upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-23 16:19:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

manageDIT framework and obsolete objectclasses/DIT-content-rule override

Browse source
This commit is contained in:
Kurt Zeilenga 2005-05-13 19:07:31 +00:00
parent edac9abcfe
commit feeeabcd68
16 changed files with 53 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
servers/slapd/back-bdb/add.c
View file

@ -52,8 +52,8 @@ bdb_add(Operation *op, SlapReply *rs )
ctrls[num_ctrls] = 0; ctrls[num_ctrls] = 0;
/* check entry's schema */ /* check entry's schema */
rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e, rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e, NULL, 0,
NULL, &rs->sr_text, textbuf, textlen ); &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) { if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": entry failed schema check: " LDAP_XSTRING(bdb_add) ": entry failed schema check: "
@ -191,8 +191,8 @@ retry: /* transaction retry */
} }
Debug( LDAP_DEBUG_TRACE, Debug( LDAP_DEBUG_TRACE,
LDAP_XSTRING(bdb_add) ": no write access " LDAP_XSTRING(bdb_add) ": no write access to parent\n",
"to parent\n", 0, 0, 0 ); 0, 0, 0 );
rs->sr_err = LDAP_INSUFFICIENT_ACCESS; rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
rs->sr_text = "no write access to parent"; rs->sr_text = "no write access to parent";
goto return_results;; goto return_results;;

1
servers/slapd/back-bdb/init.c
View file

@ -650,6 +650,7 @@ bdb_back_initialize(
static char *controls[] = { static char *controls[] = {
LDAP_CONTROL_ASSERT, LDAP_CONTROL_ASSERT,
LDAP_CONTROL_MANAGEDSAIT, LDAP_CONTROL_MANAGEDSAIT,
LDAP_CONTROL_MANAGEDIT,
LDAP_CONTROL_NOOP, LDAP_CONTROL_NOOP,
LDAP_CONTROL_PAGEDRESULTS, LDAP_CONTROL_PAGEDRESULTS,
#ifdef LDAP_CONTROL_SUBENTRIES #ifdef LDAP_CONTROL_SUBENTRIES

14
servers/slapd/back-bdb/modify.c
View file

@ -42,10 +42,21 @@ int bdb_modify_internal(
Attribute *save_attrs; Attribute *save_attrs;
Attribute *ap; Attribute *ap;
int glue_attr_delete = 0; int glue_attr_delete = 0;
int manage=0;
Debug( LDAP_DEBUG_TRACE, "bdb_modify_internal: 0x%08lx: %s\n", Debug( LDAP_DEBUG_TRACE, "bdb_modify_internal: 0x%08lx: %s\n",
e->e_id, e->e_dn, 0); e->e_id, e->e_dn, 0);
if( get_manageDIT(op) ) {
AttributeDescription *entry = slap_schema.si_ad_entry;
if( !access_allowed( op, e, entry, NULL, ACL_MANAGE, NULL )) {
*text = "not authorized to manage entry";
return LDAP_INSUFFICIENT_ACCESS;
}
manage = 1;
}
if ( !acl_check_modlist( op, e, modlist )) { if ( !acl_check_modlist( op, e, modlist )) {
return LDAP_INSUFFICIENT_ACCESS; return LDAP_INSUFFICIENT_ACCESS;
} }
@ -196,7 +207,8 @@ int bdb_modify_internal(
} }
/* check that the entry still obeys the schema */ /* check that the entry still obeys the schema */
rc = entry_schema_check( op->o_bd, e, save_attrs, text, textbuf, textlen ); rc = entry_schema_check( op->o_bd, e, save_attrs, manage,
text, textbuf, textlen );
if ( rc != LDAP_SUCCESS || op->o_noop ) { if ( rc != LDAP_SUCCESS || op->o_noop ) {
attrs_free( e->e_attrs ); attrs_free( e->e_attrs );
/* clear the indexing flags */ /* clear the indexing flags */

2
servers/slapd/back-ldbm/add.c
View file

@ -45,7 +45,7 @@ ldbm_back_add(
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n", Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_add: %s\n",
op->o_req_dn.bv_val, 0, 0); op->o_req_dn.bv_val, 0, 0);
rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e, NULL, rs->sr_err = entry_schema_check( op->o_bd, op->oq_add.rs_e, NULL, 0,
&rs->sr_text, textbuf, textlen ); &rs->sr_text, textbuf, textlen );
if ( rs->sr_err != LDAP_SUCCESS ) { if ( rs->sr_err != LDAP_SUCCESS ) {

4
servers/slapd/back-ldbm/modify.c
View file

@ -164,8 +164,8 @@ int ldbm_modify_internal(
} }
/* check that the entry still obeys the schema */ /* check that the entry still obeys the schema */
rc = entry_schema_check( op->o_bd, e, save_attrs, text, textbuf, textlen ); rc = entry_schema_check( op->o_bd, e, save_attrs, 0,
text, textbuf, textlen );
if ( rc != LDAP_SUCCESS ) { if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY, "entry failed schema check: %s\n", Debug( LDAP_DEBUG_ANY, "entry failed schema check: %s\n",
*text, 0, 0 ); *text, 0, 0 );

8
servers/slapd/back-ldif/ldif.c
View file

@ -553,8 +553,8 @@ static int apply_modify_to_entry(Entry * entry,
entry->e_ocflags = 0; entry->e_ocflags = 0;
} }
/* check that the entry still obeys the schema */ /* check that the entry still obeys the schema */
rc = entry_schema_check(op->o_bd, entry, NULL, rc = entry_schema_check(op->o_bd, entry, NULL, 0,
&rs->sr_text, textbuf, sizeof( textbuf ) ); &rs->sr_text, textbuf, sizeof( textbuf ) );
} }
return rc; return rc;
} }
@ -760,8 +760,8 @@ static int ldif_back_add(Operation *op, SlapReply *rs) {
int statres; int statres;
char textbuf[SLAP_TEXT_BUFLEN]; char textbuf[SLAP_TEXT_BUFLEN];
rs->sr_err = entry_schema_check(op->o_bd, e, rs->sr_err = entry_schema_check(op->o_bd, e, NULL, 0,
NULL, &rs->sr_text, textbuf, sizeof( textbuf ) ); &rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rs->sr_err != LDAP_SUCCESS ) goto send_res; if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
ldap_pvt_thread_mutex_lock(&ni->li_mutex); ldap_pvt_thread_mutex_lock(&ni->li_mutex);

4
servers/slapd/back-monitor/log.c
View file

@ -197,8 +197,8 @@ monitor_subsys_log_modify(
} }
/* check that the entry still obeys the schema */ /* check that the entry still obeys the schema */
rc = entry_schema_check( be_monitor, e, save_attrs, rc = entry_schema_check( be_monitor, e, save_attrs, 0,
&text, textbuf, sizeof( textbuf ) ); &text, textbuf, sizeof( textbuf ) );
if ( rc != LDAP_SUCCESS ) { if ( rc != LDAP_SUCCESS ) {
rs->sr_err = rc; rs->sr_err = rc;
goto cleanup; goto cleanup;

5
servers/slapd/back-sql/add.c
View file

@ -989,9 +989,8 @@ backsql_add( Operation *op, SlapReply *rs )
if ( BACKSQL_CHECK_SCHEMA( bi ) ) { if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' }; char textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
rs->sr_err = entry_schema_check( op->o_bd, op->ora_e, rs->sr_err = entry_schema_check( op->o_bd, op->ora_e, NULL, 0,
NULL, &rs->sr_text, textbuf, sizeof( textbuf ) );
&rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rs->sr_err != LDAP_SUCCESS ) { if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): " Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"entry failed schema check -- aborting\n", "entry failed schema check -- aborting\n",

5
servers/slapd/back-sql/modify.c
View file

@ -167,9 +167,8 @@ backsql_modify( Operation *op, SlapReply *rs )
goto do_transact; goto do_transact;
} }
rs->sr_err = entry_schema_check( op->o_bd, &m, rs->sr_err = entry_schema_check( op->o_bd, &m, NULL, 0,
NULL, &rs->sr_text, textbuf, sizeof( textbuf ) );
&rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rs->sr_err != LDAP_SUCCESS ) { if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): " Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"entry failed schema check -- aborting\n", "entry failed schema check -- aborting\n",

5
servers/slapd/back-sql/modrdn.c
View file

@ -495,9 +495,8 @@ backsql_modrdn( Operation *op, SlapReply *rs )
e_id = bsi.bsi_base_id; e_id = bsi.bsi_base_id;
rs->sr_err = entry_schema_check( op->o_bd, &r, rs->sr_err = entry_schema_check( op->o_bd, &r, NULL, 0,
NULL, &rs->sr_text, textbuf, sizeof( textbuf ) );
&rs->sr_text, textbuf, sizeof( textbuf ) );
if ( rs->sr_err != LDAP_SUCCESS ) { if ( rs->sr_err != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): " Debug( LDAP_DEBUG_TRACE, " backsql_add(\"%s\"): "
"entry failed schema check -- aborting\n", "entry failed schema check -- aborting\n",

4
servers/slapd/bconfig.c
View file

@ -3305,8 +3305,8 @@ config_modify_internal( CfEntryInfo *ce, Operation *op, SlapReply *rs,
if(rc == LDAP_SUCCESS) { if(rc == LDAP_SUCCESS) {
/* check that the entry still obeys the schema */ /* check that the entry still obeys the schema */
rc = entry_schema_check(op->o_bd, e, NULL, rc = entry_schema_check(op->o_bd, e, NULL, 0,
&rs->sr_text, ca->msg, sizeof(ca->msg) ); &rs->sr_text, ca->msg, sizeof(ca->msg) );
} }
if ( rc == LDAP_SUCCESS ) { if ( rc == LDAP_SUCCESS ) {
/* Basic syntax checks are OK. Do the actual settings. */ /* Basic syntax checks are OK. Do the actual settings. */

4
servers/slapd/modify.c
View file

@ -187,7 +187,7 @@ do_modify(
} }
rs->sr_err = slap_mods_check( modlist, &rs->sr_text, rs->sr_err = slap_mods_check( modlist, &rs->sr_text,
textbuf, textlen, NULL ); textbuf, textlen, NULL );
if ( rs->sr_err != LDAP_SUCCESS ) { if ( rs->sr_err != LDAP_SUCCESS ) {
send_ldap_result( op, rs ); send_ldap_result( op, rs );
@ -442,8 +442,6 @@ fe_op_modify( Operation *op, SlapReply *rs )
} }
} }
if ( !repl_user ) { if ( !repl_user ) {
for( modtail = &modlist; for( modtail = &modlist;
*modtail != NULL; *modtail != NULL;

5
servers/slapd/proto-slap.h
View file

@ -1272,7 +1272,10 @@ LDAP_SLAPD_F( int ) structural_class(
char *textbuf, size_t textlen ); char *textbuf, size_t textlen );
LDAP_SLAPD_F( int ) entry_schema_check( LDAP_SLAPD_F( int ) entry_schema_check(
Backend *be, Entry *e, Attribute *attrs, Backend *be,
Entry *e,
Attribute *attrs,
int manage,
const char** text, const char** text,
char *textbuf, size_t textlen ); char *textbuf, size_t textlen );

13
servers/slapd/schema_check.c
View file

@ -31,6 +31,7 @@ static char * oc_check_required(
static int entry_naming_check( static int entry_naming_check(
Entry *e, Entry *e,
int manage,
const char** text, const char** text,
char *textbuf, size_t textlen ); char *textbuf, size_t textlen );
/* /*
@ -45,6 +46,7 @@ entry_schema_check(
Backend *be, Backend *be,
Entry *e, Entry *e,
Attribute *oldattrs, Attribute *oldattrs,
int manage,
const char** text, const char** text,
char *textbuf, size_t textlen ) char *textbuf, size_t textlen )
{ {
@ -151,7 +153,7 @@ entry_schema_check(
return LDAP_OTHER; return LDAP_OTHER;
} }
if( sc->soc_obsolete ) { if( !manage && sc->soc_obsolete ) {
snprintf( textbuf, textlen, snprintf( textbuf, textlen,
"structuralObjectClass '%s' is OBSOLETE", "structuralObjectClass '%s' is OBSOLETE",
asc->a_vals[0].bv_val ); asc->a_vals[0].bv_val );
@ -201,7 +203,7 @@ entry_schema_check(
/* naming check */ /* naming check */
if ( !is_entry_objectclass ( e, slap_schema.si_oc_glue, 0 ) ) { if ( !is_entry_objectclass ( e, slap_schema.si_oc_glue, 0 ) ) {
rc = entry_naming_check( e, text, textbuf, textlen ); rc = entry_naming_check( e, manage, text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) { if( rc != LDAP_SUCCESS ) {
return rc; return rc;
} }
@ -217,7 +219,7 @@ entry_schema_check(
/* check that the entry has required attrs of the content rule */ /* check that the entry has required attrs of the content rule */
if( cr ) { if( cr ) {
if( cr->scr_obsolete ) { if( !manage && cr->scr_obsolete ) {
snprintf( textbuf, textlen, snprintf( textbuf, textlen,
"content rule '%s' is obsolete", "content rule '%s' is obsolete",
ldap_contentrule2name( &cr->scr_crule )); ldap_contentrule2name( &cr->scr_crule ));
@ -292,7 +294,7 @@ entry_schema_check(
return LDAP_OBJECT_CLASS_VIOLATION; return LDAP_OBJECT_CLASS_VIOLATION;
} }
if ( oc->soc_obsolete ) { if ( !manage && oc->soc_obsolete ) {
/* disallow obsolete classes */ /* disallow obsolete classes */
snprintf( textbuf, textlen, snprintf( textbuf, textlen,
"objectClass '%s' is OBSOLETE", "objectClass '%s' is OBSOLETE",
@ -727,6 +729,7 @@ int mods_structural_class(
static int static int
entry_naming_check( entry_naming_check(
Entry *e, Entry *e,
int manage,
const char** text, const char** text,
char *textbuf, size_t textlen ) char *textbuf, size_t textlen )
{ {
@ -787,7 +790,7 @@ entry_naming_check(
break; break;
} }
if( desc->ad_type->sat_obsolete ) { if( !manage && desc->ad_type->sat_obsolete ) {
snprintf( textbuf, textlen, snprintf( textbuf, textlen,
"naming attribute '%s' is obsolete", "naming attribute '%s' is obsolete",
ava->la_attr.bv_val ); ava->la_attr.bv_val );

4
servers/slapd/slapadd.c
View file

@ -53,6 +53,7 @@ slapadd( int argc, char **argv )
char textbuf[SLAP_TEXT_BUFLEN] = { '\0' }; char textbuf[SLAP_TEXT_BUFLEN] = { '\0' };
size_t textlen = sizeof textbuf; size_t textlen = sizeof textbuf;
const char *progname = "slapadd"; const char *progname = "slapadd";
int manage = 0;
struct berval csn; struct berval csn;
struct berval maxcsn; struct berval maxcsn;
@ -181,7 +182,8 @@ slapadd( int argc, char **argv )
} }
/* check schema */ /* check schema */
rc = entry_schema_check( be, e, NULL, &text, textbuf, textlen ); rc = entry_schema_check( be, e, NULL, manage,
&text, textbuf, textlen );
if( rc != LDAP_SUCCESS ) { if( rc != LDAP_SUCCESS ) {
fprintf( stderr, "%s: dn=\"%s\" (line=%d): (%d) %s\n", fprintf( stderr, "%s: dn=\"%s\" (line=%d): (%d) %s\n",

3
servers/slapd/slapi/slapi_utils.c
View file

@ -4118,7 +4118,8 @@ int slapi_entry_schema_check( Slapi_PBlock *pb, Slapi_Entry *e )
if ( slapi_pblock_get( pb, SLAPI_BACKEND, (void **)&be ) != 0 ) if ( slapi_pblock_get( pb, SLAPI_BACKEND, (void **)&be ) != 0 )
return -1; return -1;
rc = entry_schema_check( be, e, NULL, &text, textbuf, textlen ); rc = entry_schema_check( be, e, NULL, 0,
&text, textbuf, textlen );
return ( rc == LDAP_SUCCESS ) ? 0 : 1; return ( rc == LDAP_SUCCESS ) ? 0 : 1;
#else #else