diff options
author | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-06-30 04:15:00 +0000 |
---|---|---|
committer | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-06-30 04:15:00 +0000 |
commit | 4a01a99fc1546a421f6950b1727f84f4b5179514 (patch) | |
tree | 4b27077eaf150b660bebcb36b2f947a51b12b930 | |
parent | 3944352e589a549a5b0a335249b339ff02aad7fa (diff) |
Verify that any object class subclassing is allowed.
-rw-r--r-- | usr.sbin/ldapd/schema.c | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/usr.sbin/ldapd/schema.c b/usr.sbin/ldapd/schema.c index 4d2d79a249a..7853436e800 100644 --- a/usr.sbin/ldapd/schema.c +++ b/usr.sbin/ldapd/schema.c @@ -1,4 +1,4 @@ -/* $OpenBSD: schema.c,v 1.1 2010/06/29 02:45:46 martinh Exp $ */ +/* $OpenBSD: schema.c,v 1.2 2010/06/30 04:14:59 martinh Exp $ */ /* * Copyright (c) 2010 Martin Hedenfalk <martinh@openbsd.org> @@ -767,6 +767,7 @@ static int schema_parse_objectclass(struct schema *schema) { struct object *obj = NULL, *prev; + struct obj_ptr *optr; char *kw; int token, ret = 0; @@ -780,6 +781,7 @@ schema_parse_objectclass(struct schema *schema) log_warn("calloc"); goto fail; } + obj->kind = KIND_STRUCTURAL; if (is_oidstr(kw)) obj->oid = kw; @@ -834,6 +836,41 @@ schema_parse_objectclass(struct schema *schema) } } + /* Verify the subclassing is allowed. + * + * Structural object classes cannot subclass auxiliary object classes. + * Auxiliary object classes cannot subclass structural object classes. + * Abstract object classes cannot derive from structural or auxiliary + * object classes. + */ + if (obj->sup != NULL) { + SLIST_FOREACH(optr, obj->sup, next) { + if (obj->kind == KIND_STRUCTURAL && + optr->object->kind == KIND_AUXILIARY) { + log_warnx("structural object class '%s' cannot" + " subclass auxiliary object class '%s'", + OBJ_NAME(obj), OBJ_NAME(optr->object)); + goto fail; + } + + if (obj->kind == KIND_AUXILIARY && + optr->object->kind == KIND_STRUCTURAL) { + log_warnx("auxiliary object class '%s' cannot" + " subclass structural object class '%s'", + OBJ_NAME(obj), OBJ_NAME(optr->object)); + goto fail; + } + + if (obj->kind == KIND_ABSTRACT && + optr->object->kind != KIND_ABSTRACT) { + log_warnx("abstract object class '%s' cannot" + " subclass non-abstract object class '%s'", + OBJ_NAME(obj), OBJ_NAME(optr->object)); + goto fail; + } + } + } + return 0; fail: |