summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/lib/ldb/modules/schema.c339
1 files changed, 164 insertions, 175 deletions
diff --git a/source4/lib/ldb/modules/schema.c b/source4/lib/ldb/modules/schema.c
index 912c8657d2..b396ae0459 100644
--- a/source4/lib/ldb/modules/schema.c
+++ b/source4/lib/ldb/modules/schema.c
@@ -36,33 +36,6 @@
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_private.h"
-struct attribute_syntax {
- const char *name;
- const char *syntax_id;
-};
-
-static struct attribute_syntax attrsyn[] = {
- { "Object(DS-DN)", "2.5.5.1"},
- { "String(Object-Identifier)", "2.5.5.2"},
- { "", "2.5.5.3"},
- { "String(Teletex)", "2.5.5.4"},
- { "String(IA5)", "2.5.5.5"}, /* Also String(Printable) */
- { "String(Numeric)", "2.5.5.6"},
- { "Object(DN-Binary)", "2.5.5.7"}, /* Also Object(OR-Name) */
- { "Boolean", "2.5.5.8"},
- { "Integer", "2.5.5.9"}, /* Also Enumeration (3 types ?) ... */
- { "String(Octet)", "2.5.5.10"}, /* Also Object(Replica-Link) */
- { "String(UTC-Time)", "2.5.5.11"}, /* Also String(Generalized-Time) */
- { "String(Unicode)", "2.5.5.12"},
- { "Object(Presentation-Address)", "2.5.5.13"},
- { "Object(DN-String)", "2.5.5.14"}, /* Also Object(Access-Point) */
- { "String(NT-Sec-Desc))", "2.5.5.15"},
- { "LargeInteger", "2.5.5.16"}, /* Also Interval ... */
- { "String(Sid)", "2.5.5.17"}
- };
-
-#define SCHEMA_TALLOC_CHECK(root, mem, ret) do { if (!mem) { talloc_free(root); return ret;} } while(0);
-
#define SCHEMA_FLAG_RESET 0
#define SCHEMA_FLAG_MOD_MASK 0x03
#define SCHEMA_FLAG_MOD_ADD 0x01
@@ -114,6 +87,18 @@ static int schema_attr_cmp(const char *attr1, const char *attr2)
return ret;
}
+struct attribute_list *schema_find_attribute(struct attribute_list *list, int attr_num, const char *attr_name)
+{
+ unsigned int i;
+ for (i = 0; i < attr_num; i++) {
+ if (ldb_attr_cmp(list[i].name, attr_name) == 0) {
+ return &list[i];
+ }
+ }
+ return NULL;
+}
+
+/* get objectclasses of dn */
static int get_object_objectclasses(struct ldb_context *ldb, const char *dn, struct schema_structures *schema_struct)
{
char *filter = talloc_asprintf(schema_struct, "dn=%s", dn);
@@ -124,36 +109,39 @@ static int get_object_objectclasses(struct ldb_context *ldb, const char *dn, str
schema_struct->objectclass_list = NULL;
schema_struct->objectclass_list_num = 0;
ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, filter, attrs, &srch);
- if (ret == 1) {
- for (i = 0; i < (*srch)->num_elements; i++) {
- schema_struct->objectclass_list_num = (*srch)->elements[i].num_values;
- schema_struct->objectclass_list = talloc_array(schema_struct,
- struct attribute_list,
- schema_struct->objectclass_list_num);
- if (schema_struct->objectclass_list == 0) {
+ if (ret != 1) {
+ ldb_search_free(ldb, srch);
+ return -1;
+ }
+
+ for (i = 0; i < (*srch)->num_elements; i++) {
+ schema_struct->objectclass_list_num = (*srch)->elements[i].num_values;
+ schema_struct->objectclass_list = talloc_array(schema_struct,
+ struct attribute_list,
+ schema_struct->objectclass_list_num);
+ if (schema_struct->objectclass_list == NULL) {
+ ldb_search_free(ldb, srch);
+ return -1;
+ }
+ for (j = 0; j < schema_struct->objectclass_list_num; j++) {
+ schema_struct->objectclass_list[j].name = talloc_strndup(schema_struct->objectclass_list,
+ (*srch)->elements[i].values[j].data,
+ (*srch)->elements[i].values[j].length);
+ if (schema_struct->objectclass_list[j].name == NULL) {
ldb_search_free(ldb, srch);
return -1;
}
- for (j = 0; j < schema_struct->objectclass_list_num; j++) {
- schema_struct->objectclass_list[j].name = talloc_strndup(schema_struct->objectclass_list,
- (*srch)->elements[i].values[j].data,
- (*srch)->elements[i].values[j].length);
- if (schema_struct->objectclass_list[j].name == 0) {
- ldb_search_free(ldb, srch);
- return -1;
- }
- schema_struct->objectclass_list[j].flags = SCHEMA_FLAG_RESET;
- }
+ schema_struct->objectclass_list[j].flags = SCHEMA_FLAG_RESET;
}
- ldb_search_free(ldb, srch);
- } else {
- ldb_search_free(ldb, srch);
- return -1;
}
+ ldb_search_free(ldb, srch);
return 0;
}
+/* get all the attributes and objectclasses found in msg and put them in schema_structure
+ attributes go in the check_list structure for later checking
+ objectclasses go in the objectclass_list structure */
static int get_check_list(struct ldb_module *module, struct schema_structures *schema_struct, const struct ldb_message *msg)
{
int i, j, k;
@@ -164,7 +152,7 @@ static int get_check_list(struct ldb_module *module, struct schema_structures *s
schema_struct->check_list = talloc_array(schema_struct,
struct attribute_list,
schema_struct->check_list_num);
- if (schema_struct->check_list == 0) {
+ if (schema_struct->check_list == NULL) {
return -1;
}
for (i = 0, j = 0; i < msg->num_elements; i++) {
@@ -173,14 +161,14 @@ static int get_check_list(struct ldb_module *module, struct schema_structures *s
schema_struct->objectclass_list = talloc_array(schema_struct,
struct attribute_list,
schema_struct->objectclass_list_num);
- if (schema_struct->objectclass_list == 0) {
+ if (schema_struct->objectclass_list == NULL) {
return -1;
}
for (k = 0; k < schema_struct->objectclass_list_num; k++) {
schema_struct->objectclass_list[k].name = talloc_strndup(schema_struct->objectclass_list,
msg->elements[i].values[k].data,
msg->elements[i].values[k].length);
- if (schema_struct->objectclass_list[k].name == 0) {
+ if (schema_struct->objectclass_list[k].name == NULL) {
return -1;
}
schema_struct->objectclass_list[k].flags = msg->elements[i].flags;
@@ -190,7 +178,7 @@ static int get_check_list(struct ldb_module *module, struct schema_structures *s
schema_struct->check_list[j].flags = msg->elements[i].flags;
schema_struct->check_list[j].name = talloc_strdup(schema_struct->check_list,
msg->elements[i].name);
- if (schema_struct->check_list[j].name == 0) {
+ if (schema_struct->check_list[j].name == NULL) {
return -1;
}
j++;
@@ -199,6 +187,7 @@ static int get_check_list(struct ldb_module *module, struct schema_structures *s
return 0;
}
+/* add all attributes in el avoiding duplicates in attribute_list */
static int add_attribute_uniq(struct attribute_list **list, int *list_num, int flags, struct ldb_message_element *el, void *mem_ctx)
{
int i, j, vals;
@@ -235,6 +224,9 @@ static int add_attribute_uniq(struct attribute_list **list, int *list_num, int f
return 0;
}
+
+/* we need to get all attributes referenced by the entry objectclasses,
+ recursively get parent objectlasses attributes */
static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context *ldb, struct schema_structures *schema_struct)
{
struct private_data *data = (struct private_data *)module->private_data;
@@ -253,46 +245,27 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context
continue;
}
filter = talloc_asprintf(schema_struct, "lDAPDisplayName=%s", schema_struct->objectclass_list[i].name);
- SCHEMA_TALLOC_CHECK(schema_struct, filter, -1);
+ if (filter == NULL) {
+ return -1;
+ }
+
ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, filter, NULL, &srch);
- if (ret == 0) {
- int ok;
-
- ok = 0;
- /* suppose auxiliary classeschema_struct are not required */
- if (schema_struct->objectclass_list[i].flags & SCHEMA_FLAG_AUXCLASS) {
- int d;
- ok = 1;
- schema_struct->objectclass_list_num -= 1;
- for (d = i; d < schema_struct->objectclass_list_num; d++) {
- schema_struct->objectclass_list[d] = schema_struct->objectclass_list[d + 1];
- }
- i -= 1;
- }
- if (!ok) {
- /* Schema Violation: Object Class Description Not Found */
- ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Objectclass %s not found.\n", schema_struct->objectclass_list[i].name);
- data->error_string = "ObjectClass not found";
- return -1;
- }
- continue;
- } else {
- if (ret < 0) {
- /* Schema DB Error: Error occurred retrieving Object Class Description */
- ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Error retrieving Objectclass %s.\n", schema_struct->objectclass_list[i].name);
- data->error_string = "Internal error. Error retrieving schema objectclass";
- return -1;
- }
- if (ret > 1) {
- /* Schema DB Error: Too Many Records */
- ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Too many records found retrieving Objectclass %s.\n", schema_struct->objectclass_list[i].name);
- data->error_string = "Internal error. Too many records searching for schema objectclass";
- return -1;
- }
+
+ if (ret <= 0) {
+ /* Schema DB Error: Error occurred retrieving Object Class Description */
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Error retrieving Objectclass %s.\n", schema_struct->objectclass_list[i].name);
+ data->error_string = "Internal error. Error retrieving schema objectclass";
+ return -1;
+ }
+ if (ret > 1) {
+ /* Schema DB Error: Too Many Records */
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Too many records found retrieving Objectclass %s.\n", schema_struct->objectclass_list[i].name);
+ data->error_string = "Internal error. Too many records searching for schema objectclass";
+ return -1;
}
/* Add inherited classes eliminating duplicates */
- /* fill in kust and may attribute lists */
+ /* fill in required and optional attribute lists */
for (j = 0; j < (*srch)->num_elements; j++) {
int is_aux, is_class;
@@ -372,12 +345,13 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message
{
struct private_data *data = (struct private_data *)module->private_data;
struct schema_structures *entry_structs;
- int i, j;
+ unsigned int i;
int ret;
/* First implementation:
- Build up a list of must and mays from each objectclass
- Check all the musts are there and all the other attributes are mays
+ Build up a list of required and optional attributes from each objectclass
+ Check all the required attributes are present and all the other attributes
+ are optional attributes
Throw an error in case a check fail
Free all structures and commit the change
*/
@@ -404,44 +378,43 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message
return ret;
}
- /* now check all musts are present */
+ /* now check all required attributes are present */
for (i = 0; i < entry_structs->must_num; i++) {
- int found;
+ struct attribute_list *attr;
- found = 0;
- for (j = 0; j < entry_structs->check_list_num; j++) {
- if (schema_attr_cmp(entry_structs->must[i].name, entry_structs->check_list[j].name) == 0) {
- entry_structs->check_list[j].flags = SCHEMA_FLAG_CHECKED;
- found = 1;
- break;
- }
- }
+ attr = schema_find_attribute(entry_structs->check_list,
+ entry_structs->check_list_num,
+ entry_structs->must[i].name);
+
+ if (attr == NULL) { /* not found */
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR,
+ "The required attribute %s is missing.\n",
+ entry_structs->must[i].name);
- if ( ! found ) {
- ldb_debug(module->ldb, LDB_DEBUG_ERROR, "The required attribute %s is missing.\n", entry_structs->must[i].name);
data->error_string = "Objectclass violation, a required attribute is missing";
talloc_free(entry_structs);
return -1;
}
+
+ /* mark the attribute as checked */
+ attr->flags = SCHEMA_FLAG_CHECKED;
}
- /* now check all others atribs are found in mays */
+ /* now check all others atribs are at least optional */
for (i = 0; i < entry_structs->check_list_num; i++) {
if (entry_structs->check_list[i].flags != SCHEMA_FLAG_CHECKED) {
- int found;
+ struct attribute_list *attr;
- found = 0;
- for (j = 0; j < entry_structs->may_num; j++) {
- if (schema_attr_cmp(entry_structs->may[j].name, entry_structs->check_list[i].name) == 0) {
- entry_structs->check_list[i].flags = SCHEMA_FLAG_CHECKED;
- found = 1;
- break;
- }
- }
+ attr = schema_find_attribute(entry_structs->may,
+ entry_structs->may_num,
+ entry_structs->check_list[i].name);
+
+ if (attr == NULL) { /* not found */
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR,
+ "The attribute %s is not referenced by any objectclass.\n",
+ entry_structs->check_list[i].name);
- if ( ! found ) {
- ldb_debug(module->ldb, LDB_DEBUG_ERROR, "The attribute %s is not referenced by any objectclass.\n", entry_structs->check_list[i].name);
data->error_string = "Objectclass violation, an invalid attribute name was found";
talloc_free(entry_structs);
return -1;
@@ -459,16 +432,16 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
{
struct private_data *data = (struct private_data *)module->private_data;
struct schema_structures *entry_structs, *modify_structs;
- int i, j;
+ unsigned int i;
int ret;
/* First implementation:
Retrieve the ldap entry and get the objectclasses,
add msg contained objectclasses if any.
- Build up a list of must and mays from each objectclass
- Check all musts for the defined objectclass and it's specific
- inheritance are there.
- Check all other the attributes are mays or musts.
+ Build up a list of required and optional attributes from each objectclass
+ Check all required one for the defined objectclass and all its parent
+ objectclasses.
+ Check all other the attributes are optional or required.
Throw an error in case a check fail.
Free all structures and commit the change.
*/
@@ -478,13 +451,13 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
}
/* allocate object structs */
- entry_structs = talloc(module, struct schema_structures);
+ entry_structs = talloc_zero(module, struct schema_structures);
if (!entry_structs) {
return -1;
}
/* allocate modification entry structs */
- modify_structs = talloc(entry_structs, struct schema_structures);
+ modify_structs = talloc_zero(entry_structs, struct schema_structures);
if (!modify_structs) {
talloc_free(entry_structs);
return -1;
@@ -518,85 +491,98 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
return ret;
}
- /* now check all entries are present either as musts or mays of curent objectclasses */
- /* do not return errors there may be attirbutes defined in new objectclasses */
- /* just mark them as being proved valid attribs */
+ /* now check all entries are present either as required or optional atributes of entry objectclasses */
+ /* if they are required and we are going to delete them then throw an error */
+ /* just mark them if being proved valid attribs */
for (i = 0; i < modify_structs->check_list_num; i++) {
- int found;
+ struct attribute_list *attr;
- found = 0;
- for (j = 0; j < entry_structs->must_num; j++) {
- if (schema_attr_cmp(entry_structs->must[j].name, modify_structs->check_list[i].name) == 0) {
- if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) {
- ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Trying to delete the required attribute %s.\n", modify_structs->check_list[i].name);
- data->error_string = "Objectclass violation: trying to delete a required attribute";
- talloc_free(entry_structs);
- return -1;
- }
+ attr = schema_find_attribute(entry_structs->must,
+ entry_structs->must_num,
+ modify_structs->check_list[i].name);
+
+ if (attr == NULL) { /* not found */
+
+ attr = schema_find_attribute(entry_structs->may,
+ entry_structs->may_num,
+ modify_structs->check_list[i].name);
+
+ if (attr != NULL) { /* found*/
modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED;
- found = 1;
- break;
}
+
+ break; /* not found, go on */
}
- if ( ! found) {
- for (j = 0; j < entry_structs->may_num; j++) {
- if (schema_attr_cmp(entry_structs->may[j].name, modify_structs->check_list[i].name) == 0) {
- modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED;
- break;
- }
- }
+
+ if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR,
+ "Trying to delete the required attribute %s.\n",
+ modify_structs->check_list[i].name);
+
+ data->error_string = "Objectclass violation: trying to delete a required attribute";
+ talloc_free(entry_structs);
+ return -1;
}
+
+ modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED;
}
- /* now check all new objectclasses musts are present */
+ /* now check all new objectclasses required attributes are present */
for (i = 0; i < modify_structs->must_num; i++) {
- int found;
+ struct attribute_list *attr;
- found = 0;
- for (j = 0; j < modify_structs->check_list_num; j++) {
- if (schema_attr_cmp(modify_structs->must[i].name, modify_structs->check_list[j].name) == 0) {
- if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) {
- ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Trying to delete the required attribute %s.\n", modify_structs->must[i].name);
- data->error_string = "Objectclass violation: trying to delete a required attribute";
- talloc_free(entry_structs);
- return -1;
- }
- modify_structs->check_list[j].flags |= SCHEMA_FLAG_CHECKED;
- found = 1;
- break;
- }
- }
+ attr = schema_find_attribute(modify_structs->check_list,
+ modify_structs->check_list_num,
+ modify_structs->must[i].name);
+
+
+ if (attr == NULL) { /* not found */
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR,
+ "The required attribute %s is missing.\n",
+ modify_structs->must[i].name);
- if ( ! found ) {
- ldb_debug(module->ldb, LDB_DEBUG_ERROR, "The required attribute %s is missing.\n", modify_structs->must[i].name);
data->error_string = "Objectclass violation, a required attribute is missing";
talloc_free(entry_structs);
return -1;
}
+
+ if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR,
+ "Trying to delete the required attribute %s.\n",
+ modify_structs->must[i].name);
+
+ data->error_string = "Objectclass violation: trying to delete a required attribute";
+ talloc_free(entry_structs);
+ return -1;
+ }
+
+ attr->flags |= SCHEMA_FLAG_CHECKED;
}
- /* now check all others atribs are found in mays */
+ /* now check all others attributes are at least optional */
for (i = 0; i < modify_structs->check_list_num; i++) {
if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_CHECKED) == 0 &&
(modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) != SCHEMA_FLAG_MOD_DELETE) {
- int found;
+ struct attribute_list *attr;
+
+ attr = schema_find_attribute(modify_structs->may,
+ modify_structs->may_num,
+ modify_structs->check_list[i].name);
- found = 0;
- for (j = 0; j < modify_structs->may_num; j++) {
- if (schema_attr_cmp(modify_structs->may[j].name, modify_structs->check_list[i].name) == 0) {
- modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED;
- found = 1;
- break;
- }
- }
- if ( ! found ) {
- ldb_debug(module->ldb, LDB_DEBUG_ERROR, "The attribute %s is not referenced by any objectclass.\n", modify_structs->check_list[i].name);
+ if (attr == NULL) { /* not found */
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR,
+ "The attribute %s is not referenced by any objectclass.\n",
+ modify_structs->check_list[i].name);
+
data->error_string = "Objectclass violation, an invalid attribute name was found";
talloc_free(entry_structs);
return -1;
}
+
+ modify_structs->check_list[i].flags |= SCHEMA_FLAG_CHECKED;
+
}
}
@@ -671,7 +657,10 @@ struct ldb_module *schema_module_init(struct ldb_context *ldb, const char *optio
}
data = talloc(ctx, struct private_data);
- SCHEMA_TALLOC_CHECK(ctx, data, NULL);
+ if (data == NULL) {
+ talloc_free(ctx);
+ return NULL;
+ }
data->error_string = NULL;
ctx->private_data = data;