Merge remote branch 'origin/mdb.master' into OPENLDAP_REL_ENG_2_4

[openldap] / servers / slapd / overlays / constraint.c

diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c
index 538d38307f9e03ec3d7d0aedbda33d44ebdea01c..f2c645c609c04f4fc6c6040ca47b65ae2517da4d 100644 (file)
--- a/servers/slapd/overlays/constraint.c
+++ b/servers/slapd/overlays/constraint.c
@@ -181,7 +181,7 @@ constraint_cf_gen( ConfigArgs *c )
                                }
 
                                if (cp->count || cp->size) {
-                                       int len = snprintf(val_buf, sizeof(val_buf), "%d", val);
+                                       int len = snprintf(val_buf, sizeof(val_buf), "%zd", val);
                                        if (len <= 0) {
                                                /* error */
                                                return -1;
@@ -771,7 +771,7 @@ constraint_add( Operation *op, SlapReply *rs )
        int rc;
        char *msg = NULL;
 
-       if (get_relax(op)) {
+       if (get_relax(op) || SLAPD_SYNC_IS_SYNCCONN( op->o_connid )) {
                return SLAP_CB_CONTINUE;
        }
 
@@ -846,40 +846,29 @@ constraint_check_count_violation( Modifications *m, Entry *target_entry, constra
        int j;
 
        for ( j = 0; cp->ap[j]; j++ ) {
-               ca = 0;
-
                /* Get this attribute count */
                if ( target_entry )
                        ce = constraint_count_attr( target_entry, cp->ap[j] );
 
                for( ; m; m = m->sml_next ) {
                        if ( cp->ap[j] == m->sml_desc ) {
+                               ca = m->sml_numvals;
                                switch ( m->sml_op ) {
                                case LDAP_MOD_DELETE:
-                                       if (( b = m->sml_values ) == NULL  || b[0].bv_val == NULL ) {
+                                       if ( !ca || ca > ce ) {
                                                ce = 0;
-                                       }
-                                       else {
+                                       } else {
                                                /* No need to check for values' validity. Invalid values
                                                 * cause the whole transaction to die anyway. */
-                                               for ( ca = 0; b[ca].bv_val; ++ca );
                                                ce -= ca;
                                        }
                                        break;
 
                                case LDAP_MOD_ADD:
-                                       if (( b = m->sml_values ) == NULL  || b[0].bv_val == NULL )
-                                               continue;
-
-                                       for ( ca = 0; b[ca].bv_val; ++ca );
                                        ce += ca;
                                        break;
 
                                case LDAP_MOD_REPLACE:
-                                       if (( b = m->sml_values ) == NULL  || b[0].bv_val == NULL )
-                                               continue;
-
-                                       for ( ca = 0; b[ca].bv_val; ++ca );
                                        ce = ca;
                                        break;
 
@@ -913,9 +902,8 @@ constraint_update( Operation *op, SlapReply *rs )
        int rc;
        char *msg = NULL;
        int is_v;
-       int first = 1;
 
-       if (get_relax(op)) {
+       if (get_relax(op) || SLAPD_SYNC_IS_SYNCCONN( op->o_connid )) {
                return SLAP_CB_CONTINUE;
        }
 
@@ -941,15 +929,13 @@ constraint_update( Operation *op, SlapReply *rs )
                return(rs->sr_err);
        }
 
+       op->o_bd = on->on_info->oi_origdb;
+       rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &target_entry );
+       op->o_bd = be;
+
        /* Do we need to count attributes? */
        for(cp = c; cp; cp = cp->ap_next) {
-               if (cp->count != 0 || cp->set || cp->restrict_lud != 0) {
-                       if (first) {
-                               op->o_bd = on->on_info->oi_origdb;
-                               rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &target_entry );
-                               op->o_bd = be;
-                               first = 0;
-                       }
+               if (cp->count != 0) {
                        if (rc != 0 || target_entry == NULL) {
                                Debug(LDAP_DEBUG_TRACE, 
                                        "==> constraint_update rc = %d DN=\"%s\"%s\n",
@@ -960,6 +946,10 @@ constraint_update( Operation *op, SlapReply *rs )
                                goto mod_violation;
                        }
 
+                       if (cp->restrict_lud && constraint_check_restrict(op, cp, target_entry) == 0) {
+                               continue;
+                       }
+
                        is_v = constraint_check_count_violation(m, target_entry, cp);
 
                        Debug(LDAP_DEBUG_TRACE,