From 697996d14a5d2bb645444fd00d9f8ec8ea374b00 Mon Sep 17 00:00:00 2001 From: Nadezhda Ivanova Date: Fri, 12 Sep 2014 22:52:04 +0300 Subject: [PATCH] Moved dSHeuristics to OpenLDAP to perform validation. --- servers/slapd/schema_prep.c | 129 +++++++++++++++++++++++++++++++++++- servers/slapd/slap.h | 7 ++ 2 files changed, 135 insertions(+), 1 deletion(-) diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c index 4f5d7d1fea..0ed0aacaa5 100644 --- a/servers/slapd/schema_prep.c +++ b/servers/slapd/schema_prep.c @@ -310,6 +310,46 @@ static int objectSubClassIndexer( return rc; } + +static int normalize_to_int32( + slap_mask_t use, + Syntax *syntax, + MatchingRule *mr, + struct berval *val, + struct berval *out, + void *ctx) +{ + int32_t i, len; + char val_buf[ LDAP_PVT_INTTYPE_CHARS( unsigned long ) ]; + struct berval tmp; + i = (int32_t) strtoll((char *)val->bv_val, NULL, 0); + len = sprintf(val_buf, "%d", i); + + tmp.bv_len = len; + tmp.bv_val = &val_buf; + ber_dupbv_x( out, &tmp, ctx ); + return LDAP_SUCCESS; +} + +#ifdef LDAP_AD_COMPATIBILITY +static int +validate_dSHeuristics( + Syntax *syntax, + struct berval *in ) +{ + int i; + for (i = 10; i <=90; i+=10) { + char ch[3]; + snprintf(ch, 10, "%d", i); + if ((in->bv_len >= i) && + (in->bv_val[i-1] != ch[0])) { + return LDAP_CONSTRAINT_VIOLATION; + } + } + return LDAP_SUCCESS; +} +#endif + #define objectSubClassFilter octetStringFilter static ObjectClassSchemaCheckFN rootDseObjectClass; @@ -391,6 +431,7 @@ static struct slap_schema_oc_map { "MUST ( cn $ subtreeSpecification ) )", subentryObjectClass, SLAP_OC_SUBENTRY|SLAP_OC_OPERATIONAL, offsetof(struct slap_internal_schema, si_oc_subentry) }, +#ifndef LDAP_AD_COMPATIBILITY { "subschema", "( 2.5.20.1 NAME 'subschema' " "DESC 'RFC4512: controlling subschema (sub)entry' " "AUXILIARY " @@ -399,6 +440,15 @@ static struct slap_schema_oc_map { "matchingRuleUse ) )", subentryObjectClass, SLAP_OC_OPERATIONAL, offsetof(struct slap_internal_schema, si_oc_subschema) }, +#else /* temporarily (maybe) butchered so provisioning could pass, got to fix it later */ + { "subschema", "( 2.5.20.1 NAME 'subschema' " + "DESC 'RFC4512: controlling subschema (sub)entry' " + "MAY ( dITStructureRules $ nameForms $ dITContentRules $ " + "objectClasses $ attributeTypes $ matchingRules $ " + "matchingRuleUse $ modifyTimeStamp $ extendedAttributeInfo $ extendedClassInfo ) )", + 0, SLAP_OC_OPERATIONAL, + offsetof(struct slap_internal_schema, si_oc_subschema) }, +#endif /*LDAP_AD_COMPATIBILITY*/ #ifdef LDAP_COLLECTIVE_ATTRIBUTES { "collectiveAttributeSubentry", "( 2.5.17.2 " "NAME 'collectiveAttributeSubentry' " @@ -803,7 +853,11 @@ static struct slap_schema_ad_map { { "dITContentRules", "( 2.5.21.2 NAME 'dITContentRules' " "DESC 'RFC4512: DIT content rules' " "EQUALITY objectIdentifierFirstComponentMatch " +#ifndef LDAP_AD_COMPATIBILITY /* temporary, to be removed (maybe)*/ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )", +#else + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 )", +#endif subentryAttribute, SLAP_AT_HIDE, oidValidate, NULL, NULL, NULL, objectClassMatch, NULL, NULL, @@ -819,7 +873,11 @@ static struct slap_schema_ad_map { { "attributeTypes", "( 2.5.21.5 NAME 'attributeTypes' " "DESC 'RFC4512: attribute types' " "EQUALITY objectIdentifierFirstComponentMatch " +#ifndef LDAP_AD_COMPATIBILITY /* temporary, to be removed */ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )", +#else + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 )", +#endif subentryAttribute, 0, oidValidate, NULL, NULL, NULL, attributeTypeMatch, NULL, NULL, @@ -827,7 +885,11 @@ static struct slap_schema_ad_map { { "objectClasses", "( 2.5.21.6 NAME 'objectClasses' " "DESC 'RFC4512: object classes' " "EQUALITY objectIdentifierFirstComponentMatch " +#ifndef LDAP_AD_COMPATIBILITY /* temporary, to be removed */ "SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )", +#else + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 )", +#endif subentryAttribute, 0, oidValidate, NULL, NULL, NULL, objectClassMatch, NULL, NULL, @@ -1644,7 +1706,7 @@ static struct slap_schema_ad_map { "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", NULL, 0, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, + NULL, normalize_to_int32, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_systemFlags) }, @@ -1924,6 +1986,71 @@ static struct slap_schema_ad_map { NULL, NULL, NULL, NULL, NULL, NULL, NULL, offsetof(struct slap_internal_schema, si_ad_memberOf) }, + + { "extendedClassInfo", "( 1.2.840.113556.1.4.908 NAME 'extendedClassInfo' " + "EQUALITY caseIgnoreMatch " + "SUBSTR caseIgnoreSubstringsMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_extendedClassInfo) }, + + { "extendedAttributeInfo", "( 1.2.840.113556.1.4.909 NAME 'extendedAttributeInfo' " + "EQUALITY caseIgnoreMatch " + "SUBSTR caseIgnoreSubstringsMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)", + NULL, 0, + NULL, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_extendedAttributeInfo) }, + + { "groupType", "( 1.2.840.113556.1.4.750 NAME 'groupType' " + "EQUALITY integerMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 " + "SINGLE-VALUE )", + NULL, 0, + NULL, NULL, + NULL, normalize_to_int32, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_groupType) }, + + { "primaryGroupID", "( 1.2.840.113556.1.4.98 NAME 'primaryGroupID' " + "EQUALITY integerMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 " + "SINGLE-VALUE )", + NULL, 0, + NULL, NULL, + NULL, normalize_to_int32, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_primaryGroupID) }, + + { "userAccountControl", "( 1.2.840.113556.1.4.8 NAME 'userAccountControl' " + "EQUALITY integerMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 " + "SINGLE-VALUE )", + NULL, 0, + NULL, NULL, + NULL, normalize_to_int32, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_userAccountControl) }, + + { "sAMAccountType", "( 1.2.840.113556.1.4.302 NAME 'sAMAccountType' " + "EQUALITY integerMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 " + "SINGLE-VALUE )", + NULL, 0, + NULL, NULL, + NULL, normalize_to_int32, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_sAMAccountType) }, + + { "dSHeuristics", "( 1.2.840.113556.1.2.212 NAME 'dSHeuristics' " + "EQUALITY caseIgnoreMatch " + "SUBSTR caseIgnoreSubstringsMatch " + "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 " + "SINGLE-VALUE )", + NULL, 0, + validate_dSHeuristics, NULL, + NULL, NULL, NULL, NULL, NULL, + offsetof(struct slap_internal_schema, si_ad_dSHeuristics) }, + #endif { NULL, NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0 } diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 97ae9a1199..1321d79b80 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1084,6 +1084,13 @@ struct slap_internal_schema { AttributeDescription *si_ad_objectGUID; AttributeDescription *si_ad_msDS_NC_RO_Replica_Locations_BL; AttributeDescription *si_ad_memberOf; + AttributeDescription *si_ad_extendedClassInfo; + AttributeDescription *si_ad_extendedAttributeInfo; + AttributeDescription *si_ad_groupType; + AttributeDescription *si_ad_primaryGroupID; + AttributeDescription *si_ad_userAccountControl; + AttributeDescription *si_ad_sAMAccountType; + AttributeDescription *si_ad_dSHeuristics; #endif /* Undefined Attribute Type */ -- 2.34.1