sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-11-06 08:23:50 +03:00
Code Activity
Files
95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6
samba-mirror/source/dsdb/samdb/ldb_modules/schema.c
Jelmer Vernooij b7371f1a19 r25553: Convert to standard bool type.
2007-10-10 15:07:54 -05:00

1238 lines
34 KiB
C
Raw Blame History

/*
ldb database library
Copyright (C) Simo Sorce 2004-2006
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* Name: ldb
*
* Component: ldb schema module
*
* Description: add schema check functionality
*
* Author: Simo Sorce
*
* License: GNU GPL v2 or Later
*/
#include "includes.h"
#include "libcli/ldap/ldap.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_private.h"
#include "lib/util/dlinklist.h"
#include "schema_syntax.h"
/* Syntax-Table
see ldap_server/devdocs/AD-syntaxes.txt
*/
enum schema_class_type {
SCHEMA_CT_88 = 0,
SCHEMA_CT_STRUCTURAL = 1,
SCHEMA_CT_ABSTRACT = 2,
SCHEMA_CT_AUXILIARY = 3
};
struct schema_attribute {
char *OID; /* attributeID */
char *name; /* lDAPDisplayName */
enum schema_internal_syntax syntax; /* generated from attributeSyntax, oMSyntax, oMObjectClass */
bool single; /* isSingleValued */
int min; /* rangeLower */
int max; /* rangeUpper */
int systemflag; /* systemFlag */
int searchflag; /* searchFlag */
bool isdefunct; /* isDefunct */
};
struct schema_class {
char *OID; /* governsID */
char *name; /* lDAPDisplayName */
enum schema_class_type type; /* objectClassCategory */
bool systemOnly; /* systemOnly */
bool isdefunct; /* isDefunct */
int systemflag; /* systemFlag */
char *defobjcat; /* defaultObjectCategory */
struct schema_class *parent; /* subClassOf */
struct schema_class **sysaux; /* systemAuxiliaryClass */
struct schema_class **aux; /* auxiliaryClass */
struct schema_class **sysposssup; /* systemPossSuperiors */
struct schema_class **posssup; /* possSuperiors */
struct schema_class **possinf; /* possibleInferiors */
struct schema_attribute **sysmust; /* systemMustContain */
struct schema_attribute **must; /* MustContain */
struct schema_attribute **sysmay; /* systemMayContain */
struct schema_attribute **may; /* MayContain */
};
/* TODO: ditcontentrules */
struct schema_private_data {
struct ldb_dn *schema_dn;
struct schema_attribute **attrs;
struct schema_store *attrs_store;
int num_attributes;
struct schema_class **class;
struct schema_store *class_store;
int num_classes;
};
struct schema_class_dlist {
struct schema_class *class;
struct schema_class_dlist *prev;
struct schema_class_dlist *next;
enum schema_class_type role;
};
struct schema_context {
enum sc_op { SC_ADD, SC_MOD, SC_DEL, SC_RENAME } op;
enum sc_step { SC_INIT, SC_ADD_CHECK_PARENT, SC_ADD_TEMP, SC_DEL_CHECK_CHILDREN } step;
struct schema_private_data *data;
struct ldb_module *module;
struct ldb_request *orig_req;
struct ldb_request *down_req;
struct ldb_request *parent_req;
struct ldb_reply *parent_res;
struct schema_class_dlist *class_list;
struct schema_class **sup_list;
struct schema_class **aux_list;
};
/* FIXME: I'd really like to use an hash table here */
struct schema_link {
const char *name;
void *object;
};
struct schema_store {
struct schema_link *store;
int num_links;
};
static struct schema_store *schema_store_new(TALLOC_CTX *mem_ctx)
{
struct schema_store *ht;
ht = talloc(mem_ctx, struct schema_store);
if (!ht) return NULL;
ht->store = NULL;
ht->num_links = 0;
return ht;
}
static int schema_store_add(struct schema_store *ht, const char *key, void *object)
{
ht->store = talloc_realloc(ht, ht->store, struct schema_link, ht->num_links + 1);
if (!ht->store) return LDB_ERR_OPERATIONS_ERROR;
ht->store[ht->num_links].name = key;
ht->store[ht->num_links].object = object;
ht->num_links++;
return LDB_SUCCESS;
}
static void *schema_store_find(struct schema_store *ht, const char *key)
{
int i;
for (i = 0; i < ht->num_links; i++) {
if (strcasecmp(ht->store[i].name, key) == 0) {
return ht->store[i].object;
}
}
return NULL;
}
#define SCHEMA_CHECK_VALUE(mem, val, mod) \
do { if (mem == val) { \
ret = LDB_ERR_OPERATIONS_ERROR; \
ldb_asprintf_errstring(mod->ldb, \
"schema module: Memory allocation or attribute error on %s", #mem); \
goto done; } } while(0)
struct schema_class **schema_get_class_list(struct ldb_module *module,
struct schema_private_data *data,
struct ldb_message_element *el)
{
struct schema_class **list;
int i;
list = talloc_array(data, struct schema_class *, el->num_values + 1);
if (!list) {
ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of Memory");
return NULL;
}
for (i = 0; i < el->num_values; i++) {
list[i] = (struct schema_class *)schema_store_find(data->class_store,
(char *)el->values[i].data);
if (!list[i]) {
ldb_debug_set(module->ldb,
LDB_DEBUG_ERROR,
"Class %s referenced but not found in schema\n",
(char *)el->values[i].data);
return NULL;
}
}
list[i] = NULL;
return list;
}
struct schema_attribute **schema_get_attrs_list(struct ldb_module *module,
struct schema_private_data *data,
struct ldb_message_element *el)
{
struct schema_attribute **list;
int i;
list = talloc_array(data, struct schema_attribute *, el->num_values + 1);
if (!list) {
ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of Memory");
return NULL;
}
for (i = 0; i < el->num_values; i++) {
list[i] = (struct schema_attribute *)schema_store_find(data->attrs_store,
(char *)el->values[i].data);
if (!list[i]) {
ldb_debug_set(module->ldb,
LDB_DEBUG_ERROR,
"Attriobute %s referenced but not found in schema\n",
(char *)el->values[i].data);
return NULL;
}
}
list[i] = NULL;
return list;
}
static int schema_init_attrs(struct ldb_module *module, struct schema_private_data *data)
{
static const char *schema_attrs[] = { "attributeID",
"lDAPDisplayName",
"attributeSyntax",
"oMSyntax",
"oMObjectClass",
"isSingleValued",
"rangeLower",
"rangeUpper",
"searchFlag",
"systemFlag",
"isDefunct",
NULL };
struct ldb_result *res;
int ret, i;
ret = ldb_search(module->ldb,
data->schema_dn,
LDB_SCOPE_SUBTREE,
"(objectClass=attributeSchema)",
schema_attrs,
&res);
if (ret != LDB_SUCCESS) {
goto done;
}
data->num_attributes = res->count;
data->attrs = talloc_array(data, struct schema_attribute *, res->count);
SCHEMA_CHECK_VALUE(data->attrs, NULL, module);
data->attrs_store = schema_store_new(data);
SCHEMA_CHECK_VALUE(data->attrs_store, NULL, module);
for (i = 0; i < res->count; i++) {
const char *tmp_single;
const char *attr_syntax;
uint32_t om_syntax;
const struct ldb_val *om_class;
data->attrs[i] = talloc(data->attrs, struct schema_attribute);
SCHEMA_CHECK_VALUE(data->attrs[i], NULL, module);
data->attrs[i]->OID = talloc_strdup(data->attrs[i],
ldb_msg_find_attr_as_string(res->msgs[i], "attributeID", NULL));
SCHEMA_CHECK_VALUE(data->attrs[i]->OID, NULL, module);
data->attrs[i]->name = talloc_strdup(data->attrs[i],
ldb_msg_find_attr_as_string(res->msgs[i], "lDAPDisplayName", NULL));
SCHEMA_CHECK_VALUE(data->attrs[i]->name, NULL, module);
/* once we have both the OID and the attribute name, add the pointer to the store */
schema_store_add(data->attrs_store, data->attrs[i]->OID, data->attrs[i]);
schema_store_add(data->attrs_store, data->attrs[i]->name, data->attrs[i]);
attr_syntax = ldb_msg_find_attr_as_string(res->msgs[i], "attributeSyntax", NULL);
SCHEMA_CHECK_VALUE(attr_syntax, NULL, module);
om_syntax = ldb_msg_find_attr_as_uint(res->msgs[i], "oMSyntax", 0);
/* 0 is not a valid oMSyntax */
SCHEMA_CHECK_VALUE(om_syntax, 0, module);
om_class = ldb_msg_find_ldb_val(res->msgs[i], "oMObjectClass");
ret = map_schema_syntax(om_syntax, attr_syntax, om_class, &data->attrs[i]->syntax);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(module->ldb,
"schema module: invalid om syntax value on %s",
data->attrs[i]->name);
goto done;
}
tmp_single = ldb_msg_find_attr_as_string(res->msgs[i], "isSingleValued", NULL);
SCHEMA_CHECK_VALUE(tmp_single, NULL, module);
if (strcmp(tmp_single, "TRUE") == 0) {
data->attrs[i]->single = 1;
} else {
data->attrs[i]->single = 0;
}
/* the following are optional */
data->attrs[i]->min = ldb_msg_find_attr_as_int(res->msgs[i], "rangeLower", INT_MIN);
data->attrs[i]->max = ldb_msg_find_attr_as_int(res->msgs[i], "rangeUpper", INT_MAX);
data->attrs[i]->systemflag = ldb_msg_find_attr_as_int(res->msgs[i], "systemFlag", 0);
data->attrs[i]->searchflag = ldb_msg_find_attr_as_int(res->msgs[i], "searchFlag", 0);
data->attrs[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", false);
}
done:
talloc_free(res);
return ret;
}
static int schema_init_classes(struct ldb_module *module, struct schema_private_data *data)
{
static const char *schema_attrs[] = { "governsID",
"lDAPDisplayName",
"objectClassCategory",
"defaultObjectCategory",
"systemOnly",
"systemFlag",
"isDefunct",
"subClassOf",
"systemAuxiliaryClass",
"auxiliaryClass",
"systemPossSuperiors",
"possSuperiors",
"possibleInferiors",
"systemMustContain",
"MustContain",
"systemMayContain",
"MayContain",
NULL };
struct ldb_result *res;
int ret, i;
ret = ldb_search(module->ldb,
data->schema_dn,
LDB_SCOPE_SUBTREE,
"(objectClass=classSchema)",
schema_attrs,
&res);
if (ret != LDB_SUCCESS) {
goto done;
}
data->num_classes = res->count;
data->class = talloc_array(data, struct schema_class *, res->count);
SCHEMA_CHECK_VALUE(data->class, NULL, module);
data->class_store = schema_store_new(data);
SCHEMA_CHECK_VALUE(data->class_store, NULL, module);
for (i = 0; i < res->count; i++) {
struct ldb_message_element *el;
data->class[i] = talloc(data->class, struct schema_class);
SCHEMA_CHECK_VALUE(data->class[i], NULL, module);
data->class[i]->OID = talloc_strdup(data->class[i],
ldb_msg_find_attr_as_string(res->msgs[i], "governsID", NULL));
SCHEMA_CHECK_VALUE(data->class[i]->OID, NULL, module);
data->class[i]->name = talloc_strdup(data->class[i],
ldb_msg_find_attr_as_string(res->msgs[i], "lDAPDisplayName", NULL));
SCHEMA_CHECK_VALUE(data->class[i]->name, NULL, module);
/* once we have both the OID and the class name, add the pointer to the store */
schema_store_add(data->class_store, data->class[i]->OID, data->class[i]);
schema_store_add(data->class_store, data->class[i]->name, data->class[i]);
data->class[i]->type = ldb_msg_find_attr_as_int(res->msgs[i], "objectClassCategory", -1);
/* 0 should not be a valid value, but turn out it is so test with -1 */
SCHEMA_CHECK_VALUE(data->class[i]->type, -1, module);
data->class[i]->defobjcat = talloc_strdup(data->class[i],
ldb_msg_find_attr_as_string(res->msgs[i],
"defaultObjectCategory", NULL));
/* SCHEMA_CHECK_VALUE(data->class[i]->defobjcat, NULL, module);
*/
/* the following attributes are all optional */
data->class[i]->systemOnly = ldb_msg_find_attr_as_bool(res->msgs[i], "systemOnly", false);
data->class[i]->systemflag = ldb_msg_find_attr_as_int(res->msgs[i], "systemFlag", 0);
data->class[i]->isdefunct = ldb_msg_find_attr_as_bool(res->msgs[i], "isDefunct", false);
/* attributes are loaded first, so we can just go an query the attributes repo */
el = ldb_msg_find_element(res->msgs[i], "systemMustContain");
if (el) {
data->class[i]->sysmust = schema_get_attrs_list(module, data, el);
SCHEMA_CHECK_VALUE(data->class[i]->sysmust, NULL, module);
}
el = ldb_msg_find_element(res->msgs[i], "MustContain");
if (el) {
data->class[i]->must = schema_get_attrs_list(module, data, el);
SCHEMA_CHECK_VALUE(data->class[i]->must, NULL, module);
}
el = ldb_msg_find_element(res->msgs[i], "systemMayContain");
if (el) {
data->class[i]->sysmay = schema_get_attrs_list(module, data, el);
SCHEMA_CHECK_VALUE(data->class[i]->sysmay, NULL, module);
}
el = ldb_msg_find_element(res->msgs[i], "MayContain");
if (el) {
data->class[i]->may = schema_get_attrs_list(module, data, el);
SCHEMA_CHECK_VALUE(data->class[i]->may, NULL, module);
}
}
/* subClassOf, systemAuxiliaryClass, auxiliaryClass, systemPossSuperiors
* must be filled in a second loop, when all class objects are allocated
* or we may not find a class that has not yet been parsed */
for (i = 0; i < res->count; i++) {
struct ldb_message_element *el;
const char *attr;
/* this is single valued anyway */
attr = ldb_msg_find_attr_as_string(res->msgs[i], "subClassOf", NULL);
SCHEMA_CHECK_VALUE(attr, NULL, module);
data->class[i]->parent = schema_store_find(data->class_store, attr);
SCHEMA_CHECK_VALUE(data->class[i]->parent, NULL, module);
/* the following attributes are all optional */
data->class[i]->sysaux = NULL;
el = ldb_msg_find_element(res->msgs[i], "systemAuxiliaryClass");
if (el) {
data->class[i]->sysaux = schema_get_class_list(module, data, el);
SCHEMA_CHECK_VALUE(data->class[i]->sysaux, NULL, module);
}
data->class[i]->aux = NULL;
el = ldb_msg_find_element(res->msgs[i], "auxiliaryClass");
if (el) {
data->class[i]->aux = schema_get_class_list(module, data, el);
SCHEMA_CHECK_VALUE(data->class[i]->aux, NULL, module);
}
data->class[i]->sysposssup = NULL;
el = ldb_msg_find_element(res->msgs[i], "systemPossSuperiors");
if (el) {
data->class[i]->sysposssup = schema_get_class_list(module, data, el);
SCHEMA_CHECK_VALUE(data->class[i]->sysposssup, NULL, module);
}
data->class[i]->posssup = NULL;
el = ldb_msg_find_element(res->msgs[i], "possSuperiors");
if (el) {
data->class[i]->posssup = schema_get_class_list(module, data, el);
SCHEMA_CHECK_VALUE(data->class[i]->posssup, NULL, module);
}
data->class[i]->possinf = NULL;
el = ldb_msg_find_element(res->msgs[i], "possibleInferiors");
if (el) {
data->class[i]->possinf = schema_get_class_list(module, data, el);
SCHEMA_CHECK_VALUE(data->class[i]->possinf, NULL, module);
}
}
done:
talloc_free(res);
return ret;
}
static struct ldb_handle *schema_init_handle(struct ldb_request *req, struct ldb_module *module, enum sc_op op)
{
struct schema_context *sctx;
struct ldb_handle *h;
h = talloc_zero(req, struct ldb_handle);
if (h == NULL) {
ldb_set_errstring(module->ldb, "Out of Memory");
return NULL;
}
h->module = module;
sctx = talloc_zero(h, struct schema_context);
if (sctx == NULL) {
ldb_set_errstring(module->ldb, "Out of Memory");
talloc_free(h);
return NULL;
}
h->private_data = (void *)sctx;
h->state = LDB_ASYNC_INIT;
h->status = LDB_SUCCESS;
sctx->op = op;
sctx->step = SC_INIT;
sctx->data = module->private_data;
sctx->module = module;
sctx->orig_req = req;
return h;
}
static int schema_add_check_parent(struct ldb_context *ldb, void *context, struct ldb_reply *ares)
{
struct schema_context *sctx;
sctx = talloc_get_type(context, struct schema_context);
/* we are interested only in the single reply (base search) we receive here */
if (ares->type == LDB_REPLY_ENTRY) {
if (sctx->parent_res != NULL) {
ldb_set_errstring(ldb, "Too many results");
talloc_free(ares);
return LDB_ERR_OPERATIONS_ERROR;
}
sctx->parent_res = talloc_steal(sctx, ares);
} else {
talloc_free(ares);
}
return LDB_SUCCESS;
}
static int schema_add_build_parent_req(struct schema_context *sctx)
{
static const char * const parent_attrs[] = { "objectClass", NULL };
int ret;
sctx->parent_req = talloc_zero(sctx, struct ldb_request);
if (sctx->parent_req == NULL) {
ldb_debug(sctx->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n");
return LDB_ERR_OPERATIONS_ERROR;
}
sctx->parent_req->operation = LDB_SEARCH;
sctx->parent_req->op.search.scope = LDB_SCOPE_BASE;
sctx->parent_req->op.search.base = ldb_dn_get_parent(sctx->parent_req, sctx->orig_req->op.add.message->dn);
sctx->parent_req->op.search.tree = ldb_parse_tree(sctx->parent_req, "(objectClass=*)");
sctx->parent_req->op.search.attrs = parent_attrs;
sctx->parent_req->controls = NULL;
sctx->parent_req->context = sctx;
sctx->parent_req->callback = schema_add_check_parent;
ret = ldb_set_timeout_from_prev_req(sctx->module->ldb, sctx->orig_req, sctx->parent_req);
return ret;
}
static struct schema_class_dlist *schema_add_get_dlist_entry_with_class(struct schema_class_dlist *list, struct schema_class *class)
{
struct schema_class_dlist *temp;
for (temp = list; temp && (temp->class != class); temp = temp->next) /* noop */ ;
return temp;
}
static int schema_add_class_to_dlist(struct schema_class_dlist *list, struct schema_class *class, enum schema_class_type role)
{
struct schema_class_dlist *entry;
struct schema_class_dlist *temp;
int ret;
/* see if this class is usable */
if (class->isdefunct) {
return LDB_ERR_NO_SUCH_ATTRIBUTE;
}
/* see if this class already exist in the class list */
if (schema_add_get_dlist_entry_with_class(list, class)) {
return LDB_SUCCESS;
}
/* this is a new class go on and add to the list */
entry = talloc_zero(list, struct schema_class_dlist);
if (!entry) return LDB_ERR_OPERATIONS_ERROR;
entry->class = class;
entry->role = class->type;
/* If parent is top (list is guaranteed to start always with top) */
if (class->parent == list->class) {
/* if the hierarchy role is structural try to add it just after top */
if (role == SCHEMA_CT_STRUCTURAL) {
/* but check no other class at after top has a structural role */
if (list->next && (list->next->role == SCHEMA_CT_STRUCTURAL)) {
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
DLIST_ADD_AFTER(list, entry, list);
} else {
DLIST_ADD_END(list, entry, struct schema_class_dlist *);
}
return LDB_SUCCESS;
}
/* search if parent has already been added */
temp = schema_add_get_dlist_entry_with_class(list->next, class->parent);
if (temp == NULL) {
ret = schema_add_class_to_dlist(list, class->parent, role);
if (ret != LDB_SUCCESS) {
return ret;
}
temp = schema_add_get_dlist_entry_with_class(list->next, class->parent);
}
if (!temp) { /* parent not found !? */
return LDB_ERR_OPERATIONS_ERROR;
}
DLIST_ADD_AFTER(list, entry, temp);
if (role == SCHEMA_CT_STRUCTURAL || role == SCHEMA_CT_AUXILIARY) {
temp = entry;
do {
temp->role = role;
temp = temp->prev;
/* stop when hierarchy base is met or when base class parent is top */
} while (temp->class == temp->next->class->parent &&
temp->next->class->parent != list->class);
/* if we have not reached the head of the list
* and role is structural */
if (temp != list && role == SCHEMA_CT_STRUCTURAL) {
struct schema_class_dlist *hfirst, *hlast;
/* check if the list second entry is structural */
if (list->next->role == SCHEMA_CT_STRUCTURAL) {
/* we have a confilict here */
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
/* we have to move this hierarchy of classes
* so that the base of the structural hierarchy is right after top */
hfirst = temp->next;
hlast = entry;
/* now hfirst - hlast are the boundaries of the structural hierarchy */
/* extract the structural hierachy from the list */
hfirst->prev->next = hlast->next;
if (hlast->next) hlast->next->prev = hfirst->prev;
/* insert the structural hierarchy just after top */
list->next->prev = hlast;
hlast->next = list->next;
list->next = hfirst;
hfirst->prev = list;
}
}
return LDB_SUCCESS;
}
/* merge source list into dest list and remove duplicates */
static int schema_merge_class_list(TALLOC_CTX *mem_ctx, struct schema_class ***dest, struct schema_class **source)
{
struct schema_class **list = *dest;
int i, j, n, f;
n = 0;
if (list) for (n = 0; list[n]; n++) /* noop */ ;
f = n;
for (i = 0; source[i]; i++) {
for (j = 0; j < f; j++) {
if (list[j] == source[i]) {
break;
}
}
if (j < f) { /* duplicate found */
continue;
}
list = talloc_realloc(mem_ctx, list, struct schema_class *, n + 2);
if (!list) {
return LDB_ERR_OPERATIONS_ERROR;
}
list[n] = source[i];
n++;
list[n] = NULL;
}
*dest = list;
return LDB_SUCCESS;
}
/* validate and modify the objectclass attribute to sort and add parents */
static int schema_add_build_objectclass_list(struct schema_context *sctx)
{
struct schema_class_dlist *temp;
struct ldb_message_element * el;
struct schema_class *class;
int ret, i, an;
/* First of all initialize list, it must start with class top */
sctx->class_list = talloc_zero(sctx, struct schema_class_dlist);
if (!sctx->class_list) return LDB_ERR_OPERATIONS_ERROR;
sctx->class_list->class = schema_store_find(sctx->data->class_store, "top");
if (!sctx->class_list->class) return LDB_ERR_OPERATIONS_ERROR;
el = ldb_msg_find_element(sctx->orig_req->op.add.message, "objectClass");
if (!el) {
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
for (i = 0; i < el->num_values; i++) {
class = schema_store_find(sctx->data->class_store, (char *)el->values[i].data);
if (!class) {
return LDB_ERR_NO_SUCH_ATTRIBUTE;
}
ret = schema_add_class_to_dlist(sctx->class_list, class, class->type);
if (ret != LDB_SUCCESS) {
return ret;
}
}
/* now check if there is any class role that is still not STRUCTURAL or AUXILIARY */
/* build also the auxiliary class list and the possible superiors list */
temp = sctx->class_list->next; /* top is special, skip it */
an = 0;
while (temp) {
if (temp->role == SCHEMA_CT_ABSTRACT || temp->role == SCHEMA_CT_88) {
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
if (temp->class->sysaux) {
ret = schema_merge_class_list(sctx, &sctx->aux_list, temp->class->sysaux);
if (ret != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}
}
if (temp->class->aux) {
ret = schema_merge_class_list(sctx, &sctx->aux_list, temp->class->aux);
if (ret != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}
}
if (temp->class->sysposssup) {
ret = schema_merge_class_list(sctx, &sctx->sup_list, temp->class->sysposssup);
if (ret != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}
}
if (temp->class->posssup) {
ret = schema_merge_class_list(sctx, &sctx->sup_list, temp->class->posssup);
if (ret != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}
}
temp = temp->next;
}
/* complete sup_list with material from the aux classes */
for (i = 0; sctx->aux_list && sctx->aux_list[i]; i++) {
if (sctx->aux_list[i]->sysposssup) {
ret = schema_merge_class_list(sctx, &sctx->sup_list, sctx->aux_list[i]->sysposssup);
if (ret != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}
}
if (sctx->aux_list[i]->posssup) {
ret = schema_merge_class_list(sctx, &sctx->sup_list, sctx->aux_list[i]->posssup);
if (ret != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}
}
}
if (!sctx->sup_list) return LDB_ERR_NAMING_VIOLATION;
return LDB_SUCCESS;
}
static int schema_add_check_container_constraints(struct schema_context *sctx)
{
struct schema_class **parent_possinf = NULL;
struct schema_class **parent_classes;
struct schema_class_dlist *temp;
struct ldb_message_element *el;
int i, j, ret;
el = ldb_msg_find_element(sctx->parent_res->message, "objectClass");
if (!el) {
/* what the .. */
return LDB_ERR_OPERATIONS_ERROR;
}
parent_classes = talloc_array(sctx, struct schema_class *, el->num_values + 1);
for (i = 0; i < el->num_values; i++) {
parent_classes[i] = schema_store_find(sctx->data->class_store, (const char *)el->values[i].data);
if (!parent_classes[i]) { /* should not be possible */
return LDB_ERR_OPERATIONS_ERROR;
}
if (parent_classes[i]->possinf) {
ret = schema_merge_class_list(sctx, &parent_possinf, parent_classes[i]->possinf);
if (ret != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}
}
/* check also embedded auxiliary classes possinf */
for (j = 0; parent_classes[i]->sysaux && parent_classes[i]->sysaux[j]; j++) {
if (parent_classes[i]->sysaux[j]->possinf) {
ret = schema_merge_class_list(sctx, &parent_possinf, parent_classes[i]->sysaux[j]->possinf);
if (ret != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}
}
}
for (j = 0; parent_classes[i]->aux && parent_classes[i]->aux[j]; j++) {
if (parent_classes[i]->aux[j]->possinf) {
ret = schema_merge_class_list(sctx, &parent_possinf, parent_classes[i]->aux[j]->possinf);
if (ret != LDB_SUCCESS) {
return LDB_ERR_OPERATIONS_ERROR;
}
}
}
}
/* foreach parent objectclass,
* check parent possible inferiors match all of the child objectclasses
* and that
* poss Superiors of the child objectclasses mathes one of the parent classes
*/
temp = sctx->class_list->next; /* skip top it is special */
while (temp) {
for (i = 0; parent_possinf[i]; i++) {
if (temp->class == parent_possinf[i]) {
break;
}
}
if (parent_possinf[i] == NULL) {
/* class not found in possible inferiors */
return LDB_ERR_NAMING_VIOLATION;
}
temp = temp->next;
}
for (i = 0; parent_classes[i]; i++) {
for (j = 0; sctx->sup_list[j]; j++) {
if (sctx->sup_list[j] == parent_classes[i]) {
break;
}
}
if (sctx->sup_list[j]) { /* possible Superiors match one of the parent classes */
return LDB_SUCCESS;
}
}
/* no parent classes matched superiors */
return LDB_ERR_NAMING_VIOLATION;
}
static int schema_add_build_down_req(struct schema_context *sctx)
{
struct schema_class_dlist *temp;
struct ldb_message *msg;
int ret;
sctx->down_req = talloc(sctx, struct ldb_request);
if (!sctx->down_req) {
ldb_set_errstring(sctx->module->ldb, "Out of memory!");
return LDB_ERR_OPERATIONS_ERROR;
}
*(sctx->down_req) = *(sctx->orig_req); /* copy the request */
msg = ldb_msg_copy_shallow(sctx->down_req, sctx->orig_req->op.add.message);
if (!msg) {
ldb_set_errstring(sctx->module->ldb, "Out of memory!");
return LDB_ERR_OPERATIONS_ERROR;
}
/* rebuild the objectclass list */
ldb_msg_remove_attr(msg, "objectClass");
ret = ldb_msg_add_empty(msg, "objectClass", 0, NULL);
if (ret != LDB_SUCCESS) {
return ret;
}
/* Add the complete list of classes back to the message */
for (temp = sctx->class_list; temp; temp = temp->next) {
ret = ldb_msg_add_string(msg, "objectClass", temp->class->name);
if (ret != LDB_SUCCESS) {
return ret;
}
}
/* objectCategory can be set only by the system */
if (ldb_msg_find_element(msg, "objectCategory")) {
return LDB_ERR_CONSTRAINT_VIOLATION;
}
/* the OC is mandatory, every class defines it */
/* use the one defined in the structural class that defines the object */
for (temp = sctx->class_list->next; temp; temp = temp->next) {
if (!temp->next) break;
if (temp->next->role != SCHEMA_CT_STRUCTURAL) break;
}
/* oc = talloc_strdup(msg, temp->class->defobjcat);
ret = ldb_msg_add_string(msg, "objectCategory", oc);
*/
sctx->down_req->op.add.message = msg;
return LDB_SUCCESS;
}
static int schema_check_attributes_syntax(struct schema_context *sctx)
{
struct ldb_message *msg;
struct schema_attribute *attr;
int i, ret;
msg = sctx->orig_req->op.add.message;
for (i = 0; i < msg->num_elements; i++) {
attr = schema_store_find(sctx->data->attrs_store, msg->elements[i].name);
if (attr == NULL) {
return LDB_ERR_NO_SUCH_ATTRIBUTE;
}
ret = schema_validate(sctx->module->ldb, &msg->elements[i], attr->syntax, attr->single, attr->min, attr->max);
if (ret != LDB_SUCCESS) {
return ret;
}
}
return LDB_SUCCESS;
}
static int schema_add_continue(struct ldb_handle *h)
{
struct schema_context *sctx;
int ret;
sctx = talloc_get_type(h->private_data, struct schema_context);
switch (sctx->step) {
case SC_INIT:
/* First of all check that a parent exists for this entry */
ret = schema_add_build_parent_req(sctx);
if (ret != LDB_SUCCESS) {
break;
}
sctx->step = SC_ADD_CHECK_PARENT;
return ldb_next_request(sctx->module, sctx->parent_req);
case SC_ADD_CHECK_PARENT:
/* parent search done, check result and go on */
if (sctx->parent_res == NULL) {
/* we must have a parent */
ret = LDB_ERR_NO_SUCH_OBJECT;
break;
}
/* Check objectclasses are ok */
ret = schema_add_build_objectclass_list(sctx);
if (ret != LDB_SUCCESS) {
break;
}
/* check the parent is of the right type for this object */
ret = schema_add_check_container_constraints(sctx);
if (ret != LDB_SUCCESS) {
break;
}
/* check attributes syntax */
ret = schema_check_attributes_syntax(sctx);
if (ret != LDB_SUCCESS) {
break;
}
ret = schema_add_build_down_req(sctx);
if (ret != LDB_SUCCESS) {
break;
}
sctx->step = SC_ADD_TEMP;
return ldb_next_request(sctx->module, sctx->down_req);
default:
ret = LDB_ERR_OPERATIONS_ERROR;
break;
}
/* this is reached only in case of error */
/* FIXME: fire an async reply ? */
h->status = ret;
h->state = LDB_ASYNC_DONE;
return ret;
}
static int schema_add(struct ldb_module *module, struct ldb_request *req)
{
struct schema_context *sctx;
struct ldb_handle *h;
if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
}
h = schema_init_handle(req, module, SC_ADD);
if (!h) {
return LDB_ERR_OPERATIONS_ERROR;
}
sctx = talloc_get_type(h->private_data, struct schema_context);
sctx->orig_req->handle = h;
return schema_add_continue(h);
}
static int schema_modify(struct ldb_module *module, struct ldb_request *req)
{
if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
}
return ldb_next_request(module, req);
}
static int schema_delete(struct ldb_module *module, struct ldb_request *req)
{
if (ldb_dn_is_special(req->op.del.dn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
}
/* First of all check no children exists for this entry */
return ldb_next_request(module, req);
}
static int schema_rename(struct ldb_module *module, struct ldb_request *req)
{
if (ldb_dn_is_special(req->op.rename.olddn) &&
ldb_dn_is_special(req->op.rename.newdn)) { /* do not manipulate our control entries */
return ldb_next_request(module, req);
}
return ldb_next_request(module, req);
}
static int schema_wait_loop(struct ldb_handle *handle) {
struct schema_context *sctx;
int ret;
if (!handle || !handle->private_data) {
return LDB_ERR_OPERATIONS_ERROR;
}
if (handle->state == LDB_ASYNC_DONE) {
return handle->status;
}
handle->state = LDB_ASYNC_PENDING;
handle->status = LDB_SUCCESS;
sctx = talloc_get_type(handle->private_data, struct schema_context);
switch (sctx->step) {
case SC_ADD_CHECK_PARENT:
ret = ldb_wait(sctx->parent_req->handle, LDB_WAIT_NONE);
if (ret != LDB_SUCCESS) {
handle->status = ret;
goto done;
}
if (sctx->parent_req->handle->status != LDB_SUCCESS) {
handle->status = sctx->parent_req->handle->status;
goto done;
}
if (sctx->parent_req->handle->state != LDB_ASYNC_DONE) {
return LDB_SUCCESS;
}
return schema_add_continue(handle);
case SC_ADD_TEMP:
ret = ldb_wait(sctx->down_req->handle, LDB_WAIT_NONE);
if (ret != LDB_SUCCESS) {
handle->status = ret;
goto done;
}
if (sctx->down_req->handle->status != LDB_SUCCESS) {
handle->status = sctx->down_req->handle->status;
goto done;
}
if (sctx->down_req->handle->state != LDB_ASYNC_DONE) {
return LDB_SUCCESS;
}
break;
default:
ret = LDB_ERR_OPERATIONS_ERROR;
goto done;
}
ret = LDB_SUCCESS;
done:
handle->state = LDB_ASYNC_DONE;
return ret;
}
static int schema_wait_all(struct ldb_handle *handle) {
int ret;
while (handle->state != LDB_ASYNC_DONE) {
ret = schema_wait_loop(handle);
if (ret != LDB_SUCCESS) {
return ret;
}
}
return handle->status;
}
static int schema_wait(struct ldb_handle *handle, enum ldb_wait_type type)
{
if (type == LDB_WAIT_ALL) {
return schema_wait_all(handle);
} else {
return schema_wait_loop(handle);
}
}
static int schema_init(struct ldb_module *module)
{
static const char *schema_attrs[] = { "schemaNamingContext", NULL };
struct schema_private_data *data;
struct ldb_result *res;
int ret;
/* need to let the partition module to register first */
ret = ldb_next_init(module);
if (ret != LDB_SUCCESS) {
return ret;
}
data = ldb_get_opaque(module->ldb, "schema_instance");
if (data) {
module->private_data = data;
return LDB_SUCCESS;
}
data = talloc_zero(module->ldb, struct schema_private_data);
if (data == NULL) {
return LDB_ERR_OPERATIONS_ERROR;
}
/* find the schema partition */
ret = ldb_search(module->ldb,
ldb_dn_new(module, module->ldb, NULL),
LDB_SCOPE_BASE,
"(objectClass=*)",
schema_attrs,
&res);
if (res->count != 1) {
/* FIXME: return a clear error string */
talloc_free(data);
talloc_free(res);
return LDB_ERR_OPERATIONS_ERROR;
}
data->schema_dn = ldb_msg_find_attr_as_dn(module->ldb, data, res->msgs[0], "schemaNamingContext");
if (data->schema_dn == NULL) {
/* FIXME: return a clear error string */
talloc_free(data);
talloc_free(res);
return LDB_ERR_OPERATIONS_ERROR;
}
talloc_free(res);
ret = schema_init_attrs(module, data);
if (ret != LDB_SUCCESS) {
talloc_free(data);
return ret;
}
ret = schema_init_classes(module, data);
if (ret != LDB_SUCCESS) {
talloc_free(data);
return ret;
}
module->private_data = data;
ldb_set_opaque(module->ldb, "schema_instance", data);
return LDB_SUCCESS;
}
static const struct ldb_module_ops schema_ops = {
.name = "schema",
.init_context = schema_init,
.add = schema_add,
.modify = schema_modify,
.del = schema_delete,
.rename = schema_rename,
.wait = schema_wait
};
int ldb_schema_init(void)
{
return ldb_register_module(&schema_ops);
}
View Git Blame Copy Permalink