diff options
author | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-06-30 19:35:21 +0000 |
---|---|---|
committer | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-06-30 19:35:21 +0000 |
commit | bd38051f43b2af0bddf75706f70218933aecd186 (patch) | |
tree | bab3bf1f3f31129b77c616c426f3ef61a2426235 /usr.sbin/ldapd/validate.c | |
parent | bc78374b30e3336ff169b894ad7b75694e7b3773 (diff) |
Validate that an entry can't belong to an abstract object class directly,
unless it also belongs to a subclassed object class (structural or
auxiliary).
Diffstat (limited to 'usr.sbin/ldapd/validate.c')
-rw-r--r-- | usr.sbin/ldapd/validate.c | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/usr.sbin/ldapd/validate.c b/usr.sbin/ldapd/validate.c index 3074046886e..2e3db5b08ec 100644 --- a/usr.sbin/ldapd/validate.c +++ b/usr.sbin/ldapd/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.4 2010/06/30 04:17:04 martinh Exp $ */ +/* $OpenBSD: validate.c,v 1.5 2010/06/30 19:35:20 martinh Exp $ */ /* * Copyright (c) 2010 Martin Hedenfalk <martin@bzero.se> @@ -275,7 +275,7 @@ validate_entry(const char *dn, struct ber_element *entry, int relax) struct object *obj, *structural_obj = NULL; struct attr_type *at; struct obj_list *olist; - struct obj_ptr *optr; + struct obj_ptr *optr, *optr2; if (relax) goto rdn; @@ -334,10 +334,39 @@ validate_entry(const char *dn, struct ber_element *entry, int relax) return LDAP_OBJECT_CLASS_VIOLATION; } + /* "An entry cannot belong to an abstract object class + * unless it belongs to a structural or auxiliary class that + * inherits from that abstract class." + */ + SLIST_FOREACH(optr, olist, next) { + if (optr->object->kind != KIND_ABSTRACT) + continue; + + /* Check the structural object class. */ + if (is_super(optr->object, structural_obj)) + continue; + + /* Check all auxiliary object classes. */ + SLIST_FOREACH(optr2, olist, next) { + if (optr2->object->kind != KIND_AUXILIARY) + continue; + if (is_super(optr->object, optr2->object)) + break; + } + + if (optr2 == NULL) { + /* No subclassed object class found. */ + log_debug("abstract class '%s' not subclassed", + OBJ_NAME(optr->object)); + return LDAP_OBJECT_CLASS_VIOLATION; + } + } + /* Check all required attributes. */ SLIST_FOREACH(optr, olist, next) { - if ((rc = validate_required_attributes(entry, optr->object)) != LDAP_SUCCESS) + if ((rc = validate_required_attributes(entry, optr->object)) != + LDAP_SUCCESS) return rc; } |