Add attribute type/matching rule support for structuralObjectClass attribute

type. Add type to core.schema. Not yet populated on add nor checked on modify.
2026-01-07 07:30:57 -05:00 · 2000-06-26 05:13:41 +00:00 · 2000-06-26 05:13:41 +00:00 · 3112f21612
commit 3112f21612
parent 5d552f6051
10 changed files with 103 additions and 44 deletions
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@ -565,9 +565,9 @@ acl_mask(
 					/* target is attribute, check if the attribute value
 					 * is the op dn.
 					 */
-					rc = value_match(	&match, b->a_dn_at,
-										b->a_dn_at->ad_type->sat_equality,
-										val, &bv, &text );
+					rc = value_match( &match, b->a_dn_at,
+						b->a_dn_at->ad_type->sat_equality, 0,
+						val, &bv, &text );
 					/* on match error or no match, fail the ACL clause */
 					if (rc != LDAP_SUCCESS || match != 0 )
 						continue;
@ -584,9 +584,10 @@ acl_mask(
 				/* target is attribute, check if the attribute value
 				 * is the op dn.
 				 */
-				rc = value_match(	&match, b->a_dn_at,
-									b->a_dn_at->ad_type->sat_equality,
-									val, &bv, &text );
+				rc = value_match( &match, b->a_dn_at,
+					b->a_dn_at->ad_type->sat_equality, 0,
+					val, &bv, &text );
+
 				/* on match error or no match, fail the ACL clause */
 				if (rc != LDAP_SUCCESS || match != 0 )
 					continue;
--- a/servers/slapd/back-ldbm/attribute.c
+++ b/servers/slapd/back-ldbm/attribute.c
@ -36,7 +36,6 @@ ldbm_back_attribute(
 	int          i, j, rc;
 	Attribute   *attr;
 	struct berval **v;
-	char *s;
 	const char *entry_at_name = entry_at->ad_cname->bv_val;

 	Debug( LDAP_DEBUG_ARGS,
--- a/servers/slapd/back-ldbm/modify.c
+++ b/servers/slapd/back-ldbm/modify.c
@ -298,6 +298,7 @@ add_values(
 			for ( j = 0; a->a_vals[j] != NULL; j++ ) {
 				int match;
 				int rc = value_match( &match, mod->sm_desc, mr,
+					SLAP_MR_MODIFY_MATCHING,
 					a->a_vals[j], asserted, &text );

 				if( rc == LDAP_SUCCESS && match == 0 ) {
@ -372,10 +373,10 @@ delete_values(
 		for ( j = 0; a->a_vals[j] != NULL; j++ ) {
 			int match;
 			int rc = value_match( &match, mod->sm_desc, mr,
+				SLAP_MR_MODIFY_MATCHING,
 				a->a_vals[j], asserted, &text );

-			if( rc == LDAP_SUCCESS && match != 0 )
-			{
+			if( rc == LDAP_SUCCESS && match != 0 ) {
 				continue;
 			}
 			found = 1;
--- a/servers/slapd/filterentry.c
+++ b/servers/slapd/filterentry.c
@ -193,7 +193,7 @@ test_ava_filter(
 			int rc;
 			const char *text;

-			rc = value_match( &ret, a->a_desc, mr,
+			rc = value_match( &ret, a->a_desc, mr, 0,
 				a->a_vals[i], ava->aa_value,
 				&text );

@ -344,7 +344,7 @@ test_substrings_filter(
 			int rc;
 			const char *text;

-			rc = value_match( &ret, a->a_desc, mr,
+			rc = value_match( &ret, a->a_desc, mr, 0,
 				a->a_vals[i], f->f_sub,
 				&text );

--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@ -678,6 +678,7 @@ LDAP_SLAPD_F (int) value_match LDAP_P((
 	int *match,
 	AttributeDescription *ad,
 	MatchingRule *mr,
+	unsigned flags,
 	struct berval *v1,
 	void *v2,
 	const char ** text ));
--- a/servers/slapd/schema/core.schema
+++ b/servers/slapd/schema/core.schema
@ -77,6 +77,11 @@ attributetype ( 2.5.21.8 NAME 'matchingRuleUse'
 	EQUALITY objectIdentifierFirstComponentMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )

+# From X.500(97?)
+attributetype ( 2.5.21.9 NAME 'structuralObjectClass'
+	EQUALITY objectIdentifierMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+	NO-USER-MODIFICATION SINGLE-VALUE USAGE directoryOperation )

 # LDAP Operational Attributes from RFC2252
 attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@ -91,7 +91,7 @@
 static int
 octetStringMatch(
 	int *matchp,
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *value,
@ -111,7 +111,7 @@ octetStringMatch(

 /* Index generation function */
 int octetStringIndexer(
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *prefix,
@ -164,7 +164,7 @@ int octetStringIndexer(

 /* Index generation function */
 int octetStringFilter(
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *prefix,
@ -257,7 +257,7 @@ dnNormalize(
 static int
 dnMatch(
 	int *matchp,
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *value,
@ -587,7 +587,7 @@ IA5StringNormalize(
 static int
 caseExactIA5Match(
 	int *matchp,
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *value,
@ -608,7 +608,7 @@ caseExactIA5Match(
 static int
 caseExactIA5SubstringsMatch(
 	int *matchp,
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *value,
@ -732,7 +732,7 @@ done:

 /* Index generation function */
 int caseExactIA5Indexer(
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *prefix,
@ -785,7 +785,7 @@ int caseExactIA5Indexer(

 /* Index generation function */
 int caseExactIA5Filter(
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *prefix,
@ -831,7 +831,7 @@ int caseExactIA5Filter(
 static int
 caseIgnoreIA5Match(
 	int *matchp,
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *value,
@ -866,7 +866,7 @@ static char *strcasechr( const char *str, int c )
 static int
 caseIgnoreIA5SubstringsMatch(
 	int *matchp,
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *value,
@ -991,7 +991,7 @@ done:

 /* Index generation function */
 int caseIgnoreIA5Indexer(
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *prefix,
@ -1047,7 +1047,7 @@ int caseIgnoreIA5Indexer(

 /* Index generation function */
 int caseIgnoreIA5Filter(
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *prefix,
@ -1151,7 +1151,7 @@ numericStringNormalize(
 static int
 objectIdentifierFirstComponentMatch(
 	int *matchp,
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *value,
@ -1182,7 +1182,7 @@ objectIdentifierFirstComponentMatch(

 	/* insert attributeTypes, objectclass check here */
 	if( OID_LEADCHAR(asserted->bv_val[0]) ) {
-		rc = objectIdentifierMatch( &match, use, syntax, mr, &oid, asserted );
+		rc = objectIdentifierMatch( &match, flags, syntax, mr, &oid, asserted );

 	} else {
 		char *stored = ch_malloc( oid.bv_len + 1 );
--- a/servers/slapd/schema_prep.c
+++ b/servers/slapd/schema_prep.c
@ -26,7 +26,7 @@ struct slap_internal_schema slap_schema;
 static int
 objectClassMatch(
 	int *matchp,
-	unsigned use,
+	unsigned flags,
 	Syntax *syntax,
 	MatchingRule *mr,
 	struct berval *value,
@ -37,7 +37,7 @@ objectClassMatch(
 	ObjectClass *asserted = oc_find( a->bv_val );

 	if( asserted == NULL ) {
-		if( OID_LEADCHAR( *value->bv_val ) ) {
+		if( OID_LEADCHAR( *a->bv_val ) ) {
 			/* OID form, return FALSE */
 			*matchp = 1;
 			return LDAP_SUCCESS;
@ -52,15 +52,58 @@ objectClassMatch(
 		return SLAPD_COMPARE_UNDEFINED;
 	}

+	if( flags & SLAP_MR_MODIFY_MATCHING ) {
+		*matchp = ( asserted != oc );
+	} else {
+		*matchp = !is_object_subclass( asserted, oc );
+	}
+
 #if 0
-	Debug( LDAP_DEBUG_TRACE, "objectClassMatch(%s,%s)\n",
-		value->bv_val, a->bv_val, NULL );
+	Debug( LDAP_DEBUG_TRACE, "objectClassMatch(%s,%s) = %d\n",
+		value->bv_val, a->bv_val, *matchp );
 #endif

-	*matchp = !is_object_subclass( asserted, oc );
+	return LDAP_SUCCESS;
+}

-	Debug( LDAP_DEBUG_TRACE, "\treturns %d\n",
-		*matchp, NULL, NULL );
+#define structuralObjectClassIndexer NULL
+#define structuralObjectClassFilter NULL
+
+static int
+structuralObjectClassMatch(
+	int *matchp,
+	unsigned flags,
+	Syntax *syntax,
+	MatchingRule *mr,
+	struct berval *value,
+	void *assertedValue )
+{
+	struct berval *a = (struct berval *) assertedValue;
+	ObjectClass *oc = oc_find( value->bv_val );
+	ObjectClass *asserted = oc_find( a->bv_val );
+
+	if( asserted == NULL ) {
+		if( OID_LEADCHAR( *a->bv_val ) ) {
+			/* OID form, return FALSE */
+			*matchp = 1;
+			return LDAP_SUCCESS;
+		}
+
+		/* desc form, return undefined */
+		return SLAPD_COMPARE_UNDEFINED;
+	}
+
+	if ( oc == NULL ) {
+		/* unrecognized stored value */
+		return SLAPD_COMPARE_UNDEFINED;
+	}
+
+	*matchp = ( asserted != oc );
+
+#if 0
+	Debug( LDAP_DEBUG_TRACE, "structuralObjectClassMatch(%s,%s) = %d\n",
+		value->bv_val, a->bv_val, *matchp );
+#endif

 	return LDAP_SUCCESS;
 }
@ -89,6 +132,10 @@ struct slap_schema_ad_map {
 	{ "objectClass",
 		objectClassMatch, objectClassIndexer, objectClassFilter,
 		offsetof(struct slap_internal_schema, si_ad_objectClass) },
+	{ "structuralObjectClass",
+		structuralObjectClassMatch,
+		structuralObjectClassIndexer, structuralObjectClassFilter,
+		offsetof(struct slap_internal_schema, si_ad_structuralObjectClass) },

 	/* user entry operational attributes */
 	{ "creatorsName", NULL, NULL, NULL,
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@ -242,7 +242,7 @@ typedef int slap_mr_normalize_func LDAP_P((
 /* Match (compare) function */
 typedef int slap_mr_match_func LDAP_P((
 	int *match,
-	unsigned use,
+	unsigned flags,
 	struct slap_syntax *syntax,	/* syntax of stored value */
 	struct slap_matching_rule *mr,
 	struct berval * value,
@ -250,7 +250,7 @@ typedef int slap_mr_match_func LDAP_P((

 /* Index generation function */
 typedef int slap_mr_indexer_func LDAP_P((
-	unsigned use,
+	unsigned flags,
 	struct slap_syntax *syntax,	/* syntax of stored value */
 	struct slap_matching_rule *mr,
 	struct berval *prefix,
@ -259,7 +259,7 @@ typedef int slap_mr_indexer_func LDAP_P((

 /* Filter index function */
 typedef int slap_mr_filter_func LDAP_P((
-	unsigned use,
+	unsigned flags,
 	struct slap_syntax *syntax,	/* syntax of stored value */
 	struct slap_matching_rule *mr,
 	struct berval *prefix,
@ -271,7 +271,8 @@ typedef struct slap_matching_rule {
 	unsigned				smr_usage;

 #define SLAP_MR_TYPE_MASK		0xFF00U
-#define SLAP_MR_SUBTYPE_MASK	0x00FFU
+#define SLAP_MR_SUBTYPE_MASK	0x00F0U
+#define SLAP_MR_USAGE			0x000FU

 #define SLAP_MR_NONE			0x0000U
 #define SLAP_MR_EQUALITY		0x0100U
@ -279,11 +280,14 @@ typedef struct slap_matching_rule {
 #define SLAP_MR_SUBSTR			0x0400U
 #define SLAP_MR_EXT				0x0800U

-#define SLAP_MR_EQUALITY_APPROX	( SLAP_MR_EQUALITY | 0x0001U )
+#define SLAP_MR_EQUALITY_APPROX	( SLAP_MR_EQUALITY | 0x0010U )

-#define SLAP_MR_SUBSTR_INITIAL	( SLAP_MR_SUBSTR | 0x0001U )
-#define SLAP_MR_SUBSTR_ANY		( SLAP_MR_SUBSTR | 0x0002U )
-#define SLAP_MR_SUBSTR_FINAL	( SLAP_MR_SUBSTR | 0x0004U )
+#define SLAP_MR_SUBSTR_INITIAL	( SLAP_MR_SUBSTR | 0x0010U )
+#define SLAP_MR_SUBSTR_ANY		( SLAP_MR_SUBSTR | 0x0020U )
+#define SLAP_MR_SUBSTR_FINAL	( SLAP_MR_SUBSTR | 0x0040U )
+
+/* this is used to kludge objectClass testing */
+#define SLAP_MR_MODIFY_MATCHING 0x0001U

 	Syntax					*smr_syntax;
 	slap_mr_convert_func	*smr_convert;
@ -382,6 +386,7 @@ struct slap_internal_schema {
 	AttributeDescription *si_ad_objectClass;

 	/* operational attributes */
+	AttributeDescription *si_ad_structuralObjectClass;
 	AttributeDescription *si_ad_creatorsName;
 	AttributeDescription *si_ad_createTimestamp;
 	AttributeDescription *si_ad_modifiersName;
--- a/servers/slapd/value.c
+++ b/servers/slapd/value.c
@ -125,12 +125,12 @@ value_match(
 	int *match,
 	AttributeDescription *ad,
 	MatchingRule *mr,
+	unsigned flags,
 	struct berval *v1, /* stored value */
 	void *v2, /* assertion */
 	const char ** text )
 {
 	int rc;
-	int usage = 0;
 	struct berval *nv1 = NULL;

 	if( !mr->smr_match ) {
@ -146,7 +146,7 @@ value_match(
 		}
 	}

-	rc = (mr->smr_match)( match, usage,
+	rc = (mr->smr_match)( match, flags,
 		ad->ad_type->sat_syntax,
 		mr,
 		nv1 != NULL ? nv1 : v1,
@ -184,8 +184,8 @@ int value_find(
 		int match;
 		const char *text;

-		rc = value_match( &match, ad, mr, vals[i],
-			nval == NULL ? val : nval, &text );
+		rc = value_match( &match, ad, mr, 0,
+			vals[i], nval == NULL ? val : nval, &text );

 		if( rc == LDAP_SUCCESS && match == 0 ) {
 			return LDAP_SUCCESS;