int
entry_schema_check(
- Entry *e, Attribute *oldattrs, const char** text )
+ Entry *e, Attribute *oldattrs, const char** text,
+ char *textbuf, size_t textlen )
{
Attribute *a, *aoc;
ObjectClass *oc;
int i;
- int ret;
AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
int extensible = 0;
+ *text = textbuf;
+
+ /* check single-valued attrs for multiple values */
+ for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
+ /* there should be at least one value */
+ assert( a->a_vals );
+ assert( a->a_vals[0] != NULL );
+
+ /* if single value type, check for multiple values */
+ if( is_at_single_value( a->a_desc->ad_type ) &&
+ a->a_vals[1] != NULL )
+ {
+ char *type = a->a_desc->ad_cname->bv_val;
+
+ snprintf( textbuf, textlen,
+ "attribute '%s' cannot have multiple values",
+ type );
+
+#ifdef NEW_LOGGING
+ LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
+ "entry_schema_check: dn=\"%s\" %s\n",
+ e->e_dn, textbuf ));
+#else
+ Debug( LDAP_DEBUG_ANY,
+ "Entry (%s), %s\n",
+ e->e_dn, textbuf, 0 );
+#endif
+
+ return LDAP_CONSTRAINT_VIOLATION;
+ }
+ }
+
if( !global_schemacheck ) return LDAP_SUCCESS;
/* find the object class attribute - could error out here */
if ( (aoc = attr_find( e->e_attrs, ad_objectClass )) == NULL ) {
#ifdef NEW_LOGGING
- LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
- "entry_schema_check: No objectClass for entry (%s).\n", e->e_dn ));
+ LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
+ "entry_schema_check: No objectClass for entry (%s).\n", e->e_dn ));
#else
Debug( LDAP_DEBUG_ANY, "No objectClass for entry (%s)\n",
e->e_dn, 0, 0 );
/* check that the entry has required attrs for each oc */
for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
if ( (oc = oc_find( aoc->a_vals[i]->bv_val )) == NULL ) {
+ snprintf( textbuf, textlen,
+ "unrecognized objectClass '%s'",
+ aoc->a_vals[i]->bv_val );
+
#ifdef NEW_LOGGING
- LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
- "entry_schema_check: dn (%s), objectClass \"%s\" not recognized\n",
- e->e_dn, aoc->a_vals[i]->bv_val ));
+ LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
+ "entry_schema_check: dn (%s), %s\n",
+ e->e_dn, textbuf ));
#else
Debug( LDAP_DEBUG_ANY,
- "entry_check_schema(%s): objectClass \"%s\" not recognized\n",
- e->e_dn, aoc->a_vals[i]->bv_val, 0 );
+ "entry_check_schema(%s): \"%s\" not recognized\n",
+ e->e_dn, textbuf, 0 );
#endif
- *text = "unrecognized object class";
return LDAP_OBJECT_CLASS_VIOLATION;
} else {
char *s = oc_check_required( e, aoc->a_vals[i] );
if (s != NULL) {
+ snprintf( textbuf, textlen,
+ "object class '%s' requires attribute '%s'",
+ aoc->a_vals[i]->bv_val, s );
+
#ifdef NEW_LOGGING
- LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
- "entry_schema_check: dn (%s) oc \"%s\" requires att \"%s\"\n",
- e->e_dn, aoc->a_vals[i]->bv_val, s ));
+ LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
+ "entry_schema_check: dn=\"%s\" %s",
+ e->e_dn, textbuf ));
#else
Debug( LDAP_DEBUG_ANY,
- "Entry (%s), oc \"%s\" requires attr \"%s\"\n",
- e->e_dn, aoc->a_vals[i]->bv_val, s );
+ "Entry (%s): %s\n",
+ e->e_dn, textbuf, 0 );
#endif
- *text = "missing required attribute";
return LDAP_OBJECT_CLASS_VIOLATION;
}
return LDAP_SUCCESS;
}
- /* optimistic */
- ret = LDAP_SUCCESS;
-
/* check that each attr in the entry is allowed by some oc */
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
- ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals );
- if ( ret != 0 ) {
+ int ret = oc_check_allowed( a->a_desc->ad_type, aoc->a_vals );
+ if ( ret != LDAP_SUCCESS ) {
char *type = a->a_desc->ad_cname->bv_val;
+
+ snprintf( textbuf, textlen,
+ "attribute '%s' not allowed",
+ type );
+
#ifdef NEW_LOGGING
- LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
- "entry_schema_check: Entry (%s) attr \"%s\" not allowed.\n",
- e->e_dn, type ));
+ LDAP_LOG(( "schema", LDAP_LEVEL_INFO,
+ "entry_schema_check: dn=\"%s\" %s\n",
+ e->e_dn, textbuf ));
#else
Debug( LDAP_DEBUG_ANY,
- "Entry (%s), attr \"%s\" not allowed\n",
- e->e_dn, type, 0 );
+ "Entry (%s), %s\n",
+ e->e_dn, textbuf, 0 );
#endif
- *text = "attribute not allowed";
- break;
+ return ret;
}
}
- return( ret );
+ return LDAP_SUCCESS;
}
static char *
Attribute *a;
#ifdef NEW_LOGGING
- LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
- "oc_check_required: dn (%s), objectClass \"%s\"\n",
- e->e_dn, ocname->bv_val ));
+ LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
+ "oc_check_required: dn (%s), objectClass \"%s\"\n",
+ e->e_dn, ocname->bv_val ));
#else
Debug( LDAP_DEBUG_TRACE,
"oc_check_required entry (%s), objectClass \"%s\"\n",
int i, j;
#ifdef NEW_LOGGING
- LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
- "oc_check_allowed: type \"%s\"\n", at->sat_cname ));
+ LDAP_LOG(( "schema", LDAP_LEVEL_ENTRY,
+ "oc_check_allowed: type \"%s\"\n", at->sat_cname ));
#else
Debug( LDAP_DEBUG_TRACE,
"oc_check_allowed type \"%s\"\n",
at->sat_cname, 0, 0 );
#endif
-
/* always allow objectClass attribute */
if ( strcasecmp( at->sat_cname, "objectClass" ) == 0 ) {
return LDAP_SUCCESS;
}
}
/* maybe the next oc allows it */
-
-#ifdef OC_UNDEFINED_IMPLES_EXTENSIBLE
- /* we don't know about the oc. assume it allows it */
- } else {
- if ( t != type )
- ldap_memfree( t );
- return LDAP_SUCCESS;
-#endif
}
}
-
/* not allowed by any oc */
return LDAP_OBJECT_CLASS_VIOLATION;
}