Fix schema check bug... actually charray needs to dup strings on

add/merge as we now free strings agressively.  Improved debug
message to include name of missing required attribute and added
check for 'operational attributes'.  This check should be used
everywhere we need to test for operational attributes (add/modify).
Also, enabled schema checking for tests (and fixed resulting
problems by adjusting oc.conf).

include/portable.h.in

@@ -1,33 +1,14 @@
 /* include/portable.h.in.  Generated automatically from configure.in by autoheader.  */
 /* portable.h.top begin */
 /*
-Copyright 1998 The OpenLDAP Foundation, Redwood City, California, USA
-All rights reserved.
-
-Redistribution and use in source and binary forms are permitted only
-as authorized by the OpenLDAP Public License.  A copy of this
-license is available at http://www.OpenLDAP.org/license.html or
-in file LICENSE in the top-level directory of the distribution.
-
-This work is derived from the University of Michigan LDAP v3.3
-distribution.  Information concerning is available at
-    http://www.umich.edu/~dirsvcs/ldap/ldap.html.
-
-This work also contains materials derived from public sources.
-
----
-
-Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
-All rights reserved.
-
-Redistribution and use in source and binary forms are permitted
-provided that this notice is preserved and that due credit is given
-to the University of Michigan at Ann Arbor. The name of the University
-may not be used to endorse or promote products derived from this 
-software without specific prior written permission. This software
-is provided ``as is'' without express or implied warranty.
- 
-*/
+ * Copyright 1998,1999 The OpenLDAP Foundation, Redwood City, California, USA
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted only
+ * as authorized by the OpenLDAP Public License.  A copy of this
+ * license is available at http://www.OpenLDAP.org/license.html or
+ * in file LICENSE in the top-level directory of the distribution.
+ */
 
 #ifndef _LDAP_PORTABLE_H
 #define _LDAP_PORTABLE_H
@@ -611,6 +592,15 @@ is provided ``as is'' without express or implied warranty.
 /* Define if you have the socket library (-lsocket).  */
 #undef HAVE_LIBSOCKET
 /* portable.h.bot begin */
+/*
+ * Copyright 1998,1999 The OpenLDAP Foundation, Redwood City, California, USA
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted only
+ * as authorized by the OpenLDAP Public License.  A copy of this
+ * license is available at http://www.OpenLDAP.org/license.html or
+ * in file LICENSE in the top-level directory of the distribution.
+ */
 
 #ifdef HAVE_STDDEF_H
 #	include <stddef.h>

servers/slapd/charray.c

@@ -29,7 +29,7 @@ charray_add(
 		    (n + 2) * sizeof(char *) );
 	}
 
-	(*a)[n++] = s;
+	(*a)[n++] = ch_strdup(s);
 	(*a)[n] = NULL;
 }
 
@@ -51,7 +51,7 @@ charray_merge(
 	*a = (char **) ch_realloc( (char *) *a, (n + nn + 1) * sizeof(char *) );
 
 	for ( i = 0; i < nn; i++ ) {
-		(*a)[n + i] = s[i];
+		(*a)[n + i] = ch_strdup(s[i]);
 	}
 	(*a)[n + nn] = NULL;
 }

servers/slapd/schema.c

@@ -10,7 +10,7 @@
 #include "slap.h"
 
 static struct objclass	*oc_find(char *ocname);
-static int		oc_check_required(Entry *e, char *ocname);
+static char *	oc_check_required(Entry *e, char *ocname);
 static int		oc_check_allowed(char *type, struct berval **ocl);
 
 /*
@@ -35,10 +35,12 @@ oc_schema_check( Entry *e )
 
 	/* check that the entry has required attrs for each oc */
 	for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
-		if ( oc_check_required( e, aoc->a_vals[i]->bv_val ) != 0 ) {
+		char *s = oc_check_required( e, aoc->a_vals[i]->bv_val );
+
+		if (s != NULL) {
 			Debug( LDAP_DEBUG_ANY,
-			    "Entry (%s), required attr (%s) missing\n",
-			    e->e_dn, aoc->a_vals[i]->bv_val, 0 );
+			    "Entry (%s), oc \"%s\" requires attr \"%s\"\n",
+			    e->e_dn, aoc->a_vals[i]->bv_val, s );
 			ret = 1;
 		}
 	}
@@ -51,7 +53,7 @@ oc_schema_check( Entry *e )
 	for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
 		if ( oc_check_allowed( a->a_type, aoc->a_vals ) != 0 ) {
 			Debug( LDAP_DEBUG_ANY,
-			    "Entry (%s), attr (%s) not allowed\n",
+			    "Entry (%s), attr \"%s\" not allowed\n",
 			    e->e_dn, a->a_type, 0 );
 			ret = 1;
 		}
@@ -60,7 +62,7 @@ oc_schema_check( Entry *e )
 	return( ret );
 }
 
-static int
+static char *
 oc_check_required( Entry *e, char *ocname )
 {
 	struct objclass	*oc;
@@ -89,11 +91,25 @@ oc_check_required( Entry *e, char *ocname )
 
 		/* not there => schema violation */
 		if ( a == NULL ) {
-			return( 1 );
+			return oc->oc_required[i];
 		}
 	}
 
-	return( 0 );
+	return( NULL );
+}
+
+/*
+ * check to see if attribute is 'operational' or not.
+ * this function should be externalized...
+ */
+static int
+oc_check_operational( char *type )
+{
+	return ( strcasecmp( type, "modifiersname" ) == 0 ||
+		strcasecmp( type, "modifytimestamp" ) == 0 ||
+		strcasecmp( type, "creatorsname" ) == 0 ||
+		strcasecmp( type, "createtimestamp" ) == 0 )
+		? 1 : 0;
 }
 
 static int
@@ -107,6 +123,10 @@ oc_check_allowed( char *type, struct berval **ocl )
 		return( 0 );
 	}
 
+	if ( oc_check_operational( type ) ) {
+		return( 0 );
+	}
+
 	/* check that the type appears as req or opt in at least one oc */
 	for ( i = 0; ocl[i] != NULL; i++ ) {
 		/* if we know about the oc */

tests/data/slapd-master.conf

@@ -3,7 +3,7 @@
 #
 include		./data/slapd.at.conf
 include		./data/slapd.oc.conf
-schemacheck	off
+schemacheck	on
 
 #######################################################################
 # ldbm database definitions

tests/data/slapd.oc.conf

@@ -83,18 +83,17 @@ objectclass organizationalUnit
 objectclass person
 	requires
 		objectClass,
-		sn,
 		cn
 	allows
 		description,
 		seeAlso,
+		sn,
 		telephoneNumber,
 		userPassword
 
 objectclass organizationalPerson
 	requires
 		objectClass,
-		sn,
 		cn
 	allows
 		description,
@@ -110,6 +109,7 @@ objectclass organizationalPerson
 		preferredDeliveryMethod,
 		registeredAddress,
 		seeAlso,
+		sn,
 		st,
 		streetAddress,
 		telephoneNumber,
@@ -161,7 +161,6 @@ objectclass groupOfNames
 objectclass residentialPerson
 	requires
 		objectClass,
-		sn,
 		cn,
 		l
 	allows
@@ -178,6 +177,7 @@ objectclass residentialPerson
 		preferredDeliveryMethod,
 		registeredAddress,
 		seeAlso,
+		sn,
 		st,
 		streetAddress,
 		telephoneNumber,
@@ -261,7 +261,6 @@ objectclass pilotObject
 objectclass newPilotPerson
 	requires
 		objectClass,
-		sn,
 		cn
 	allows
 		businessCategory,
@@ -270,6 +269,8 @@ objectclass newPilotPerson
 		homePhone,
 		homePostalAddress,
 		janetMailbox,
+		lastModifiedBy,
+		lastModifiedTime,
 		mail,
 		mailPreferenceOption,
 		mobile,
@@ -282,6 +283,7 @@ objectclass newPilotPerson
 		roomNumber,
 		secretary,
 		seeAlso,
+		sn,
 		telephoneNumber,
 		textEncodedORaddress,
 		uid,
@@ -663,9 +665,7 @@ objectclass kerberosSecurityObject
 objectclass umichPerson
 	requires
 		objectClass,
-		sn,
-		cn,
-		universityID
+		cn
 	allows
 		affiliationCode,
 		audio,
@@ -714,6 +714,7 @@ objectclass umichPerson
 		roomNumber,
 		secretary,
 		seeAlso,
+		sn,
 		st,
 		streetAddress,
 		telephoneNumber,
@@ -722,6 +723,7 @@ objectclass umichPerson
 		textEncodedORaddress,
 		title,
 		uid,
+		universityID,
 		updateSource,
 		userCertificate,
 		userClass,