[Date Prev][Date Next] [Chronological] [Thread] [Top]

Schema structure checking

Hi.

I recently upgraded some servers from an OpenLDAP 2.0 to
OpenLDAP 2.1.22, and had problems with schema structure checks.


As modifying my schemas (then all the base entries !) was not easy to
do (it could not really be donne by a program), and as I didn't like
do completly desactivate schemacheck, I made a quick patch to add a
'structuralcheck' option on slapd.conf (like the "schemacheck"
option). 

With this option, slapd does not checks the schema structure anymore
(STRUCTURAL/AUXILIARY) but stills checks other "basic things" (if the
attribute exists, etc...).


Here is my patch, please comment if I missed something, if something
is wrong, etc... I'll submit it in a few days if there is no problem
with it.

Please note that this patch is probably not "optimal", I wanted to
modify as little code as possible.



Regards,

VANHULLEBUS Yvan.

--- servers/slapd/schemaparse.c.orig	Thu Aug  7 15:26:22 2003
+++ servers/slapd/schemaparse.c	Thu Aug  7 15:26:21 2003
@@ -17,6 +17,7 @@
 #include "ldap_schema.h"
 
 int	global_schemacheck = 1; /* schemacheck ON is default */
+int	global_structuralcheck = 1; /* structuralcheck ON is default */
 
 static void		oc_usage(void); 
 static void		at_usage(void);

--- servers/slapd/schema_check.c.orig	Mon Mar 24 04:54:12 2003
+++ servers/slapd/schema_check.c	Fri Aug  8 16:25:49 2003
@@ -41,7 +41,7 @@
 	char *textbuf, size_t textlen )
 {
 	Attribute	*a, *asc, *aoc;
-	ObjectClass *sc, *oc;
+	ObjectClass *sc=NULL, *oc;
 #ifdef SLAP_EXTENDED_SCHEMA
 	AttributeType *at;
 	ContentRule *cr;
@@ -109,8 +109,10 @@
 	/* it's a REALLY bad idea to disable schema checks */
 	if( !global_schemacheck ) return LDAP_SUCCESS;
 
+	if ( global_structuralcheck ) {
 	/* find the structural object class attribute */
 	asc = attr_find( e->e_attrs, ad_structuralObjectClass );
+
 	if ( asc == NULL ) {
 #ifdef NEW_LOGGING
 		LDAP_LOG( OPERATION, INFO, 
@@ -181,6 +183,7 @@
 
 		return LDAP_OBJECT_CLASS_VIOLATION;
 	}
+	}/* End of structural checks */
 
 	/* find the object class attribute */
 	aoc = attr_find( e->e_attrs, ad_objectClass );
@@ -201,6 +204,8 @@
 	assert( aoc->a_vals != NULL );
 	assert( aoc->a_vals[0].bv_val != NULL );
 
+	if ( global_structuralcheck ){
+
 	rc = structural_class( aoc->a_vals, &nsc, &oc, text, textbuf, textlen );
 	if( rc != LDAP_SUCCESS ) {
 		return rc;
@@ -221,7 +226,10 @@
 			asc->a_vals[0].bv_val, nsc.bv_val );
 		return LDAP_NO_OBJECT_CLASS_MODS;
 	}
+	}
 
+	/* To do when ! global_structuralcheck ?
+	*/
 	/* naming check */
 	rc = entry_naming_check( e, text, textbuf, textlen );
 	if ( rc != LDAP_SUCCESS ) {
@@ -316,6 +324,8 @@
 
 	/* check that the entry has required attrs for each oc */
 	for ( i = 0; aoc->a_vals[i].bv_val != NULL; i++ ) {
+		char *s;
+
 		if ( (oc = oc_bvfind( &aoc->a_vals[i] )) == NULL ) {
 			snprintf( textbuf, textlen, 
 				"unrecognized objectClass '%s'",
@@ -333,6 +343,7 @@
 			return LDAP_OBJECT_CLASS_VIOLATION;
 		}
 
+		if ( global_structuralcheck){
 		if ( oc->soc_obsolete ) {
 			/* disallow obsolete classes */
 			snprintf( textbuf, textlen, 
@@ -422,7 +433,6 @@
 			}
 
 		} else if ( oc->soc_kind != LDAP_SCHEMA_STRUCTURAL || oc == sc ) {
-			char *s;
 
 #ifdef SLAP_EXTENDED_SCHEMA
 			if( oc->soc_kind == LDAP_SCHEMA_AUXILIARY ) {
@@ -460,6 +470,7 @@
 				}
 			}
 #endif /* SLAP_EXTENDED_SCHEMA */
+			} /* if ( !global_structuralcheck ) */
 
 			s = oc_check_required( e, oc, &aoc->a_vals[i] );
 			if (s != NULL) {

--- servers/slapd/modify.c.orig	Thu Aug  7 15:26:22 2003
+++ servers/slapd/modify.c	Thu Aug  7 15:26:21 2003
@@ -679,10 +679,17 @@
 	if( op->o_tag == LDAP_REQ_ADD ) {
 		struct berval tmpval;
 
-		if( global_schemacheck ) {
+		if( global_structuralcheck ) {
 			int rc = mods_structural_class( mods, &tmpval,
 				text, textbuf, textlen );
 			if( rc != LDAP_SUCCESS ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG( OPERATION, INFO, "slap_mods_opattrs: mods_structural_class "
+						  "failed\n", 0, 0, 0 );
+#else
+				Debug(LDAP_DEBUG_TRACE, "slap_mods_opattrs: mods_structural_class "
+					  "failed.\n", 0, 0, 0);
+#endif
 				return rc;
 			}
 

--- servers/slapd/config.c.orig	Thu Aug  7 15:26:22 2003
+++ servers/slapd/config.c	Thu Aug  7 15:26:21 2003
@@ -1691,6 +1691,35 @@
 			} else {
 				global_schemacheck = 1;
 			}
+		/* turn on/off structural checking */
+		} else if ( strcasecmp( cargv[0], "structuralcheck" ) == 0 ) {
+			if ( cargc < 2 ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG( CONFIG, CRIT, 
+					"%s: line %d: missing on|off in \"structuralcheck <on|off>\""
+					" line.\n", fname, lineno , 0 );
+#else
+				Debug( LDAP_DEBUG_ANY,
+    "%s: line %d: missing on|off in \"structuralcheck <on|off>\" line\n",
+				    fname, lineno, 0 );
+#endif
+
+				return( 1 );
+			}
+			if ( strcasecmp( cargv[1], "off" ) == 0 ) {
+#ifdef NEW_LOGGING
+				LDAP_LOG( CONFIG, CRIT, 
+					"%s: line %d: structural checking disabled! your mileage may "
+					"vary!\n", fname, lineno , 0 );
+#else
+				Debug( LDAP_DEBUG_ANY,
+					"%s: line %d: structural checking disabled! your mileage may vary!\n",
+				    fname, lineno, 0 );
+#endif
+				global_structuralcheck = 0;
+			} else {
+				global_structuralcheck = 1;
+			}
 
 		/* specify access control info */
 		} else if ( strcasecmp( cargv[0], "access" ) == 0 ) {

--- servers/slapd/proto-slap.h.orig	Thu Aug  7 15:26:22 2003
+++ servers/slapd/proto-slap.h	Thu Aug  7 15:26:21 2003
@@ -1109,6 +1109,7 @@
 LDAP_SLAPD_V (int)		global_gentlehup;
 LDAP_SLAPD_V (int)		global_idletimeout;
 LDAP_SLAPD_V (int)		global_schemacheck;
+LDAP_SLAPD_V (int)		global_structuralcheck;
 LDAP_SLAPD_V (char *)	global_host;
 LDAP_SLAPD_V (char *)	global_realm;
 LDAP_SLAPD_V (char *)	default_passwd_hash;

Attachment: smime.p7s
Description: S/MIME cryptographic signature