ldb_module *schema_module_init(struct ldb_context *ldb, const char *options[]) +#endif +{ + struct ldb_module *ctx; + struct private_data *data; + char *db_url = NULL; + int i; + + ctx = talloc_p(ldb, struct ldb_module); + if (!ctx) { + return NULL; + } + + if (options) { + for (i = 0; options[i] != NULL; i++) { + if (strncmp(options[i], SCHEMA_PREFIX, SCHEMA_PREFIX_LEN) == 0) { + db_url = talloc_strdup(ctx, &options[i][SCHEMA_PREFIX_LEN]); + SCHEMA_TALLOC_CHECK(ctx, db_url, NULL); + } + } + } + + if (!db_url) { /* search if it is defined in the calling ldb */ + int ret; + const char * attrs[] = { "@SCHEMADB", NULL }; + struct ldb_message **msgs; + + ret = ldb_search(ldb, "", LDB_SCOPE_BASE, "dn=@MODULES", (const char * const *)attrs, &msgs); + if (ret == 0) { + ldb_debug(ldb, LDB_DEBUG_TRACE, "Schema DB not found\n"); + ldb_search_free(ldb, msgs); + return NULL; + } else { + if (ret < 0) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "ldb error (%s) occurred searching for schema db, bailing out!\n", ldb_errstring(ldb)); + ldb_search_free(ldb, msgs); + return NULL; + } + if (ret > 1) { + ldb_debug(ldb, LDB_DEBUG_FATAL, "Too many records found, bailing out\n"); + ldb_search_free(ldb, msgs); + return NULL; + } + + db_url = talloc_strndup(ctx, msgs[0]->elements[0].values[0].data, msgs[0]->elements[0].values[0].length); + SCHEMA_TALLOC_CHECK(ctx, db_url, NULL); + } + + ldb_search_free(ldb, msgs); + } + + data = talloc_p(ctx, struct private_data); + SCHEMA_TALLOC_CHECK(ctx, data, NULL); + + data->schema_db = ldb_connect(db_url, 0, NULL); + SCHEMA_TALLOC_CHECK(ctx, data->schema_db, NULL); + + data->error_string = NULL; + ctx->private_data = data; + ctx->ldb = ldb; + ctx->prev = ctx->next = NULL; + ctx->ops = &schema_ops; + + return ctx; +} |